How to configure OpenID connect authentication with Google on the TIBCO Spotfire Server
Article ID: KB0079218
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | 7.8 and higher |
Description
This article describes the steps to configure OpenID connect authentication with Google API on the TIBCO Spotfire Server.
Issue/Introduction
This article describes the steps to configure OpenID connect authentication with Google API on the TIBCO Spotfire Server.
Resolution
1) Log on to https://console.developers.google.com/ with your individual account and register an application. From the sidebar, click the Credentials tab, then click "Create credentials" and choose OAuth client ID from the dropdown.
2) Create Credentials for your App on the Google API Console. The Google Console will prompt for some information about your application such as the product name, a home page, and a logo. On the next page, select Web application type, and enter the redirect URL where the script we’ll build next will live. The redirect URI will be the Return endpoint URL (http[s]://<spotfire server>[:<port>]/spotfire/auth/oidc/authenticate) generated in TIBCO Spotfire server.
Note: To protect the application, Google only allows applications that authenticate using OAuth to use Authorized Domains which you can add it in Google API
3) You will then receive a client ID and secret.
4) Enable Public Address in the TIBCO Spotfire Server configuration. Open the TIBCO Spotfire Server Configuration Tool, go to Configuration tab, select "Public Address", set "Enable custom public address" to "Yes", and enter the "Public address URL", of the form http[s]://<spotfire server>[:<port>]/ (Note: You do not need to mention the port address if it is default port 80)
5) Enable OpenID connect authentication in the TIBCO Spotfire Server configuration. In the TIBCO Spotfire Server Configuration Tool, go to Configuration tab, select "OpenID Connect" page, and set "Enable OpenID Connect" to "Yes", and enter the configured public address URL as the “Return endpoint”.
Return endpoint URL: http[s]://<spotfire server>[:<port>]/spotfire/auth/oidc/authenticate
6) Click "Configuration" tab, select "OpenID Connect" page, and click the "Add new provider" button. Specify a name and click OK. For each provider, specify the Discovery document URL, the Client ID and the Client secret as described below:
a) For Discovery Document URL: https://accounts.google.com/.well-known/openid-configuration
b) Client ID and Secret will be the ID and secret that you get when you register the App in Google API.
Note: It is recommended to use the "Auto-create" option for the post-authentication filter (so that successfully authenticated users are automatically created in the user directory database), as set here:
7) Save the TIBCO Spotfire Server configuration to the database and restart the Spotfire Server.
2) Create Credentials for your App on the Google API Console. The Google Console will prompt for some information about your application such as the product name, a home page, and a logo. On the next page, select Web application type, and enter the redirect URL where the script we’ll build next will live. The redirect URI will be the Return endpoint URL (http[s]://<spotfire server>[:<port>]/spotfire/auth/oidc/authenticate) generated in TIBCO Spotfire server.
Note: To protect the application, Google only allows applications that authenticate using OAuth to use Authorized Domains which you can add it in Google API
3) You will then receive a client ID and secret.
4) Enable Public Address in the TIBCO Spotfire Server configuration. Open the TIBCO Spotfire Server Configuration Tool, go to Configuration tab, select "Public Address", set "Enable custom public address" to "Yes", and enter the "Public address URL", of the form http[s]://<spotfire server>[:<port>]/ (Note: You do not need to mention the port address if it is default port 80)
5) Enable OpenID connect authentication in the TIBCO Spotfire Server configuration. In the TIBCO Spotfire Server Configuration Tool, go to Configuration tab, select "OpenID Connect" page, and set "Enable OpenID Connect" to "Yes", and enter the configured public address URL as the “Return endpoint”.
Return endpoint URL: http[s]://<spotfire server>[:<port>]/spotfire/auth/oidc/authenticate
6) Click "Configuration" tab, select "OpenID Connect" page, and click the "Add new provider" button. Specify a name and click OK. For each provider, specify the Discovery document URL, the Client ID and the Client secret as described below:
a) For Discovery Document URL: https://accounts.google.com/.well-known/openid-configuration
b) Client ID and Secret will be the ID and secret that you get when you register the App in Google API.
Note: It is recommended to use the "Auto-create" option for the post-authentication filter (so that successfully authenticated users are automatically created in the user directory database), as set here:
- TIBCO Spotfire Server Configuration Tool > Configuration > Post Authentication Filter > Default filter mode: Auto-create
7) Save the TIBCO Spotfire Server configuration to the database and restart the Spotfire Server.
Additional Information
Feedback
Yes
No
Powered by
