Skip to Main Content
Spotfire Ideas Portal
Status Future Consideration
Product Spotfire
Created by Guest
Created on Feb 6, 2016

Enabling clients to use a different Authentication Method if the primary method is not supported.

The system administrator wants Web Player and TSS to support multiple Authentication Methods, enabling clients to use a different Authentication Method if the primary method is not supported.
In my case, I have clients using iPads which I have no control over (they are are not necessarily company owned) and therefore I can't enable Kerberos support for some or all of the iPad clients. I also have PC's which have support for Kerberos.

Imagine a client trying to authenticate with the Web Player, which is configured for Kerberos Delegation. The iPad doesn't support Kerberos authentication and the authentication would then fail. They could resolve this with using Impersonation but that would break SSO for their Data Sources for example.

With the current design, the only workaround for this would be to setup another Web Player with a different Authentication Method, for example Kerberos with Impersonation, that would be used by the iPad users. This isn't future proof and far from an ideal solution.

The solution suggested would be to introduce support for multiple Authentication Methods. Giving the system administrator the possibility to, for example, set the main Authentication Method to Kerberos Delegation and use Kerberos Impersonation as a fallback method.

Clients with Kerberos support would then authenticate with Kerberos authentication. As a fallback, if Kerberos Authentication fails, the client would for example be prompted for credentials.

It would also be great if this apply to other parts of Spotfire which would require authentication. For example, if they have Data Source with Kerberos Delegation authentication enabled this Data Source should know which Authentication Method the user is using and use that Authentication Method when accessing the Data Source. If the user was logged in without Kerberos credentials, it would be ideal to prompt the user for a username and password (And use them to authenticate with Kerberos or SQL Authentication from TSS). If the user was using Kerberos Delegation to authenticate, it would be ideal to instead use Kerberos Delegation and not prompt the user for any credentials. 

  • Attach files
  • Guest
    Reply
    |
    Nov 27, 2019

    Hi Product Team

     

    I have raised support ticket (01817813) for very similar request and Support team pointed me to this.

    One of our customer has asked for this feature. As per them this is very basic requirement which every enterprise application has.

    Considering that this was raised in 2016 and still not available, how can we get this added soon into product considering that this is pressing request from customer.

     

    Regards

    Varun

  • Guest
    Reply
    |
    Jun 3, 2016

    I think "Reported by" needs to be removed?

14 MERGED

Use multiple authentication methods

Merged
Add support for using multiple authentication methods, e.g. combining both Spotfire Database and LDAP Directory.
almost 9 years ago in Spotfire / System Administration 5 Future Consideration