Pentaho Transparent Autenthication

Pentaho

TransparentAuthenticationAlberto Mercati - Francesco Corti

Alberto MercatiSenior Developer

#PCM15London7 Nov 15PentahoCommunityMeeting

Francesco CortiECM and BI specialist

fcorti.com

@FrkCorti

github.com/fcorti

it.linkedin.com/in/fcorti

+FrancescoCorti

codevomit.wordpress.comgithub.com/Rospaccio

The goal

Imagine to be a web application

London7 Nov 15PentahoCommunityMeeting#PCM15

The goaland you want to access the resources


Reports,Dashboards,Analytics,Ecc.{

The goalPentaho BA Server manages permits


Accessing to Pentaho resources


Identify a valid userGet a valid sessionHave access

Otherwise


Access denied!

The solution

#PCM15London7 Nov 15PentahoCommunityMeetingHaving a valid key to Pentaho BA Server

How to reach that goal?


Without storing passwords

Without exchanging passwords in the URLs

Possibile solutions

#PCM15London7 Nov 15PentahoCommunityMeetingUse a C.A.S. => Pentaho can do it!

Single user managed by the web application => Less secure and clean, but it works!

Probably something else

Possibile solutions


Use a C.A.S. => Pentaho can do it!

Single user managed by the web application => Less secure and clean, but it works!

Probably something else

Our solution => Users mapping!

The solution


WebApplicationWeb ApplicationSessionPentaho UserPentaho SessionResources

Web ApplicationPentahoPentahoTransparentAuthentication

Pentaho Transparent Authentication is

#PCM15London7 Nov 15PentahoCommunityMeetingAn extension of Pentaho BA Server services

A collection of REST services that a web application invokes

A mapper of an "external user" to a Pentaho user

A creator of valid sessions in Pentaho

Interactions


Web Application+

click()

get_ticket()

ticket

target_url

redirect()

Client(browser)

Interactions


Web Application+

click()

get_ticket()

ticket

target_url

redirect()

Pentaho recognize the ticket.Pentaho creates a session.Direct access to the resource.Client(browser)

Compose the REST call

The user is mapped in a Pentaho user.A ticket is created.

Interactions


Web Application+

click()

get_ticket()

ticket

target_url

redirect()

Client(browser)

get_ticket()


http:///pentaho/Login?generate-ticket=1&app=test&username=user1

Base url.

Tells the login ticket generator to issue a login ticket.

Name of the application requesting the login ticket.

Web application user name.

User resolution


Web applicationUsernamePentaho UsernamemyApplicationuser1adminuser2patuser3suzyanotherApplicationuserFromAnotherAppjeff

ticket_id: e8617a46-d7d3-4bee-9345-e5fb8fea80fa

Valid tickets are stored in a temporary cache per userThe duration can be set in a configuration file

Interactions


Web Application+

click()

get_ticket()

ticket

target_url

redirect()

Composing the target urlClient(browser)

Composing the target url


https:///pentaho/Home?autologin=true&ticket=e8617a46-d7d3-4bee-9345-e5fb8fea80fa

Base url.

Autologin request.

Ticket.

Interactions


Web Application+

click()

get_ticket()

ticket

target_url

redirect()

The Pentaho autologinClient(browser)

The autologin


Pentaho BA Server receives the autologin request

The autologin


Pentaho BA Server receives the autologin requestPentaho BA Server checks the ticket in the temporary cache

The autologin


Pentaho BA Server receives the autologin requestPentaho BA Server checks the ticket in the temporary cacheIf succeed the user is logged in the resource is accessed

PentahoTA is in the marketplace


PentahoTA versions


=>

v1.0v5.4

=>

v1.1v6.0

Next steps

#PCM15London7 Nov 15PentahoCommunityMeetingStoring the mapping in a database instead of a configuration file

Developing some admin RESTs to manage the CRUD operations

Developing a user interface to manage the mapping

See it in action


Q&A


PentahoTransparentAuthentication

Pictures by


all rights reserved

Pentaho Transparent Autenthication

Software

Transcript of Pentaho Transparent Autenthication