This article lists out steps to enable a custom single sign-on solution on Spotfire Web Player till
You will need to build the customauthentication module for your webplayer first. A sample if provided in Spotfire sdk. Once you have it ready, the output of that project is a dll which we will use on the webplayer. In most cases this will be a very small change to the example itself. Once you have build the custom authenticator project.
Here are the remaining steps to enable the custom Authenticator on the web.
Step 1 Enable impersonation on Spotfire server
Login to Spotfire configuration console.
Easiest way to access is on your Tibco Spotfire server machine go to Start >> All Programs >> Tibco Spotfire Server x.x >> Configure Spotfire Server
Provide password on the window that pops up.
Once logged in go to configuration tab and then select the impersonation page
On impersonation section screen, select yes for enable impersonation
Select Yes/ No for custom authentication filter, Generally No.
Require SSL yes or no based on if you are using HTTPS
Allowed hosts and IP is for additional security, if needed.
Hit save configuration at the bottom right of the screen, save to database
Once save is complete then restart spotfire server
Step 2 Creating Spotfire impersonation user
Login to your Spotfire client as an administrator
Go to tools >> Administration manager
Create a new user if needed under users tab or you could use existing user if available to use as impersonation account.
Then select the user in the userlist and select to edit group membership.
The user needs to be part of few groups, impersonator, everyone and administrator.
Administrator group can be replaced with other group, but administrator group has wide access and hence it ensures that everyone gets access to their own content as needed if the impersonation id has access to all content.
Step 3 Web Player Changes
Web.Config changes
(1) Deploy Custom Authentication Piece
- Copy DLL from your project to Spotfire Web Player\6.x\webroot\bin folder
(2) Modify Web Player Web.config file
(a) Edit authentication to match the anonymous authentication from the Web Player installation manual - section 3.3.2
This will involve enabling impersonation, providing impersonation username/pwd, and changing authentication settings itself.
https://docs.tibco.com/pub/spotfire_web_player/6.5.0/TIB_sfire_webp_6.5.0_InstallationManual.pdf
b) Add the CustomAuthenticator section for your custom authenticator in the web.config.
e.g. below, please note the name and class name will change based on what you are calling your project. Look at the module.xml file in the Visual Studio project to get the actual value you need.
<authentication serverUrl="<server URL goes here>"
<impersonation enabled="true"/>
<customAuthenticator type="SpotfirePS.SpotfireWeb.CustomWebAuthentication.CustomWebAuthenticator, SpotfirePS.SpotfireWeb.CustomWebAuthentication" />
</authentication>
(c) Save Web.config file. IIS should restart the Web Player application automatically because the Web.config file changed, but if anything seems unusual
This should enable Custom Authentication for your web player server
You will need to build the customauthentication module for your webplayer first. A sample if provided in Spotfire sdk. Once you have it ready, the output of that project is a dll which we will use on the webplayer. In most cases this will be a very small change to the example itself. Once you have build the custom authenticator project.
Here are the remaining steps to enable the custom Authenticator on the web.
Step 1 Enable impersonation on Spotfire server
Login to Spotfire configuration console.
Easiest way to access is on your Tibco Spotfire server machine go to Start >> All Programs >> Tibco Spotfire Server x.x >> Configure Spotfire Server
Provide password on the window that pops up.
Once logged in go to configuration tab and then select the impersonation page
On impersonation section screen, select yes for enable impersonation
Select Yes/ No for custom authentication filter, Generally No.
Require SSL yes or no based on if you are using HTTPS
Allowed hosts and IP is for additional security, if needed.
Hit save configuration at the bottom right of the screen, save to database
Once save is complete then restart spotfire server
Step 2 Creating Spotfire impersonation user
Login to your Spotfire client as an administrator
Go to tools >> Administration manager
Create a new user if needed under users tab or you could use existing user if available to use as impersonation account.
Then select the user in the userlist and select to edit group membership.
The user needs to be part of few groups, impersonator, everyone and administrator.
Administrator group can be replaced with other group, but administrator group has wide access and hence it ensures that everyone gets access to their own content as needed if the impersonation id has access to all content.
Step 3 Web Player Changes
Web.Config changes
(1) Deploy Custom Authentication Piece
- Copy DLL from your project to Spotfire Web Player\6.x\webroot\bin folder
(2) Modify Web Player Web.config file
(a) Edit authentication to match the anonymous authentication from the Web Player installation manual - section 3.3.2
This will involve enabling impersonation, providing impersonation username/pwd, and changing authentication settings itself.
https://docs.tibco.com/pub/spotfire_web_player/6.5.0/TIB_sfire_webp_6.5.0_InstallationManual.pdf
b) Add the CustomAuthenticator section for your custom authenticator in the web.config.
e.g. below, please note the name and class name will change based on what you are calling your project. Look at the module.xml file in the Visual Studio project to get the actual value you need.
<authentication serverUrl="<server URL goes here>"
<impersonation enabled="true"/>
<customAuthenticator type="SpotfirePS.SpotfireWeb.CustomWebAuthentication.CustomWebAuthenticator, SpotfirePS.SpotfireWeb.CustomWebAuthentication" />
</authentication>
(c) Save Web.config file. IIS should restart the Web Player application automatically because the Web.config file changed, but if anything seems unusual
This should enable Custom Authentication for your web player server
Comments
Post a Comment