Authentication and authorization systems cannot be fully enforced on the client. The wrdauth JS api is intended to ease integration into websites, but you should not rely on eg the 'wh-wrdauth--isloggedin' class to hide sensitive information from users who are not logged in.
Please note that the wrdauth JS api cannot access the real login cookies - these are all marked as 'HttpOnly' to prevent the cookies from escaping in a XSS attack.
WRD authentication APIs
- OBJECT FUNCTION GetWRDAuthPlugin(STRING url, RECORD options)
Get the authentication plugin for the specified url
- OBJECTTYPE WRDAuthSupportBase
- OBJECT FUNCTION GetWRDAuthPages(OBJECT webdesign, RECORD options)
Implement standard login/passwordreset etc pages
WRD prefiller for forms
- OBJECTTYPE SAMLIDPConfigBase
Base type for SAML IDP configuration
- OBJECTTYPE SAMLSPConfigBase
Base type for SAML SP configuration