OAuth2IdentityProviders preference
To configure authentication with external systems, use the OAuth2IdentityProviders preference in Administration Manager.
To reach the OAuth2IdentityProviders preference, click .
You use the preference to configure OAuth2 identity providers that you can use for authentication with external systems, when you use the following functionality in Spotfire:
- Configure an external action with TIBCO Cloud™ Integration (TCI) apps
- TIBCO™ Data Virtualization data connections and external libraries
- Add a WMS layer to a map chart using an identity provider (OAuth) as the authentication method
- Add identity providers as a JSON array with an object for each provider.
Example:
[
{
issuer: "https:\\issuer1.example.com",
displayName: "Issuer 1 name"
},
{
type: "OAuth2",
displayName: "Okta",
issuer: "https:\\issuer2.example.com",
publicClient: {
id: "Client name or ID",
redirectUrl: "Redirect URL",
redirectPorts: "Port number"
},
defaultScope: "offline_access"
}
]| Setting | Description |
|---|---|
| type |
The type of identity provider. The type determines what you can use the identity provider for in Spotfire, and makes sure Spotfire can find the default authorization metadata document. Note: The type must match the identity provider.
Possible values
An identity provider used to log in to one of the different regions on TIBCO Cloud™. Used for TCI actions. For information about regions, see TIBCO Cloud™ regions for TCI actions.
An identity provider that uses the OAuth2 protocol for authentication. Used for data connectors.
An identity provider that uses the OpenID Connect protocol for authentication. Used for data connectors. |
| issuer | The issuer identifier of the identity provider. The value is always a URL. |
| displayName |
A descriptive display name for the identity provider. The name is how the identity provider is presented to users in Spotfire. |
| publicClient |
Information about the public client application you have registered for Spotfire with your identity provider. Required for identity providers of type OpenId and OAuth2. Note: Only use public client application details here, and not
details for confidential client applications.
Add information as a JSON object. Example: Settings
The client ID or name of your public client application.
The client secret of your public client application. In many identity providers, public client applications do not have client secrets.
The redirect URL specified in your client application. By default, Spotfire opens a listener on http://127.0.0.1:[<port>]/auth
The ports to use for interacting with the identity provider. Only set this if you have specified the port to use in the client application. By default, the port is dynamic and will use any free port.
The location of the authorization server metadata document, if the location is different from the protocol default. The metadata document is used to find the authorization endpoint and token endpoint, unless you have set them manually.
The authorization endpoint of the authorization server. If set, takes precedence over the authorization endpoint from the authorization server metadata document.
The token endpoint of the authorization server. If set, takes precedence over the token endpoint from the authorization server metadata document. |
| defaultScope | The scopes to request by default you log in to an external system with the identity provider, if you have not specified scopes manually in the data connection or external library. |
TIBCO Cloud™ regions for TCI actions
For TCI actions, the identity providers in the preference are the TIBCO Cloud regions you can select when you create a TCI action. The following are the issuers for each supported region:
AWS - United States
{
issuer: "https://account.cloud.tibco.com",
displayName: "TIBCO Cloud™ (AWS - United States)"
}AWS - Europe
{
issuer: "https://eu.account.cloud.tibco.com",
displayName: "TIBCO Cloud™ (AWS - Europe)"
}AWS - Australia
{
issuer: "https://au.account.cloud.tibco.com",
displayName: "TIBCO Cloud™ (AWS - Australia)"
}Microsoft Azure - United States
{
issuer: "https://account.us.azure.cloud.tibco.com",
displayName: "TIBCO Cloud™ (Azure - United States)"
}