Hi Isaac, 

Thank you so much for this. I did some digging and set up another MultiSSO_DigestedToken and tied to a different Identity provider. I am using a scoped app to because it seems that to decrypt the message, i would need to have the CryptoJS in a scoped app in order to perform the JWT decryption. I can see in the logs that when I try the the link, it does go through the identity provider tied to the new MultiSSO script which is good. 

One of the requirements is to be able to decrypt the data and put the different values in specific variables in the record producer/cat item the user is being re-directed to when clicking the button on the external site. I don't see a good way of grabbing the URL parameters that are being passed in the token with a catalog client script on the record producer. It seems like the single sign on script will do a post to the DB but not something on the client side prior to submission. 

Am I understanding that correctly? Do you have any suggestions on being able to grab the URL parameters on the client side?

thank you!

Yen

Is your URL already decrypted? If yes, it's possible to use a code similar to this one in a Catalog Client Script of type onLoad to do this:

function onLoad() {
    // Get the current URL of the browser
    var url = top.window.location.href;
    
    // Extract the parameters from the URL
    var urlParams = new URLSearchParams(url);
    
    // Check if the 'param1' parameter is present in the URL
    if (urlParams.has('param1')) {
        // Get the value of the 'param1' parameter
        var param1Value = urlParams.get('param1');
        
        // Fill the 'variable1' variable of the catalog item with the value of the 'param1' parameter
        g_form.setValue('variable1', param1Value);
    }
    
    // Repeat the same process for other parameters if necessary
}

If my answer helped you in any way, please mark it as correct/helpful 🙂

Regards,

Isaac Vicentini.

I was already doing something similar in this client script before the requirement of encrypting the url parameters came about. 

function onLoad() {
    //Populate the variables with the parameters passed in the URL
    // var gUrl = new GlideURL();
    // gUrl.setFromCurrent();
    var dept = getParameterValue('sysparm_dep');
	var ws = getParameterValue('sysparm_ws');
	var csn = getParameterValue('sysparm_csn');
	var zid = getParameterValue('sysparm_zid');

    g_form.setValue('epic_login_department', dept);
	g_form.setValue('epic_workstation', ws);
	g_form.setValue('protected_details', "CSN: " + csn + "\nPatient ID:" + zid);

}

function getParameterValue(id) {
    var url = top.location.href;
    var value = new URLSearchParams(url).get(id);
    if (value) {
        return value;
    }
}

But now since the URL will be encrypted, I need to be able to use the shared encryption key to decrypt the parameters and then drop them in the respective variables in the record producer. I thought it wouldn't be too bad to try to decrypt the URL parameters but it seems to be more challenging than I thought. 

I thought that I could store the key securely and use it in a script include to decrypt and parse out the parameters and then send them back to the client (calling the script include via ajax) but I need to use a library (CryptoJS according to posts I read). 

And that is where I am stuck because it needs to be able to receive the token, decrypt it, then drop the values in the variables and then the user can add additional info to the record producer form and then click the button to submit. 

Does that sound doable?

Hi Yeni,

I developed a similar solution, using the Identity Provider to receive the URL and some functions to decrypt the SHA256 algorithm, but now I've noticed that you need it for the AES256 algorithm, which is different.

For that, I don't have the knowledge to assist, I hope you find a solution, good luck!