Environment requirements
- Spotfire® Analytics for Apple iOS of latest version.
- Spotfire® Web Player 10.x or higher, configured to use Kerberos with Constrained Delegation.
- Apple iOS version 10.0 or higher.
Configuring the iPad/iPhone
For Spotfire Analytics for Apple iOS to properly negotiate the SSO Kerberos authentication, you must configure your device to use Kerberos. You can accomplish this task by creating and installing a configuration profile. You must edit the configuration profile to fit your environment.
The configuration profile is contained in an XML file that has the file extension .mobileconfig. App developers might recognize the profile from the Apple developer documentation. I have borrowed an example XML file, the contents of which you can find at the bottom of this post.
- Copy the XML at the end of this article and save it to a file on your local computer.
-
Edit the file, changing the value in the tag as follows:
Key Default String Description Name Kerberos Config Required. Change to the name of the configuration. PrincipalName test_user Required. Change to the user name to use when logging in. Realm GSLAB.LOCAL Required. Change to the domain realm specified when you set up Kerberos on the Web Player service.
Note Must be upper case.GUID (Sample GUID) You do not need to change the GUID field. URLPrefixMatches An array of sample URLs Required. Change from the sample URLs to the URL of the Web Player server the TIBCO Spotfire for Apple iPad connects to. You can specify multiple URLs by adding a separate line for each new URL entry.
The URL should be the Web Player Server URL. Do not add /SpotfireWeb (or your virtual directory name) to the end of the URL.PayloadOrganization ORGANIZATION Required. Change to the name of the organization you want to use.
-
OPTIONAL SETTING. If you want to be able to access Spotfire analytics through the Safari browser on your device, add the following string to the
AppIdentifierMatches
array.com.apple.mobilesafari
The entire section should read as follows.
AppIdentifierMatches com.tibco.spotfire.SpotfireForIPad com.apple.mobilesafari
-
Save the edited configuration file.
-
Install this edited .mobileconfig profile file on your device. This is most easily done by attaching the sso.mobileconfig file to an e-mail and sending it to an account that the iPad/iPhone user(s) can access. When you tap on the attachment in the email on the device, you are prompted to install the configuration profile.
Note If you get an Invalid Profile error when you attempt to install the file, then the file contains a configuration error that you must fix. Confirm that all values your provided are properly filled in and formatted, and that you did not accidentally change, add, or delete any XML tags.
-
Open the App and select Add Library if you have not already done so. It does not matter what you specify in the Username and Password fields, because these values are not used when your device authenticates using SSO.
-
To modify or update the profile, follow these steps on the device.
- Tap Settings, and then select General.
- Scroll down to Profiles.
- Select this profile and delete it.
- After it has been deleted, you can install a new .mobileconfig file with updated configuration settings.
After you have completed these steps, you should be able to use Spotfire Analytics for iOS to access your Spotfire analytics using Kerberos with Delegation. A sample sso.mobileconfig file is attached as a file to this article. It has a .txt extension so it will need to be edited and renamed.
Sample sso.mobileconfig
PayloadContent PayloadDisplayName SSO Settings PayloadType com.apple.sso PayloadVersion 1 PayloadUUID 9F7C78AC-41F6-4474-8608-1EC41B6551B1 PayloadIdentifier analytics.spotfire.sso Name GSLAB IPAD SSO Kerberos PrincipalName test_user Realm GSLAB.LOCAL URLPrefixMatches https://kerbenabledapp.mycompany.com http://nonstandardapp.mycompany.com:16089 AppIdentifierMatches com.apple.mobilesafari com.tibco.spotfire.SpotfireForIPad PayloadDisplayName KerberosConfigProfile PayloadIdentifier local.TEST.ssoconfig PayloadOrganization ORGANIZATION PayloadRemovalDisallowed PayloadType Configuration PayloadUUID 8C7EFCB0-B8C4-40EE-B3F6-CA1A8FZ83I457 PayloadVersion 1
Recommended Comments
There are no comments to display.