Configuring external authentication

You can configure external authentication by using the configuration tool or the command line.

Procedure

  • Use the configuration tool or the config‐external‐auth command to set up and enable the external authentication method.
    Use the following information to set options:
    Enable External Authentication (required) Specifies whether the external authentication method should be enabled.
    Declared authentication method Select the authentication method used by the load balancer.
    Source Attribute: Enter the name of the HTTP request attribute that contains the name of the authenticated user.

    Header: Enter the name of the HTTP request header that contains the name of the authenticated user.

    Cookie: Enter the name of the HTTP request cookie that contains the name of the authenticated user.

    Custom Authenticator: Enter the name of the class that implements the com.spotfire.server.security.CustomAuthenticator interface.

    Authentication Filter: Retrieves the user name from the getUserPrincipal() method of javax.servlet.http.HttpServletRequest.
    Note: The Authentication Filter API has been deprecated. Use the CustomAuthenticator API, the CustomWebAuthenticator API, or a custom login page instead.
    Require TLS Select yes for external authentication to be available for TLS connections only.
    Allowed host (hostname or IP address) A list of hostnames and/or IP addresses of the client computers that are allowed to perform external authentication. If no allowed hosts are specified, all client computers are permitted to perform external authentication.
    Allowed IP:s (regular expression) Add a regular expression that matches the IP addresses of remote hosts that are permitted to perform external authentication. The regular expression shall be written in the syntax supported by java.util.regex.Pattern.
    Name filter expression (optional) A regular expression that can be used to filter the user name that is extracted from the specified request attribute. The value of the regular expression's first capturing group will be used as the new user name.
    Note: One use of this feature is to remove the domain names in cases where Spotfire Server is configured to collapse the domains into one single domain within the server.

    For example, if the attribute contains "domainname\username", you can use the regular expression ".*\\(.*)" to remove "domainname\".

    Lower case conversion (optional) Specifies whether to convert the propagated user name to lowercase. The default is not to convert to lowercase.