Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Pentaho
1
Transparent
Authentication
Alberto Mercati - Francesco Corti
Alberto Mercati
Senior
Developer
2
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Francesco
Corti
ECM and B...
The goal
Imagine to be a web application3
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
#PCM15
The goal
and you want to access the resources4
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Reports,
Dash...
The goal
Pentaho BA Server manages permits5
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Accessing to Pentaho
resources
6
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Identify a
valid user
Get a...
Otherwise…
7
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Access denied!
The solution
8
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Having a valid key to Pentaho BA
Server
How to reach that goal?
9
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Without storing passwords
Without ...
Possibile solutions
10
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Use a C.A.S. => Pentaho can do it!
Si...
Possibile solutions
11
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Use a C.A.S. => Pentaho can do it!
Si...
The solution
12
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Web
Application
Web
Application
Session
Pent...
Pentaho Transparent
Authentication is…
13
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
An extension of Pe...
Interactions
14
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Web
Application +
click()
get_ticket()
ticke...
Interactions
15
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Web
Application +
click()
get_ticket()
ticke...
Interactions
16
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Web
Application +
click()
get_ticket()
ticke...
get_ticket()
17
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
http://<pentaho>/pentaho/Login?generate-tick...
User resolution
18
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Web application Username Pentaho Username...
Interactions
19
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Web
Application +
click()
get_ticket()
ticke...
Composing the target url
20
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
https://<pentaho>/pentaho/Home?a...
Interactions
21
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Web
Application +
click()
get_ticket()
ticke...
The autologin
22
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Pentaho BA Server receives the autologin re...
The autologin
23
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Pentaho BA Server receives the autologin re...
The autologin
24
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Pentaho BA Server receives the autologin re...
PentahoTA is in the
marketplace
25
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
PentahoTA versions
26
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
=>
v1.0 v5.4
=>
v1.1 v6.0
Next steps
27
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Storing the mapping in a
database instead of a...
See it in action
28
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Q&A
29
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Pentaho
Transparent
Authentication
Pictures by
30
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
all rights reserved
Upcoming SlideShare
Loading in …5
×

Pentaho Transparent Autenthication

1,186 views

Published on

Pentaho Transparent Authentication is a plugin for Pentaho BA Server that provides the platform with additional authentication and login capabilities, in the form of a spring security filter and a bunch of support classes. The goal of this project is to provide a transparent authentication and autologin mechanism, to let users switch between a different web application and Pentaho in an “Single Sign On fashion”.

For more informations, please take a look at:
http://fcorti.com/pentaho-transparent-authentication/

Published in: Software
  • Thanks for sharing such a useful document on Pentaho Support. Get more details about Pentaho Support @ http://pentaho.graymatter.co.in/pentaho-support
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Pentaho Transparent Autenthication

  1. 1. Pentaho 1 Transparent Authentication Alberto Mercati - Francesco Corti
  2. 2. Alberto Mercati Senior Developer 2 #PCM15 London 7 Nov ‘15 P e n t a h o Community M e e t i n g Francesco Corti ECM and BI specialist fcorti.com @FrkCorti github.com/fcorti it.linkedin.com/in/fcorti +FrancescoCorti codevomit.wordpress.com github.com/Rospaccio
  3. 3. The goal Imagine to be a web application3 London 7 Nov ‘15 P e n t a h o Community M e e t i n g #PCM15
  4. 4. The goal and you want to access the resources4 #PCM15 London 7 Nov ‘15 P e n t a h o Community M e e t i n g Reports, Dashboards, Analytics, Ecc.{
  5. 5. The goal Pentaho BA Server manages permits5 #PCM15 London 7 Nov ‘15 P e n t a h o Community M e e t i n g
  6. 6. Accessing to Pentaho resources 6 #PCM15 London 7 Nov ‘15 P e n t a h o Community M e e t i n g Identify a valid user Get a valid session Have access
  7. 7. Otherwise… 7 #PCM15 London 7 Nov ‘15 P e n t a h o Community M e e t i n g Access denied!
  8. 8. The solution 8 #PCM15 London 7 Nov ‘15 P e n t a h o Community M e e t i n g Having a valid key to Pentaho BA Server
  9. 9. How to reach that goal? 9 #PCM15 London 7 Nov ‘15 P e n t a h o Community M e e t i n g Without storing passwords Without exchanging passwords in the URLs
  10. 10. Possibile solutions 10 #PCM15 London 7 Nov ‘15 P e n t a h o Community M e e t i n g Use a C.A.S. => Pentaho can do it! Single user managed by the web application => Less secure and clean, but it works! Probably something else…
  11. 11. Possibile solutions 11 #PCM15 London 7 Nov ‘15 P e n t a h o Community M e e t i n g Use a C.A.S. => Pentaho can do it! Single user managed by the web application => Less secure and clean, but it works! Probably something else… Our solution => Users mapping!
  12. 12. The solution 12 #PCM15 London 7 Nov ‘15 P e n t a h o Community M e e t i n g Web Application Web Application Session Pentaho User Pentaho SessionResources Pentaho Transparent Authentication
  13. 13. Pentaho Transparent Authentication is… 13 #PCM15 London 7 Nov ‘15 P e n t a h o Community M e e t i n g An extension of Pentaho BA Server services A collection of REST services that a web application invokes A mapper of an "external user" to a Pentaho user A creator of valid sessions in Pentaho
  14. 14. Interactions 14 #PCM15 London 7 Nov ‘15 P e n t a h o Community M e e t i n g Web Application + click() get_ticket() ticket target_url redirect() Client (browser)
  15. 15. Interactions 15 #PCM15 London 7 Nov ‘15 P e n t a h o Community M e e t i n g Web Application + click() get_ticket() ticket target_url redirect() 1.Pentaho recognize the ticket. 2.Pentaho creates a session. 3.Direct access to the resource. Client (browser) Compose the REST call 1.The user is mapped in a Pentaho user. 2.A ticket is created.
  16. 16. Interactions 16 #PCM15 London 7 Nov ‘15 P e n t a h o Community M e e t i n g Web Application + click() get_ticket() ticket target_url redirect() Client (browser)
  17. 17. get_ticket() 17 #PCM15 London 7 Nov ‘15 P e n t a h o Community M e e t i n g http://<pentaho>/pentaho/Login?generate-ticket=1&app=test&username=user1 Base url. Tells the login ticket generator to issue a login ticket. Name of the application requesting the login ticket. Web application user name.
  18. 18. User resolution 18 #PCM15 London 7 Nov ‘15 P e n t a h o Community M e e t i n g Web application Username Pentaho Username myApplication user1 admin user2 pat user3 suzy anotherApplication userFromAnotherApp jeff ticket_id: e8617a46-d7d3-4bee-9345-e5fb8fea80fa Valid tickets are stored in a temporary cache per user The duration can be set in a configuration file
  19. 19. Interactions 19 #PCM15 London 7 Nov ‘15 P e n t a h o Community M e e t i n g Web Application + click() get_ticket() ticket target_url redirect() Composing the target url Client (browser)
  20. 20. Composing the target url 20 #PCM15 London 7 Nov ‘15 P e n t a h o Community M e e t i n g https://<pentaho>/pentaho/Home?autologin=true&ticket=e8617a46-d7d3-4bee-9345- e5fb8fea80fa Base url. Autologin request. Ticket.
  21. 21. Interactions 21 #PCM15 London 7 Nov ‘15 P e n t a h o Community M e e t i n g Web Application + click() get_ticket() ticket target_url redirect() The Pentaho autologin Client (browser)
  22. 22. The autologin 22 #PCM15 London 7 Nov ‘15 P e n t a h o Community M e e t i n g Pentaho BA Server receives the autologin request
  23. 23. The autologin 23 #PCM15 London 7 Nov ‘15 P e n t a h o Community M e e t i n g Pentaho BA Server receives the autologin request Pentaho BA Server checks the ticket in the temporary cache
  24. 24. The autologin 24 #PCM15 London 7 Nov ‘15 P e n t a h o Community M e e t i n g Pentaho BA Server receives the autologin request Pentaho BA Server checks the ticket in the temporary cache If succeed the user is logged in the resource is accessed
  25. 25. PentahoTA is in the marketplace 25 #PCM15 London 7 Nov ‘15 P e n t a h o Community M e e t i n g
  26. 26. PentahoTA versions 26 #PCM15 London 7 Nov ‘15 P e n t a h o Community M e e t i n g => v1.0 v5.4 => v1.1 v6.0
  27. 27. Next steps 27 #PCM15 London 7 Nov ‘15 P e n t a h o Community M e e t i n g Storing the mapping in a database instead of a configuration file Developing some admin RESTs to manage the CRUD operations Developing a user interface to manage the mapping
  28. 28. See it in action 28 #PCM15 London 7 Nov ‘15 P e n t a h o Community M e e t i n g
  29. 29. Q&A 29 #PCM15 London 7 Nov ‘15 P e n t a h o Community M e e t i n g Pentaho Transparent Authentication
  30. 30. Pictures by 30 #PCM15 London 7 Nov ‘15 P e n t a h o Community M e e t i n g all rights reserved

×