1

Single Sign On best practice

Тема: Single Sign On best practice

Hi All,
Just wanted to get some insight into how some of you all may integrate Wialon hosting into your applications with SSO with an iframe utilizing: https://hosting.wialon.com/

One of our thoughts was to to have the user sign in using the simple login form:
http://{host}/login_simple.html
found here: https://sdk.wialon.com/wiki/en/sidebar/ … ogin/login

*Just the first time while using duration = 0.

We could then take that token and OperateAs that user to get the SID:
svc=token/login&params={"token":"<access_token>","operateAs":"<optional_sub_user>"}

Then while the user is logged into our interface, we can append that SID to the host URL, e.g. https://hosting.wialon.com/?sid=xxxxxx and load that URL straight into the iframe.

Has anyone done something similar to this before? If so, did you find any caveats with token or session expirations or anything?

2

Single Sign On best practice

Re: Single Sign On best practice

Hello!

Tokens are also deleted when unused for 100 days and more. If it's used token with unlimited days (duration = 0 ) , it needs to login at least 1 time per 100 days. More about token authorization here https://forum.gurtam.com/viewtopic.php?id=7875
Regarding session - the session is alive without any API request during 5 min, To hold session you need to execute some requests or possible to execute simple avl_evts -  https://sdk.wialon.com/wiki/en/sidebar/ … s/avl_evts , for example every 10 sec
The other session limits are here https://sdk.wialon.com/wiki/en/sidebar/ … its/limits

Diana Cheley
Wialon Hosting Expert
Gurtam
3

Single Sign On best practice

Re: Single Sign On best practice

chdi пишет:

Hello!

Tokens are also deleted when unused for 100 days and more. If it's used token with unlimited days (duration = 0 ) , it needs to login at least 1 time per 100 days. More about token authorization here https://forum.gurtam.com/viewtopic.php?id=7875
Regarding session - the session is alive without any API request during 5 min, To hold session you need to execute some requests or possible to execute simple avl_evts -  https://sdk.wialon.com/wiki/en/sidebar/ … s/avl_evts , for example every 10 sec
The other session limits are here https://sdk.wialon.com/wiki/en/sidebar/ … its/limits

Thanks,

Do you find the iframe and example usage above as an acceptable way to use Wialon within sort of a multi-app control panel?

4

Single Sign On best practice

Re: Single Sign On best practice

fleettracker3 пишет:
chdi пишет:

Hello!

Tokens are also deleted when unused for 100 days and more. If it's used token with unlimited days (duration = 0 ) , it needs to login at least 1 time per 100 days. More about token authorization here https://forum.gurtam.com/viewtopic.php?id=7875
Regarding session - the session is alive without any API request during 5 min, To hold session you need to execute some requests or possible to execute simple avl_evts -  https://sdk.wialon.com/wiki/en/sidebar/ … s/avl_evts , for example every 10 sec
The other session limits are here https://sdk.wialon.com/wiki/en/sidebar/ … its/limits

Thanks,

Do you find the iframe and example usage above as an acceptable way to use Wialon within sort of a multi-app control panel?

Hello!

If you mean somethink like the list of apps (the same as on Wialon site), sure you can use 1 user token to login for any of apps or for example login under token, begin session for let say  main app and then duplicate session to other apps or use authorization hash

Diana Cheley
Wialon Hosting Expert
Gurtam