Jump to content
  • Spotfire - Adding parameters to web custom authenticator


    Many customers embed the dashboards and analyses into their existing web portals. Some just want to have a Web Single Sign On (SSO) based on external authentication systems like Siteminder or Identity Providers solutions like SAML, OAuth ... Finally, many of those also have their own legacy Web SSO systems.

    Any of the above cases most of the time require custom code on the server side. To be able to easily communicate with these systems, Spotfire provides a mechanism to use some environment parameters when writing custom classes. Indeed we usually know that these values can change from one environment (Development) to another (Production) since the resources are not the same.

    This page describes how to write a parameterized custom authentication 

    Web Player Custom Authentication (7.0.x and backward)

    Spotfire Web Player 7.0.x and previous versions provide an API allowing writing a custom web player authentication. Especially you need to implement the class CustomAuthenticator and override the method AuthenticateCore as shown below:

    protected override IIdentity AuthenticateTokenCore(AuthenticationContext context)
        return CustomAuthenticator.CreateIdentity(userName)

    For more information about creating a custom Web Player authenticator see here (https://community.spotfire.com/s/article/External-Authentication-in-TIBCO-Spotfire-10-3-and-Later-Versions )

    Configure the web.config

    You can any new parameter into the <appSettings> section of your web.config file. See the example below.

        <add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
    	  <!-- Customer specific settings added for the web services parameters-->
    	  <!-- Web Service SETTINGS-->
    	  <add key="url" value="https://servername/services/"" />
    	  <add key="authSchema" value="AUTHENTICATION" />
    	  <add key="appAdressIP" value="xxx.xxx.xx.xx" />
    	  <add key="appLanguage" value="Java" />
    	  <add key="appLanguageVersion" value="8" />
    	  <add key="appServerType" value="Tomcat" />
    	  <add key="appServerVersion" value="8" />
    	  <add key="appSesameID" value="ID" />
    	  <add key="appSesamePassword" value="TDB" />
    	  <add key="cookie" value="sngProd" />
    	  <add key="validUser" value=" auth_login" />
    	  <add key="validDate" value=" auth_date" />

    For a full description of how to configure Spotfire Environment for Custom Web Player Authentication, see here (TODO: add the link to the full configuration process)

    Retrieve the parameters values in your code

    string  AppAdressIP = System.Configuration.ConfigurationManager.AppSettings["appAdressIP"];
    string  AppLanguage = System.Configuration.ConfigurationManager.AppSettings["appLanguage"];
    string  appLanguageVersion = System.Configuration.ConfigurationManager.AppSettings[" .appLanguageVersion"];
    string  AppServerType = System.Configuration.ConfigurationManager.AppSettings["appServerType"];
    string  AppServerVersion = System.Configuration.ConfigurationManager.AppSettings[" .appServerVersion"];
    string  AppSesameID = System.Configuration.ConfigurationManager.AppSettings["appSesameID"];
    string  AppSesamePassword = System.Configuration.ConfigurationManager.AppSettings["appSesamePassword"];
    string  Cookie = System.Configuration.ConfigurationManager.AppSettings["cookie"];
    string  ValidUser = System.Configuration.ConfigurationManager.AppSettings["validUser"];
    string  ValidDate = System.Configuration.ConfigurationManager.AppSettings[" .validDate"];

    Now you can compile your source code and deploy it on any environment. You?ll just need to adapt the web.config file to match the correct values for the target environment.

    Server Custom Authentication (7.5.x and onward)

    Since TIBCO Spotfire 7.5, the server is the only front communication with users, and therefore the above based on IIS custom web player authentication does not apply anymore.

    Spotfire 7.5 provides external authentication as a supplementary authentication method to support previous web player custom authentication. A typical usage of External authentication is to retrieve the username from an attribute/header/cookie. This usage would probably be enough for simple external authentication methods like Siteminder or other simple identity provider solutions.

    However, as mentioned above, one might do more than just retrieve user names from cookies or headers/attributes.

    Spotfire, therefore, provides two advanced APIs allowing the customer to add more complex logic:

    1. A Custom Authentication Filter: when you need to perform a redirect or alter the response. This is the only option that can be used for implementing things like SAML or OpenID Connect.
    2. A CustomAuthenticator (7.6 and onwards): to retrieve the identity from an attribute/header/cookie but do some extra validation or lookup - perhaps the cookie value is just a token that needs to be posted to some other service to get the username back). Cannot perform redirects or alter the response in any other way.

    Custom Authentication Filter 


    Configure External Authentication to Authentication filter


    In the authentication filter windows, add the class and the necessary parameters.

    To retrieve the parameters in your source code


    Now you are ready to compile your code and adapt the parameters per environment

    An example can be found here: https://docs.tibco.com/pub/spotfire_server/7.6.0/doc/api/TIB_sfire_server_Custom_Authentication_Filter_API_Examples.zip

    Custom Authenticator



    In the external configuration window, choose Custom Authenticator and add the java class name and parameters.

    In your source code

      public void init(Map<String, String> parameters) throws CustomAuthenticatorException {
        final String CookieName = parameters.get("cookie.name");

    See the full description of the interface here: https://docs.tibco.com/pub/spotfire_server/7.6.0/doc/api/TIB_sfire_server_Server_Platform_API_Reference/platform/com/spotfire/server/security/CustomAuthenticator.html




    User Feedback

    Recommended Comments

    There are no comments to display.

  • Create New...