Embedding dashboards securely and seamlessly.

[Nabeel Riaz]

We want to embed spotfire dashboards in our web portal. So we have the embed url with us. When we embed that url in our web portal, we want to login silently to on tibco spotfire server and then show the iframe. We don't want our dashboard url to be publicly accessible. Please share step by step guidelines for achieving this?

[Peter McKinnis]

Nabeel,

I know it has been a while since you posted your question. Hopefully, you figured out a solution already. The answer to your question is not a simple because step by step guidelines depends on a lot of things.

This article describes what one can configure within Spotfire to get single sign on to work when a user has been externally authenticated, e.g. within your web portal, but a lot is dependent on browser security. For example, one common way to share authentication is via a cookie but that requires the portal and Spotfire to share a domain, e.g. my.portal.company.com and my.spotfire.company.com - the cookie can be on the company.com domain. Browser security continues to get stronger such that one has to be aware of how any authentication tokens are provided to Spotfire from the portal.

The dashboard url has to be accessible at some point. Customers often use reverse proxies to hide Spotfire Sever and provide additional network security. The additional network device can deny access to users that have not been authenticated in your portal.

You may also want to look at using the Spotfire JavaScript API, if you want more control over Spotfire in your portal.

I hope that helps getting started.

Regards,

Peter