Gemini Community Support Site

This Gemini community support site can be used to find solutions to product issues. You can log in using Open Id, Google Profile and even Facebook. Feel free to ask a question or browse FAQs and documentation. Product tour videos are also available along with how-to videos demonstrating key Gemini capabilities.




Login failed when integrating Gemini via iframe

add-ons

Hello,

We are integrating our Gemini with another system (CMS) in a way when Gemini website is loaded in iframe. And we experience next behaviors.
When user is logged in Gemini in some browser tab, and when s/he opens custom page where Gemini is loaded to iframe, then s/he in is logged in automatically (as far as authentication cookies is shared). And this is ok.
But when there is no valid cookie (user doesn't have Gemini site opened), and when s/he tries to open custom page, then login page is opened in iframe. And when user fills in wrong password, then it shows error message. But when user fills in correct login/password, then next exception appears:
---
Access is denied.
Description: An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL.

Error message 401.2.: Unauthorized: Logon failed due to server configuration.  Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server.  Contact the Web server's administrator for additional assistance.
---

So that, user cannot login to Gemini in iframe.
Does anybody know how to workaround that issue?

UPDATE: Gemini and CMS solutions are on the different domains.

Thanks in advance.

slava.boyko
· 1
slava.boyko
Replies (15)
helpful
0
not helpful

Can you call Single Sign On in Gemini?

gemini/sso.aspx?xxxx

This may mean that the user doe snot have to login within Gemini -- use just pass down the credentials.


Harvey Kandola
· 212
Harvey Kandola
helpful
0
not helpful

Hmm, so how can we leverage \security\SSO.aspx page in our iframe case?
When I am navigating it (and I am logged in) - I am redirected to login page, don't know if it is normal behaviour.


slava.boyko
· 1
slava.boyko
helpful
0
not helpful


The following parameters must be passed to the SSO.ASPX page, which is under the security directory (e.g. gemini\security\sso.aspx?u=username&p=password).

U = Username
P = Password

The user name and password is then authenticated against the Gemini database. These parameters can be sent in clear text or encrypted.



Harvey Kandola
· 212
Harvey Kandola
helpful
0
not helpful

Thanks for trying to help, but unfortunately the problem is still there.
Even if I pass user's login and password to SSO page in iframe - it always redirects to login page. Is it correct behaviour? By the way, is there any documentation about Gemini SSO page?

But, anyway, for now we don't consider to store users' password in other system for security reasons, and just need to allow user to login in iframe in same way like if s/he logins in main Gemini website.
And there is still that error, it seems like not Gemini related - rather asp.net/browser issue, but maybe you could help with workaround?
 


slava.boyko
· 1
slava.boyko
helpful
0
not helpful

Slava,

Have you set the Anonymous Access setting in Administration -> Security -> General settings?

Not sure what else we can do as IFRAME support i snot officially supported.


Harvey Kandola
· 212
Harvey Kandola
helpful
0
not helpful

Ok, I have set Anonymous access, but still user cannot login in iframe. When I enter valid login/pass and submit - nothing happens, and I see the same page like anonymous user. But when I logs in not in iframe - it is ok, I see projects list etc...

Could you please give more information about SSO functionality, maybe we could somehow use it. I see (in Admin interface) settings like SSO key and related drop-down with options how password is handled  (hashed or not).
Is there any documentation explaining how to use Gemini SSO features and what those settings mean etc? Actually, it would be good to have guide in form of solving simple scenario, but I don't see something like that.


slava.boyko
· 1
slava.boyko
helpful
0
not helpful

Using the sso page is quite simple, send the user and password: http://www.countersoft.com/downloads/v37/docs/GeminiManagementGuide.pdf (page 30).

Did you try to use fiddler to Gemini's response?


Saar Cohen
· 5000
Saar Cohen
helpful
0
not helpful

Like I mentioned above, I tried SSO page, but this works strange - always redirects me to login page and makes log off if I am logged in same browser. So that, I am always redirected to login page when I navigate http://<gemini website>/security/SSO.aspx?username=<my login>&password=<my password>
I checked Security->General settings->SSO Credential Encryption - I have "Clear text user password" there.

Yes, I already quickly looked at possible differences between request/response in both cases  - when log in normally and in iframe, but have not found anything suspicious. I will look one more time actually.



slava.boyko
· 1
slava.boyko
helpful
0
not helpful

I didn't find anything suspicious in Fiddler. Requests and responses look the same with same cookies etc.


slava.boyko
· 1
slava.boyko
helpful
0
not helpful

Can you please try with another browser (eg FireFox)?


Saar Cohen
· 5000
Saar Cohen
helpful
0
not helpful

Interesting... it does work in Firefox! Thanks for that idea.
But unfortunately users of our custom page are 99% IE users. And it doesn't work in IE 8.
Maybe you know how to overcome that?


slava.boyko
· 1
slava.boyko
helpful
0
not helpful

Haven't seen this before, so no idea. But it seems like it might be a cookie issue with IE and iframe?


Saar Cohen
· 5000
Saar Cohen
helpful
0
not helpful

Have seen this before with other apps.

IE is blocking the cooky to store the loging. You see a icon in the status bar of IE, I think it's an eye or something. If you click there you can accept cookies from that website.

Very annoying indeed (IE's behaviour).


Bas
· 1
Bas
helpful
0
not helpful

Yes, thanks. It seems like IE blocks cookie (authentication cookie in my case) from another domain by default. Therefore, user either should allow cookie manually like you described, or add Gemini site to the Trusted Sites - it works as well, I tested.


slava.boyko
· 1
slava.boyko
helpful
0
not helpful

Thank you both for sharing the solution


Saar Cohen
· 5000
Saar Cohen