Jump to content

#DrSpotfire Header external authentication

Aswin Mukundan

Recommended Posts

We havecurrently setup the spotfire External authentication method as Header.But we are only able to access the Spotfire dashboards after logging in via web client. We are unable to bypass login screen usingheader method. When we have changedthe method from Header to Cookie we are getting access without going through web client login. Could you please let us know of possible reasons that this might be occuring and any thoughts on the code change (.net) required to gain access via header itself
Link to comment
Share on other sites

It sounds like you are using some sort of portal where users authenticate and that you want to use that identity in Spotfire For requests that you make yourself you can add headers but browsers won't automatically add any (but they will add cookies if set for the domain - so if your portal and the Spotfire Server have a common domain it sounds like cookies might be the best option). A header is typically used when there's a reverse-proxy or such in front of the Spotfire Server that performs the authentication.

Just a word of caution - anyone can set both headers and cookies so you must have something in place that validates that the headers or cookies you are using are in fact valid (you could for example sign them and validate the signature). This could either be done on the Spotfire Server side (in a CustomAuthenticator) or in reverse-proxy or such.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...