Hi all:
I have a Sharepoint site and all users will have already been authenticated, I’ve also set up a GrampsWeb on my home server behind an NginX proxy gateway with Lets Encrypt certificates. I would like to put URLs on my sharepoint site that go directly to an specific page in grampsweb and has the authentication built in.
Is this possible? What is the syntax? I have no concerns about the credentials being visible to the user as they are all family and if I can’t figure out an embedded solution the credentials will be right on the link anyways.
I have tried https://user:password@domain and @domain/login
Thank you
John
Gramps 5.2.0
Gramps Web API 2.1.0
Gramps Web Frontend 24.3.2
locale: en
multi-tree: false
task queue: true
I have experimented something related.
I filter output of Narrative Web in NginX (this is a “simple” Perl script). If the page has specific privacy meta-data attached to it, user is required to identify. On success, a cookie is sent to grant access during 15 minutes (this is configurable) without authentication renewal. URLs are then standard Narrative Web ones (no credentials attached to them).
This is totally external to Gramps, can work with any service behind NginX.
Though yours is not the same use case, it could be adapted. Say, on first request, without consideration of page privacy, authentication is requested and access is granted for some medium-duration period.
If you’re interested, we can discuss on private channel.
This would not be possible without scripting or changing code as @pgerlier suggested. The reason is this:
Grampsweb’s auth system (and most auth systems) uses post requests to send authentication data. Post requests store auth information not in the url, but in the ‘body’ of the request. Hyperlinks don’t have the capability to store data for POST requests, they always are sent as GET requests. The closest you could get is if in your sharepoint site you used buttons instead of links. Then you could send all the data need for authentication to the api and redirect to a page.
I’m not sure if there is a way to set a permanent auth token that does not expire in Gramps, but you could probably do it with a little code modification. In that case you would not have to worry about the button setup. In your sharepoint page you would include a script to set an auth token for your Gramps site that has no expiration date directly. Then any links the user clicks would be automatically authenticated using this information.
1 Like
Hi pgerlier:
Thank you for your reply. I am not a coder so there is no such thing as a simple Perl script in my view 
, but if I understand the gist of your response on authentication, I would put the authentication in the NginX proxy? using a script. So lets say I get a request from my sharepoint site (how would I know its from my share point site?) then I have a script on the NgniX proxy which authenticates for the sharepoint site? If my assumptions are correct, I would be OK with that approach.
Just so you understand my level of comprehension, I would not know where to begin to put a Perl script on the NginX Proxy Manage.
I would be happy to discuss on a private channel, not sure how I would initiate that.
John
In my procedure, there is no such thing as “request origin”. There is an external authentication step, requiring that some human is in front of the computer. The person clicks on your Sharepoint link (or any other). When the response passes through NginX, I check if a “magic” cookie has been sent with the request. If not, I request authentication and this where human presence is needed. Once authentication is made, a “magic” cookie is sent with the response. This “magic” cookie is valid only for a limited time period (to avoid leaving open a connection in case user does not disconnect and leaves the computer unattended, allowing anybody to continue with the authenticated session). When the period expires, a new authentication is needed.
I thought you had configured the NginX server on your machine.
My trick requires a modification to the configuration and the possibility to store an executable script in some folder accessible by NginX. It also requires installation of SQLite DB engine to manage credentials. It is also used to store a description of the “magic” cookies to prevent spoofing.
Hi pgerlier: Thank you for your response. With Docker Desktop and all the preconfigured images its amazing what you can do with a single CLI command “docker-compose up -d” . That and a .yml file and I had an NginX proxy manager up and running with a browser based GUI.
I would be willing to fiddle with the NginX guts, because if I screw it up, I can easily restore the default. However, your method is a bit beyond what I’m willing to attempt right now
Thanks John
I deduce from you reply you’re under Linux. Consequently, it would not be too difficult to adapt my filter.
Which distro? I am under Fedora 40 with KDE Plasma desktop.
PS: I sent you a private message to initiate direct link between ourselves (green notification tag at top left right of page).