Hi
We are implementing context sensitive help within our application. We intend to publish two versions, one for users and one for "superusers" using condition tags to build two HTML5 targets. We are looking at hosting the help system ourselves for use by our application's clients worldwide.
We would like to password protect the superuser version so the superuser would need to log in the first time they used the help in an application session and also so that the superuser help could not be accessed by pasting a URL into a browser except with a password. I have searched the forum and plenty have asked the question but none seem to have implemented this.
Can anyone advise how best to do this?
Thanks, Bonny
Password protecting "superuser" version of web based csh
Re: Password protecting "superuser" version of web based csh
This came up yesterday in a different thread. Flare doesn't directly support this, since it needs to be implemented in the system that's hosting your online content. We don't use Pulse, so I'm not sure whether it supports your case. Some sort of authentication mechanism will need to be in place, and you'll need to figure out how your superusers get their username and password. Will they use the credentials from the system described by the help, or will they use credentials assigned to them through some other means (like your support portal or similar)?
Depending on how you plan to host, there will be some system config, coding, or both to get the result you're after.
Thanks,
Kristen
Depending on how you plan to host, there will be some system config, coding, or both to get the result you're after.
Thanks,
Kristen
Kristen Kelleher
Director of Tech Pubs, TIBCO Jaspersoft
Director of Tech Pubs, TIBCO Jaspersoft
Re: Password protecting "superuser" version of web based csh
Here is code I use to "lock" my pages.bonnym wrote:Hi
We are implementing context sensitive help within our application. We intend to publish two versions, one for users and one for "superusers" using condition tags to build two HTML5 targets. We are looking at hosting the help system ourselves for use by our application's clients worldwide.
We would like to password protect the superuser version so the superuser would need to log in the first time they used the help in an application session and also so that the superuser help could not be accessed by pasting a URL into a browser except with a password. I have searched the forum and plenty have asked the question but none seem to have implemented this.
Can anyone advise how best to do this?
Thanks, Bonny
My users authenticate using our Oracle system (most of them already have accounts; to access my system they're granted the correct Oracle ROLE upon login, which issues the 'SuperUserToken' cookie, shown in the code below. Of course, you'll need the entire Oracle authentication system; this is just the client-side content you'd use.
Every page has this code (I include it in the Master Page). The cool part is that it only works when it's uploaded to my server, because of
Code: Select all
if(url.indexOf('company.com')It's not the most secure system (my login calls to our server via a 1x1px iframe, but then again I'm not hosting nuclear launch codes. Hope that helps.
Code: Select all
<script type="text/javascript">/*<![CDATA[*/var url = window.location+'';
if(url.indexOf('company.com') > -1) {
var oreos = document.cookie.split(';');
var proceed = false;
for(var i=0;i < oreos.length;i++) {
if(oreos[i].indexOf('SuperUserToken') > -1){
proceed = true;
break;
}
}
if(!proceed) {
alert('Your login is not working. Please try again.');
window.location = "http://company.com/";
}
}/*]]>*/</script>