1

Example of how to authenticate and embed Pyramid content.

For Embed on Pyramid 2020.11 please see this link.

Below is a simple example of a web page that displays Pyramid content and authenticates to the Pyramid Embed API in order to create a cookie for authentication. You must have the embed add on included in your licence for the embed feature to work.


1) Replace the div tag with one of your report div tags as shown in the screenshot below:

Click on the Action panel on the content you want to embed>Click on the "embed" icon">choose copy without the script (see attached screenshots)

  
2) Add a username and password from your pyramid system that has access to the content. If you need to add your AD domain name it should be included with the username so domain\\UserName
3) Update the 2 lines in bold to your Pyramid 2018 URL

Its important to note that the file you create should be saved as a html file and run from a web server.

<html>
 <head>
 <meta charset="UTF-8">
 </head>
 <body>
  <!-- add the jquery & js-cookie scripts -->
  <script src="https://code.jquery.com/jquery-2.2.4.min.js"></script>
  <script src="https://cdnjs.cloudflare.com/ajax/libs/js-cookie/2.2.0/js.cookie.min.js"></script>

<div data-id="cee1d574-1a9c-48d1-8825-2bae245c4f12" data-type="discovery" class="pyramid-embed pyramid-auto" style="width:1000px;height:400px;" data-host="http://PyramidURL.com"></div>

<script>
  function GetAuthentication(userName, password) {
    var credentials = {data: {userName: userName, password: password,domain: document.domain}};

$.ajax({ 
    type: "POST",
    url: "http:// PyramidURL.com /API2/auth/authenticateUserEmbed",
    data: JSON.stringify(credentials),
    }).done(function(token){
    Cookies.set('PyramidEmbeddedAuth', token);
    pyramidInit();
    });
  };

if (Cookies.get('PyramidEmbeddedAuth') == null) {
    GetAuthentication("USERNAME", "PASSWORD");
  }
  </script>

<script src="http://PyramidURL.com/no-shell/embed.js"></script>

</body>
</html>

For further reading on how to use the embed feature please see our online help section here

4 replies

null
    • Eetu_Ruponen
    • 3 yrs ago
    • Reported - view

    The embedding is quite easy, but how to define sensible CSP when you want to embed Pyramid? The current JS implementation seem to require both unsafe-inline and unsafe-eval to actually work at all. And to top that there is out dated JQuery libraries still being used. 

    • "making the sophisticated simple"
    • AviPerez
    • 3 yrs ago
    • Reported - view

    There is nothing unsafe about this code. Its a very basic example given to the user community so they can better understand how to put together an embedded content experience with authentication - especially for modern single-page JavaScript apps.

    You are free to write any code you want and to shift the authentication to a compiled code behind model if you want to go the 'older' approach. I suggest you take a look at the help for more information -both covering the embed solutions, embed APIs and the REST API framework for security.

    And, for the record, the JQuery library version is almost irrelevant. Change it to whatever you want.

      • Eetu_Ruponen
      • 3 yrs ago
      • Reported - view

      Avi Perez No, no, there is nothing wrong with this example.

      But the script that the embed.js (no-shell.xxxx.xxx.xxx.js) then adds to the site using a dynamically generated script-tag causes issues. It (atleast in version 2020.04.004) uses an out dated JQuery library as an external dependency and it the script contains code that forces you to add 'unsafe-eval' and 'unsafe-inline' to the page's CSP header. And that is not a good thing.

      So what I was wondering, is there a way to get rid of those, as those all can cause security issue?

    • "making the sophisticated simple"
    • AviPerez
    • 3 yrs ago
    • Reported - view

    Look at using the Embed APIs and NPM.