#1 Re: mORMot 1 » Single Sign On (SSO) authorization with Web Browser and mORMot » 2016-12-30 05:30:35

erick wrote:

In my implementation I didn't keep track of the session time (in seconds), because there may be other reasons the session closes, such as if the mormot exe gets restarted.  I just keep using it until I get an appropriate HTTP/S errors.

Hope that helps,


How is the parameter substitution session_signature outgoing GET and POST requests?
We must each outbound request to carry through the procedure javascript SignUrl or there is another way, a better and more correct?

#2 Re: mORMot 1 » Single Sign On (SSO) authorization with Web Browser and mORMot » 2016-12-29 09:43:20

Thanks for all the answers!
I got to deal with the authorization mechanism.
I describe the order. The basis took scripting in post # 32 Javascript authentication .
On the recommendation from the Chaa I changed onGotTimestamp procedure in mORMotKlient.js file came to call OnGotsession, but not OnGotNonce.
Server properly executed authorization request


Then the server returns the error 403 - incorrect signature, which was formed in signUrl procedure. On the server, I saw that the signature of the server and the client are out of sync. I could not understand why.
All my questions arise because Java scripts described authorization is done by filling in your login and password.
And this is not necessary for me. The calculation of the signature performed by hashing the password and because of this discrepancy occurred server and client signatures.
Here is a piece of code

SynAuth.PasswordHashHexa = SynAuth.Sha256hash ( "salt" + password);

should be replaced by

SynAuth.PasswordHashHexa = "";

After this error with the signature disappeared. Everything turned out the way I wanted.
Only now, as I understand it, I need to keep track of time and the end of the session to re-do the authorization in the background.

P.S. Perhaps these details will be useful for the community, especially for those who have just started to learn this wonderful framework.

#3 Re: mORMot 1 » Single Sign On (SSO) authorization with Web Browser and mORMot » 2016-12-27 06:05:20

Hello! Thank you for your answers.
I had based the script in post #32 Javascript authentication. Because I don't want to use angular or ExtJS only for authorization, so interesting plain javascript. Quite a bit changed it. Edited the Procedure onGotTimestamp that it caused onGotSession, not onGotNonce. As a result, the server returned status login OK. Further, as I understand it, from server response


need to allocate the string before the "+" (245386974) sign and translate it into hexadecimal notation. In the case that happened less than 8 characters, it is supplemented with zeros at the beginning.In our case, it turns out EA04EDE we first add 0, poulchaetsya 0EA04EDE. Ie this is Session_signature and our.
In I add it to the query


and get a 403 response - "Authentication Failed: Invalid signature (0)".
The debugger and saw that the authentication fails in the


in this place

if Ctxt.URISessionSignaturePos+(18+8+8+8)>length(Ctxt.Call^.url) then begin
    result := nil;

It turns out that I have not the same length: 77 to the left and to the right 61. What makes this condition? As I understand it, this procedure returns me the result is incorrect signatures

#4 Re: mORMot 1 » Single Sign On (SSO) authorization with Web Browser and mORMot » 2016-12-26 08:17:07

Thanks a lot @Chaa @Erick!
Will continue to study
And what is the life time of the session? What time session_signature will be valid?

#5 Re: mORMot 1 » Single Sign On (SSO) authorization with Web Browser and mORMot » 2016-12-23 09:55:14

Thank you your answer! It worked.
When you query with empty parameters I'm using debugger I saw that the method is called TSQLRestServerAuthenticationSSPI.Auth. The browser returned me an answer here


I.e., everything is fine.
Now, every request needs to send GET request received the number of the session


I correctly understand? What's the name of the session parameter from the GET request data or session or something?

#6 Re: mORMot 1 » Single Sign On (SSO) authorization with Web Browser and mORMot » 2016-12-23 04:57:55

Thanks for the quick answers @ab @Chaa!


the URL must be with empty parameters UserName and data or not?
Maybe I don't fully understand, but in the post about authentication via JavaScript you need to pass the password.
What is the authorization must be configured on the server side ?


Or somehow differently it is necessary to configure authorization on the server?
Sorry if the questions seem stupid, but you are better versed in this than I am. I'm still at the stage of study and understanding
Thank you!

#7 mORMot 1 » Single Sign On (SSO) authorization with Web Browser and mORMot » 2016-12-22 11:24:14

Replies: 15

Hello! Tell me, please, is there any implementation of single sign-on through a web browser?
I was watching this topic http://synopse.info/forum/viewtopic.php?id=931&p=3 . It describes the module SynSSPIAuth. And in the example ThirdPartyDemos\Chaa\WindowsAuth the use of this module.
But this is for clients written in Delphi, but how can I implement authentication of a domain user via the WEB interface?
Thank you in advance for your answers!

#8 Re: mORMot 1 » MVC URI routing » 2016-12-13 06:27:54

A very interesting topic. Can write a snippet or describe here how to use the examples? It is not clear where then used interface ICustomers. Is it possible to use the URI routing in my MVC application to mORMot. Sorry if asking stupid questions but I'm new.
I have not seen this implementation in the documentation and examples. Thanks in advance!

Board footer

Powered by FluxBB