External Authentication with LiveScore

With this feature, LiveScore Server authenticates the user by using an external authentication mechanism. This external authentication mechanism can be an OpenID or OAuth that supports two-factor authentication.

It is implemented in Statistica components, WebStatistica, and Statistica Server.

External authentication functions only when the system option is set to enable external authentication.

When the option to enable external authentication is enabled in Statistica Server, an additional option is available. This additional option allows the user to bypass the default Statistica Server login dialog and is forwarded directly to the external authentication service.

For the external authentication, you can use the following SOAP APIs :

Get Server Info

Retrieve information about the external configuration on the server.

Endpoint: http://localhost:8081/Session

Method: POST

Request Format:

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<m:SessionServerInfo SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:m="urn:Statistica Server">
<SoapTransform>no</SoapTransform>
</m:SessionServerInfo>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

Response Format:

Success Response 

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<m:SessionServerInfoResponse xmlns:m="urn:Statistica Server">
<ExternalAuth>enabled</ExternalAuth>
<BypassLoginPage>disabled</BypassLoginPage>
<XMLDATA>
<Variables>
<SoapTransform>no</SoapTransform>
</Variables>
</XMLDATA>
</m:SessionServerInfoResponse>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

A successful request returns a SessionServerInfoResponse element. The specific fields included are:

  • ExternalAuth: A string representing the state of external authentication.
  • BypassLoginPage: A string representing the state of bypass login page.

Error Response 

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>Server</faultcode>
<faultstring>Unknown exception</faultstring>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

An error response returns a Fault element with an error message and code.

Redirect URL

Build an URL which redirects to the identity provider.

Endpoint: http://localhost:8081/Session

Method: POST

Request Format:

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<m:GetExternalLoginRedirectURL SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:m="urn:Statistica Server">
<SoapTransform>no</SoapTransform>
<RequestURL>http://localhost/webstatisica/external_auth/redirect.php</RequestURL>
</m:GetExternalLoginRedirectURL>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

Response Format:

Success Response 

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<m:GetExternalLoginRedirectURLResponse xmlns:m="urn:Statistica Server">
<RedirectURL>aHR0cHM6Ly9kZXYtMTY4OTY4MjEub2...</RedirectURL>
<ContextID>{29CF73D1-44AD-4BBD-A0E5-4C5F4328C6A1}</ContextID>
<XMLDATA>
<Variables>
<SoapTransform>no</SoapTransform>
<RequestURL>http://localhost/webstatisica/external_auth/redirect.php</RequestURL>
</Variables>
</XMLDATA>
</m:GetExternalLoginRedirectURLResponse>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

A successful request returns a GetExternalLoginRedirectURLResponse element. The specific fields included are:

  • RedirectURL: A string containing the base64-encoded value of the generated redirect URL.
  • ContextID: The unique identifier for the current login context.

Error Response 

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>Server</faultcode>
<faultstring>Unknown exception</faultstring>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

An error response returns a Fault element with an error message and code.

External Login

Process the external login information.

Endpoint: http://localhost:8081/Session

Method: POST

Request Format:

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<m:ExternalLogin SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:m="urn:Statistica Server">
<SoapTransform>no</SoapTransform>
<Code>8vdpnl6LupH4vgGiUgQWK8oPKQv6eRIEBJJsK-aa7B4</Code>
<State>RBVrnqCFuIpVoJdlle-61g</State>
<ContextID>{29CF73D1-44AD-4BBD-A0E5-4C5F4328C6A1}</ContextID>
</m:ExternalLogin>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

The request body includes an ExternalLogin element. The specific fields included are:

  • Code: A code returned by the identity provider, used to authenticate the user.
  • State: A key string that represents the state of the authentication request.
  • ContextID: The unique identifier for the current login context. It’s lifetime is about 15 minutes.

Response Format:

Success Response 

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<m:ExternalLoginResponse xmlns:m="urn:Statistica Server">
<IdentityToken>0ROy43TalmbiGmY6bRHyp1</IdentityToken>
<SWS_WSID>{190A340E-6691-4794-814D-3989D4395AF7}</SWS_WSID>
<SignOutURL>aHR0cHM6L...</SignOutURL>
<XMLDATA>
<Variables>
<SoapTransform>no</SoapTransform>
<Code>UNGYb4qG2Vu9ZugfsWIKjs6Ffz-fM4UR_Gldp2CYDEY</Code>
<State>sLaB1-pHMc8R_9GqEVyQUQ</State>
<ContextID>{95654BEB-11F0-491E-A9A2-56CB25B1F487}</ContextID>
</Variables>
</XMLDATA>
</m:ExternalLoginResponse>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

A successful request returns a ExternalLoginResponse element. The specific fields included are:

  • IdentityToken: The private token which is used to access the server. This token is valid until log out.
  • SignOutURL: A base64-encoded string representing the signout URL from the identity provider.

  • SWS_WSID: A string representing the workspace ID.

Error Response 

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>Client</faultcode>
<faultstring>Invalid context ID: {95654BEB-11F0-491E-A9A2-56CB25B1F487}</faultstring>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

An error response returns a Fault element with an error message and code.

Example Flows

  1. Check if external authentication is available by calling the method SessionServerInfo. If external authentication is enabled, continue.
  2. Call the method GetExternalLoginRedirectURL to get RedirectURL and ContextID
  3. Store ContextID in the cookie.
  4. Redirect the page to RedirectURL to open the external login page.
  5. After a successful login, the identity provider will redirect to the sign-in redirect URI with Code and State values.
  6. In the endpoint sign-in redirect URI, combine Code and State values with the ContextID in the cookie to build the request to the method ExternalLogin.
  7. Use IdentityToken to call other methods to process data.
  8. Call SignOutURL to sign out from identity provider.