Post Authentication Filter Is not triggered when logging in automatically using saved credentials in Spotfire Analyst

book

Article ID: KB0137995

calendar_today

Updated On:

Products	Versions
Spotfire	14.5

Description

The Post Authentication Filter (PAF) is not called if login from Analyst is automatic; that is, if the “Save my login information” option in Analyst’s login dialog was previously checked. It is called under other conditions, such as when logging in from a browser or when manually entering a username and password in the Analyst login dialog. Previously, this behavior could be modified by setting the configuration property security.oauth2.server.password-grant.enabled=false, which ensured that the PAF was invoked even for saved-credential logins. However, starting from Spotfire version 14.5, this configuration no longer affects saved-credential logins, and the PAF is not triggered when using cached credentials.

Environment

All

Resolution

From version 14.5, along with disabling security.oauth2.server.password-grant.enabled to false , also set the configuration security.basic.basic-disabled to false

If we change it to false, basic authentication will be enabled, and Analyst logins (including those with saved credentials) will follow the basic authentication, and the PAF would be triggered then.

Follow these steps to configure it:

Set the following properties:

security.basic.basic-disabled=false
security.oauth2.server.password-grant.enabled=false

1. Export the current Spotfire Server configuration:

config export-config -f

2. Apply the required property by running:

config set-config-prop --name="security.basic.basic-disabled" --value="false"

3 . Import the updated configuration with a label:

config import-config -c "EnableBasicAuth"

Restart the Spotfire Server for the changes to take effect.

Issue/Introduction

This article addresses an issue where the Post Authentication Filter is not called when logging in to Spotfire Analyst using previously saved credentials (i.e., when “Save my login information” was checked in the Analyst login dialog).

Additional Information

Doc: Executing commands on the command line

https://docs.tibco.com/pub/spotfire_server/latest/doc/html/TIB_sfire_server_tsas_admin_help/server/topics/executing_commands_on_the_command_line.html

Doc: post-authentication filter

https://docs.tibco.com/pub/spotfire_server/latest/doc/html/TIB_sfire_server_tsas_admin_help/server/topics/post-authentication_filter.html

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"