In some cases it may be necessary to perform login to THRON platform without using user credentials (username and password); it is the case for example of an external partner or a freelancer who must use THRON services but who you do not want to provide with credentials. In this case you can simply allow him to use the token of an active session which can be invalidated after use.
First you need to obtain a valid session token. To do so you can use the service login of identitymanager which is located within xsso. Using the proper parameters such as the username and password of a registered user, the service will return a valid tokenId which can be used to connect to the platform without typing the credentials.
How to log in using a valid tokenId
Once a valid tokenId has been generated, it can be used to connect to the platform by simply hanging it it at the end of the login url, like this:
You can even place a redirect in the auto-login url, in order to point the user to a specific page in case the login fails. You have to use this expression:
How to invalidate token after use
Once collaboration within the platform is over, it may be necessary to invalidate the token, in order to avoid subsequent or unwanted accesses. To do this, you simply have to invoke the logout service of identitymanager, which is located within xsso, using the tokenId as a parameter within the request. From that point on, that specific token can no longer be used to connect to the platform.
[/tab] [tab:Code Samples]
You can test involved web services in the developer portal at the following links: