Explore Dashboard
By submitting this form, I agree to Sisense's
privacy policy and terms of service.
Watch a Sisense Demo
By submitting this form, I agree to Sisense's
privacy policy and terms of service.
The Single Sign-On Router provides new REST API endpoints to route login and logout JWT SSO requests based on the source request domain or URL parameter.
Important Note: The client should implement the SSO JWT handler. The SSO Router only routes to existing endpoints.
Use Case 1:
A company using multi-tenant configuration defines URL parameter that will determine the user's tenant. When a user connects to Sisense and the URL parameter set to his tenant's identifier, Sisense routes the request to the tenant's unique SSO handler.
Use Case 2:
A company using multi-tenant configuration creates a unique URL parameter for each tenant. When a user connects to Sisense using a specific parameter, Sisense routes the request to the tenant's unique SSO handler.
The multi-tenant SSO provides a new SSO endpoint. This endpoint is used as the login/logout endpoint.
Windows
Linux
After you install the SSO Router, you will see an additional endpoint in the Swagger REST API page:
Upgrade the SSO Router
Configuring the SSO Router
SSO Router configuration is located in a JS config file.
To configure the SSO Router, update the configuration file.
File location:
The configuration file contains a configuration object with four keys:
* * Source:Redirect key-value pairs: The key represents the Sisense DNS. Provide the DNS with no protocol (HTTP/HTTPS) and no port.
The value is the URL to redirect to.
The keys and values can contain up to a single attribute.
The attribute will be in the format: ${attribute_name}.
Important: For login requests, if the login URL parameter is specified, the loginParameterMapping is used. If the login URL parameter is not specified, the login mapping is used.
Configuration example:
Preview
Post to LiveJournal
const config = { login: { 'tenantA.com': 'http://tenantA.sso.com', '${attribute}.tenant': 'http://${attribute}.tenant.sso.com' }, logout: { 'tenantA.com': 'http://tenantA.main.com', }, loginURLParameter: 'domain', loginParameterMapping: { 1: 'http://tenantA.sso.com', 2: 'http://tenantB.sso.com' } };
Login request:
Source Domain | Redirect URL | Explanation |
---|---|---|
http://tenantA.com | http://tenantA.sso.com | Since there is no URL parameter, the Router will try to find the SSO handler URL in the ‘login’ object |
https://tenantA.com | http://tenantA.sso.com | Since there is no URL parameter, the Router will try to find the SSO handler URL in the ‘login’ object. The source request protocol (HTTP/HTTPS) does not take place when calculating the redirect URL. |
http://a.tenant | http://a.tenant.sso.com | The login URL matches the template ${attribute}.tenant |
http://tenantA?domain=1 | http://tenantA.sso.com | Since the domain parameter is provided, the SSO handler URL will be the URL that is mapped to the “domain” parameter value |
Logout request:
Source Domain | Redirect URL |
---|---|
http://tenantA.com | http://tenantA.main.com |
Configuring Sisense to Use the SSO Router as the Login Endpoint
1.0.0.10 – 17/09/2020
New Features and Enhancements
This release contains two new REST API endpoints: login endpoint and logout endpoint.
1.0.0.11 – 04/12/2020
Was added support for Linux 8.2.1, 8.2.6 and Windows 8.2.4
1.0.0.11 – 15/03/2021
Was added support for Linux 8.2.6 and fixed issue with no redirection to logout page after Session Inactivity.