Spotfire external authentication

[Anusha V]

Hi,

We are using Spotfire 10.6 version and If proxy server sends username and password does password captures Username only

and for user, proxy server password andSpotfire server database password should be same

We are going to use Http headers as external authentication and when proxy server sent the username details how will capture the username and password details does it available in Server logs

we are provisioning directly in Spotfire database. and these users are exclusive only for web player users.

Thanks,

Anusha

[Jens Borgland]

If you're using External Authentication withHeaderas source then the Spotfire Server will simply extract the identity from that header. No password validation or such will be performed (it's expected that the reverse-proxy has already performed all necessary validation). Note that it's very important that with this type of setup it's very important that all traffic to the Spotfire Server really goes through the reverse-proxy so that an attacker cannot simply supply a header with a username and thereby log in as that user.

If you need to perform additional validation or more advanced types of transformation of the username then you should implement aCustomAuthenticator.

If you enable DEBUG logging you'll get entries in the log from a class calledExternalAuthenticatorthat gives some detail on the values extracted.

Also note that it's possible to filter the username (to for example strip away some static prefix or something like that), and to convert it to lowercase.