Logging Users out of Sisense from your Site

Follow

Gideon B

June 29, 2016 12:13

Download: Post Message

Introduction

The following forum post explains how to log your users out of Sisense from your native application.

Purpose

Single sign-on (SSO) systems enable your users to authenticate themselves in your online services and then in Sisense with one authentication credential. After your users' session has ended, it is your responsibility to develop and implement the means of logging your users out of Sisense through your application.

For example, if your user is logged into Sisense through an embedded iFrame on your site or application and clicks a “Log Out” link on your site, your implementation must invoke the Sisense Logout API.

Note, your users' browser may prevent invoking the Sisense Logout API from your application because of CORS (Cross-Origin Resource Sharing). For more information about CORS, click here.

One way you can log your users out and overcome CORS is through the Post-Message method. The window.postMessage method securely enables cross-origin communication.

The Post-Message plugin attached to this post implements a listener for the windows.postMessage() method.

When the windows.postMessage() method is called, it triggers a MessageEvent in the browser. The Post-Message plugin listens for this event and calls the auth/logout method of the Sisense REST API, logging your user out of Sisense.  

Sisense logout endpoint (GET): 

/api/v1/authentication/logout

The postMessage() method takes two parameters:

message: A object to be sent to Sisense that should contain {logout:true}, so the plugin will be triggered only with this parameter included.

targetOrigin: The Sisense URL of the window that the message is being sent to including the HTTP heading and the port.

 

For example:

postMessage({logout:true},'http://localHost:8081');

Steps

1. Download the Zip file below and extract its files to \...\Sisense\PrismWeb\plugins. If you do not have this folder, create the \plugins folder and then extract the files to it. If you are using version 7.2 and higher unzip the contents into your C:\Program Files\Sisense\app\plugins\ folder. 

2. Develop the functionality in your site or application that implements the Post-Message plugin to call the logout method of the Sisense REST API.

2

• 

  kikas01 October 27, 2016 21:26 (Edited October 27, 2016 21:55)

  This only works if the iframe with Sisense is loaded (and waiting for events).

  If I have site where the logout page does not have any iframe with Sisense, how can I logout from Sisense?

   Also if I issue a postMessage and I have Sisense on a different domain it does not work : 

  "Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://sisensesite:553') does not match the recipient window's origin ('https://mysite.com')." 

  Can you help on this ? 

  Tkx

   

   

  4

  Permalink
• 

  Matt Marston June 29, 2017 19:38

  Is this still valid? I cannot get it to work. Am I suppose to call 'postMessage' on the iFrame? Also, our Sisense server is hosted on a different server than our website. So, should the call look like this: postMessage('message', <sisense server address>);

  Any help on this would be appreciated. 

  0

  Permalink
• 

  Nouman bhatti August 15, 2017 02:46

  Has anybody found a solution of this?

  0

  Permalink
• 

  Oxana Noa Umansky August 15, 2017 12:28

  Hi Matt and Nouman,

  We are looking into this and will get back to you soon. 

  Thanks,

  Oxana

  0

  Permalink
• 

  Lidor Rosencovich September 05, 2017 12:35

  Hi Matt and Nouman,

   

  The postMessage method should be called from your native application and you should have a Sisense iFrame on your current page when doing it.

  Inside Sisense, you should have the postMessage plugin which listens to the message when you send it and logout the user. 

  In the targetOrigin field you should provide the same base url as you used to load Sisense in the iFrame.

  so for example if the iFrame shows the following url: http://SisenseWebSite.com:8081/app/main#/dashboards/591ac837015fd5242f000011

  Then, your originTarget should be: http://SisenseWebSite.com:8081

  And of course don't forget to allow cross origin in Sisense according to the doc link from the forum post above.

   

  Hope it answers your question.

  Regards,

  Lidor

  1

  Permalink
• 

  Todd Winton October 05, 2017 12:40

  When I have this addon active and login to sisense directly, I get immediately logged out.  Is there something I need to stop this?

  0

  Permalink
• 

  Oxana Noa Umansky October 12, 2017 16:00

  Hi Todd,

  How did you implement the logout API call? What triggers it?

  Thanks,

  Oxana

  0

  Permalink
• 

  Todd Winton October 12, 2017 16:10

  This is not even implementing the logout api call, this is with the addon active in sisense.

  0

  Permalink
• 

  Alina Lotman October 20, 2017 19:42

  Hi,

   

  Does this work when I use SSO and Sisnese is not embedded with iframe but opens in a separate URL?

   

   

  1

  Permalink
• 

  Oleg Fil December 12, 2017 15:07

  The plugin has been updated and now accepts the new post message arguments format in order to work properly.

  0

  Permalink
• 

  Oleg Fil December 12, 2017 15:12

  Hi Alina,

  In your case you can run the logout API method directly in the window where Sisense is opened.

  1

  Permalink
• 

  Suresh May 30, 2018 17:10

  Hi,

  I enabled SSO with sub-domain as redirect url and now I am not able to login sisense directly.

  It is redirecting to sub-domain every time I try to access Sisense.

  It may be right place to ask. But I am stuck with this.

  Is there any way I can disable SSO without any token?

  Thanks.

  0

  Permalink
• 

  Michael Becker May 30, 2018 17:13

  Hi Suresh,

  if you access your sisense with /app/account#/login at the end of url, you will bypass SSO settings.

  Regards,

  Michał

  0

  Permalink
• 

  Suresh May 30, 2018 17:16

  Thanks Michael for quick response.

  It worked.

  0

  Permalink
• 

  Nigel Elliott June 07, 2018 07:48

  Hi,

  Does Sisense offer a logout endpoint that when called through an iFrame to remove the user session as per the OpenID Connect Specification: http://openid.net/specs/openid-connect-frontchannel-1_0.html

  Please see http://openid.net/specs/openid-connect-frontchannel-1_0.html#ExampleFrontchannel of the functionality we are after.

  I would guess if there is no such page it should be straight forward to build a page that access the REST API as shown above to terminate the session, is there an option for us to add such a page to Sisense?

  Thanks,

  Nigel

  0

  Permalink
• 

  Nigel Elliott June 07, 2018 13:26

  Hi,

  An answer to my own question. I used the Developer Tool within Chrome to look at the network traffic when you sign out of Sisense and noticed that the following endpoint is invoked: https://<hostname>/api/auth/logout, I did some experiments with this and it does indeed clear the Sisense session, so I have added this as the post logout redirect in the OpenID Connect server.

  Thanks,

  Nigel

  0

  Permalink
• 

  Chris Kerrison July 12, 2019 09:26

  To offer assistance to others that might be having difficulty with this, calling window.postMessage does not work. You have to get a reference to your iframe then call the contentWindow.postMessage

  var f = document.getElementByID('iframeId');
  f.contentWindow.postMessage(……….);

  Also to confuse you, the plugin is called EmbedTest in the list of plugins

  I'm using v7.3.

  0

  Permalink

Please sign in to leave a comment.