Pentaho Transparent Autenthication
-
Upload
francesco-corti -
Category
Software
-
view
812 -
download
0
Transcript of Pentaho Transparent Autenthication
Pentaho
TransparentAuthenticationAlberto Mercati - Francesco Corti
Alberto MercatiSenior Developer
#PCM15London7 Nov 15PentahoCommunityMeeting
Francesco CortiECM and BI specialist
fcorti.com
@FrkCorti
github.com/fcorti
it.linkedin.com/in/fcorti
+FrancescoCorti
codevomit.wordpress.comgithub.com/Rospaccio
The goal
Imagine to be a web application
London7 Nov 15PentahoCommunityMeeting#PCM15
The goaland you want to access the resources
#PCM15London7 Nov 15PentahoCommunityMeeting
Reports,Dashboards,Analytics,Ecc.{
The goalPentaho BA Server manages permits
#PCM15London7 Nov 15PentahoCommunityMeeting
Accessing to Pentaho resources
#PCM15London7 Nov 15PentahoCommunityMeeting
Identify a valid userGet a valid sessionHave access
Otherwise
#PCM15London7 Nov 15PentahoCommunityMeeting
Access denied!
The solution
#PCM15London7 Nov 15PentahoCommunityMeetingHaving a valid key to Pentaho BA Server
How to reach that goal?
#PCM15London7 Nov 15PentahoCommunityMeeting
Without storing passwords
Without exchanging passwords in the URLs
Possibile solutions
#PCM15London7 Nov 15PentahoCommunityMeetingUse a C.A.S. => Pentaho can do it!
Single user managed by the web application => Less secure and clean, but it works!
Probably something else
Possibile solutions
#PCM15London7 Nov 15PentahoCommunityMeeting
Use a C.A.S. => Pentaho can do it!
Single user managed by the web application => Less secure and clean, but it works!
Probably something else
Our solution => Users mapping!
The solution
#PCM15London7 Nov 15PentahoCommunityMeeting
WebApplicationWeb ApplicationSessionPentaho UserPentaho SessionResources
Web ApplicationPentahoPentahoTransparentAuthentication
Pentaho Transparent Authentication is
#PCM15London7 Nov 15PentahoCommunityMeetingAn extension of Pentaho BA Server services
A collection of REST services that a web application invokes
A mapper of an "external user" to a Pentaho user
A creator of valid sessions in Pentaho
Interactions
#PCM15London7 Nov 15PentahoCommunityMeeting
Web Application+
click()
get_ticket()
ticket
target_url
redirect()
Client(browser)
Interactions
#PCM15London7 Nov 15PentahoCommunityMeeting
Web Application+
click()
get_ticket()
ticket
target_url
redirect()
Pentaho recognize the ticket.Pentaho creates a session.Direct access to the resource.Client(browser)
Compose the REST call
The user is mapped in a Pentaho user.A ticket is created.
Interactions
#PCM15London7 Nov 15PentahoCommunityMeeting
Web Application+
click()
get_ticket()
ticket
target_url
redirect()
Client(browser)
get_ticket()
#PCM15London7 Nov 15PentahoCommunityMeeting
http:///pentaho/Login?generate-ticket=1&app=test&username=user1
Base url.
Tells the login ticket generator to issue a login ticket.
Name of the application requesting the login ticket.
Web application user name.
User resolution
#PCM15London7 Nov 15PentahoCommunityMeeting
Web applicationUsernamePentaho UsernamemyApplicationuser1adminuser2patuser3suzyanotherApplicationuserFromAnotherAppjeff
ticket_id: e8617a46-d7d3-4bee-9345-e5fb8fea80fa
Valid tickets are stored in a temporary cache per userThe duration can be set in a configuration file
Interactions
#PCM15London7 Nov 15PentahoCommunityMeeting
Web Application+
click()
get_ticket()
ticket
target_url
redirect()
Composing the target urlClient(browser)
Composing the target url
#PCM15London7 Nov 15PentahoCommunityMeeting
https:///pentaho/Home?autologin=true&ticket=e8617a46-d7d3-4bee-9345-e5fb8fea80fa
Base url.
Autologin request.
Ticket.
Interactions
#PCM15London7 Nov 15PentahoCommunityMeeting
Web Application+
click()
get_ticket()
ticket
target_url
redirect()
The Pentaho autologinClient(browser)
The autologin
#PCM15London7 Nov 15PentahoCommunityMeeting
Pentaho BA Server receives the autologin request
The autologin
#PCM15London7 Nov 15PentahoCommunityMeeting
Pentaho BA Server receives the autologin requestPentaho BA Server checks the ticket in the temporary cache
The autologin
#PCM15London7 Nov 15PentahoCommunityMeeting
Pentaho BA Server receives the autologin requestPentaho BA Server checks the ticket in the temporary cacheIf succeed the user is logged in the resource is accessed
PentahoTA is in the marketplace
#PCM15London7 Nov 15PentahoCommunityMeeting
PentahoTA versions
#PCM15London7 Nov 15PentahoCommunityMeeting
=>
v1.0v5.4
=>
v1.1v6.0
Next steps
#PCM15London7 Nov 15PentahoCommunityMeetingStoring the mapping in a database instead of a configuration file
Developing some admin RESTs to manage the CRUD operations
Developing a user interface to manage the mapping
See it in action
#PCM15London7 Nov 15PentahoCommunityMeeting
Q&A
#PCM15London7 Nov 15PentahoCommunityMeeting
PentahoTransparentAuthentication
Pictures by
#PCM15London7 Nov 15PentahoCommunityMeeting
all rights reserved