How to connect spotfire server from spotfire analyst client when my authentication is set to External Authentication

[Krishna Prasad 2]

Hi,

How to connect spotfire server from spotfire analyst client when my authentication is set to External Authentication

While trying to login the error is Access is denied.

Regards,

Krishna

[Jens Borgland]

Setting the primary authentication method to External Authentication does not work well with the Spotfire Analyst in 7.7 and previous versions (it's primarily used for servers that are only used as Web Player frontends).

The feature has been improved in 7.8 - allowing you to specify how the Spotfire Analyst (and other similar clients, like the iOS client) should behave when using External Authentication.

Note however that depending on the type of External Authentication you're using it may not be necessary to set it as the primary authentication method - it can also be used as a secondary authentication method, combined with some other metod (such as username/password).

[mike weng]

Hi Jens,

 

I have the same issue, could you tell me more information about how to config secondary authentication method for Spotfire analyst

 

Thanks & Recards

 

Mike

[Shandilya Peddi]

To enable secondary authentication, you will just set the primary authentication as basic database or ldap or kerberos etc and then go to External Authentication tab and enable it as well. In this case you have two authentications,

 

 

[mike weng]

Hi Shandilya,Thanks for your reply,I follow your comment's setting, but the Spotfire analyst doesn't use basic database authentication. Actully in add server, it alarms the Communication Error as below, but I only use basic database authentication, it's work.Error message: Cannot connect to the specified server.

Before trying again, make sure that the server you connect to is a valid Spotfire server, that the server is running, and that you are connected to the network.ManifestWebException at Spotfire.Dxp.Services:

Could not connect to server 'http://localhost/' to download manifest. The remote server returned an error: (403) Forbidden . (HRESULT: 80131509)Stack Trace:

   at Spotfire.Dxp.Services.ManifestReader.DownloadAndParse(WebRequestCreator requestCreator)

   at Spotfire.Dxp.Services.ManifestReader.GetReader(Uri uri, WebRequestCreator requestCreator)

   at Spotfire.Dxp.Loader.EditServerForm.OkButtonClick(Object sender, EventArgs e)

WebException at Spotfire.Dxp.Framework:

The remote server returned an error: (403) Forbidden . (HRESULT: 80131509)Stack Trace:

   at Spotfire.Dxp.Framework.HttpClient.NativeWebResponse..ctor(NativeHttpClient httpClient, NativeWebRequest request)

   at Spotfire.Dxp.Framework.HttpClient.WinINet.WinINetWebRequest.GetResponseCore()

   at Spotfire.Dxp.Framework.HttpClient.NativeWebRequest.GetResponse()

   at Spotfire.Dxp.Services.ManifestReader.<>c__DisplayClass44_1.<DownloadAndParse>b__0()

 

[Jens Borgland]

Mike, what kind of external authentication are you using, and what kind of primary authentication method do you use The Analyst will use the primary method so you need to ensure that any reverse-proxy or similar doesn't interfere with that traffic. 

 

For some more flexibility you could specify that the Analyst should always pop a browser window (which will end up at the ordinary login page if using username/password), just like it does when using for example OpenID Connect. Regardless of which option you choose it's important that the reverse-proxy of what you have for performing the authentication doesn't interfere with the traffic (trying to redirect it or something like that). If you need to have an active component then you could either use one of the OOTB options (like OpenID Connect), or create a CustomWebAuthenticator, or specify External Authentication as the primary authentication method and set up a reverse-proxy that only intercepts traffic to /spotfire/sf_security_check_external_auth