Like what you see? Have a play with our trial version.

Settings related to the operation of the SAML Bridge are located in the WEB-INF/web.xml file. These settings describe the location of the Yellowfin instance and the web service credentials, and the attributes for finding and automatically provisioning Yellowfin users.

Access Yellowfin

This setting shows how to access Yellowfin (URL):

<init-param>
	<param-name>YellowfinWebserviceURL</param-name>
	<param-value>http://yellowfin:8080</param-value>
</init-param>

Web Server User

Configure the setting for a Yellowfin web server user, that is, a user who can perform web service calls with the Web service role enabled.

<init-param>
	<param-name>YellowfinWebserviceUser</param-name>
	<param-value>admin@yellowfin.com.au</param-value>
</init-param>

<init-param>
	<param-name>YellowfinWebservicePassword</param-name>
	<param-value>test</param-value>
</init-param>

Enable User Provision

Here is how you can enable or disable user provision. Set the value to true to enable, and false to disable this functionality.

<init-param>
	<param-name>AutoProvision</param-name>
	<param-value>true</param-value>
</init-param>

Find User

To be able to find a user (when the authentication method requires their ‘email address’), you need to provide Yellowfin with the email attribute corresponding to the AD FS Claim Descriptions:

Following is an example of this:

<init-param>
	<param-name>EmailAttribute</param-name>
	<param-value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</param-value>
</init-param>

To do user provision, you need to define FirstNameAttribute, LastNameAttribute and YellowfinRole. For instance, in the example below, Yellowfin gets the user name and surname from AD FS and the user role is defined as ‘Consumer & Collaboration’.

<init-param>
	<param-name>FirstNameAttribute</param-name>
	<param-value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname</param-value>
</init-param>

<init-param>
	<param-name>LastNameAttribute</param-name>
	<param-value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname</param-value>
</init-param>

<init-param>
	<param-name>UsernameAttribute</param-name>
	<param-value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</param-value>
</init-param>

<init-param>
	<param-name>YellowfinRole</param-name>
	<param-value>Consumer &amp; Collaborator</param-value>
</init-param>

Note: Here, UsernameAttribute relates to the authenticaion method requiring a ‘user name’.

Previous topic: AD FS configuration

Next topic: Troubleshooting

  • No labels