If a profile doesn't have Session Authentication checked and an add-in tries to make a SOAP request (using a connection prepared with session authentication), an error reading "Invalid SAML assertion in security header" will be shown and the request will fail.
CXDev Toolbox 2.0 Now Available
The CXDev Toolbox 2.0 is now available. Learn more about the update from the announcement article, or visit the CXDeveloper Store for more information.
Expert Articles
Comprehensive resources for Oracle RightNow developers and consultants
What does "Invalid SAML assertion in security header" mean?
Posted by jack.whitehouse on Monday, January 9, 2017 - 2:12pm
How to open an External Page from a Syndicated Conditional Chat Link
Posted by AW Rowse on Wednesday, November 30, 2016 - 3:45pm
I'm writing a quick article in response to a question I received on another post inquiring if it was possible to open an external webpage instead of a Customer Portal page when the "Chat Now" link is clicked. Using standard functionality, this isn't possible, but using the techniques I've described in my other Syndicated Widget articles we can modify the core behavior to match our requirements.
Controlling the IE Rendering Mode in a Browser Control
Posted by AW Rowse on Wednesday, November 2, 2016 - 12:24pm The "Browser" workspace control available when configuring agent workspaces is a powerful feature that enables some really interesting customization and integration options. For those unfamiliar with the "Browser" control, this component allows you to embed an HTML page into a workspace. Besides exposing an API for passing workspace field values at runtime via URL templating, there is also a JavaScript based API for communication between the host workspace and the client webpage.
Abusable Functions in CP, CPMs, and Custom Scripts
Posted by Ben Johns on Monday, February 15, 2016 - 9:56am
When calling create and update functions from within Customer Portal code, the system requires the use of checks via the RightNow\Libraries\AbuseDetection library method isAbuse(), to ensure the CP endpoint is not under a DOS or similar attack. This is helpful, in theory at least, because it ensures that your CP site is mostly protected from these sorts of attack, but this can cause major headaches when building out more complex solutions. 3 out of 4 scenarios below require some level of workaround, depending on your use-case:
Async CPM Development and "My Code's Not Updating!"
Posted by Ben Johns on Thursday, February 4, 2016 - 12:50pm While developing asynchronous CPMs, you'll notice that when you make a code change, the site logic may or may not update immediately. In fact, sometimes you may run the CPM and it will appear to use your old code, then the next time it will use your new code, then vice-versa! This is due to the fact that Oracle 'caches' the async code in memory