You are viewing limited content. For full access, please sign in.

Question

Question

Starting Private Forms Process from Web Client

Forms
Updated November 18, 2019
asked on November 13, 2019

We want to build a Web Client that interacts with private form processes.  A user would have an account on our system and within LaserFiche.  Our application would handle the mapping between the two accounts.  When a user logs into our application they would get a listing of available processes to start, based on internal data points managed in our CRM. Upon selecting a process to start a new window would open, bringing up LaserFiche Forms.  Then our application, throughout the process of the form would hook back into LaserFiche to be able to view the status of forms in process and see if there are any forms assigned to the user.  

 

While I understand, this particular feature set is what LaserFiche Forms offers out of the box, this functionality will be one of many other features that will be offered by our application.  So we are looking to hook into LaserFiche Forms for the data capture and workflow facilitating.   

 

After digging into the UI we would need to be able to do the following: 

  • Authenticate with LaserFiche Forms on behalf a user in LaserFiche
  • Get List of available processes by groups/teams
  • Open authenticated process/form without user having to manually enter credentials

 

I have noticed there are a few other posts similar to mine on here but they appear to be a year or so old. I figured I would ask myself, just in case anything has changed with the LaserFiche forms product.  

 

1 0

Answer

SELECTED ANSWER
replied on November 18, 2019

Yes - in two steps:

  1. Configure Laserfiche Forms for Laserfiche Directory Server (LFDS) authentication
  2. Configure Laserfiche Directory Server for SAML 2.0 SSO.

 

For LFDS/SAML, there are also a few technical white papers I recommend looking at. While they speak to specific SAML providers, the integration is a generic one and should work with any SAML provider:

  1. Configuring Directory Server 10.3 for SAML Authentication with Okta

  2. Configuring Laserfiche Directory Server 10.3 for SAML Authentication with Microsoft Azure Active Directory

  3. Configuring Laserfiche Directory Server 10.3 for SAML Authentication with Shibboleth

In short, LFDS accepts SAML auth and issues an LFDS token good for Laserfiche web applications (Forms, Web Client, etc.). Forms checks for and accepts the LFDS token to authenticate the user.

Is your application web-based? If so, is putting specific Forms interfaces in iframes an option? That would save you a significant amount of reimplementing existing functionality and makes the whole auth flow cleaner.

0 0

Replies

replied on November 13, 2019 Show version history

Hi Bill,

A first question I would have is if your application supports Windows Authentication/AD users and/or SAML 2.0 auth backed by a central identity provider (IdP).

Any identity management and user mapping/impersonation scenario here is vastly more complex without leveraging AD/SAML as a common element.

0 0
replied on November 13, 2019

Our application does not support Windows Authentication, it authenticates against our internal CRM. 

 

I'm not worried about the level of complexity with user mapping/impersonation, if there is some kind of way forward.  Are there a set of known steps I need to take to authenticate a LaserFiche user?  So far I have doing the basic authentication against the directory server to get the STSAuth cookie, then I need to figure out the SAML Request to get the .LMAUTH cookie.  

0 0
replied on November 14, 2019

If our internal CRM supported SAML 2.0, is there documentation somewhere to setup the integration with LaserFiche Forms?

0 0
SELECTED ANSWER
replied on November 18, 2019

Yes - in two steps:

  1. Configure Laserfiche Forms for Laserfiche Directory Server (LFDS) authentication
  2. Configure Laserfiche Directory Server for SAML 2.0 SSO.

 

For LFDS/SAML, there are also a few technical white papers I recommend looking at. While they speak to specific SAML providers, the integration is a generic one and should work with any SAML provider:

  1. Configuring Directory Server 10.3 for SAML Authentication with Okta

  2. Configuring Laserfiche Directory Server 10.3 for SAML Authentication with Microsoft Azure Active Directory

  3. Configuring Laserfiche Directory Server 10.3 for SAML Authentication with Shibboleth

In short, LFDS accepts SAML auth and issues an LFDS token good for Laserfiche web applications (Forms, Web Client, etc.). Forms checks for and accepts the LFDS token to authenticate the user.

Is your application web-based? If so, is putting specific Forms interfaces in iframes an option? That would save you a significant amount of reimplementing existing functionality and makes the whole auth flow cleaner.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...