The Single Sign-On Router provides new REST API endpoints to route login and logout JWT SSO requests based on the source request domain or URL parameter.
Important Note: The client should implement the SSO JWT handler. The SSO Router only routes to existing endpoints.
Use Case 1:
A company using multi-tenant configuration defines URL parameter that will determine the user’s tenant. When a user connects to Sisense and the URL parameter set to his tenant’s identifier, Sisense routes the request to the tenant’s unique SSO handler.
Use Case 2:
A company using multi-tenant configuration creates a unique URL parameter for each tenant. When a user connects to Sisense using a specific parameter, Sisense routes the request to the tenant’s unique SSO handler.
Installing the SSO Router
Extract the .zip file.
Install plugin following steps described in the readme file.
Configuring the SSO Router
SSO Router configuration is located in a JS config file.
To configure the SSO Router, update the configuration file.
The configuration file contains a configuration object with five keys:
login: Object. Contains key-value pairs of the request origin and the required route URL**
logout: Object. Contains key-value pairs of the request origin and the required route URL**
loginURLParameter: String. In case the login SSO handler is determined by a URL parameter, state the URL parameter name.
To pass a URL parameter, replace all the # characters in the URL with %23.
For example:
http://sisense.dns.com/app/main#/home?embed=true =>
http://sisense.dns.com/app/main%23/home?embed=true
loginParameterMapping: Object. If the login SSO handler is determined by a URL parameter, state the parameter value as the key and the redirect address as the value.
logoutParameterMapping**: Object. In case the logout sso handler is determined by a URL parameter (when `loginURLParameter` is configured), set the parameter value as the key and the redirect address as the value.
* * Source:Redirect key-value pairs: The key represents the Sisense DNS. Provide the DNS with no protocol (HTTP/HTTPS).
The value is the URL to redirect to.
The keys and values can contain up to a single attribute.
The attribute will be in the format: ${attribute_name}.
Important Note: For login requests, if the login URL parameter is specified, the loginParameterMapping is used. If the login URL parameter is not specified, the login mapping is used. For logout requests, in case the logout URL parameter is specified, the logoutParameterMapping is used. If the logout URL parameter is not specified, the logout mapping is used.
Additional configuration example has been provided in readme file.
Since there is no URL parameter, the Router will try to find the SSO handler URL in the ‘login’ object
https://tenantA.com
http://tenantA.sso.com
Since there is no URL parameter, the Router will try to find the SSO handler URL in the ‘login’ object.
The source request protocol (HTTP/HTTPS) does not take place when calculating the redirect URL.
http://a.tenant
http://a.tenant.sso.com
The login URL matches the template
${attribute}.tenant
http://tenantA?domain=1
http://tenantA.sso.com
Since the domain parameter is provided, the SSO handler URL will be the URL that is mapped to the “domain” parameter value
Logout request:
Source Domain
Redirect URL
http://tenantA.com
http://tenantA.main.com
Configuring Sisense to Use the SSO Router as the Login Endpoint
Open the Configuration Manager
For Linux
For Windows
Click the Sisense logo five times to present the full list of configurations.
Open the Base Configuration tab.
Under the SSO section:
Update the sso.loginUrl to /api/v1/ssoRouter/login
If needed, update the sso.logoutUrl to /api/v1/ssoRouter/logout
Click Save Base, in the top-right corner.
This is a premium Sisense add-on. For pricing details please get in touch with
your CSM
Version 1.2.7 – June 12, 2024
Bugfix: incorrect operation when “Support Cross Site Cookies for Embedding” is enabled in configuration
Version 1.2.6 – Nov 21, 2023
Bug fix: Add-on stopped working if a system has more than 1 tenant (not a full multi tenancy support yet)
Version 1.2.3 – Jan 6, 2023
bug fixes
Version 1.2.0 – Mar. 16, 2022
Added possibility do multiple logouts for different vanity URLs
Version 1.1.0 – Mar. 11, 2022
Verified on version L2022.3
Version 1.1.0 – Feb. 10, 2022
Verified on version L2022.2
Installation steps have been changed to support installation with scripts
Version 1.1.0 – Jan. 20, 2022
Verified on version L2022.1
Version 1.1.0 – Dec. 09, 2021
Added support for L2021.12
Version 1.0.0.17 – Nov. 01, 2021
Added support for L2021.11 and W2021.9
Version 1.0.0.17 – Sept. 03, 2021
Added support for L2021.10.0
Version 1.0.0.17 – Sept.03, 2021
Added support for L2021.9.0
Version 1.0.0.17 – Aug. 17, 2021
Added support for L2021.8.0
Version 1.0.0.17 – July 21, 2021
Added support for L2021.7, W2021.6
Version 1.0.0.11 – July 01, 2021
Added support for L2021.3.1, L2021.3.2, L2021.5.0
Version 1.0.0.11 – March 15, 2021
Added support for Linux 8.2.6
Fixed issue with no redirection to logout page after Session Inactivity
Version 1.0.0.11 – Dec. 04, 2020
Added support for Linux 8.2.1, 8.2.6 and Windows 8.2.4