cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Finesse with Active Directory

3613
Views
0
Helpful
1
Comments
This document was generated from CDN thread

Created by: yogesh kumar on 22-10-2013 08:17:11 AM
I want to integrate Finesse with Active directory for the purpose of Single Sign On.
Can we configure Standard Finesse/UCCE for this? If not can we achieve the same by using Finesse API? What needs to be done on application side then?

Subject: RE: Finesse with Active Directory
Replied by: Joseph Horvath on 22-10-2013 08:42:11 AM
yogesh kumar:
I want to integrate Finesse with Active directory for the purpose of Single Sign On.
Can we configure Standard Finesse/UCCE for this? If not can we achieve the same by using Finesse API? What needs to be done on application side then?

Are you trying to provide SSO to the standard Finesse Browser desktop or to a custom developed desktop?

Subject: RE: Finesse with Active Directory
Replied by: yogesh kumar on 22-10-2013 08:55:38 AM
Right now I need to do it for standard Finesse only.

Maybe in near future I might require it for custom Agent Desktop also.

Subject: RE: Finesse with Active Directory
Replied by: Joseph Horvath on 22-10-2013 09:16:16 AM
SSO for a custom desktop would be easier than SSO for the standard Finesse desktop.

If you try to do SSO for the standard Desktop, then you will need to do "cookie management" to satisfy the Tomcat J2EE App running on the Finesse server. In addition, you will also need Web Server proxy configurations for various items including "sign out" and failover.I have done this, but it is tricky.

If you try to do SSO for a custom Desktop, then you are not faced with satisfying these types of additional requirements for the standard Finesse desktop.

Subject: RE: Finesse with Active Directory
Replied by: yogesh kumar on 22-10-2013 12:12:35 PM
Hi Joseph,

Thanks for the information.
It would be great if you could explain me little more about the things u had to done on Finesse side and Active directory side for standard Finesse desktop SSO.
Thanks 

Subject: RE: Finesse with Active Directory
Replied by: Jin Tiam Loh on 22-10-2013 12:56:16 PM
Hi Yogesh,

Is the idea just to do authentication against AD through LDAP? Since v9 only supports login by agent ID instead of login name, how will the matching be?

Thanks!
-JT-

Subject: RE: Finesse with Active Directory
Replied by: yogesh kumar on 23-10-2013 04:24:46 AM
Hi Loh,

As per my understanding, Active directory issue auth cookie which might contain addition information like extension number. Finesse needs to understand that cookie and log in the agent.
 
Joseph, If I got it current then can u explain the process/ configuration by which you able to achieve SSO in standard Finesse desktop.
Thanks 

Subject: RE: Finesse with Active Directory
Replied by: Joseph Horvath on 23-10-2013 08:13:31 AM
You can use LDAP Attributes to supply login information to Finesse. The LDAP part should be very straight forward. Just use XMLHttpRequest or ActiveXObject ("Microsoft.XMLHTTP") to communicate from JavaScript to your LDAP application.

The hard part is supplying the requirements for the Finesse Desktop application. In order to do this, you will need to acquire the proper JSESSIONID and JSESSIONIDSSO cookies from Finesse. I did this by having a background task in JavaScript attempt a REST sign-in before the actual submission of my Finesse login credentials to the Finesse desktop app.This should let you sign in. Ping me offline if you need some sample JavaScript code.

Note that you will need to point your web browser to your own web server in order to do any of this. Once you get this going, then you will need to proxy the four URI's:
  • /tunnel
  • /desktop
  • /gadgets
  • /finesse
However, do not proxy /desktop/logout.jsp so that you can redirect the logout from the Finesse Desktop.

Subject: RE: Finesse with Active Directory
Replied by: Dmitry Stretovich on 04-12-2013 08:24:42 AM
Hi Joseph,
I have the same task. I have fail to authorize the standard Finesse Desktop application for SSO.
Authorization application of custom and standard Finesse Desktop going separately

My actions:
  1. All cookies was allowed
  2. User was is sign-in to finesse with custom code from NonGadgetSample-9.1.1 example
  3. Open the standard finesse desktop after custom authrization to finesse
Can you give me a example code to work in the same session with the standard Finesse Desktop application after the custom authorization to finesse.
Tanks.

Subject: RE: Finesse with Active Directory
Replied by: Dmitry Stretovich on 06-12-2013 09:56:13 AM
Dmitry Stretovich:
Hi Joseph,
I have the same task. I have fail to authorize the standard Finesse Desktop application for SSO.
Authorization application of custom and standard Finesse Desktop going separately

My actions:
  1. All cookies was allowed
  2. User was is sign-in to finesse with custom code from NonGadgetSample-9.1.1 example
  3. Open the standard finesse desktop after custom authrization to finesse
Can you give me a example code to work in the same session with the standard Finesse Desktop application after the custom authorization to finesse.
Tanks.
Joseph Horvath, I'm sorry ...
I can rely on your help?

Subject: RE: Finesse with Active Directory
Replied by: Joseph Horvath on 06-12-2013 10:41:09 AM
Sorry for the delay. It's a fair bit of code, so I cannot paste it here. Please understand that the code is only a Prototype. You can find it here:

http://www.jkhorvath.com/Finesse/Finesse-SSO-Prototype.zip

Note that I run the following config in my Apache Web Server:
 1<VirtualHost _default_:80>
 2    ProxyRequests Off
 3
 4    ProxyPass /desktop/logout.jsp !
 5
 6    ProxyPass /tunnel http://finesse/tunnel
 7    ProxyPassReverse /tunnel http://finesse/tunnel
 8    ProxyPass /desktop http://finesse/desktop
 9    ProxyPassReverse /desktop http://finesse/desktop
10    ProxyPass /gadgets http://finesse/gadgets
11    ProxyPassReverse /gadgets http://finesse/gadgets
12    ProxyPass /finesse http://finesse/finesse
13    ProxyPassReverse /finesse http://finesse/finesse
14
15    RewriteEngine on
16    RewriteRule ^/desktop/logout\.jsp$         /Logout.html [P]
17</VirtualHost>
Note that I run the following iptables config on my server:
1                                                                                     >>>>> Table 'nat' <<<<<
2Chain PREROUTING (policy ACCEPT 35641 packets, 3092K bytes)
3num   pkts bytes target     prot opt in     out     source               destination       
41       79  4108 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:7071 to:10.201.64.83:7071
5
6Chain OUTPUT (policy ACCEPT 11125 packets, 936K bytes)
7num   pkts bytes target     prot opt in     out     source               destination       
81     1467 88020 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:7071 to:10.201.64.83:7071


Subject: RE: Finesse with Active Directory
Replied by: Dmitry Stretovich on 06-12-2013 12:52:24 PM
Thanks for the detailed answer.

I chose the wrong way. I doubted the correctness of working with JSESSIONID and JSESSIONIDSSO cookies from Finesse, and of "Programming with the Finesse API" (Session ID - BRKCDN-1101) believed that Finesse Desktop APIs includes User API and after authorization must only keep the session when openning Finesse Desktop . I was wrong.
Now I understand your advice to the proxy.Thanks for the sample code ...
I had no thinking about substitution Login / Logout forms ...

Very nice work. Not yet figured out as using Logout form.
Comments
Beginner

we are facing error while login into the finesse for SSO  " Authorization failed contact to your system administrator"

 

 

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards