Embedding password protected external sites with URL type
We use iframes to display external websites in our content. If a website denies the usage of iFrames/embedding, we will be unable to display it.
If the website is yours, you can change this setup. If it is not yours, we suggest speaking with the website owner to allow embedding.
In the Text Menu you can choose your Content type.
URL typecan set the URL that you want to display.- You can also make it
Interactiveand display itSame originwebsite.
- You can also make it
Caveats and limitations
With the custom widget you can also display pages, that need to be authenticated.
There are multiple ways to authenticate a website, but you have to keep in mind, that these external pages are opened in an iFrame, so we can not manipulate their contents anymore.
Access using the URL token
This is a common method of accessing restricted sites while avoiding a login prompt. If the site's owner allows for this method, your browser, and our system, can log into the site automatically using the token without the additional step of logging into it.
Typical URL
A typical URL looks like this
http://www.example.com/foo/bar.html
Tokens
Tokens can take the format [expiration]_[signature] and look like this
1441307151_4492f25946a2e8e1414a8bb53dab8a6ba1cf4615
A token is expected in the ?token= GET parameter and the full URL looks like this
http://www.example.com/foo/bar.html?token=1441307151_4492f25946a2e8e1414a8bb53dab8a6ba1cf4615
We only get the URL in our Widget. We don't have control over if the site's owner allows for this method, or how they implement it.
If you are not sure about how to generate or use a given site's token, please contact the site's support team.
Access using credential in the URL
It is not a safe method of authentication, and our system does not allow for it.
The description for it is here because it used to be a common method of accessing many clients while avoiding the login prompt.
This method is using a URL containing the username and the password like this
https://username:password@www.example.com/
-
In Chrome 59, the username password@ part in URLs is even stripped out for security reasons and it won't work.
-
In Firefox, it is checked if the site actually requires authentication and if not, Firefox will warn the user with a prompt "You are about to log in to the site "www.example.com" with the username "username", but the website does not require authentication. This may be an attempt to trick you.
Using device's Advanced configuration for Basic authentication
Our players can access pages that require basic authentication method, by utilizing advanced configuration.
You can send the following details as Advanced configuration
Only our Windows and Android players have this functionality currently
{
"configuration": [
{
"type": "WEBVIEW_BASIC_AUTHENTICATION",
"credentialList": [
{
"domainUrl": "PROTOCOL://DOMAIN:PORT/PATH",
"userName": "AUTH_USER_NAME",
"password": "AUTH_PASSWORD"
}
]
}
]
}
The Custom widget's URL field should start with the domainUrl to match with the credential configuration
For example the Custom widget's URL field is
https://domain.com/subsite/page
domainUrl field can be
"domainUrl": "https://domain.com/"
Alternative URL
There are sites that provide alternative URLs that don't need further authentication.
For example, they provide a URL that only some internal device can open.
It is entirely up to the site's owner and organization if and how they provide this kind of method of access.
Alternative method
This method doesn't use authentication of any kind at all.
There are many sites, especially ones that provide data sources (e.g. currency data) that have the option to export this data.
If the goal is to present data then you can consider exporting said data from the site, and then displaying it in Wallboard natively.
This can be a convenient solution, especially in cases where the data doesn't change too often.