Skip to Main Content
Spotfire Ideas Portal
Status Likely to implement
Product Spotfire
Categories Maps
Created by Guest
Created on Oct 10, 2023
Merged idea
This idea has been merged into another idea. To comment or vote on this idea, please visit TS-I-8805 Provide alternate authentication standards for WMS layer(s) in Spotfire mapcharts.

Add Support for Oauth/OAuth2 SSO to WMS Layer Merged

Context - The maphub 2.0 URL requires a oauth authorization which is different than the previous maphub 1 URLs that we used (they were open access because the service was protected behind the firewall). This means, if we take a maphub 2 WMS URL and simply try to use it in a spotfire map, it doesn't work because the user is never prompted to authenticate - spotfire (at least previously) hasn't had any capability to recognized a URL needs authentication/authorization to request access and act on the user's behalf with the WMS maphub 2 services.

Embedded URL token - We can work around the oauth / openID authentication flow by getting a temporary 14 day token from an internal company maphub token generator and append that to the maphub 2 rest URLs. Once the token is embedded in the maphub URL, you can then put that URL in any spotfire version map component and it will authenticate and authorize the user to see / interact w/ the map service. However, this solution is not practical because the URL token expires every 14 days, and there's the question of, "how do we replace the token for all the users?" this does not seem practically supportable.

OpenID / Oauth - Ideally, spotfire would work like other OpenID/Oauth enabled applications and facilitate requesting permission to access the map URL on the user's behalf and then manaage the refreshing of the cached authentication token over time to make it somewhat invisible to the end-user