Can you explain how an external application can be used to interact with Helical Insight ?
Hello Raunak,
For interacting external application with Helical Insight a technique used known as “Custom Authentication”. Custom Authentication refers to the ability of an application to be authenticated through the credentials of another application.
This means, that if two separate applications, each having its own authentication process, are linked together, then, authentication through one application also authenticates the second application. This type of granting access is useful when embedding one application into another or integrating two or more applications together.
Custom Authentication in Helical Insight:
Helical Insight can be integrated with other applications in multiple ways, and if need be, can allow custom authentication process to authenticate the users of the parent application and give access to the Dashboards visualized in Helical Insight. To enable custom authentication, there is a two part process to be followed -- Configuring Parent Application to send the authentication details.
- Configuring Helical Insight to access and validate the authentication details.
A) Configuring Parent Application :
- The parent application must send an encrypted token (by the parameter name “authToken”) along with the URL to Helical Insight.
The token will contain the encrypted username, password, organization name (org_name) and role, separated by “|”(pipe symbol).
Example:
Decrypted parameter
authToken=username=user|password=pass|org_name=newOrg|role=ROLE_ADMIN,ROLE_USER,ROLE_XYZ
Encrypted parameter
authToken=KN1mwb0cgK6ODM24-B3Cwf6KkbN-Tp_tLsdGxd5nsD4cWmVW824HHrRJT11Vu2gB3XpET5rYmFk0WMTjM2-qCnFjkQUBFnnXHkkc2a1RfRN4pNCOrV_pfXeIK3TrVNl4 - Encryption Method
Encryption can be done by any algorithm, mode, padding and key. The same information must also be stored in a configuration file in Helical Insight to enable the decryption process.
NOTE : For the provided sample the following details are being used -
cipherAlgorithm = AES cipherMode = ECB cipherPadding = PKCS5Padding cipherKey = HSpnzzfCLqrBn8Lk
B) Configuring Helical Insight :
Following are the steps : Step1 : Go to Helical Insight file system.Step2 : Add the provided JAR files into “/apache-tomcat-7/webapps/hi-SNAPSHOT/WEB-INF/lib” directory.
List are JAR files are : click here to download jar files (246.5 KB)
- customFilterAuthentication.jar
- gwt-crypto-2.3.0.jar
- Cipher.jar
Step3: Create a properties file by the name “customAuthentication.properties” and place it into “/apache-tomcat-7/webapps/<Helical Insight instance>/WEB-INF/classes”.
This file must have the following properties -
cipherAlgorithm = AES Algorithm used for encryption and decryption cipherMode = ECB Mode used for encryption and decryption cipherPadding = PKCS5Padding Padding used for encryption and decryption cipherKey = HSpnzzfCLqrBn8Lk Cipher Key used for encryption and decryption
Click here to download customAuthentication.properties (274 Bytes)
Step4 : Add the following authentication configurations in
/apache-tomcat-7/webapps/hi-SNAPSHOT/WEB-INF/spring-security.xml
In the same file, replace the snippet
with
Step5: Restart the Helical Insight application.
Regards,
Helical Insight Team
Hi Helical,
I am using community edition.
I am trying to embed within another application and to implement encrypted credentials using authToken parameter.
Can you please help with the required files and instructions needed to set this up.
The link provided in the post above is broken. Thank you.
Hi Arblack,
The SSO blog and the relevant encryption decryption files can be downloaded and used from the below link.
Plz note that if you are using Community Edition then it does not have Organization functionality, so accordingly make sure that you are making changes in the token.
HI,
Thanks for your quick reply. I got the SSO.zip file and found that the references to OrganizationService in the CustomUserDetails class will cause compilation errors.
Even after commenting those references to ‘Organization’, still the following line in CustomAuthenticationFilter, was not working. The request was not having username parameter, although decryption was successful.
authRequest = new UsernamePasswordAuthenticationToken(request.getAttribute(“userName”), (Object)"");
I finally did this preAuth.txt (4.0 KB) in PreAuthenticationFilter.
I am still looking for a more elegant solution using JWT or LDAP integrations.
Let me open a new post on the problem I face with JWT method.
Thanks again.
Hi
We are going to try and confirm from our end.
Meanwhile can you try below and confirm
a. Try SSO code without commenting out the organization part.
b. When you create token (for encrypting) use only username to create token, do not have organization name while creating token
Please try the above and update about the result.
As far as LDAP is concerned you may also find this interesting
Hi,
Please note the responses below.
a. Try SSO code without commenting out the organization part.
It results in compilation errors, as there are no models and Services for the Organization in community edition.
b. When you create token (for encrypting) use only username to create token, do not have organization name while creating token.
I don’t use organization name in the token. My unencrypted string is “username=hiuser|password=hiuser|role=ROLE_USER”. It doesn’t work, throwing some exception. It even complained about , Failurehandler, SuccessHander, PostOnly options in the spring-security xml file.