I'm working for a company which uses the enterprise version of JIVE. Only employees have access to the site and access is guarded by SSO.
I'm also using the JIVE 7 v3 REST API to connect to this enterprise edition of JIVE and fetch stream, trending and recommended content. The problem i have noticed occurs initially when a new client application is attempting to request an OAuth token on behalf of one of its users. These are three use cases , the first fails the others works. I would be grateful if anyone can shed some light on whats going on;
Use case 1 (fails)
- User navigates to client site (which is also protected by SSO)
- Client site presents user with a window asking if they would like to see their JIVE content on the client site and if so to click a button to initiate authorization.
- User clicks the button which initiates the /oauth/authorize request.
- If the user is not already logged into JIVE: The authorize request is intercepted by the SSO agent (the client application and JIVE application use different versions of SSO), once this step completes the request is re-issued.
- The request fails and returns the following message "It looks like a remote service wants to access your JIVE account. There seems to be a problem. Some information provided by the remote service is missing or invalid e.g. redirect URL, client ID, code etc"
Use case 2 (succeeds)
- After the first attempt to authorize fails the user hits the authorize button again.
- This time the request is not intercepted by SSO and proceeds to JIVE which fulfills the request and returns new access and refresh tokens.
Use case 3 (succeeds)
- User has logged into JIVE and there session is still active
- They navigate to client site and hit the authorize button
- Request succeeds as user has already logged in
It's clear that there is an issue with the first use case. The JIVE site is expecting the request to have the SSO cookie along with the following JIVE specific cookies;
jive.user.loggedIn=true; jive.server.info="serverName=youdomain.com:serverPort=443:contextPath=:localName=localhost.localdomain:localPort=9001:localAddr=127.0.0.1"; jiveSSOLoginUserCookie=true;
And even though these are both present after the request is intercepted by the SSO agent the subsequent call to /oauth/authorize will still fail. It looks like the issue could be related to the fact that the authorize request is via AJAX and the client domain is different to the JIVE site domain however because the second and third use case always work it presents question marks. Any help would be appreciated.