Related links
Homepage
User documentation
Uživatelská dokumentaceFI - Finance Management
Framework Core functionality
- AyMINE Framework Server
- frmFrm – provided functionality
- System Rights
- System messaging
- AyMINE Business – Price calculation
- Strings and translations
- Export collection of objects
- AyMINE Framework management FAQ
- The AyMINE licence model
- AyMINE On-premise
- System events
- Mutli-client architecture
- Import collection of objects
- User sessions
- Default server methods
- Client-defined object attributes
- Common Libraries
Module - support for management
Libraries & Lincences
Mobile & Web Application
- Runtime debugging
- System console
- AyMINE Application
- In-line table edit support
- Object scripting API – object lang
- Application object structure
- Multilingual support
- View of a single object – detail
- Is using EVAL / feval method risky?
- Included library – String operations
- Cliplink
- Object API – object <g>
- API – Data object
- Object scripting API – object User
- Object view definition
- Framework support for Drag & Drop
- Common libraries
- Multiple-object update implementation
- fClip & fCliplist
- Offline persistent objects
- Mobile application
HR - Human Resources
System Management (part of framework)
Task, Project, Quality
Task & Task pattern
CMS - Content Management & Web API services
Single Sign-on authentication
Single sing-on supports access to the application verified by authentication from external source
Single-sign on (aka SSO) authentication described here expects that client uses its own single-sign server for all clients. Application does not allow direct login but user should access using external service and link.
System currently can provide authentication identity for other application of required or accept user identity token from external SSO source.
When SSO is integrated, user login data are not stored in the system at all – except when mobile application is allowed. Clients should use external page to login to the SSO and than open the application page using special link that is client-specific
Communication with external Single-Sign portal describes the activity diagram bellow:
Methods requires authentication verification from external SSO application. Server configuration is always client-specific and should by set up by system administrators including definition of the client-specific page for SSO redirect.
Standard login dialog cannot be used to login to the SSO account.
SSO method Limitations
SSO is not usable with the mobile application. Using the application could be total disabled for client's users or users should define password usable only for application.
Mobile application security
When user has Single-sign and mobile application activated together, application should be activated using the sign-up scheme:
- Start AyMINE at computer (browser) using the SSO authentication
- Request create password for mobile application
- Install & start mobile application
- Login to the mobile application with password
- Confirm application in the AyMINE at browser
- Logout and login again the to mobile application
Even when user has defined password for application:
- Password could be used to login using the default login dialog
- No other device could use the password. Each device should be individually confirmed in the browser before it could access the account
Activity diagram for application registration with single-sign on authentication mode.
