Automatic Logging In to Plesk¶
Automatic logging in to Plesk is useful for integration purposes, so that customers who have logged in to some other system could access Plesk without having to log in for the second time.
To implement automatic logging in, you need to have an integration script that contains an XML API request to create a session token for a single-use URL. The script will log in users to Plesk using the URL that contains either of the following:
- (Recommended) A session token
- (Not recommended for security reasons) User login and password
Automatic Logging in to Plesk Using Session Tokens¶
To configure automatic logging in using session tokens:
Set up your integration script to create a session token. To do so, send an XML API request using the
create_session
node, for example:<packet version="1.6.9.1"> <server> <create_session> <login>admin</login> <data> <user_ip>192.0.2.1</user_ip> <source_server></source_server> </data> </create_session> </server> </packet>
The following parameters must contain your values:
login
is the login of a Plesk user for whom you need to create a session.user_ip
is the user’s IP address in plain text or encoded in base64 (for example,MTkyLjAuMi4x
).- (Optional)
source_server
is the hostname of the computer from which the request is sent encoded in base64.
Note
The
create_session
operation is available for the Plesk administrator, customers, and resellers. The Plesk administrator can create session tokens for themselves, resellers and customers; resellers—for themselves and their customers only; customers—for themselves only.Instead of sending an XML API request directly, you can insert it into an XML file and send it via curl, for example:
curl –kLi -H "Content-Type: text/xml" -H "HTTP_AUTH_LOGIN: admin" -H "HTTP_AUTH_PASSWD: password" -H "HTTP_PRETTY_PRINT: TRUE" -d @request.xml https:<server-hostname-or-ip>/enterprise/control/agent.php
where
admin
andpassword
are the Plesk administrator credentials used to log in to the Plesk server.request.xml
is an XML file containing an XML API request that creates a session token (for example, the request shown above).server-hostname-or-ip
is the hostname or IP address of the Plesk server for which you want to create a session token.
The Plesk XML API will create a session token and send it in the response, for example:
<?xml version="1.0" encoding="UTF-8"?> <packet version="1.6.9.1"> <server> <create_session> <result> <status>ok</status> <id>df9d386ee5ef13dbcd583c1f616857a2</id> </result> </create_session> </server> </packet>
The
id
tag contains a session token (df9d386ee5ef13dbcd583c1f616857a2
in the example). The script will use this token in a single-use URL for logging in.The script will redirect the user’s browser to
rsession_init.php
and the user will be logged in to Plesk. The single-use URL for logging in has the following pattern:https://<server-hostname-or-ip>:8443/enterprise/rsession_init.php?PLESKSESSID=<session_token>&success_redirect_url=<success_redirect_url>&failure_redirect_url=<failure_redirect_url>
where:
<server-hostname-or-ip>
is the hostname or IP address of the server for which you have created a session token.<session_token>
is a created session token.
You can also specify the following optional parameters:
<success_redirect_url>
is the URL to which the browser will be redirected after a successful login.<failure_redirect_url>
is the URL to which the browser will be redirected after a Plesk session has expired or a user was logged out.<locale_id>
is the name of the locale that will be used upon logging in (such asde-DE
).
The URL for logging in can look like the following:
https://192.0.2.1:8443/enterprise/rsession_init.php?PLESKSESSID=df9d386ee5ef13dbcd583c1f616857a2&success_redirect_url=/admin/customer/list
Note
We recommend that you use relative URLs (they start with
/
) insuccess_redirect_url
andfailure_redirect_url
parameters, for example:/admin/customer/list
. To redirect to the hostnames different from Plesk, you need to use absolute URLs in the parameters (for example,example.com
) and also in thetrustedRedirectHosts
setting in thepanel.ini
file (see the next step).If you set up automatic logging in to Plesk with
success_redirect_url
and/orfailure_redirect_url
parameters that redirect to the hostnames different from Plesk and have absolute URLs, protect your Plesk server against open redirect. To do so, add the following entry to thepanel.ini
file:[security] trustedRedirectHosts = hostname1,hostname2
Where
hostname1
andhostname2
are trustworthy hostnames to which you allow URL redirection via thesuccess_redirect_url
andfailure_redirect_url
parameters.Learn more about protecting your Plesk against open redirect.
Automatic Logging in to Plesk Using Credentials¶
You can also configure automated logging in without creating a session token: by passing a user login and password as parameters in the URL. For security reasons, we do not recommend this approach.
If you still want to go with it, the URL for logging in will have the following pattern:
https://<server-hostname-or-ip>:8443/login_up.php3?login_name=<login>&passwd=<password>&success_redirect_url=<success_redirect_url>&failure_redirect_url=<failure_redirect_url>
where
<server-hostname-or-ip>
is the hostname or IP address of the server for which you have created a session token.<login>
and<password>
are the user’s login and password, respectively.
You can also specify the following optional parameters:
<success_redirect_url>
is the URL to which the browser will be redirected after a successful login.<failure_redirect_url>
is the URL to which the browser will be redirected after a Plesk session has expired or a user was logged out.<locale_id>
is the name of the locale that will be used upon logging in (such asde-DE
).