Logging Users out of Sisense from your Site
Download: Post Message
Introduction
The following forum post explains how to log your users out of Sisense from your native application.
Purpose
Single sign-on (SSO) systems enable your users to authenticate themselves in your online services and then in Sisense with one authentication credential. After your users' session has ended, it is your responsibility to develop and implement the means of logging your users out of Sisense through your application.
For example, if your user is logged into Sisense through an embedded iFrame on your site or application and clicks a “Log Out” link on your site, your implementation must invoke the Sisense Logout API.
Note, your users' browser may prevent invoking the Sisense Logout API from your application because of CORS (Cross-Origin Resource Sharing). For more information about CORS, click here.
One way you can log your users out and overcome CORS is through the Post-Message method. The window.postMessage method securely enables cross-origin communication.
The Post-Message plugin attached to this post implements a listener for the windows.postMessage() method.
When the windows.postMessage() method is called, it triggers a MessageEvent in the browser. The Post-Message plugin listens for this event and calls the auth/logout method of the Sisense REST API, logging your user out of Sisense.
Sisense logout endpoint (GET):
/api/v1/authentication/logout
The postMessage() method takes two parameters:
message: A object to be sent to Sisense that should contain {logout:true}, so the plugin will be triggered only with this parameter included.
targetOrigin: The Sisense URL of the window that the message is being sent to including the HTTP heading and the port.
For example:
postMessage({logout:true},'http://localHost:8081');
Steps
1. Download the Zip file below and extract its files to \...\Sisense\PrismWeb\plugins. If you do not have this folder, create the \plugins folder and then extract the files to it. If you are using version 7.2 and higher unzip the contents into your C:\Program Files\Sisense\app\plugins\ folder.
2. Develop the functionality in your site or application that implements the Post-Message plugin to call the logout method of the Sisense REST API.
-
This only works if the iframe with Sisense is loaded (and waiting for events).
If I have site where the logout page does not have any iframe with Sisense, how can I logout from Sisense?
Also if I issue a postMessage and I have Sisense on a different domain it does not work :
"Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://sisensesite:553') does not match the recipient window's origin ('https://mysite.com')."
Can you help on this ?
Tkx
-
Is this still valid? I cannot get it to work. Am I suppose to call 'postMessage' on the iFrame? Also, our Sisense server is hosted on a different server than our website. So, should the call look like this: postMessage('message', <sisense server address>);
Any help on this would be appreciated.
-
Hi Matt and Nouman,
The postMessage method should be called from your native application and you should have a Sisense iFrame on your current page when doing it.
Inside Sisense, you should have the postMessage plugin which listens to the message when you send it and logout the user.
In the targetOrigin field you should provide the same base url as you used to load Sisense in the iFrame.
so for example if the iFrame shows the following url: http://SisenseWebSite.com:8081/app/main#/dashboards/591ac837015fd5242f000011
Then, your originTarget should be: http://SisenseWebSite.com:8081
And of course don't forget to allow cross origin in Sisense according to the doc link from the forum post above.
Hope it answers your question.
Regards,
Lidor
-
Hi,
I enabled SSO with sub-domain as redirect url and now I am not able to login sisense directly.
It is redirecting to sub-domain every time I try to access Sisense.
It may be right place to ask. But I am stuck with this.
Is there any way I can disable SSO without any token?
Thanks.
-
Hi,
Does Sisense offer a logout endpoint that when called through an iFrame to remove the user session as per the OpenID Connect Specification: http://openid.net/specs/openid-connect-frontchannel-1_0.html
Please see http://openid.net/specs/openid-connect-frontchannel-1_0.html#ExampleFrontchannel of the functionality we are after.
I would guess if there is no such page it should be straight forward to build a page that access the REST API as shown above to terminate the session, is there an option for us to add such a page to Sisense?
Thanks,
Nigel
-
Hi,
An answer to my own question. I used the Developer Tool within Chrome to look at the network traffic when you sign out of Sisense and noticed that the following endpoint is invoked: https://<hostname>/api/auth/logout, I did some experiments with this and it does indeed clear the Sisense session, so I have added this as the post logout redirect in the OpenID Connect server.
Thanks,
Nigel
-
To offer assistance to others that might be having difficulty with this, calling window.postMessage does not work. You have to get a reference to your iframe then call the contentWindow.postMessage
var f = document.getElementByID('iframeId');
f.contentWindow.postMessage(……….);Also to confuse you, the plugin is called EmbedTest in the list of plugins
I'm using v7.3.
Please sign in to leave a comment.
Comments
17 comments