How to Embed Password-Protected External Content

Using this widget requires a solid understanding of iFrame embedding and its limitations, as many options are restricted for security reasons.
This guide covers embedding password-protected content using various methods while addressing limitations and best practices.
If you're unsure whether this method suits your needs, consider the alternative methods provided

Table of Contents

• Steps on How to Embed External URLs
• Steps for Troubleshooting Embedding Issues
• Token-Based Embedding
• Advanced Device Configuration for Authentication
• Basic Authentication via URL Credentials is Deprecated

Steps on How to Embed External URLs

• Content Type Selection:

  • Navigate to the Text section.
  • Choose the URL type for the Content type and set the URL you want to display.
  • For interactive content requiring shared resources, enable Same origin.

• Interactive Mode:

  • This option is essential for embedding Google Forms or other applications requiring cross-origin access. Both Interactive and Same origin must be enabled for such cases.

Steps for Troubleshooting Embedding Issues

If the site does not appear on the assigned screen content:

• Check if your device can load the site:
  • Right-click on the registered screen and select Content > Load page.
  • Paste the site's URL.
  • This method uses the device's built-in webview, allowing you to determine if the device is capable of loading the site directly.

When encountering issues, use the browser's developer tools to further identify errors:

• Open the Browser Console:

  • Right-click on the content and choose Preview in browser.
    • Note that embedding and custom scripts may require using the browser in incognito mode to function correctly.
  • Press F12 to access developer tools, then select the Console tab.

• Check for Errors: Look for red error messages, such as:

  • X-Frame-Options: Denial of embedding (e.g., DENY, SAMEORIGIN).
  • Mixed Content: Errors related to insecure HTTP content on HTTPS pages.
  • Security Errors: Missing flags or cross-origin issues.

• Inspect Network Requests:

  • Switch to the Network tab.
  • Reload the page (F5) and analyze Payload and Response for failed requests.

Token-Based Embedding

This method lets you access restricted sites without a login prompt. If allowed by the site owner, the token enables automatic login through your browser and our system.

URL example
A typical URL looks like this

http://www.example.com/foo/bar.html

Token example
Tokens can take the format [expiration]_[signature] and look like this

1441307151_4492f25946a2e8e1414a8bb53dab8a6ba1cf4615

Token as a URL parameter example
A token is expected in the ?token= GET parameter and the full URL looks like this

http://www.example.com/foo/bar.html?token=1441307151_4492f25946a2e8e1414a8bb53dab8a6ba1cf4615

If you are not sure about how to generate or use a given site's token, please contact the site's support team first instad of Wallboard support.

Advanced Device Configuration for Authentication

• Windows and Android Players: Use advanced configuration for basic authentication.

TheThe WEBVIEW_BASIC_AUTHENTICATION advanced configuration is specifically designed for basic authentication that do not utilize browser's request for authentication.
It automatically applies the Authorization header to all outgoing requests based on the specified URL parameter.

Configuration example

    {
      "configuration": [
        {
          "type": "WEBVIEW_BASIC_AUTHENTICATION",
          "credentialList": [
            {
              "domainUrl": "PROTOCOL://DOMAIN:PORT/PATH",
              "userName": "AUTH_USER_NAME",
              "password": "AUTH_PASSWORD"
            }
          ]
        }
      ]
    }

How to fill domainURL field?

URL field example set in Custom widget

https://domain.com/subsite/page

domainUrl field example

"domainUrl": "https://domain.com/"

• Windows Players: Can use additional advanced configuration for various authentication methods.

TheThe WEBVIEW_AUTHENTICATION advanced configuration is specifically designed for authentication methods that utilize browser's request for authentication.

{
    "configuration": [
		{
            "type": "WEBVIEW_AUTHENTICATION",
            "credentials": [
                {
                    "password": "AUTH_USER_NAME",
                    "username": "AUTH_PASSWORD",
                    "host": "example.com"
                }
            ]
        }
    ]
}

How to fill host field?

URL field example set in Custom widget

https://domain.com/subsite/page

host field example

"host": "domain.com"

Basic Authentication via URL Credentials is Deprecated

Please note

Using credentials in URLS as basic authentication method is deprecated in modern browsers, therefore our system does not allow for it either.

URL example

https://username:password@www.example.com/

• In Chrome 59, the username password@ part in URLs is even stripped out for security reasons and it won't work.

• In Firefox, it is checked if the site actually requires authentication and if not, Firefox will warn the user with a prompt "You are about to log in to the site "www.example.com" with the username "username", but the website does not require authentication. This may be an attempt to trick you.