How to log out from the embedded Spotfire session on the external session logout
Article ID: KB0072476
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | 10.3 and above |
Description
At times OIDC, External Authentication or Custom Web Authentication can be used for a seamless login into Spotfire when embedding Spotfire analytics into web applications etc.
There needs to be some arrangements made into the custom web apps to handle the logout of the internal Spotfire session on the logout of the external sessions in order to have a seamless experience. Otherwise the internal Spotfire session should remain valid even if the external session is invalidated.
There needs to be some arrangements made into the custom web apps to handle the logout of the internal Spotfire session on the logout of the external sessions in order to have a seamless experience. Otherwise the internal Spotfire session should remain valid even if the external session is invalidated.
Issue/Introduction
This article talks about ways to logout of the active Spotfire session(internal/embedded) on the logout event of the external session.
Environment
All
Resolution
Note: Some options for how to log out are listed below. If none of the options are available in your scenario, another way to do this would be to use short session timeouts at the Spotfire level and just logout the external session and wait for the Spotfire session to expire: https://docs.tibco.com/pub/spotfire_server/latest/doc/html/TIB_sfire_server_tsas_admin_help/server/topics/absolute_session_timeout_and_idle_session_timeout.html
In version 10.10 and lower:
The page logout.jsp - available from http://<spotfireserverhost>:<port>/spotfire/logout.jsp - can be used to invalidate the session. Note that this is however an internal and undocumented endpoint.
https://support.tibco.com/s/article/Tibco-KnowledgeArticle-Article-48491
In version 11.0 and above :
If single sign-on (SSO) is used to authenticate to the Spotfire Server, then there are the below options available as well :
For more information, refer the manual on Single logout(SLO)
https://docs.tibco.com/pub/spotfire_server/latest/doc/html/TIB_sfire_server_tsas_admin_help/server/topics/single_logout_slo.html
You can see these options in the OpenID Connect panel and in Security panel of the Configuration Tool.
Note: Front-channel logout depends on the use of third-party cookies and might not work in all or later updated browsers.
In version 10.10 and lower:
The page logout.jsp - available from http://<spotfireserverhost>:<port>/spotfire/logout.jsp - can be used to invalidate the session. Note that this is however an internal and undocumented endpoint.
https://support.tibco.com/s/article/Tibco-KnowledgeArticle-Article-48491
In version 11.0 and above :
- The page logout.jsp is no more present, hence cannot be reached.
- The /spotfire/auth/v1/generic-frontchannel-logout works almost exactly like the previous /spotfire/logout.jsp. This new endpoint can be disabled/enabled, and actually is disabled by default. It can be enabled using security.logout.frontchannel-logout.enabled configuration property. For information on using the set-config-prop CLI command to set configuration properties, please refer to https://docs.tibco.com/pub/spotfire_server/latest/doc/html/TIB_sfire_server_tsas_admin_help/server/topics/set-config-prop.html?scroll=GUID-6BE4B3BC-B9E0-4345-9259-7BD035D2D3B9
If single sign-on (SSO) is used to authenticate to the Spotfire Server, then there are the below options available as well :
- Front-channel logout
- Back-channel logout
- RP-initiated logout
- Post-Logout URI
For more information, refer the manual on Single logout(SLO)
https://docs.tibco.com/pub/spotfire_server/latest/doc/html/TIB_sfire_server_tsas_admin_help/server/topics/single_logout_slo.html
You can see these options in the OpenID Connect panel and in Security panel of the Configuration Tool.
Note: Front-channel logout depends on the use of third-party cookies and might not work in all or later updated browsers.
Additional Information
- Single logout (SLO), TIBCO Spotfire Server and Environment - Installation and Administration manual
Feedback
Yes
No
Powered by
