Setting up an authenticating proxy in front of the Spotfire Server
It is possible to use an authenticating reverse proxy (for example, an agent of some sort on the end-user computer, a Java servlet filter added to Tomcat, or something similar) in front of the Spotfire Server. A typical use case for this is to add support for Security Assertion Markup Language, or SAML, through the use of a service provider (SP) such as Shibboleth, usually running in an Apache web server.
For this to work, the
Spotfire Server
must be configured to use
External Authentication with
Web Authentication as the declared
authentication method. The header or similar to use for authentication must
match the way the reverse proxy is configured. A
PostAuthenticationFilter
can be implemented, if
further processing is required. See
Configuring external authentication for more
information.