DocPop is a document retrieval tool included with the OnBase web server that allows internal or external websites to integrate custom web pages with the web server’s querying and document viewing mechanisms.
This blog and the video below will give you an overview of this tool so you can use it to your advantage.
OnBase DocPop Configuration: An Overview
9 Things You Need to Know About DocPop Configuration in OnBase
1. Authentication
Docpop supports Active Directory and Domain Authentication, which can be configured in the web server’s web.config file. This ensures secure access and streamlined login processes for users within your network.
2. Logon Execution Order
The logon type used with DocPop is controlled by the web server’s web dot config file. The order of logon execution checks if enable auto login, enable HTTP login, or enable default login are set to “true” using the first true setting. If all fail, a login screen will prompt for credentials. It is crucial to set these configurations correctly to avoid unintended access issues.
3. Docpop Web.config Key Settings
Above, you’ll see some of the key settings in the web.config file. They will help you customize and secure your DocPop integration.
First, we have username and password. These are used for automatic login if enabled default login is set to true. This saves users from entering their details manually.
Next is data source. This tells DocPop where to get the documents from, ensuring it connects to the right database.
The domain setting is for Active Directory authentication. By setting this up, users can log in with their domain credentials, making the process more secure and straightforward.
For automatic login options, enable default login uses the provided username and password for auto login. Enable HTTP Login allows login details to be included in the URL Enable AutoLogin uses domain credentials for automatic login. A key security feature is Enable Checksum. When true, a checksum is added to the URL to ensure it hasn’t been tampered with, protecting against unauthorized access. The checksum setting is where you enter a unique string used to create this checksum.
Lastly, let’s talk about disable context menu. When set to true, this disables right click options in DocPop, preventing unauthorized actions. These essential settings help you customize DocPop to fit your organization’s needs, making it easier to use and more secure.
4. Modifying a DocPop URL
You can modify a DocPop URL based on specific criteria by appending parameters like username, password and data source to the URL.
This customization allows for secure and tailored access to document sets. Ensure to encode special characters in the URL to avoid retrieval issues. Using checksums can prevent URL tampering. Know that each additional parameter you add to the URL string is preceded by an ampersand.
5. Posting Forms to DocPop
You can also configure a custom form to post to DocPop. This allows you to send the data as a post HTML function, so that the end user cannot see the query string data which could be a security concern.
6. Embedding DocPop Results in a Webpage
DocPop lets you embed OnBase documents and results lists into custom web pages using frames and iframes.
Frames and iframes are HTML elements that display content from another source within a web page. When you add one of these elements to your web page, you can use a DocPop-generated URL to display a list of OnBase documents or a single OnBase document in that frame or iframe.
7. Emailing DocPop Links from the Web Client
Users with sufficient privileges can email DocPop links directly from the web client without requiring the DocPop URL creator. This feature is available from the following web client locations:
- The Send To | Create DocPop Link option is available from the Web Client’s Document Search Results list.
- The Send To | Create DocPop Link and Send To | Create DocPop Link to Page options are available from the document viewer for image and text documents.
8. User Session Management
The most efficient way to manage a session is by passing the session ID in the query string. When the OnBase session ID is included in the query string, the user remains logged in even after the IIS session timeout period or if the integration window is closed. It is important that the application that creates the session also disconnects the session and logs the user out. Proper session management is crucial to avoid security risks.
9. Additional Security Considerations
In the default usage of DocPop, a hardcoded OnBase username and password are required for login, giving the DocPop user the same access as the OnBase user. This includes access to document types, custom queries, product rights and privileges. All actions are logged under the OnBase user’s name. To prevent unauthorized access, DocPop restricts document views to those received within the same session, and any attempt to alter the document ID triggers a security exception.
However, users with knowledge of the URL format could still potentially modify it to access additional documents. Adding a checksum to the URL helps validate it has not been tampered with.
And there you have it—eight essential tips for configuring DocPop in OnBase. Remember, these are just the starting points to get you up and running. For any advanced troubleshooting, reach out to your support team, and they’ll steer you in the right direction.
Want More Content Like This?
Subscribe to the Naviant Blog. Each Thursday, we’ll send you a recap of our latest info-packed blog so you can be among the first to access the latest trends and expert tips on workflow, intelligent automation, the cloud, and more.