Configuring external authentication
You can configure external authentication by using the configuration tool or the command line.
Procedure
Use the configuration tool or the
config‐external‐auth
command to set up and enable the external authentication method.
Use the following information to set options:
Enable External Authentication (required) | Specifies whether the external authentication method should be enabled. |
Declared authentication method | Select the authentication method used by the load balancer. |
Source | Attribute: Enter
the name of the HTTP request attribute that contains the name of the
authenticated user.
Header: Enter the name of the HTTP request header that contains the name of the authenticated user. Cookie: Enter the name of the HTTP request cookie that contains the name of the authenticated user. Custom Authenticator: Enter the name of the class that implements the com.spotfire.server.security.CustomAuthenticator interface. Authentication Filter:
Retrieves the user name from the
getUserPrincipal() method of javax.servlet.http.HttpServletRequest.
Note: The
Authentication Filter API has been deprecated. Use the CustomAuthenticator API,
the CustomWebAuthenticator API, or a custom login page instead.
|
Require TLS | Select
yes for external authentication to be
available for TLS connections only.
|
Allowed host (hostname or IP address) | A list of hostnames and/or IP addresses of the client computers that are allowed to perform external authentication. If no allowed hosts are specified, all client computers are permitted to perform external authentication. |
Allowed IP:s (regular expression) | Add a regular expression that matches the IP addresses of remote hosts that are permitted to perform external authentication. The regular expression shall be written in the syntax supported by java.util.regex.Pattern. |
Name filter expression (optional) | A regular expression that can be used
to filter the user name that is extracted from the specified request attribute.
The value of the regular expression's first capturing group will be used as the
new user name.
Note: One
use of this feature is to remove the domain names in cases where
Spotfire Server
is configured to collapse the domains into one single domain within the server.
For example, if the attribute contains "domainname\username", you can use the regular expression ".*\\(.*)" to remove "domainname\". |
Lower case conversion (optional) | Specifies whether to convert the propagated user name to lowercase. The default is not to convert to lowercase. |
Parent topic: External authentication