I’m using CUBA with IDP/SP developing a system, let’s say SYS1. Also we have another company level portal, user can login the portal then see to-do-list of SYS1, we use screen link to nav to SYS1, when user click one item of the to-do-list, he will be redirected to one of the SP which holds the task.
So, here we used the solution of idp_ticket, when user logged in, portal will request the ticket then append it to screen link, so that user can be redirected to SP without login.
But, the problem now is that, we are using /idp/auth endpoint to get the ticket, however it seems this request doesn’t support CORS visit.
Could you please help review the solution and let me know if this is correct, if yes, how can we overcome the CORS issue, as it is a deep part of CUBA?
No worries, I extended IdpController in web block and created a new endpoint solved this problem. The only problem is that in web block, the REST controller doesn’t have SecurityContext and I have to create one manually, because it’s not able to use neither @Authenticated nor Authentication bean.
Just to mention, IDP is meant to be used only in web applications and server-to-server communications. That’s why there are no CORS settings, because it should not be invoked directly from another domains. Of course you can extend IDP controllers.
Thanks Yuriy for the clarification!
Could you suggest any better design for my scenario?
We have a portal to list notifications as to-do-list from different systems, where user can click one of the listed items and be redirect to the corresponding system smoothly(means without log in again). My solution is to use screen link + idp_ticket.
In your case you need to use IDP for portal too. Otherwise it is a little bit strange and error-prone, because you use 2 login systems that are not in sync.
