How to login with X-OLAT-TOKEN?
139 views
Skip to first unread message
Tilman Moser
Apr 18, 2021, 4:57:15 AM4/18/21
to OpenOlat
Hi.
Thanks for the great software. The documentation reads that you can add ?X-OLAT-TOKEN=<valid token> to any URL in the portal. But whatever I do, I only end at the login screen. What am I missing?
Cheers,
Tilman
Urs Hensler
Apr 19, 2021, 2:19:36 AM4/19/21
to 'Steven' via OpenOlat
Hi Tilman
The X-OLAT-TOKEN is only supported in the REST API.
Please direct me to the misleading documentation, so that we can fix it.
Kind regards,
Urs
--
--
Sie erhalten diese Nachricht, weil Sie Mitglied sind von Google
Groups-Gruppe "OpenOlat".
Für das Erstellen von Beiträgen in dieser Gruppe senden Sie eine E-Mail
an open...@googlegroups.com
Um sich von dieser Gruppe abzumelden, senden Sie eine E-Mail an
openolat+u...@googlegroups.com
Weitere Optionen finden Sie in dieser Gruppe unter
http://groups.google.com/group/openolat?hl=de
-------------------------------------------------------------------------------------------------------------------
OpenOlat - infinite learning - http://www.openolat.org
---
You received this message because you are subscribed to the Google Groups "OpenOlat" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openolat+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/openolat/0a07c8c1-a56f-40c0-b15b-2f9f78fe6bc6n%40googlegroups.com.
Tilman Moser
Apr 19, 2021, 2:24:55 AM4/19/21
to OpenOlat
Hi Urs,
thanks for the quick reply. I read in the REST chapter of the documentation: "If you are building a remote portal and want to implement some kind of home-brew single-sign-on process, method 2 can be used to generate the X-OLAT-TOKEN for every user as a server request." And interpreted this as a way to hand over the web user to openolat already signed in. However, I understand this only is valid for the rest api and will use Keycloak as a sso solution accordingly.
Cheers,
Tilman
Florian Gnaegi
Apr 19, 2021, 2:59:51 AM4/19/21
to open...@googlegroups.com
Hi Tilman
To use Keycloak for SSO ist definitely the right way to go. The OpenOlat REST API is primarily designed to be used as an automation API for administrative tasks and not as an end-user API.
That said, you can theoretically use the X-OLAT-TOKEN to add to resource links, but this is a legacy option that is not supported anymore and will be removed in the future. It should not be used because it leads to a bad security design.
Cheers
Florian
To view this discussion on the web visit https://groups.google.com/d/msgid/openolat/3dcad559-b969-45cd-b548-b6044ed69398n%40googlegroups.com.
--------------------------------------------------------------------
professional services for the e-learning system OpenOlat
hosting - operating - support - development - mobile - consulting
--------------------------------------------------------------------
frentix GmbH
Florian Gnägi, Geschäftsführer
Okenstrasse 6
CH-8037 Zürich, Switzerland
--------------------------------------------------------------------
Tilman Moser
Apr 19, 2021, 3:02:42 AM4/19/21
to OpenOlat
Hi Florian,
you are right, security wise. Since the application is running in intranet we tried to take a shortcut here :-)
Btw: Is there a chance to have openolat to silently check sso against Keycloak on the login screen?
Best,
Tilman
Florian Gnaegi
Apr 19, 2021, 3:18:57 AM4/19/21
to open...@googlegroups.com
Hi Tilman
You need to check the "Automatische Umleitung (Lokaler Login über /maintenance/)“ option in the Keycloak config. This will automatically redirect all users to Keycloak without manually pressing the button. For non-Keycloak login you must then use the /maintenance/ URL to bypass this automatic redirect and get to the standard login screen.
Cheers
Florian
To view this discussion on the web visit https://groups.google.com/d/msgid/openolat/a621c424-6abd-479c-aa93-633b8cd13f40n%40googlegroups.com.
Tilman Moser
Apr 19, 2021, 3:23:54 AM4/19/21
to OpenOlat
Ah, I See. This only works in custom openid implicit flow, not with the Keycloak module itself.
Florian Gnaegi
Apr 19, 2021, 3:38:22 AM4/19/21
to open...@googlegroups.com
Sorry, my mistake. This option will be available in 15.5 which is expected to be released by the end of the month.
Cheers
Florian
To view this discussion on the web visit https://groups.google.com/d/msgid/openolat/eb86ad7e-7994-4579-ab24-c088ca66dec4n%40googlegroups.com.
Tilman Moser
Apr 19, 2021, 3:39:14 AM4/19/21
to open...@googlegroups.com
Hi Florian,
That’s good to hear. Thanks for the really great work!!
Cheers,
Tilman
You received this message because you are subscribed to a topic in the Google Groups "OpenOlat" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/openolat/a8KLchjkHfk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to openolat+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/openolat/2887C715-23C8-4753-95B1-1914274ECF7F%40frentix.com.
Reply all
Reply to author
Forward
0 new messages