{{sidenavigation.sidenavigationExpandLabel}}
{{getMsg('Help_YouAreHere')}}: {{page.title}} {{page.title}}
{{$root.getMsg("downLoadHelpAsPdf")}} {{helpModel.downloadHelpPdfDataStatus}}

Single Sign On

When using a website or web application combined with i-net PDFC it's recommended to only let the user log-in once. The solution for this scenario depends on your server infrastructure and selected authentication method.

Single Server

In this configuration, i-net PDFC would be running in an application server that presents your web front-end or web application as well. It's recommended to set the authentication method to 'Internal web server' for that use case. This enables i-net PDFC to share the session and authentication with your web application.

Pro Contra
Easy and seamless integration with web applications Requires an application server

If you require another authentication method or i-net PDFC runs in a separate process (e.g. IIS or Apache with PHP), make sure that i-net PDFC is accessed by the same host name as your front-end server. Furthermore, the credential store has to be the same for the web application and i-net PDFC. This is required to enable the client browser to automatically resend the authentication when switching between the web application and i-net PDFC. The user won't be notified about this re-login so the user experience is seamless.

Pro Contra
Works with almost any web server Requires basic or NTLM authentication
Both server applications must have the same credentials base

Front-end + Back-end Server

In case you want to install i-net PDFC on a firewall-protected back-end server, a different setup for authentication has to be used. Since your web site or application is hosted on another (front-end) server, i-net PDFC has to contact this server to share the authentication. Make sure, this connection is not blocked by the firewall as well.

To set up this solution please:

  • Setup a Proxy on the front end server. This can be done by using the ASPX proxy script located in the samples folder of the i-net PDFC SDK. If you're using another proxy, make sure to forward all cookies and/or the authentication header to the i-net PDFC server.
  • Install a login script on the front-end server. See External Script section for details.
  • Make sure the back-end server can contact the front-end server for the Login Script
  • Configure i-net PDFC to the authentication method 'External web server' and set the 'Login URL' to the location of the Login Script on the front-end server

How it works in production:

Scheme of front-end / back-end single sign on

It's important in this scenario, that request 1. and 2. pass all cookies (session ID) and header (authentication header). This allows the Login Script on the front-end server to identify a user by session cookie or by authentication.

Pro Contra
Allows Firewall protection for the back-end server Additional load on the front-end server
Single entry point (host) for users May require a custom proxy implementation

Parallel Servers

In this scenario the web site/application server and the server hosting i-net PDFC are both connected to the same network or the internet. The user can directly access both servers. So in contrast to the front-end / back-end architecture, there is no proxy which can pass the authentication or session data from the web site/application server to the reporting server. So passing the session cookie has to be done by the web site running in the browser of the client/user. For that reason, a front-end / back-end solution is recommended in most cases.

To set up this solution please:

  • Install a login script on the web site/application server, see External Script section for details.
  • Modify your web site or application to present the i-net PDFC report or web interface in an IFRAME embedded in your web site/application
  • Modify your web web site or application to pass the session cookie to this IFRAME so that the IFRAME uses this cookie when querying the reporting server
  • Configure i-net PDFC to use the authentication method 'External web server' and set the 'login URL' to the location of the login script on the web site/application server.

How it works in production:

As you can see, the most critical point here is to pass the session from your web application to the reporting IFRAME. Most browsers will try to prevent you from re-using a cookie for another host. So it requires sophisticated JavaScript knowledge to implement such solution.

Alternatively you may pass the required session data as URL parameters to the IFRAME. But since i-net PDFC only passes Cookies and HTTP header fields to the Login Script, this would require to extend the reporting server with a plugin to convert the URL parameters to a cookie for authentication.

Pro Contra
No proxy required Requires sophisticated JavaScript or Java coding
No extra load for the web server Exposes back-end architecture
i-net PDFC
This application uses cookies to allow login. By continuing to use this application, you agree to the use of cookies.


Help - Single Sign On