Introduction
Many customers embed the dashboards and analyses into their existing web portals. Some just want to have a Web Single Sign On (SSO) based on external authentication systems like Siteminder or Identity Providers solutions like SAML, OAuth ... Finally, many of those also have their own legacy Web SSO systems.
Any of the above cases most of the time require custom code on the server side. To be able to easily communicate with these systems, Spotfire provides a mechanism to use some environment parameters when writing custom classes. Indeed we usually know that these values can change from one environment (Development) to another (Production) since the resources are not the same.
This page describes how to write a parameterized custom authentication
For more information about creating a custom Web Player authenticator see here (External Authentication in Spotfire).
Server Custom Authentication
All Spotfire clients, e.g. Spotfire Analyst, Web Player users, communicate with the Spotfire Server for authentication and authorization.
Spotfire provides external authentication as a supplementary authentication method to support previous web player custom authentication. A typical usage of External authentication is to retrieve the username from an attribute/header/cookie. This usage would probably be enough for simple external authentication methods like Siteminder or other simple identity provider solutions.
However, as mentioned above, one might do more than just retrieve user names from cookies or headers/attributes.
Spotfire, therefore, provides two advanced APIs allowing the customer to add more complex logic:
- A Custom Authentication Filter: when you need to perform a redirect or alter the response. This is the only option that can be used for implementing things like SAML or OpenID Connect.
- A CustomAuthenticator: to retrieve the identity from an attribute/header/cookie but do some extra validation or lookup - perhaps the cookie value is just a token that needs to be posted to some other service to get the username back). Cannot perform redirects or alter the response in any other way.
Custom Authentication Filter
Configure External Authentication to Authentication filter
In the authentication filter windows, add the class and the necessary parameters.
Now you are ready to compile your code and adapt the parameters per environment
This Community Article gives an overview and has a zip file with code examples at the end: Spotfire Server API for Custom Authentication
Custom Authenticator
In the external configuration window, choose Custom Authenticator and add the java class name and parameters.
In your source code
@Override public void init(Map<String, String> parameters) throws CustomAuthenticatorException { final String CookieName = parameters.get("cookie.name"); ... }
See the full description of the interface here: CustomAuthenticator interface
Recommended Comments
There are no comments to display.