Getting started with Looker

Best Practices

Documentation

Community

Training

Certification

Articles in this section

See more

Where should the embed_domain parameter be defined when SSO embedding? (Community)

Avatar
Looker Support
Follow

View the original community article here

Last tested: Aug 30, 2020
 

The embed_domain parameter isn't its own SSO parameter, but rather gets put directly in the embed_url parameter. If the embed_domain is specified as a separate query parameter, even if it is placed after the embed_url, users may get the error: "Embed URI is not valid: This request includes invalid params: [“embed_domain”]. The script will not format the embed_domain correctly to generate the signature unless it is actually part of the embed_url.

If you are troubleshooting this error, first ask yourself, "Do I actually need to include the embed_domain?" The embed_domain parameter is only necessary if your script is using Javascript event listeners (not a requirement for a basic SSO embed implementation). So if you do not need to listen for Javascript events, the simplest option is to get rid of the embed_domain completely.

If you do want to listen for Javascript events, you'll want to check the URL generation script to see where the embed_domain is being added. Here is what it should look like when done correctly:

{
host: 'localhost:9999',
secret: [embed secret goes here],
external_user_id: '57',
first_name: 'Embed Steve',
last_name: 'Dude',
permissions: ['see_user_dashboards', 'access_data', 'see_looks'],
models: ['thegreatmodel'],
group_ids: [5, 2],
external_group_id: 'awesome_engineers',
user_attributes: {"an_attribute_name" => "my_value"},
access_filters: {:fake_model => {:id => 1}},
session_length: fifteen_minutes,
embed_url: "/embed/dashboards/3?embed_domain=http://localhost:8081", #DO THIS
force_logout_login: true
}

 

Here is what it should look like when done incorrectly:

{

embed_domain: 'localhost:8081', #DON'T DO THIS

host: 'localhost:9999',

secret: [embed secret goes here],

external_user_id: '57',

first_name: 'Embed Steve',

last_name: 'Dude',

permissions: ['see_user_dashboards', 'see_lookml_dashboards', 'access_data', 'see_looks'],

models: ['thegreatmodel'],

group_ids: [5, 2],

external_group_id: 'awesome_engineers',

user_attributes: {"an_attribute_name" => "my_value"},

access_filters: {:fake_model => {:id => 1}},

session_length: fifteen_minutes

embed_url: "/embed/dashboards/3",

force_logout_login: true

}

 

Notice that the incorrect script puts embed_domain as the first parameter, which will show up directly after the main embed path /embed/dashboards/3 . So the final generated URL will look very similar to a correct URL, but the URL will still not validate because the embed_domain parameter is not recognized.

 

This content is subject to limited support.