Jump to content

  • Configuring OAuth 2.0 for TIBCO JasperReports® Server

    rmeadows

    By rmeadows

      • Features: User Authorization Version: v6.1, v6.1.1, v6.1.0 Product: JasperReports® Server
     Share

    Code and Implementations

    OAuth 2.0 implementations using Apache Oltu are available at the following repo:

    https://github.com/UCLALibrary/jasperserver-oauth-saml

    Links below refer to JRS 6.4, if you need it for an older version, go to the root of the repo and find the version you need.

    Please note, the 7.5 folder in that same repo only updates the SAML customization.

    The current implementation uses the Authorization Grant Code Flow.

    OAuth 2.0 Primer

    A primer on the OAuth 2.0 specification and Authorization Grant Code Flow is recommended. 

    Please see the following links for more information:

    https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2

    http://tutorials.jenkov.com/oauth2/index.html

    https://en.wikipedia.org/wiki/OAuth#OAuth_2.0

    OAuth External Authentication Setup

    1. Download the pre-compiled binaries located here

      https://github.com/UCLALibrary/jasperserver-oauth-saml/tree/master/6.4/oauth/binaries

      https://github.com/UCLALibrary/jasperserver-oauth-saml/tree/master/6.4/oauth/binaries/apacheoltu

    2. Copy them to webapps/jasperserver-pro/WEB-INF/lib

    3. Download the applicationContext file for the SSO setup at the following location:

      https://github.com/UCLALibrary/jasperserver-oauth-saml/tree/master/6.4/oauth/WEB-INF

    4. Copy the applicationContext file to webapps/jasperserver-pro/WEB-INF

    5. Configure the applicationContext file as follows:

      Once you have an Oauth 2.0 authorization server setup you will register Jasperserver as a client and have the following information:

      • authorization location   (ex:  http://myoauthserver:8080/oauth2/authorize)
      • client_id (name with which you register jasperserver as a client, ex: jasperserver61)
      • client_secret (secret you specify or that gets generated when your register jasperserver as a client with your authorization server)
      • token location (endpoint exposed by authorization server for exchanging grant codes for access or refresh tokens  ex:  http://myoauthserver:8080/oauth2/token)
      • redirect url (location that authorization server will redirect back to with a grant code and this will be your jasperserver url plus /oauth on the end  ex:  http://localhost:8080/jasperserver-pro/oauth)
      • scope (optional scope if you defined a scope for client access)

      You will need to take these values and configure the following bean in the applicationContext file with them:

       <bean id="proxyPreAuthenticatedProcessingFilter" class="com.jaspersoft.jasperserver.ps.OAuth.OAuthPreAuthenticationFilter">
<property name="externalDataSynchronizer" ref="externalDataSynchronizer"/>
  <property name="authenticationManager" ref="oAuthAuthenticationManager"/>
      
  <property name="authenticationFailureUrl">
            <value>/oauth</value>
        </property>
        <property name="defaultTargetUrl">
            <value>/loginsuccess.html</value>
        </property>
        <property name="filterProcessesUrl">
            <value>/oauth</value>
        </property>
      
        <property name="authorization_location" >
            <value>http://localhost:8080/oauth2/authorize</value>
        </property>
        <property name="client_id" >
            <value>js61</value>
        </property>
        <property name="redirecturl" >
            <value>http://localhost:8061/jasperserver-pro/oauth</value>
        </property>
        <property name="token_location" >
            <value>http://localhost:8080/oauth2/token</value>
        </property>
        <property name="clientsecret" >
            <value>9700fc55-85fc-4682-807d-a881054fa665</value>
        </property>
  <property name="scopes">
   <value>uri:JaspersoftReportingServer</value>
   </property>
      </bean>

    Once you have setup a Resource server that returns user detail information (see section below on response type for this endpoint) and registering it with the authorization server you will have the following:

    • user detail location (url to your resource server endpoint for user detail information ex:  http://myresourceserver:8080/v1/tokeninfo)
    • user detail key (entered or generated when registering the user detail service as a resource server with the authorization server)
    • user detail secret  (entered or generated when registering the user detail service as a resource server with the authorization server)

    You will need to take these values and configure the following bean in the applicationContext file with them:

    <bean id="OAuthAccessTokenValidator" class="com.jaspersoft.jasperserver.ps.OAuth.OAuthAccessTokenValidator">
       <property name="userdetails_location">
    <value>http://localhost:8080/v1/tokeninfo</value>
    </property>
    <property name="userdetails_key">
    <value>27c88aca-11dc-4022-9753-53f96a1fefc6</value>
    </property>
    <property name="userdetails_secret">
    <value>0ebdb578-d571-43f0-91f7-ce0e656a35f0</value>
    </property>
    </bean>

     

    User Detail Resource Server Service

    The current and compiled code expects a JSON response from your user detail information service endpoint on your Resource Server with the following fields:

    Mandatory:

    • name (username)

    Optional:

    • organization (id and name of the user's organization--if not present defaults to jasperserver default organization)
    • roles (comma separated string of role names)

    Possible Customization

    If you require a different response type or user detail information parsing from your user detail information service you will need to potentially modify/customize the following classes:

    You will then need to add your compiled libraries to WEB-INF/lib and inject your new classes into the bean definitions in the applicationContext file.

     Share
    Go to entries

    User Feedback

    Recommended Comments

    johannes.held

    Hi Kamal,

    are there any steps planned on the part of TIBCO Jaspersoft?
    SSO using OAuth 2 and OpenID is already almost a standard.

    It would be really nice if this could be done out-of-the-box.

     

    Kind regards
    Johannes

    Link to comment
    Share on other sites
    kkumlien

    Hi Johannes,

    not that I'm aware of, but this is for our Product Management to confirm (or not).

    Happy to get you on a call with them, just send me an email.

    Best

    Link to comment
    Share on other sites
    niklas.haag

    I don't get it to work at all, using the Server Version 8.1.1. If I add the applicationContext-externalAuth-oAuth.xml to my WEB-INF the Jasper Reports Server does not start.

    What did you fill the userdetails_key and userdetails_secret with? From my understanding the Server doesn't need any of that, because Jasper Reports gets access to the user-info by passing a valide token.

    Which files did you add to your lib?

    The article ignores these files, i added them to my lib is that correct? src/com/jaspersoft/jasperserver/ps/OAuth

    Would anybody, who got it to work/partially work, please explain the steps? 

    kind regards

    niklas

    Link to comment
    Share on other sites


    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

×
×
  • Create New...

© 2024 Cloud Software Group,
Inc. All rights reserved.

Products

Explore