Like what you see? Have a play with our trial version.

Error rendering macro 'rw-search'

null

Versions Compared

Old Version 25

changes.mady.by.user user-3484a

Saved on

compared with

New Version 26

changes.mady.by.user user-3484a

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Yellowfin's Administration Service allows for integrating Yellowfin with essentially all third-party authentication processes. Primarily an authentication bridge will be used when implementing Yellowfin as a standalone application or even a tightly integrated application, where required.To . But to integrate with a third-party authentication process, a custom bridge needs to be created. This bridge will take a username and password from one system and match the details to match a user's credentials from a third-party source with those of a user in the Yellowfin system. Usually the third-party authentication source will provide a username, and sometimes but at times a password and other user attributes are also sent to authenticate the user.

The purpose of the bridge is to match this username Once a match is made with an existing user in Yellowfin and Yellowfin user, the bridge will perform a Single Sign-On (SSO) of that user into Yellowfin as that user. Very rarely will there be a password available from the third-party source. The LOGINUSERNOPASSWORD web service will allow for . This can be done using either the LOGINUSER web service (which requires a password for the user to log in), or the LOGINUSERNOPASSWORD service, which allows the bridge to log in a user in, using only their username. Alternatively, LOGINUSER can be used to log in the user with a passwordThis seems ideal, since very rarely will there be a password available from the third-party source.

The bridge is not necessarily used to determine whether or not the user is allowed to log in. The fact that the bridge receives the username, means that the user has already been validated. However, sometimes it will be responsible for “asking” the third-party if the user is valid.

Sometimes there will be a need to auto-create the users if they do not exist in Yellowfin. This might require using additional information to create the user, like their email address, first and last names, etc. which should be sourced from the third-party authentication sourceapplication. The bridge can use the GETUSER or VALIDATEUSER web service functions to determine if a user exists in Yellowfin or not and the ADDUSER web service call to create a user. If bulk user creation is required, the ADDUSERS web service function can be called.

Part of the bridge process may also be to modify the user's Yellowfin role or group membership as part of the login process. If Yellowfin is integrated with a product where access to different content may change, it may be required to update this group membership during the login process. This would require sourcing information from the third-party source about what which groups a user should be added to/removed from. The UPDATEUSER web service call will allow a user’s role to be modified and the INCLUDEUSERINGROUP or EXCLUDEUSERFROMGROUP web service calls  calls can be used to add or remove from groups that determine what Yellowfin content they can access.

...