Single Sign-On (SSO) Router
- Overview
- Technical Details
- Pricing
- Release Notes
The Single Sign-On Router provides new REST API endpoints to route login and logout JWT SSO requests based on the source request domain or URL parameter.
Important Note: The client should implement the SSO JWT handler. The SSO Router only routes to existing endpoints.
Use Case 1:
A company using multi-tenant configuration defines URL parameter that will determine the user's tenant. When a user connects to Sisense and the URL parameter set to his tenant's identifier, Sisense routes the request to the tenant's unique SSO handler.
Use Case 2:
A company using multi-tenant configuration creates a unique URL parameter for each tenant. When a user connects to Sisense using a specific parameter, Sisense routes the request to the tenant's unique SSO handler.
Installing the SSO Router
The multi-tenant SSO provides a new SSO endpoint. This endpoint is used as the login/logout endpoint.
Windows
- Download and extract .zip plugin.
- Run the PSE.Sisense.SSORouter.msi installer from /ssoRouter/Windows. The package installs a new Windows microservice “sisense.SSORouter”.
- Edit the microservice “config.js” file, as described below.
- Configure the JWT SSO to use the SSO Router endpoint as the login and logout URL, as described below.
- Restart the Windows “sisense.SSORouter” service.
Linux
- Download and extract the .zip plugin.
- Place the /ssoRouter/Linux/ssoRouter directory on the Sisense Linux server under the following path: /opt/sisense/storage/external-plugins/apiPlugins/plugins/.
- Edit the config.js, as described below.
- Configure the JWT SSO to use the SSO Router endpoint as the login and logout URL, as described below.
- Restart the ‘external-plugins’ pod to apply the changes (pods available under the ‘sisense’ namespace).
After you install the SSO Router, you will see an additional endpoint in the Swagger REST API page:
Upgrade the SSO Router
- Before you upgrade the SSO router, make a copy of the configuration file.
- Windows: run the .msi installation file.
Linux: replace the content of the SSO router folder with the new SSO router folder, as described in the installation instructions. - Replace the newly installed configuration file, with your custom configuration file.
- Windows: Restart the SSO Router microservice.
Linux: Restart the ‘external-plugins’ pod.
Configuring the SSO Router
SSO Router configuration is located in a JS config file.
To configure the SSO Router, update the configuration file.
File location:
- Linux: /ssoRouter/v1/config.js
- Windows: /sisense/app/ssoRouter/src/features/ssoRouter/v1/config.js
The configuration file contains a configuration object with four keys:
- login: Object. Contains key-value pairs of the request origin and the required route URL**
- logout: Object. Contains key-value pairs of the request origin and the required route URL**
- loginURLParameter: String. In case the login SSO handler is determined by a URL parameter, state the URL parameter name.
To pass a URL parameter, replace all the # characters in the URL with %23.
For example:
http://sisense.dns.com/app/main#/home?embed=true =>
http://sisense.dns.com/app/main%23/home?embed=true - loginParameterMapping: Object. If the login SSO handler is determined by a URL parameter, state the parameter value as the key and the redirect address as the value.
* * Source:Redirect key-value pairs: The key represents the Sisense DNS. Provide the DNS with no protocol (HTTP/HTTPS).
The value is the URL to redirect to.
The keys and values can contain up to a single attribute.
The attribute will be in the format: ${attribute_name}.
Important: For login requests, if the login URL parameter is specified, the loginParameterMapping is used. If the login URL parameter is not specified, the login mapping is used.
Configuration example:
Preview
Post to LiveJournal
const config = {
login: {
'tenantA.com': 'http://tenantA.sso.com',
'${attribute}.tenant': 'http://${attribute}.tenant.sso.com'
},
logout: {
'tenantA.com': 'http://tenantA.main.com',
},
loginURLParameter: 'domain',
loginParameterMapping: {
1: 'http://tenantA.sso.com',
2: 'http://tenantB.sso.com'
}
};
Login request:
| Source Domain | Redirect URL | Explanation |
|---|---|---|
| http://tenantA.com | http://tenantA.sso.com | Since there is no URL parameter, the Router will try to find the SSO handler URL in the ‘login’ object |
| https://tenantA.com | http://tenantA.sso.com | Since there is no URL parameter, the Router will try to find the SSO handler URL in the ‘login’ object. The source request protocol (HTTP/HTTPS) does not take place when calculating the redirect URL. |
| http://a.tenant | http://a.tenant.sso.com | The login URL matches the template ${attribute}.tenant |
| http://tenantA?domain=1 | http://tenantA.sso.com | Since the domain parameter is provided, the SSO handler URL will be the URL that is mapped to the “domain” parameter value |
Logout request:
| Source Domain | Redirect URL |
|---|---|
| http://tenantA.com | http://tenantA.main.com |
Configuring Sisense to Use the SSO Router as the Login Endpoint
- Open the Configuration Manager
For Linux
For Windows - Click the Sisense logo five times to present the full list of configurations.
- Open the Base Configuration tab.
- Under the SSO section:
- Update the sso.loginUrl to /api/v1/ssoRouter/login
- If needed, update the sso.logoutUrl to /api/v1/ssoRouter/logout
- Click Save Base, in the top-right corner.
Get the Add-On
1.0.0.10 – 17/09/2020
New Features and Enhancements
This release contains two new REST API endpoints: login endpoint and logout endpoint.
1.0.0.11 – 04/12/2020
Was added support for Linux 8.2.1, 8.2.6 and Windows 8.2.4
1.0.0.11 – 15/03/2021
Was added support for Linux 8.2.6 and fixed issue with no redirection to logout page after Session Inactivity.
1.0.0.11 – 01/07/2021
Was added support for L2021.3.1, L2021.3.2, L2021.5.0
1.0.0.17 – 21/07/2021
Was added support for L2021.7, W2021.6
1.0.0.17 – 17/08/2021
Was added support for L2021.8.0
1.0.0.17 – 03/09/2021
- Was added support for L2021.9.0
1.0.0.17 – 03/09/2021
- Added support for L2021.10.0
Premium
