Developer Programs
Vendor Integration Program (VIP)
Direct access to Jack Henry's technical integration resources.
Technical Account Manager (TAM)
Get technical integration help from a single point of contact.
Learn
Shared Responsibility
Learn about shared roles and responsibilities of customers and Jack Henry in open banking.
Developer Use Cases
Find a use case that fits your development needs.
Developer Video Gallery
Watch the latest demos, webinars, and more.
Developer Conference
Connect with industry leaders, gain insights from expert speakers, and explore our latest innovations.
Docs
Admin API
Create solutions for an institution's back office support tools.
Authentication Framework
Map customer identities to your existing system IDs.
Consumer API
Access financial data for user accounts, transactions, and more.
Data Broker
Get deeper access to financial institution data.
Enterprise Event System
Respond to events in real-time using this powerful pub/sub-based solution.
jXchange - REST API
Translate business information between Jack Henry and third-party applications using a REST-based API.
jXchange - SOAP API
Translate business information between Jack Henry and third-party applications using a SOAP-based API.
Operational Data Integration (ODI)
Get customized queries for bulk data needs.
Payments
Embed check deposits, ACH, bill pay, cards, and real-time payments.
Plugin Framework
Embed the best of the fintech world directly into your user's dashboard.
SymXchange
Query Symitar core member accounts, post transactions, run PowerOn scripts, and more.
Xperience
Modern UI that provides consistent visual integration across Jack Henry products.

Authentication

Plugin Framework > Overview > Authentication

Plugins built using the Plugin Framework use the Authentication Framework to provide secure authentication.

See the Consumer API - OAuth and OpenID Connect and Authentication Framework topics for details.

Cookies

The Plugin Framework is implemented in Banno’s UI via iframes that render individual plugins.

Web browsers have become increasingly restrictive on cross-site cookie tracking, which affects how cookies can be used within a plugin.

Development

When developing a plugin, you may want to set your browser settings as follows.

Warning
This is not a solution that will work for Production usage.
  • For Chromium-based browsers, you’ll have to configure the browser to allow 3rd party cookies.
  • For Firefox, you’ll have to enable 3rd party cookies.
  • For Safari, you’ll have to disable the “Prevent cross-site tracking” option. You may also need to enable the option Disable local file rescrictions and/or Disable cross-origin rescrictions from the Developer settings.

Production

When you are ready to use your plugin in Production:

If you need to write a cookie in the plugin, you’ll need to host your public-facing web server at a subdomain of the Banno Online domain name for your financial institution.

For example, assume you have the following URLs for your financial institution:

  • Main (marketing) website: https://www.institutionname.com
  • Banno Online website: https://banno.institutionname.com

You could host the plugin at a subdomain named “plugin” which would give you:

  • Plugin domain: https://plugin.banno.institutionname.com

In our browser testing, this subdomain setup is recognized by all browsers, so the cookies are not treated as 3rd party cookies.

Browsers and same-origin policy

When using subdomains to host your public-facing web server, keep in mind that browsers will enforce security mechanisms such as the same-origin policy.

Quoted from the same-origin policy docs on MDN Web Docs

Quote source

Definition of an origin
Two URLs have the same origin if the protocol, port (if specified), and host are the same for both. You may see this referenced as the “scheme/host/port tuple”, or just “tuple”. (A “tuple” is a set of items that together comprise a whole — a generic form for double/triple/quadruple/quintuple/etc.)

The following table gives examples of origin comparisons with the URL http://store.company.com/dir/page.html:

URLOutcomeReason
http://store.company.com/dir2/other.htmlSame originOnly the path differs
http://store.company.com/dir/inner/another.htmlSame originOnly the path differs
https://store.company.com/page.htmlFailureDifferent protocol
http://store.company.com:81/dir/page.htmlFailureDifferent port (http:// is port 80 by default)
http://news.company.com/dir/page.htmlFailureDifferent host

HTTPS, certificates, and certificate authorities

You’ll have to take care to ensure that the Certificate Authority (CA) and intermediate certificates are configured correctly for your plugin server’s SSL certificate.

An incorrect configuration may result in your plugin’s content failing to display within Banno Online and Banno Mobile.

External resources

If you want to learn more about handling cookies in your web browser, these external resources may be useful:

If you want to learn more about browser same-origin policy:

Have a Question?
Have a how-to question? Seeing a weird error? Get help on StackOverflow.
Register for the Digital Toolkit Meetup where we answer technical Q&A from the audience.
Last updated Tue Nov 12 2024