Authentication
Spotfire provides several standard authentication methods, as well as custom authentication using APIs.
| Authentication method | Description |
|---|---|
| User name and password | The default method. User name and password specifies
authentication using HTML forms (POST -
application/x-www-form-urlencoded) or BASIC access authentication. The
credentials are checked against the
Spotfire
database or another external authentication source (such as LDAP, Windows NT
Domain, or Custom JAAS). See
External directories and domains and
User name and password authentication
methods.
|
| Two-factor | You can combine the chosen primary authentication method with X.509 client certificates. See Two-factor authentication. |
| NTLMv2 | Note that NTLMv1 is not supported. See NTLM authentication. |
| Kerberos | See Kerberos authentication. |
| Anonymous | If enabled, limited access to view Spotfire files is allowed for unauthenticated sessions. See Configuring anonymous authentication. |
| X.509 client certificates1 | Spotfire Server requires the client to provide a valid X.509 certificate. Requires HTTPS. See Authentication using X.509 client certificates. |
| OpenID Connect (OIDC) | Goes under the label "Web Authentication" in
Spotfire.
Provides integration with external authentication providers that support OpenID
Connect. See
Configuring OpenID Connect.
Note: You can configure OpenID Connect to enable single logout
(SLO). See the topic "Single Logout (SLO)" in the
Spotfire® Server and Environment -
Installation and Administration for information.
|
| External authentication | See APIs and extension points. |
| Custom Web Authentication | See APIs and extension points. |
| Custom Authentication | See APIs and extension points. |
OIDC or generic single logout configuration
The easiest way to configure single logout (SLO) is by using the OpenID Connect authentication configuration. Alternatively, you can configure Spotfire Server to use a generic (non-OIDC) option for single logout. Spotfire Server supports either a generic RP-initiated single logout, or a generic front-channel single logout. For more information about these options, see the topic "Single Logout (SLO)."
1 Combining X.509 client
certificates with another authentication method such as user name and password
provides a type of two-factor authentication.