Securing access to Image URL's and User Interaction URL's


#1

Hi,

How do I secure access to Image URL’s and User Interaction URL’s using TAS SSO?


#2

You can protect any resource by putting it behind the special url pattern /t/{tenant}/ as per https://github.com/talentappstore/tas-core-apis/wiki/04.-Programming-reference#protect-your-web-resources.

So if:

  • your app is called frodo
  • your interaction url is /t/{tenant}/results/{assessmentID}

… then the actual url for that results page would be https://frodo.communityapps.talentappstore.com/t//{tenant}/results/{assessmentID}.

Now, when anyone visits that page, SSO will kick in, and the visitor will be forced to authenticate.

Typically your assessment app would have principal type of “user”, so the authentication choices that the visitor sees will depend on what the customer has selected. e.g. typically it might be their corporate SAML platform.


#3

Thanks Andrew.

I have tried this out with the following URL:

https://mikedev.talegent.com:9443/t/talegenttest/image/sid/~0cKqKO7aru9OhFv90GeCzBs9VfXCy1ZD0
(currently unsecured and working)

I should be able to hit this from here right?

https://talegentassess.communityapps.talentappstore.com/t/talegenttest/image/~0cKqKO7aru9OhFv90GeCzBs9VfXCy1ZD0

Currently getting a 500 error. What am I doing wrong?

Mike.


#4

It looks like your second URL is missing “sid”?


#5

You are quite right, however adding in sid still results in a 500 error, from this URL:

https://talegentassess.communityapps.talentappstore.com/t/talegenttest/tas/start?redirect=%2Ft%2Ftalegenttest%2Fimage%2Fsid%2F~0cKqKO7aru9OhFv90GeCzBs9VfXCy1ZD0


#6

Mike, try uninstalling the app and then installing it again - ideally in a new tenant. Sometimes things are cached, e.g. if you changed the principal type of the app after installing it, that could perhaps cause this kind of thing. If you don’t have any joy we’ll investigate via logs for you.


#7

That did the trick. Thanks!