Jump to content

  • How to enable Kerberos authentication with the Spotfire® for Apple iPad

     Share
    Yes, you CAN configure Spotfire® Analytics for Apple iOS to use Single Sign On (SSO) Kerberos authentication! This article walks you through the steps necessary to access Spotfire analytics through the app installed on your iPad or iPhone with a single-sign-on.

    Environment requirements

    • Spotfire® Analytics for Apple iOS of latest version.
    • Spotfire® Web Player 10.x or higher, configured to use Kerberos with Constrained Delegation.
    • Apple iOS version 10.0 or higher.

    Configuring the iPad/iPhone

    For Spotfire Analytics for Apple iOS to properly negotiate the SSO Kerberos authentication, you must configure your device to use Kerberos. You can accomplish this task by creating and installing a configuration profile. You must edit the configuration profile to fit your environment.

    The configuration profile is contained in an XML file that has the file extension .mobileconfig.  App developers might recognize the profile from the Apple developer documentation.  I have borrowed an example XML file, the contents of which you can find at the bottom of this post.

    1. Copy the XML at the end of this article and save it to a file on your local computer. 
    2. Edit the file, changing the value in the tag as follows:
       
      Key Default String Description
      Name Kerberos Config Required. Change to the name of the configuration.
      PrincipalName test_user Required. Change to the user name to use when logging in.
      Realm GSLAB.LOCAL Required. Change to the domain realm specified when you set up Kerberos on the Web Player service.

      Note Must be upper case.
      GUID (Sample GUID) You do not need to change the GUID field.
      URLPrefixMatches An array of sample URLs Required. Change from the sample URLs to the URL of the Web Player server the TIBCO Spotfire for Apple iPad connects to. You can specify multiple URLs by adding a separate line for each new URL entry. 

      The URL should be the Web Player Server URL. Do not add /SpotfireWeb (or your virtual directory name) to the end of the URL.
      PayloadOrganization ORGANIZATION Required. Change to the name of the organization you want to use.

       
    3. OPTIONAL SETTING. If you want to be able to access Spotfire analytics through the Safari browser on your device, add the following string to the AppIdentifierMatches array. 
       com.apple.mobilesafari
       

      The entire section should read as follows. 

           AppIdentifierMatches
     com.tibco.spotfire.SpotfireForIPad
     com.apple.mobilesafari
       
    4. Save the edited configuration file.
       
    5. Install this edited .mobileconfig profile file on your device. This is most easily done by attaching the sso.mobileconfig file to an e-mail and sending it to an account that the iPad/iPhone user(s) can access. When you tap on the attachment in the email on the device, you are prompted to install the configuration profile.

      Note  If you get an Invalid Profile error when you attempt to install the file, then the file contains a configuration error that you must fix. Confirm that all values your provided are properly filled in and formatted, and that you did not accidentally change, add, or delete any XML tags. 

    6. Open the App and select Add Library if you have not already done so. It does not matter what you specify in the Username and Password fields, because these values are not used when your device authenticates using SSO.
       
    7. To modify or update the profile, follow these steps on the device.
      1. Tap Settings, and then select General.
      2. Scroll down to Profiles
      3. Select this profile and delete it.
      4. After it has been deleted, you can install a new .mobileconfig file with updated configuration settings.

    After you have completed these steps, you should be able to use Spotfire Analytics for iOS to access your Spotfire analytics using Kerberos with Delegation.  A sample sso.mobileconfig file is attached as a file to this article.  It has a .txt extension so it will need to be edited and renamed.

    Sample sso.mobileconfig 

          PayloadContent      
        
          PayloadDisplayName
             SSO Settings
          PayloadType
             com.apple.sso
          PayloadVersion
             1
          PayloadUUID
             9F7C78AC-41F6-4474-8608-1EC41B6551B1
          PayloadIdentifier
             analytics.spotfire.sso
          Name
             GSLAB IPAD SSO
          Kerberos
             
                  PrincipalName
                   test_user
                Realm
                   GSLAB.LOCAL
                URLPrefixMatches
                  
                      https://kerbenabledapp.mycompany.com
                      http://nonstandardapp.mycompany.com:16089
                  
               AppIdentifierMatches
                  
                    com.apple.mobilesafari
                      com.tibco.spotfire.SpotfireForIPad                                      
     
      PayloadDisplayName
         KerberosConfigProfile
      PayloadIdentifier
         local.TEST.ssoconfig
      PayloadOrganization
         ORGANIZATION
      PayloadRemovalDisallowed
         
      PayloadType
         Configuration
      PayloadUUID
         8C7EFCB0-B8C4-40EE-B3F6-CA1A8FZ83I457
      PayloadVersion
         1
     

    sso.mobileconfig.txt

     

     

     Share
    Go to articles

    User Feedback

    Recommended Comments

    There are no comments to display.


×
×
  • Create New...