The One-Time URL is a unique, disposable URL leading to a specific VirtualUI application. What makes it useful is that it allows for passing credentials and/or custom data to the application through an independent secure channel, hidden to the end user.
A usual scenario involves a backend service (ie. a web server), where the user’s credentials are validated. This backend service communicates with a VirtualUI Server to request the creation of a One-Time URL, passing information about the application to run, credentials and custom data. This information is stored temporarily and indexed by a unique access key. Also a random passcode is created and used to encrypt the stored information. This access key and passcode are returned to the backend service to build the final One-Time URL.
Once the user is directed to the provided URL (automatically or by clicking on a link), VirtualUI validates the access key and passcode and starts the application passing the associated data. Finally, this key and associated data are removed from memory and therefore the URL becomes invalid. The same happens if the URL was not used for the amount of time specified in the creation request.
Read more:
Thinfinity VirtualUI offers a special access method called “One-Time URL”. This mechanism was designed to create a temporary, unique url to provide one-time access to a specific application. This temporary url is disposed as soon as it is used or after a specified period of time has elapsed.
These are the main scenarios where the One-Time URL access method is most useful:
· External authentication methods.
· One-time invitations to run a program (i.e. application demos/presentations).
Read more:
The VirtualUI Server processes a One-Time URL creation request in the form of an http(s) request, as follows:
serverurl + "/ws/oturl/get?apikey=" + apikey + "&accesskey=" + accesskey +
"&virtualpath=" + virtualpath
"&userid=" + userid + "&password=" + password +
"&customdata=" + customData +
"&plen=" + passlen + "&expires=" + expires
"&arguments=" + arguments ,
where:
serverurl
optional
VirtualUI Server address (protocol, domain and port)
apikey
required
VirtualUI installation [API] key. Find this information in Thinfinity.VirtualUI.Server.ini at C:\ProgramData\Cybele Software\Thinfinity\VirtualUI
accesskey
required if not using virtualpath
Identifies the application that will be run. Complete this parameter with the 'access key' parameter found in the application’s profile in the VirtualUI Server Manager.
virtualpath
required if not using accesskey
Uses the VirtualPath of the application, configured in the application profile editor.
userid
optional
A valid user that meets the criteria set in the application profile’s 'Permission' tab.
password
optional
The password of the user specified in the 'userid' parameter.
customdata
optional
Use this field to send any information you may need to make available to the application. This is the right place to pass sign-on credentials. This information will be accessible in the application through the BrowserInfo.CustomData property.
plen
optional
Length of the passcode to be returned.
expires
optional
Ticket expiration time, in minutes.
arguments
optional
Arguments passed to the application.
Note: The user indicated in the 'userid' parameter is a user validated within VirtualUI to access the application. This is an Active Directory user that was either added individually, or as part of a group of users in the 'Permissions' tab of the profile that will be accessed. In a regular non-one-time-URL implementation, the end user would authenticate by providing these credentials. However, when using a one-time-URL, this information is used internally by the application and the user can be authenticated somehow else.
If the request is unsuccessful, the following HTTP codes can be received:
400: Invalid parameters
401: Userid/password invalid
If the request is successful, the HTTP call returns a 200 HTTP status code, and a JSON consisting of two fields:
With this information, the backend can build the final URL, following this format:
Here's an example that uses the JSON shown above: