Authorization and connecting to the DocViewer endpoint
This section explains how to connect to DocViewer using a URL.
DocViewer obtains a Binary Security Token with Simple Web Token (SWT) from DGS and adds that to the BeginSessionResponse with the DocViewer URL (https://ct-expere.wolterskluwerfs.com/DocServices/Services/SecuritySession/SecuritySessionSvc.svc) and SessionID; this collection of data is sent back to the original calling party (BeginSessionResult).
<?xml version="1.0" encoding="UTF-8"?>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://www.wolterskluwerfs.com/2014/05/DocServices/V2/ISecuritySessionService/BeginSessionResponse</a:Action>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2017-01-10T22:04:10.021Z</u:Created>
<u:Expires>2017-01-10T22:09:10.021Z</u:Expires>
</u:Timestamp>
</o:Security>
</s:Header>
<s:Body>
<BeginSessionResponse xmlns="http://www.wolterskluwerfs.com/2014/05/DocServices/V2">
<BeginSessionResult xmlns:b="http://www.wolterskluwerfs.com/Osprey/DocViewerInterface" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<b:Error i:nil="true"/>
<b:ErrorId i:nil="true"/>
<b:RedirectUrl>https://ct-expere.wolterskluwerfs.com/DocViewerInterfaceHtml/</b:RedirectUrl>
<b:SWT><BinarySecurityToken ValueType="http://schemas.xmlsoap.org/ws/2009/11/swt-token-profile-1.0" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">U2Vzc2lvbklkPTllMzE1MGI5LTJkYjEtNGQyMS04M2ZhLTk1NzM3ZGFiYTdjNyU3YzEwNjAxNTA5MjQmaHR0cCUzYSUyZiUyZnNjaGVtYXMueG1sc29hcC5vcmclMmZ3cyUyZjIwMDUlMmYwNSUyZmlkZW50aXR5JTJmY2xhaW1zJTJmbmFtZT1ib2IuZ3V6ZWslNDB3b2x0ZXJza2x1d2VyLmNvbSZJc3N1ZXI9ZG9jdmlld2VyLndvbHRlcnNrbHV3ZXJmcy5jb20mQXVkaWVuY2U9JkV4cGlyZXNPbj0xNDg0MDg5NDUwJkhNQUNTSEEyNTY9cG5UMlRaSWJpRFFXZ0tFajA5cUZJNWlLRjVhTWtCOW10SEl2aFp5ViUyYk1vJTNk</BinarySecurityToken></b:SWT>
<b:SessionId>9e3150b9-2db1-4d21-83fa-95737daba7c7</b:SessionId>
</BeginSessionResult>
</BeginSessionResponse>
</s:Body>
</s:Envelope>Displaying DocViewer in a browser session
Often users ask how they connect to DocViewer and display it in a browser. After using a BeginSession request to start a session in DocViewer, the session is created with the desired parameters and stores it for later access.
For example, values that are returned from BeginSession could be the following:
URL ='https://ct-expere.wolterskluwerfs.com/DocViewerInterfaceHtml/’
SWT= =%3CBinarySecurityToken+ValueType%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2009%2F11%2Fswt-token-profile-1.0%22+EncodingType%3D%22http%3A%2F%2Fdocs.oasis-open.org%2Fwss%2F2004%2F01%2Foasis-200401-wss-soap-message-security-1.0%23Base64Binary%22+xmlns%3D%22http%3A%2F%2Fdocs.oasis-open.org%2Fwss%2F2004%2F01%2Foasis-200401-wss-wssecurity-secext-1.0.xsd%22%3EU2Vzc2lvbklkPTk2ODQ3MDg4LTAyNDItNDRmOS1iOGFkLTViZDMwMTEzMTJkZCU3YzEwNjE2MDA4MDMmaHR0cCUzYSUyZiUyZnNjaGVtYXMueG1sc29hcC5vcmclMmZ3cyUyZjIwMDUlMmYwNSUyZmlkZW50aXR5JTJmY2xhaW1zJTJmbmFtZT1hZG1pbjEmSXNzdWVyPWRvY3ZpZXdlci53b2x0ZXJza2x1d2VyZnMuY29tJkF1ZGllbmNlPSZFeHBpcmVzT249MTU3MTA4MjIxMyZITUFDU0hBMjU2PWRoY0tQUkZ0aG9ldERSc0pMeXIyaDFaa3dlQzh1dU1VSHZZZSUyYjZDUzZqTSUzZA%3D%3D%3C%2FBinarySecurityToken%3E
After getting the BeginSession result, the SWT must be posted back (POST) to the URL
returned (https://ct-expere.wolterskluwerfs.com/DocViewerInterfaceHtml/), with the contents of the SWT contained with a
token parameter; for example:
POST https://ct-expere.wolterskluwerfs.com/DocViewerInterfaceHtml/ HTTP/1.1
Host: ct-expere.wolterskluwerfs.com
Connection: keep-alive
Content-Length: 761
Cache-Control: max-age=0
Origin: https://ct-expere.wolterskluwerfs.com
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: same-origin
Referer: https://ct-expere.wolterskluwerfs.com/TestWebApp/DocViewer/DocViewer
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U2VjdXJpdHlDb250ZXh0VG9rZW4gcDE6SWQ9Il9lZDU2MDMxNy00OGNjLTRlOGYtODMxZi00NGY5ZGMzMWQxM2EtQUJENDU4NTU3M0VCODUyREZCNkM2N0EyODFBQjlENDEiIHhtbG5zOnAxPSJodHRwOi8vZG9jcy5vYXNpcy1vcGVuLm9yZy93c3MvMjAwNC8wMS9vYXNpcy0yMDA0MDEtd3NzLXdzc2VjdXJpdHktdXRpbGl0eS0xLjAueHNkIiB4bWxucz0iaHR0cDovL2RvY3Mub2FzaXMtb3Blbi5vcmcvd3Mtc3gvd3Mtc2VjdXJlY29udmVyc2F0aW9uLzIwMDUxMiI+PElkZW50aWZpZXI+dXJuOnV1aWQ6M2YwOWViZWMtZTkwNS00MmIyLWE3MTUtOGM0ODgyOGEwODMxPC9JZGVudGlmaWVyPjxJbnN0YW5jZT51cm46dXVpZDphMGY1NjM5YS0zNTVhLTRlNzEtYjk1OS0xNmRhZGE3ZWY1NmU8L0luc3RhbmNlPjxDb29raWUgeG1sbnM9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwNi8wNS9zZWN1cml0eSI+T0RFMk5qazVNemRFT1RCRE9ERTNNRU0wT0VKQ09FVTNNelZDTjBKRFF6UXpSa0pHUmpBek0wRXlNamhHT1VFM056aEdNRUl6UmtOQ1EwUXdNVEpDUWpjek1qVXpSVGt3T1RKRFFUZzFRakUyUWtRMk1UWkZSVGhFTmtJd01FWTRRa0l6TnpkRU5ERTRSakZCTWpRMFFUYzBPVGxDTmpFMlJUVTJPRUZFUWprNFJVVkZSVEpETkRjd016UXdRa0pFTTBReVF6STROalZDUlVVeVFURTVOemt5T1VSRE1ETXlSVE16UkRkRk1ETkJNelJDTTBOR1JqVXpSalUxTUVFMk4wWkRSa1ZCTURJMk9URkVOMFUzUXpRelJUZzRRamRGTUVNMVFrUXlRamRETTBOQk1UY3dPREZDTXpnME5FVXpOVEl6TWtFM1JFSTFSRFpHUTBKRlFqUkRNa0kxUmpZNVJVVTROakU1UTBRM05VRTNSRVV5T1VJelJURkNOakpETmtSQ05EazNSRFZDT0RFMlJVUTVRa05ETmpKRk1URTVRa05GTmpjd09URkRRemN4UlROQ1FUVXlOMEZHT1VZd04wWkNOMFk0UTBSQk9FWTFOelkzTVVZMU5UUkRPRUpHTUVZeE1FTTFSVVU1TWpJM05qZENOVGN4UTBNM1FrVTRPRGswUVRCQlJFUTJRVFUzTVRjNU1VRkVRMEZGUkRZeFFUVkJNRVEzUkRORU9FRkZOa1kyTkVJM05VVkZRMFkyTVRZd09UQTJORGc0UWpBMU1VTkZRVFV4UmtORFJEZEVSa05EUWpCQk1FWkVRVEpCT0RGRU16TXdOekJCTWpnME1UWTNPREE1T0RsR1JUY3dNVGMyUlRjMU1ESkRNamREUlROR01FWkROemxGT0VFME16ZzFNVVJEUWtKQlJEWTVSamMyTlRneE9EaEZSRFl6UVRFMk5UTkJPVUZFUkRSQ1JVWTVNRVZDUlVZNE5rTXpNelpFTjBReVJqTXdNakV6TXpaQ056SkRSakF3TVRCRlJrRkdSakl4UmpORE56RTFSakE0TjBRM05VSXpOMFZGTmtJek0wUXhOelZDT0VVelFUTXdPVUl6TVVJMU9USXlPRGd6UkVFMlJEQkRNa00zUVRjMFFqRXpOVUUyTmtaRE9EZzNRalJHT0VKR1F6VkNNRE16UXpkRlJVRTNRa1U1TnpFMk5FSkRNVUUwTVRWRVJVVTBNakF3TUVJek56WXpNalV3T0RORE9VVTVNVFF5T0RjM05rRTFNRE5DUVRGR1EwSTVSRVJFTkRoRk1EQTVN; FedAuth1=elJFTnpBeVJFUTVOa0pGTURKRU16QkdPREEwUXpJelJVUTNNakEyTkRsRU5VRkZRalZHTnpCQ1F6RTFPVGM0UVVJM01FTkRSRVJEUlRNeU1rTTFNRE0xT0RreVJUSTBSamRDTTBGRFFqQXlPVEl4TlRZMU5qYzRNREU1TmtGRk5qazVOa00xTXpZMU1qazVPVEJETjBRMU9UUXpPVEpDTWpORU1rWkJOa0ZFUXpVMFJFVTNORU5ETVVZM05rSkRSRFpCT0RFeVEwVkJNak13UlRBeVF6VTJPRGs1TUVaQk9EaEROa1U0T1RRMk5qaEdNekV5TkVJeE16azVSRUZGTTBSQk16TkRSRGsxUWpVeE5qSTFNekV3UXpjd09EZzFOVVZETjBJNU1FSTRSRUpHTWpGRFJqY3dSa014UmtFeFJUVXpORGREUkVaQk16WkJOa1pGUkRkRU1qY3lRMFZDUVRWQk4wTkVPVEZGTnpjNE9UWXdPVFUzTVRNM1JUZzFNa0pCTkRZd01VVTNRalZGT1VZMVFUVkVNRUl3TURaQ05qTkNORVpHTVRVek1FTXdPRGhEUmtNeU5qRkVRekpDTkVZelFUUTRNRGswUVROQ1FUQkVRMEZCUVRoRE1EZzNSRVZGUTBNMFFVUTBSRVkyTVVJNVF6UkVSakkzTlVVMU1rWTRNVUZDUVRjeFEwRXhOa1U1UWpaRE1UZzFOVUl5UWtVNU1qQTFOVVJFTjBJelJESkVNemRFTjBFelJEQXlRVU0yT1RVMVJURkJRamcyUlRRNE1qWXdORFUzUlVVd056RXlNVEJHTWpSQ09UVTBRalE0T0RBMk9FTXpNVVZHTXpWRVJVRkRRMFF6TXpnMVJqRTNSREV6TmpBd09EaEZOelJGUmtGRk16Y3lPVFUxTVRNeU1qbEROa1EwTVRCRFFVRkdRa00zUVVVMFFqWTVNREEwUmpZMVJFTXdOamRDUVRVeFF6a3pNRFF5T0RNd1FqVTNNREV3TWtNMVFUZ3hOamhCTTBFM1FqSkZOa0k1UVVZME5EY3lSRVl3TlRFMFJETkdRVUUyTkRWQ1FrRkNPRUV3TWpRMU9ESXpRMEpCUWtJM05UQkVPRFV4T0RGQk1UWTFNRFk1TWpSR09USkdOVGM0TkRSQ1FUazRRVFJGTWpnM1JRPT08L0Nvb2tpZT48L1NlY3VyaXR5Q29udGV4dFRva2VuPg==; __RequestVerificationToken_L0RvY1NlcnZpY2VzVG9vbFN1aXRl0=3oFpBFQiL76V0wO9Q8ZNwgPGoeBxgf-PJwt7Df8BELUwRIPDx1Xz9Nn7o1wXQhTDEna1OR5kwsyXoJwHz7u4_vB6CBaI91OzafwOmzCKf_DHDWjIZ8b-6SqNOVSSHGJ9cV5tvrKEMKBxWuM0nLhw9w2; idsrv=CfDJ8DwsOFFQuZBKgyMaori7BbKglP-ssaMQ12qve94nnsKojNciTrAM5LMsNod7P27oGuD6dQdAsj2LRuwqObywAhAfBxESiRn5qUgtDXO0XiFF1t4jQXxBsSlzHhWskRABRb66ZRvxa5yl_tKvK-WxDTUCk7bMU2DruGwNvp_hgmPW5aWzscFk_OXZFBcZCMyCCpT93S3kWaLmF8raovxN7--3A9AtOIa-gGlc6e0_F_mHqpH_foBuqwvVLvmUKvfdgpItGaR5lRR0PQhCPUEv9PIWLnh6VUH7mVxNS9IUYKMc; ASP.NET_SessionId=40ycv32hjc5ozscmkohjwsel
token=%3CBinarySecurityToken+ValueType%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2009%2F11%2Fswt-token-profile-1.0%22+EncodingType%3D%22http%3A%2F%2Fdocs.oasis-open.org%2Fwss%2F2004%2F01%2Foasis-200401-wss-soap-message-security-1.0%23Base64Binary%22+xmlns%3D%22http%3A%2F%2Fdocs.oasis-open.org%2Fwss%2F2004%2F01%2Foasis-200401-wss-wssecurity-secext-1.0.xsd%22%3EU2Vzc2lvbklkPTk2ODQ3MDg4LTAyNDItNDRmOS1iOGFkLTViZDMwMTEzMTJkZCU3YzEwNjE2MDA4MDMmaHR0cCUzYSUyZiUyZnNjaGVtYXMueG1sc29hcC5vcmclMmZ3cyUyZjIwMDUlMmYwNSUyZmlkZW50aXR5JTJmY2xhaW1zJTJmbmFtZT1hZG1pbjEmSXNzdWVyPWRvY3ZpZXdlci53b2x0ZXJza2x1d2VyZnMuY29tJkF1ZGllbmNlPSZFeHBpcmVzT249MTU3MTA4MjIxMyZITUFDU0hBMjU2PWRoY0tQUkZ0aG9ldERSc0pMeXIyaDFaa3dlQzh1dU1VSHZZZSUyYjZDUzZqTSUzZA%3D%3D%3C%2FBinarySecurityToken%3E
This Binary Security Token / Simple Web Token and Session ID values are taken from the BeginSessionResult and appended to the DocViewer URL (https://ct-expere.wolterskluwerfs.com/DocViewerInterfaceHtml?.../) and SessionID; this information is used to access the DocViewer session. This collection of data is sent back to the original calling party (BeginSessionResult). The external application renders a page that immediately redirects to the returned DocViewer URL and posts the token.
<b:SWT><BinarySecurityToken ValueType="http://schemas.xmlsoap.org/ws/2009/11/swt-token-profile-1.0"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">U2Vzc2lvbklkPTllMzE1MGI5LTJkYjEtNGQyMS04M2ZhLTk1NzM3ZGFiYTdjNyU3YzEwNjAxNTA5MjQmaHR0cCUzYSUyZiUyZnNjaGVtYXMueG1sc29hcC5vcmclMmZ3cyUyZjIwMDUlMmYwNSUyZmlkZW50aXR5JTJmY2xhaW1zJTJmbmFtZT1ib2IuZ3V6ZWslNDB3b2x0ZXJza2x1d2VyLmNvbSZJc3N1ZXI9ZG9jdmlld2VyLndvbHRlcnNrbHV3ZXJmcy5jb20mQXVkaWVuY2U9JkV4cGlyZXNPbj0xNDg0MDg5NDUwJkhNQUNTSEEyNTY9cG5UMlRaSWJpRFFXZ0tFajA5cUZJNWlLRjVhTWtCOW10SEl2aFp5ViUyYk1vJTNk</BinarySecurityToken></b:SWT><b:SessionId>9e3150b9-2db1-4d21-83fa-95737daba7c7</b:SessionId>After obtaining this information, it is appended to the URL below like this:
https://ct-expere.wolterskluwerfs.com/DocViewerInterfaceHtml?/BeginSessionResults?SessionId=6240ae91-21f3-49c0-a273-b55930debe1f&RedirectUrl=https%3A%2F%2Fmagnum-pi.wkmnlab.net%2FDocViewerInterfaceHtml%2F&SWT=<BeginSessionResults?SessionId=6240ae91-21f3-49c0-a273-b55930debe1f&RedirectUrl=https%3A%2F%2Fmagnum-pi.wkmnlab.net%2FDocViewerInterfaceHtml%2F&SWT=<BinarySecurityToken%20ValueType%3D"http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2009%2F11%2Fswt-token-profile-1.0"%20EncodingType%3D"http%3A%2F%2Fdocs.oasis-open.org%2Fwss%2F2004%2F01%2Foasis-200401-wss-soap-message-security-1.0%23Base64Binary"%20xmlns%3D"http%3A%2F%2Fdocs.oasis-open.org%2Fwss%2F2004%2F01%2Foasis-200401-wss-wssecurity-secext-1.0.xsd">U2Vzc2lvbklkPTYyNDBhZTkxLTIxZjMtNDljMC1hMjczLWI1NTkzMGRlYmUxZiU3YzEwNjE1OTA1OTgmaHR0cCUzYSUyZiUyZnNjaGVtYXMueG1sc29hcC5vcmclMmZ3cyUyZjIwMDUlMmYwNSUyZmlkZW50aXR5JTJmY2xhaW1zJTJmbmFtZT1vZC1leHBlcmUtdGVzdC1hZG1pbiU0MHdrLmNvbSZJc3N1ZXI9ZG9jdmlld2VyLndvbHRlcnNrbHV3ZXJmcy5jb20mQXVkaWVuY2U9JkV4cGlyZXNPbj0xNTcwNDY3NTIyJkhNQUNTSEEyNTY9REFINkQ3TGdRaHp5SGxDNTFjTndjRlNjV0l3QW9RaGx5MnpDUU1oRzJ4OCUzZA%3D%3D<%2FBinarySecurityToken>DocViewer validates the SWT that was passed in the SOAP; if the token is valid, users input data via DocViewer.