MARKETPLACE
Single Sign-On (SSO) Router
By Sisense
- Single Sign-On
The Single Sign-On Router provides new REST API endpoints to route login and logout JWT SSO requests based on the source request domain or URL parameter.
Important Note: The client should implement the SSO JWT handler. The SSO Router only routes to existing endpoints.
Use Case 1:
A company using multi-tenant configuration defines URL parameter that will determine the user’s tenant. When a user connects to Sisense and the URL parameter set to his tenant’s identifier, Sisense routes the request to the tenant’s unique SSO handler.
Use Case 2:
A company using multi-tenant configuration creates a unique URL parameter for each tenant. When a user connects to Sisense using a specific parameter, Sisense routes the request to the tenant’s unique SSO handler.
Installing the SSO Router
- Extract the .zip file.
- Install plugin following steps described in the readme file.
Configuring the SSO Router
SSO Router configuration is located in a JS config file.
To configure the SSO Router, update the configuration file.
File location:
- Linux: /ssoRouter/v1/config.js
- Windows: /sisense/app/ssoRouter/src/features/ssoRouter/v1/config.js
The configuration file contains a configuration object with five keys:
- login: Object. Contains key-value pairs of the request origin and the required route URL**
- logout: Object. Contains key-value pairs of the request origin and the required route URL**
- loginURLParameter: String. In case the login SSO handler is determined by a URL parameter, state the URL parameter name.
To pass a URL parameter, replace all the # characters in the URL with %23.
For example:
http://sisense.dns.com/app/main#/home?embed=true =>
http://sisense.dns.com/app/main%23/home?embed=true - loginParameterMapping: Object. If the login SSO handler is determined by a URL parameter, state the parameter value as the key and the redirect address as the value.
- logoutParameterMapping**: Object. In case the logout sso handler is determined by a URL parameter (when `loginURLParameter` is configured), set the parameter value as the key and the redirect address as the value.
* * Source:Redirect key-value pairs: The key represents the Sisense DNS. Provide the DNS with no protocol (HTTP/HTTPS).
The value is the URL to redirect to.
The keys and values can contain up to a single attribute.
The attribute will be in the format: ${attribute_name}.
Important Note: For login requests, if the login URL parameter is specified, the loginParameterMapping is used. If the login URL parameter is not specified, the login mapping is used. For logout requests, in case the logout URL parameter is specified, the logoutParameterMapping is used. If the logout URL parameter is not specified, the logout mapping is used.
Additional configuration example has been provided in readme file.
Configuration example:
Preview
Post to LiveJournal
const config = { login: { 'tenantA.com': 'http://tenantA.sso.com', '${attribute}.tenant': 'http://${attribute}.tenant.sso.com' }, logout: { 'tenantA.com': 'http://tenantA.main.com', }, loginURLParameter: 'domain', loginParameterMapping: { 1: 'http://tenantA.sso.com', 2: 'http://tenantB.sso.com' } };
Login request:
Source Domain | Redirect URL | Explanation |
---|---|---|
http://tenantA.com | http://tenantA.sso.com | Since there is no URL parameter, the Router will try to find the SSO handler URL in the ‘login’ object |
https://tenantA.com | http://tenantA.sso.com | Since there is no URL parameter, the Router will try to find the SSO handler URL in the ‘login’ object. The source request protocol (HTTP/HTTPS) does not take place when calculating the redirect URL. |
http://a.tenant | http://a.tenant.sso.com | The login URL matches the template ${attribute}.tenant |
http://tenantA?domain=1 | http://tenantA.sso.com | Since the domain parameter is provided, the SSO handler URL will be the URL that is mapped to the “domain” parameter value |
Logout request:
Source Domain | Redirect URL |
---|---|
http://tenantA.com | http://tenantA.main.com |
Configuring Sisense to Use the SSO Router as the Login Endpoint
- Open the Configuration Manager
For Linux
For Windows - Click the Sisense logo five times to present the full list of configurations.
- Open the Base Configuration tab.
- Under the SSO section:
- Update the sso.loginUrl to /api/v1/ssoRouter/login
- If needed, update the sso.logoutUrl to /api/v1/ssoRouter/logout
- Click Save Base, in the top-right corner.
This is a premium Sisense add-on. For pricing details please get in touch with your CSM
Version 1.2.7 – June 12, 2024
- Bugfix: incorrect operation when “Support Cross Site Cookies for Embedding” is enabled in configuration
Version 1.2.6 – Nov 21, 2023
- Bug fix: Add-on stopped working if a system has more than 1 tenant (not a full multi tenancy support yet)
Version 1.2.3 – Jan 6, 2023
- bug fixes
Version 1.2.0 – Mar. 16, 2022
- Added possibility do multiple logouts for different vanity URLs
Version 1.1.0 – Mar. 11, 2022
- Verified on version L2022.3
Version 1.1.0 – Feb. 10, 2022
- Verified on version L2022.2
- Installation steps have been changed to support installation with scripts
Version 1.1.0 – Jan. 20, 2022
- Verified on version L2022.1
Version 1.1.0 – Dec. 09, 2021
- Added support for L2021.12
Version 1.0.0.17 – Nov. 01, 2021
- Added support for L2021.11 and W2021.9
Version 1.0.0.17 – Sept. 03, 2021
- Added support for L2021.10.0
Version 1.0.0.17 – Sept.03, 2021
- Added support for L2021.9.0
Version 1.0.0.17 – Aug. 17, 2021
- Added support for L2021.8.0
Version 1.0.0.17 – July 21, 2021
- Added support for L2021.7, W2021.6
Version 1.0.0.11 – July 01, 2021
- Added support for L2021.3.1, L2021.3.2, L2021.5.0
Version 1.0.0.11 – March 15, 2021
- Added support for Linux 8.2.6
- Fixed issue with no redirection to logout page after Session Inactivity
Version 1.0.0.11 – Dec. 04, 2020
- Added support for Linux 8.2.1, 8.2.6 and Windows 8.2.4
Version 1.0.0.10 – Sept. 17, 2020
- New Features and Enhancements
- This release contains two new REST API endpoints
- login endpoint
- logout endpoint