Jump to content

Invoking Spotfire Visualization Embedded in Website Using JavaScript API Fails Authentication

Ken Collins 2

Recommended Posts

I have a web application built with React and I am utilizing the JavaScript API to invoke a Spotfire visualization on another server, a Spotfire Web Player server. It fails with an HTTP status code error 401.

Now I know this issue has been raised before, and I found a response from 4 year ago with this advice: "The JavaScript API is intended to work with a single signon solution so you will need to ensure that you are logged in to you (sic) Spotfire Environment and check the "Keep me logged in" option otherwise you will indeed get a blank page."

Granted, the suggested approach does work. If I leave my app, open another web browser tab and enter the Spotfire Web Player URL, it will connect with SSO and add four cookies into my browser. Then when I return to my app, and refresh the screen, the Spotfire visualization loads as desired.

However, this is TERRIBLE ADVICE!! What a horrible user experience this is!! You can't be serious when you say that the solution is for the end user of my web application to leave the application, go to another web browser tab, and invoke the Spotfire server directly, then return to myweb app to see the visualization.

There has to be another way to solve this problem and make it seamless to the end user.

I am attempting to attach a file to this ticket to show what I see from the Network tab in Chrome. The response from the Spotfire server is error 401 yet it looks like it wants to set the same four cookies that it normally sets in the browser when SSO authentication has been successful. Perhaps this can offer clues to what is happening.

Link to comment
Share on other sites

One way to achieve a seamless authentication is to setup External Authenticatin on Spotfire Server with source type as cookie/header/attribute.

With this what you can do is from your custom web application while making a request to Spotfire set either cookie/header/attribute [depending on what you configured] with the username. When the request reaches spotfire, the server will try to extract the cookie/header value and try to authorize and allow the user to view the analysis.

Following is the documentation on External Authentication,



One other flow with out the need to authenticate an useris with Anonymous authentication. You can enable Anonymous authentication and provide the user guest@ANONYMOUS access to the analysis file.


Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...