How to manage User Licenses and Group memberships when using OpenID Connect authentication for Spotfire Server
Article ID: KB0070511
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | 7.8 and higher |
Description
When using OpenID Connect authentication there is no easy way to create/manage Groups or Users and their licenses like is normally done with LDAP. When the user logins, he is added to the Everyone group by default and thus ends up without any pre-defined licenses assigned. To set the user permissions, the user needs to be manually added to the required groups by the Administrator.
Issue/Introduction
This article explains how to assign users to groups using custom PostAuthenticationFilters in order to manage user licenses in Spotfire Server.
Resolution
For this purpose, you can use develop a Custom PostAuthenticationFilter to set up group memberships using the UserDirectory API. The Post Authentication filter is called each time a user is logged in, so in your Custom PostAuthenticationFilter code you can check if the user is part of respective groups and add them if they are not added already present.
For an example implementation of a Custom PostAuthenticationFilter, see the following Wiki post in the Community:
For an example implementation of a Custom PostAuthenticationFilter, see the following Wiki post in the Community:
Additional Information
Wiki: Configure Custom PostAuthentication Filter in TIBCO Spotfire® Server
Doc: Configuring PostAuthenticationFilter
Doc: PostAuthenticationFilter
Doc: UserDirectory API
Wiki: External Authentication in Spotfire®
Feedback
Yes
No
Powered by
