Setting up an authenticating reverse proxy in front of the Spotfire Server
You can use an authenticating reverse proxy in front of the Spotfire Server. A typical use case for this is to add support for Security Assertion Markup Language, or SAML, through the use of a service provider (SP) such as Shibboleth, usually running in an Apache web server.
The established user identity can be transferred to the
Spotfire Server
in an HTTP request header or similar.
Important: The reverse proxy must ensure that any such
headers sent by clients are either rejected or validated.
For the reverse proxy to work, you must configure
Spotfire Server
to use
External Authentication with
Web Authentication as the declared
authentication method. The header or similar to use for authentication must
match the way the reverse proxy is configured. You can implement a
PostAuthenticationFilter
if further processing is
required. For more information, see
Configuring external authentication.
Parent topic: External authentication