This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Where should the embed_domain parameter be defined when SSO embedding?

on ‎05-07-2021 09:48 AM

maxcorbin
Staff
1 0 888
Knowledge Drop

Last tested: Aug 30, 2020
 

The embed_domain parameter isn't its own SSO parameter, but rather gets put directly in the embed_url parameter. If the embed_domain is specified as a separate query parameter, even if it is placed after the embed_url, users may get the error: "Embed URI is not valid: This request includes invalid params: [“embed_domain”]. The script will not format the embed_domain correctly to generate the signature unless it is actually part of the embed_url.

If you are troubleshooting this error, first ask yourself, "Do I actually need to include the embed_domain?" The embed_domain parameter is only necessary if your script is using Javascript event listeners (not a requirement for a basic SSO embed implementation). So if you do not need to listen for Javascript events, the simplest option is to get rid of the embed_domain completely.

If you do want to listen for Javascript events, you'll want to check the URL generation script to see where the embed_domain is being added. Here is what it should look like when done correctly:

{
host: 'localhost:9999',
secret: [embed secret goes here],
external_user_id: '57',
first_name: 'Embed Steve',
last_name: 'Dude',
permissions: ['see_user_dashboards', 'access_data', 'see_looks'],
models: ['thegreatmodel'],
group_ids: [5, 2],
external_group_id: 'awesome_engineers',
user_attributes: {"an_attribute_name" => "my_value"},
access_filters: {:fake_model => {:id => 1}},
session_length: fifteen_minutes,
embed_url: "/embed/dashboards/3?embed_domain=http://localhost:8081", #DO THIS
force_logout_login: true
}

Here is what it should look like when done incorrectly:

{

embed_domain: 'localhost:8081', #DON'T DO THIS

host: 'localhost:9999',

secret: [embed secret goes here],

external_user_id: '57',

first_name: 'Embed Steve',

last_name: 'Dude',

permissions: ['see_user_dashboards', 'see_lookml_dashboards', 'access_data', 'see_looks'],

models: ['thegreatmodel'],

group_ids: [5, 2],

external_group_id: 'awesome_engineers',

user_attributes: {"an_attribute_name" => "my_value"},

access_filters: {:fake_model => {:id => 1}},

session_length: fifteen_minutes

embed_url: "/embed/dashboards/3",

force_logout_login: true

}

Notice that the incorrect script puts embed_domain as the first parameter, which will show up directly after the main embed path /embed/dashboards/3 . So the final generated URL will look very similar to a correct URL, but the URL will still not validate because the embed_domain parameter is not recognized.

This content is subject to limited support.                

Version history
Last update:
‎05-07-2021 09:48 AM
Updated by: