You are not logged in.
Pages: 1
Topic closed
Is it possible to create an authentication pass-through to ReportServer to auto login a user by adding a url parameter?
For example: http://demo.raas.datenwerke.net/ReportS … abelincoln
I would prefer to keep the standard login available in addition to a pass-through.
What if I wanted to trust the application sending the request and not send the password, only the username? I would prefer not to exchange passwords across the application.
It's not clear to me how I would force create a user session for that username. Essentially, I want to create a seamless experience for my user. They will log into another application and when they need to run a report I want them to be able to click on a link that opens a new window, sending them to ReportServer and automagically log them in.
Last edited by tomharney (2014-10-22 20:28:35)
Offline
Hi Tom,
this can be done rather easily with a script (that is accessible via url) that simply sets the current user. But keep in mind that such a script could be invoked by anyone who knows the right url.
The textbook approach to this problem would be to implement some kind of single-sign-on system. CAS (http://jasig.github.io/cas/4.0.0/index.html) for example we know works well with reportserver. If you dont't want to set up another system, but have some control over the application that redirects to reportserver you could also implement something simpler: The link to reportserver your application presents to the user contains a token-value. If a user accesses reportserver via such a link reportserver establishes a connection (not passing through the clients browser) directly to your application and validates the token. On success the user is logged in.
I hope that gives you an idea on what to do.
Cheers,
Thorsten
I'll consider the single-sign-on solution. I would honestly prefer to go that route. In the mean time, I need something that just works. I'm not understanding the architecture of ReportServer. I know it's Java based but I don't see how to set the current user. Can you provide an example? Is it in the login script (in groovy) for LDAP authentication? If you could point me in the right direction, I'm sure I could figure it out. I'd be happy to share my results with the community.
Offline
Hi Tom,
We are using reportserver in my company and I had the same questions before.
you can take a look at this article. it is going to give you an idea: http://blog.datenwerke.net/2013/08/Repo … ation.html
also Im going to share a script that I used to bypass a user as an example
go to filesystem/bin/tmp/ and create a file called hook_user.groovy
upload the following content:
package pam
import net.datenwerke.rs.authenticator.client.login.dto.UserPasswordAuthToken
import net.datenwerke.rs.authenticator.client.login.pam.UserPasswordClientPAM
import net.datenwerke.security.client.login.AuthToken
import net.datenwerke.security.service.authenticator.AuthenticationResult
import net.datenwerke.security.service.authenticator.ReportServerPAM
import net.datenwerke.security.service.authenticator.hooks.PAMHook
import net.datenwerke.security.service.usermanager.UserManagerService
import net.datenwerke.security.service.usermanager.entities.User
import com.google.inject.Inject
final ShiroPAM shiroPAM = GLOBALS.injector.getInstance(ShiroPAM.class);
GLOBALS.services.callbackRegistry.attachHook("SHIRO_PAM", PAMHook.class, new PAMHook(){
public void beforeStaticPamConfig(LinkedHashSet<ReportServerPAM> pams){
pams.add(shiroPAM);
}
public void afterStaticPamConfig(LinkedHashSet<ReportServerPAM> pams){
}
});
public class ShiroPAM implements ReportServerPAM {
private final UserManagerService userManagerService;
@Inject
public ShiroPAM(UserManagerService userManagerService) {
this.userManagerService = userManagerService;
}
@Override
public AuthenticationResult authenticate(AuthToken[] tokens) {
// So if you have an SSO solution, this authenticate method will be your point of extension.
String username = "root";
return new AuthenticationResult(true, userManagerService.getUserByName(username),true);
}
@Override
public String getClientModuleName() {
return null;
}
} - After that, open the terminal (ctrl + shift + t)
then:
cd filesystem/bin/tmp/
then:
exec -g hook_user.groovy
open a second browser and access reportserver. at this point you should be automatically logged as root.
ps: this works in the version RS2.2.0-5588-2014-10-14-18-13-40
I hope it helps you
Last edited by marcosfilho (2014-10-28 01:06:52)
Offline
Pages: 1
Topic closed