Is it possible to link to webstation from another website/web portal without needing to log in?

Issue

Is it possible to link to webstation from another website/web portal without needing to log in?

Product Line

TAC Vista

Environment

Vista 5.1.X

Vista Webstation 5.1.X

Cause

A customer may wish to integrate a/some webpage/s from TAC Vista webstation into their company's own internal website.

Resolution

There is an option in TAC Vista web settings that enables a user to be redirected to Webstation from an external application, e.g. another website, and then automatically logged in to Webstation.

The requirement for this to be possible is that the external application and Webstation shares a secret key and an Initialization Vector (IV). These are cryptographic terms and as far as the layman (or sysadmin) is concerned these can be considered to be two passwords of approximately 30 characters each.

The key and the IV are both generated through the "TAC Vista Web Settings" application. The key and the IV are two securely randomized and different 128-bit byte arrays which are then encoded as Base64 for usability purposes. The external application should be programmed to read and decode these two Base64 strings and use them as the key and the IV for the AES (Rijndael) encryption algorithm.

The encryption is used to pass a secret string from the sender (external app) to the receiver (Webstation). This secret string contains the date and time
of the current request (in UTC and in ISO 8601 format) followed by a space and then the user name of the account in Webstation. The secret string should
match the following regular expression or else it is not considered valid:  [0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}\s.*
 
Example of secret string:
 2005-12-31T21:55:30 fido
 

The encrypted string that is passed to Webstation should be Base64 encoded and also UrlEncoded so the string can be passed in the URL. The UrlEncoded string should be passed to Webstation as a query string parameter where the parameter name is PortalLogin. Ex:
 

 http://webstation/AlarmListPage.aspx?PortalLogin=%2bxQZvkf5PhtNCsxcuE1I54ZgrwUcQHG%2buPPc7Zn9ThQ%3d


1. STEPS THE SENDING APPLICATION NEEDS TO PERFORM

a. Construct a string according to the format: YYYY-MM-DDThh:mm:ss user.
b. Encrypt the string using the shared key and initialization vector (IV). The encryption algorithm has to be AES (Rijndael) and key size 128-bit.
c. Encode the encrypted string using Base64.
d. URL-Encode the string.
e. Forward the client to an arbitrary Webstation page and append the query string parameter PortalLogin= followed by the string.

2. WEBSTATION CONFIGURATION

a. The following parameters has been added to Web.Config to support Portal Login:

    TAC.WebStation.PortalLogin.Enabled" value="false" />
    TAC.WebStation.PortalLogin.Key" value="" />
    TAC.WebStation.PortalLogin.IV" value="" />
    TAC.WebStation.PortalLogin.TimeSpan" value="60" />
   
The above values are the default values. Key and IV should be generated by Web Settings and not entered manually. TimeSpan is the amount of seconds the time stamp from the sender can differ from the Webstation server's time when it receives the request.