Authenticating embedded requests

The parent Application Server sends a POST ticket request to the CDV Server, either by using the ticket-granting CDV username, an IP address, or both. The ticket request has the following syntax:

https://<appserver>/arc/trustedauth/getticket

• Posting a ticket request using a ticket-granting user:

  To authenticate the ticket request using the trusted ticket granter's CDV username and password, use the following syntax:

  curl --data \ "username=cdvuser&trustedusername=ticketgranter&trustedpassword=trustedpass" \ 
  http://127.0.0.1:8000/arc/trustedauth/getticket

  If the request is valid, the CDV Server returns the ticket cYvvmRSHSWOOWNCOeve1vA.

• Posting a ticket request using an IP Address:

  In this case, the CDV Server already has the parent Application server IP in the list of trusted IPs. The POST request includes only the CDV username to get the ticket-granting user's full credentials. To authenticate the ticket request using an IP address, use the following syntax:

  curl --data "username=cdvuser" http://127.0.0.1:8000/arc/trustedauth/getticket

  If the request is valid, the CDV Server returns the ticket cYvvmRSHSWOOWNCOeve1vA.

The parent Application Server uses the ticket to generate a unique URL, which contains the <iframe> tag and the ticket for the embedded visual, and sends it to the client.

For example, the URL address in the <iframe> would be:

http://127.0.0.1:8000/arc/trustedauth/trusted/cYvvmRSHSWOOWNCOeve1vA/app/1

The client browser uses the <iframe> URL obtained from the Application Server and forwards the same URL to the CDV Server, requesting the visual.

http://127.0.0.1:8000/arc/trustedauth/trusted/cYvvmRSHSWOOWNCOeve1vA/app/1

The CDV Server authenticates the <iframe> request based on the ticket that is part of the request URL. If the ticket is valid, it automatically logs in the username specified in the original POST request and then sends the visual to the client.