object vs img
-
We have a weird situation for one of our products. We serve a webpage that's behind a third-party SSO (openAM). This webpage is created by using several components (images/json/graphs/...) from our own server behind that same SSO. Those object are doing fine. However, there are also images served from another server, not under our control, but behind that same SSO. The weird thing is that images do not come through correctly. That is, if you first access the image directly and than through the files, it works, otherwise the image will not show. We have made a workaround that shows the image directly, by using an "object" tag instead of an img tag, but we would like to change that. We think this has to do with the client needing an additional authentication at the other server (and perhaps a switch from http to https, back to http again) But I can't find anything on the internet about this. My question is first and foremost, what could cause this behavior? (If an SSO change is needed, we need to have solid arguments towards our clients.) And secondly, do you know of a solution? thanks! WORKFLOW: 1. client requests page on our server 2. client is redirected to login page (and fills in credentials) 3. login credentials checked on server and page is served towards client with all objects of this server correctly on the page 4. *client browser detects some objects are from another server and requests those objects with the credentials passed in step 2 5. *credentials are checked on the other server and the server redirects to the requested urls (something here doesn't work correctly?) *step 4 and 5 is what w expect or what we think happens.
V.
-
We have a weird situation for one of our products. We serve a webpage that's behind a third-party SSO (openAM). This webpage is created by using several components (images/json/graphs/...) from our own server behind that same SSO. Those object are doing fine. However, there are also images served from another server, not under our control, but behind that same SSO. The weird thing is that images do not come through correctly. That is, if you first access the image directly and than through the files, it works, otherwise the image will not show. We have made a workaround that shows the image directly, by using an "object" tag instead of an img tag, but we would like to change that. We think this has to do with the client needing an additional authentication at the other server (and perhaps a switch from http to https, back to http again) But I can't find anything on the internet about this. My question is first and foremost, what could cause this behavior? (If an SSO change is needed, we need to have solid arguments towards our clients.) And secondly, do you know of a solution? thanks! WORKFLOW: 1. client requests page on our server 2. client is redirected to login page (and fills in credentials) 3. login credentials checked on server and page is served towards client with all objects of this server correctly on the page 4. *client browser detects some objects are from another server and requests those objects with the credentials passed in step 2 5. *credentials are checked on the other server and the server redirects to the requested urls (something here doesn't work correctly?) *step 4 and 5 is what w expect or what we think happens.
V.
V. wrote:
if you first access the image directly and than through the files, it works, otherwise the image will not show.
It almost sounds like the other server is checking the
HTTP_REFERERheader, and refusing to serve the image if it looks like it's embedded in another site. If you load it directly first, no referrer header will be sent, and the image will be cached, which is why it then works in your page. Try clearing your cache, then loading a page on your site which links to the image with an<a>tag, rather than embedding it. If you click on the link, does the image load? Try using something like Fiddler[^] to compare the requests that don't work to those that do, to see if there's any other obvious differences.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
V. wrote:
if you first access the image directly and than through the files, it works, otherwise the image will not show.
It almost sounds like the other server is checking the
HTTP_REFERERheader, and refusing to serve the image if it looks like it's embedded in another site. If you load it directly first, no referrer header will be sent, and the image will be cached, which is why it then works in your page. Try clearing your cache, then loading a page on your site which links to the image with an<a>tag, rather than embedding it. If you click on the link, does the image load? Try using something like Fiddler[^] to compare the requests that don't work to those that do, to see if there's any other obvious differences.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
Thanks! I'll look into it. (I'm already using fiddler ;-)) I just made a test page that requests the image through a object tag and the same through an img tag. The result was that the object tag loaded, but the image tag did not. After hitting F5, both loaded. Now I have to wait until I'm logged out, before I can launch Fiddler on it (there is no logout option, ... don't ask :sigh: )
V.
