Page History
...
A Login SSO token can be retrieved using the GET /api/login-tokens end-point, Create Login Token. The payload for this request is of the form:
| Code Block |
|---|
{
"signOnUser": {
"userName": "admin@yellowfin.com.au",
"password": "test",
"clientOrgRef": "CLIENT1"
},
"loginParameters": [
"YFTOOLBAR=FALSE",
"ENTRY=VIEWDASHBOARD",
"DASHBOARDUUID=5678f33c-c666-4972-8976-9c489accf73b"
],
"noPassword": false,
"customParameters": "Some custom integration value"
} |
The signOnUser attribute is required, the other attributes are optional. The contents of the signOnUser attribute will be the credentials of the user we are logging in. The clientOrgRef is only required when logging into a tenant.
...
The clientOrgRef should be populated with the tenant’s Client Organisation reference code, for the user to be logged into that tenant.
| Code Block |
|---|
{
"signOnUser": {
"userName": "admin@yellowfin.com.au",
"password": "test",
"clientOrgRef": "CLIENT1"
}
} |
The following examples return the SSO token that can be used to log a user into a Yellowfin tenant without prompting them for the username and password. These examples use the standard paradigm of using a REST Access Token.
...
The loginParameters with the SSO payload allows options to be set for the new session that the token will create. This can be used to hide and show UI elements, set security parameters, and determine what page the user will land on when they login. This example payload shows that the user's entry will be a dashboard with the supplied dashboard UUID.
| Code Block |
|---|
{
"signOnUser": {
"userName": "user1@yellowfin.com.au",
"password": "test"
},
"loginParameters": [
"ENTRY=VIEWDASHBOARD",
"DASHBOARDUUID=5678f33c-c666-4972-8976-9c489accf73b"
]
} |
The following code examples will create a SSO token with a specified dashboard entry point:.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
package rest.code.examples;
import java.io.IOException;
import java.util.Random;
import org.apache.hc.client5.http.fluent.Content;
import org.apache.hc.client5.http.fluent.Request;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
/**
* Create a targeted SSO login token using the Yellowfin REST API
*/
public class CreateSSOTokenWithAccessTokenToPage {
public static void main(String[] args) throws Exception {
String host = ""http://localhost:8080/Yellowfin"";
String restUsername = ""admin@yellowfin.com.au"";
String restPassword = ""test"";
String userToLogin = ""user1@yellowfin.com.au"";
String userToLoginPassword = ""test"";
String entryDashboardUUID = ""321e5a85-a349-4cfb-b8f4-c9141059a66a"";
String createUserPayload = ""{\n""
+ "" \""signOnUser\"": {\n""
+ "" \""userName\"": \""""+ userToLogin + ""\"",\n""
+ "" \""password\"": \""""+ userToLoginPassword + ""\""\n""
+ "" },\n""
+ "" \""loginParameters\"": [""
+ "" \""ENTRY=VIEWDASHBOARD\"",""
+ ""\""DASHBOARDUUID="" + entryDashboardUUID + ""\""""
+ "" ] ""
+ ""}"";
String token = generateToken(host, restUsername, restPassword);
System.out.println(""Payload: "" + createUserPayload);
Content c = Request.post(host + ""/api/login-tokens"")
.addHeader(""Authorization"", ""YELLOWFIN ts="" + System.currentTimeMillis() + "" , nonce="" + new Random().nextLong() + "", token="" + token)
.addHeader(""Accept"", ""application/vnd.yellowfin.api-v1+json"")
.addHeader(""Content-Type"", ""application/json"")
.bodyString(createUserPayload, null)
.execute().returnContent();
JsonObject jsonObject = new JsonParser().parse(c.asString()).getAsJsonObject();
JsonElement securityToken = jsonObject.get(""securityToken"");
System.out.println(""SSO Token: "" + securityToken);
}
public static String generateToken(String host, String username, String password) throws IOException {
Content c = Request.post(host + ""/api/refresh-tokens"")
.addHeader(""Authorization"", ""YELLOWFIN ts="" + System.currentTimeMillis() + "" , nonce="" + new Random().nextLong())
.addHeader(""Accept"", ""application/vnd.yellowfin.api-v1+json"")
.addHeader(""Content-Type"", ""application/json"")
.bodyString(""{ \""userName\"": \""""+ username + ""\"",\""password\"": \""""+ password + ""\""}"", null)
.execute().returnContent();
JsonObject jsonObject = new JsonParser().parse(c.asString()).getAsJsonObject();
JsonElement accessToken = jsonObject.getAsJsonObject(""_embedded"").getAsJsonObject(""accessToken"").get(""securityToken"");
if (accessToken!=null) {
System.out.println(""Access Token: "" + accessToken);
} else {
System.out.println(""Token not retrieved successfully"");
System.exit(-1);
}
return accessToken.getAsString();
}
} |
...
The loginParameters with the SSO payload allows options to be set for the new session that the token will create. Enabling noPassword=true, allows for creating a session for a user without their password.
| Code Block |
|---|
{
"signOnUser": {
"userName": "admin@yellowfin.com.au"
},
"noPassword": true
} |
This can be used in scenarios where user passwords don’t need to be retained. This could involve assigning random UUIDs as passwords when creating new users. If the users are always entering the application via SSO (using the noPassword option), then their real password never needs to be known.
...
The following code examples illustrate how to destroy an existing session created via SSO Login, with a given tokenId:.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
package rest.code.examples;
import java.io.IOException;
import java.util.Random;
import org.apache.hc.client5.http.fluent.Content;
import org.apache.hc.client5.http.fluent.Request;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
/**
* Destroy a SSO session using the Yellowfin REST API
*/
public class DestroySSOSession {
public static void main(String[] args) throws Exception {
String host = ""http://localhost:8080/Yellowfin"";
String restUsername = ""admin@yellowfin.com.au"";
String restPassword = ""test"";
// This is a loginTokenId from the initial REST call to receive a securityToken for SSO
String loginTokenId = ""ac69b491-26cc-c399-7e59-2e441c9e1433"";
String token = generateToken(host, restUsername, restPassword);
Content c = Request.delete(host + ""/api/login-tokens/"" + loginTokenId)
.addHeader(""Authorization"", ""YELLOWFIN ts="" + System.currentTimeMillis() + "" , nonce="" + new Random().nextLong() + "", token="" + token)
.addHeader(""Accept"", ""application/vnd.yellowfin.api-v1+json"")
.addHeader(""Content-Type"", ""application/json"")
.execute().returnContent();
System.out.println(c.toString());
}
public static String generateToken(String host, String username, String password) throws IOException {
Content c = Request.post(host + ""/api/refresh-tokens"")
.addHeader(""Authorization"", ""YELLOWFIN ts="" + System.currentTimeMillis() + "" , nonce="" + new Random().nextLong())
.addHeader(""Accept"", ""application/vnd.yellowfin.api-v1+json"")
.addHeader(""Content-Type"", ""application/json"")
.bodyString(""{ \""userName\"": \""""+ username + ""\"",\""password\"": \""""+ password + ""\""}"", null)
.execute().returnContent();
JsonObject jsonObject = new JsonParser().parse(c.asString()).getAsJsonObject();
JsonElement accessToken = jsonObject.getAsJsonObject(""_embedded"").getAsJsonObject(""accessToken"").get(""securityToken"");
if (accessToken!=null) {
System.out.println(""Access Token: "" + accessToken);
} else {
System.out.println(""Token not retrieved successfully"");
System.exit(-1);
}
return accessToken.getAsString();
}
} |
...
Toggle “JWT Single Sign On” to enable JWT functionality:.
Provide mappings from your JWT token to attributes that Yellowfin needs:.
If creating a custom JWT token, application code needs to generate the JWT token and sign or encrypt it with a supported algorithm. The website https://jwt.io/ provides a UI for creating JWT tokens manually for testing.
...