Reputation: 399
How to create a Single Sign On experience?
I've never typically built a web app and hence never worked on creating login experiences either. However, as an on-boarding task in the new project, i have to suggest a solution for creating a single sign on experience.
Here is the problem,
The team here has built a web app (server and client). Users log into this app over SSL. There could be 50 users with 50 sets of usernames and passwords. Each user is then directed to the client site of a spotfire web server. However, each user is now logged in as one standard user (assume a "testuser" credential). How do we ensure that the users seamlessly log into this spotfire account after having surpassed authentication previously? We do not want to disclose the "testuser" credentials to the users. Spotfire suppots NLTM and Kerberos and also accepts X.509 certificates. However, the former 2 work only with Windows authentication and i'm unsure how to make use of the latter here.
Thanks in advance.
Upvotes: 0
Views: 520
Answers (2)
Reputation: 1690
OAuth is your best bet here. You’ll want to use OAuth to provide a centralized login interface. Then your web app and Spotfire will redirect the user to the OAuth login interface to handle the login. Once a user authenticates with the OAuth front-end once, they’ll be automatically logged in to all the other applications as well.
This does require a lot of coding if you are going to implement all of this yourself. You’ll also have to write a Spotfire plugin to hook that up to your OAuth interface as well. Doable, but not the simplest thing to implement.
You might consider using a user database that provides OAuth instead. I wrote a user database called Passport and it should cover all of your use cases. It’s free to get started, so you could try it out and see if it works for you.
The OAuth implementation guide for Passport is here:
http://docs.inversoft.com/x/i4Gp
I’ve never worked with Spotfire, but Passport has a Wordpress plugin and we are working on a Confluence plugin and a few others as well. We could check out Spotfire and see if it would be possible to write a plugin for that if you want.
Upvotes: 0
Reputation: 1648
If you don't want the web player to do any authentication why not set it up with anonymous access. Have a look at the manual: https://docs.tibco.com/pub/spotfire_web_player/7.0.1/doc/pdf/TIB_sfire_webp_7.0.1_installation.pdf
Upvotes: 1
Related Questions
- JWT vs cookies for token-based authentication
- Active Directory Single Sign-on
- Why is there an "Authorization Code" flow in OAuth2 when "Implicit" flow works so well?
- How to implement Single Sign On using Spring and Active Directory
- SPA best practices for authentication and session management
- Apply single sign-on for computers not in ActiveDirectory domain
- single sign on with web api and asp.net mvc 5