New post
Question
· Oct 10, 2017

Single Sign-on for DeepSee REST API

#InterSystems IRIS BI (DeepSee) #Angular #REST API #Authentication #CSP #ZEN

Hi everyone! My company has a Zen ERP application with CSP delegated authentication. Now, we're developing a separated BI application, using Angular, which consumes DeepSee REST API services. Both applications access the same Caché database.

How to implement single sign-on strategy in order to allow an already authenticated ERP user to access DeepSee REST services? Has anyone already implemented something like that?

Thanks in advanced.

Discussion (3)2
Log in or sign up to continue
Eduard Lebedyuk · Oct 10, 2017

Not sure about delegated authentication (is it only delegated? Or with password? Details may vary depending on your exact setup), but for password authenticated web application SSO is possible by following these steps (originally written for CSP+REST web apps, but the idea is the same):

  1. All brokers effectively have Parameter UseSession = 1;
  2. REST web application and client web application allow only authenticated (i.e. password) access.
  3. REST web application and client web application have reasonable Session timeout (i.e. 900, 3600).
  4. REST web application and client web application have the same GroupById value.
  5. REST web application and client web application have the same cookie path.

If all these conditions are met, user would only consume one license slot per session and perform only one login and audit database would store only one login event per session.

1 0