Pentaho Transparent Authentication is a plugin for Pentaho BA Server that provides the platform with additional authentication and login capabilities, in the form of a spring security filter and a bunch of support classes. The goal of this project is to provide a transparent authentication and autologin mechanism, to let users switch between a different web application and Pentaho in an “Single Sign On fashion”.
For more informations, please take a look at:
http://fcorti.com/pentaho-transparent-authentication/
2. Alberto Mercati
Senior
Developer
2
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Francesco
Corti
ECM and BI specialist
fcorti.com
@FrkCorti
github.com/fcorti
it.linkedin.com/in/fcorti
+FrancescoCorti
codevomit.wordpress.com
github.com/Rospaccio
3. The goal
Imagine to be a web application3
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
#PCM15
4. The goal
and you want to access the resources4
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Reports,
Dashboards,
Analytics,
Ecc.{
5. The goal
Pentaho BA Server manages permits5
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
9. How to reach that goal?
9
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Without storing passwords
Without exchanging
passwords in the URLs
10. Possibile solutions
10
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Use a C.A.S. => Pentaho can do it!
Single user managed by the web
application => Less secure and
clean, but it works!
Probably something else…
11. Possibile solutions
11
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Use a C.A.S. => Pentaho can do it!
Single user managed by the web
application => Less secure and
clean, but it works!
Probably something else…
Our solution => Users mapping!
12. The solution
12
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Web
Application
Web
Application
Session
Pentaho
User
Pentaho SessionResources
Pentaho
Transparent
Authentication
13. Pentaho Transparent
Authentication is…
13
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
An extension of Pentaho BA Server
services
A collection of REST services that a web
application invokes
A mapper of an "external user" to a Pentaho
user
A creator of valid sessions in Pentaho
15. Interactions
15
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Web
Application +
click()
get_ticket()
ticket
target_url
redirect()
1.Pentaho recognize the ticket.
2.Pentaho creates a session.
3.Direct access to the resource.
Client
(browser)
Compose the
REST call
1.The user is mapped in a Pentaho user.
2.A ticket is created.
17. get_ticket()
17
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
http://<pentaho>/pentaho/Login?generate-ticket=1&app=test&username=user1
Base
url.
Tells the login ticket
generator to issue a
login ticket.
Name of the
application requesting
the login ticket.
Web application
user name.
18. User resolution
18
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Web application Username Pentaho Username
myApplication
user1 admin
user2 pat
user3 suzy
anotherApplication userFromAnotherApp jeff
ticket_id: e8617a46-d7d3-4bee-9345-e5fb8fea80fa
Valid tickets are stored in a temporary cache per user
The duration can be set in a configuration file
19. Interactions
19
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Web
Application +
click()
get_ticket()
ticket
target_url
redirect()
Composing the target url
Client
(browser)
20. Composing the target url
20
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
https://<pentaho>/pentaho/Home?autologin=true&ticket=e8617a46-d7d3-4bee-9345-
e5fb8fea80fa
Base
url.
Autologin request.
Ticket.
21. Interactions
21
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Web
Application +
click()
get_ticket()
ticket
target_url
redirect()
The Pentaho autologin
Client
(browser)
23. The autologin
23
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Pentaho BA Server receives the autologin request
Pentaho BA Server checks the ticket in the temporary cache
24. The autologin
24
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Pentaho BA Server receives the autologin request
Pentaho BA Server checks the ticket in the temporary cache
If succeed the user is logged in the resource is accessed
25. PentahoTA is in the
marketplace
25
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
27. Next steps
27
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g
Storing the mapping in a
database instead of a
configuration file
Developing some admin RESTs
to manage the CRUD operations
Developing a user interface to
manage the mapping
28. See it in action
28
#PCM15
London
7 Nov ‘15
P e n t a h o
Community
M e e t i n g