Secured authentication with visualize.js - SSO vs credentials encryption

1

Hi,

I've been testing the visualize.js successfully when passing plain text credentials via visualize.js.

We need now to add security on authentication : 

1. Solution N°1 : Using a CAS server. The problem I am encoutering here is : where do we get the SSO ServiceTicket we are supposed to provide to visualize.js ? (I've made it work by intercepting a ST request sent from another application to CAS and passing the ST to visualize.js and it worked fine.) And should we provide a new ST each time we call a report via visualize.js ? 

visualize({
auth : { token : "ST-40-CZeUUnGPxEqgScNbxh9l-sso-cas.prod.jaspersoft.com"}

2.Solution N°2 : Can we use the plain text authentication method by passing encryted login and password to Jasper via Visualize.js ? The idea would be to synchronize the users between the 2 applications (in my case TYPO3 and Jasper) and let Jasper uncrypt the username and password sent via visualize.js. How can we tell to Jasper (or visualize) that we are sending encrypted credentials and that they should be decrypted ?

visualize({
auth: {
name: "12DCC34CC34CRC4CZZ4CZ",
password: "12D756RYH7B5V34033Z",

Thank you for your help.

Jade

jajab's picture
20
Joined: May 20 2015 - 1:45am
Last seen: 3 years 6 months ago

1 Answer:

2

You can achieve solution #2 using the Jaspersoft Pre Authentication (or Token Based Authentication) this allows you to define a token passed to Jasper with the information needed to create the user object on the fly. The only thing you need to do is create your decription class that will handle the decryption of your token and give jasper what it needs to create the SSO.

The information about how to setup this is in the Jaspersodt Authentication Cookbook:

http://community.jaspersoft.com/documentation/tibco-jasperreports-server...

marianol's picture
4267
Joined: Sep 13 2011 - 8:04am
Last seen: 6 months 3 weeks ago
Feedback
randomness