Note: The instructions below is for InetSoft version 12 and below.
For version 2018 and above, please refer to our documentation here.

InetSoft Product Instructions (version 12 and below): Single Sign-on Business Intelligence

Single sign-on is the process of passing user credentials from one application directly to Style Intelligence without having to explicitly login again. For instance, say the user logs into their company portal and clicks on a link called “reports.” This link directly opens the reporting portal without a secondary authentication login challenge. Single sign-on can be implemented in two ways:

  • Single Sign-On Using HTTP Session Attributes
  • Single Sign-On Using Forms With Hidden Fields
demo
Read how InetSoft saves money and resources with deployment flexibility.

Single Sign-On Using HTTP Session Attributes

Single sign-on can be implemented by setting an attribute in the HTTP session. This session attribute must be set in the same web application as the reporting server. Therefore, this method is usually implemented when the Style Intelligence webapp is integrated with an existing J2EE application. If not, you need to create an intermediary application (JSP, Servlet) that runs in the same context as the reporting server. A simpler alternative in this case is the form-based implementation. (See Single Sign-On Using Forms With Hidden Fields.)

Add the following code in the primary sign-on application or in an intermediary application that is called before a request to the report servlet is made.

Note: This code is not complete. Custom logic must be added. 

String userName;

   // Write logic to obtain the userName for the user

   inetsoft.sree.security.SRPrincipal principal =
    new inetsoft.sree.security.SRPrincipal(userName);

   // Specify the locale of the user (optional),
   // defined as string with ISO language and country code,
   // separated by an Underscore. e.g., de_DE=german/Germany

   principal.setProperty(inetsoft.sree.security.SRPrincipal.LOCALE,"en_US");

   // Add the principal object to the session
   session.setAttribute(inetsoft.sree.RepletRepository.PRINCIPAL_COOKIE, principal);

This approach circumvents the authenticate() method of the Authentication Provider, and the software will obtain the roles and groups for the user by calling AuthenticationProvider.getUser(userName).

When the user leaves the application, it is your responsibility to remove their session by calling logout. This is especially important if the server is using a session-based or user-based license.

 inetsoft.sree.AnalyticRepository engine =
    inetsoft.sree.SreeEnv.getRepletRepository();
 ((inetsoft.sree.RepletEngine)engine).logout(principal);

Single Sign-On Using Forms With Hidden Fields

This method should be used when the reporting server and the primary sign-on application are running in different contexts or on different machines altogether, and you do not wish to implement a JSP or Servlet. Style Intelligence accepts a form-based sign-on using two fields: “userid” and “password”. The primary sign-on application should create a form with a simple link, containing “userid” and “password” as two hidden fields. The form must submit to the InetSoft repository servlet.

<form method=post name=reportForm action="/sree/Reports">
    <a onClick=reportForm.submit();>View Reports</a>
    <input type=hidden name=userid value=xxxx>
    <input type=hidden name=password value=yyyy>
 </form>

Modifying SRPrincipal at Sign-On

You can obtain basic user login information by accessing the SRPrincipal object, as described in Accessing SRPrincipal in Report & VPM Script and HTTP Request, Session, and Principal in Report Scripting. In some cases you may wish to add additional information to the definition of the user.

You can do this by implementing a LoginListener, which is called at the time the user is authenticated (whether during live login or scheduled task). Follow the steps below:

  1. Implement the inetsoft.sree.security.LoginListener interface's single method userLogin(LoginEvent). Use LoginEvent.getPrin­cipal() to obtain the SRPrincipal object, and SRPrincipal.set­Property() to assign a custom property.

For example:

import inetsoft.sree.security.*;

   public class MyLoginListener implements LoginListener {
     public void userLogin(LoginEvent event) {
       SRPrincipal prin = event.getPrincipal();
       prin.setProperty("myprop", "myval");
     }
   }
  1. In the sree.propeties file, set property sree.sree.security.listeners to a comma-separated list of your fully qualified LoginListener class names.

For example: 

sree.sree.security.listeners = MyLoginListener

See Accessing SRPrincipal in Report & VPM Script for information on accessing an SRPrincipal property (default or custom) in script.

Previous: Reporting Function as Web Service