Single sign-on (SSO)
Single sign-on (SSO) allows users to log in once on their workstation, and gain access to multiple systems without being prompted to log in again at each of the systems. This article provides guidelines and summarizes on how to use SSO within the Dundas BI application. Listed below are the multiple the ways to accomplish this.
2. SSO with Windows logon
To enable Single Sign-On using Windows Authentication follow the Automatic Windows Log On (SSO) example on the Configuration settings article. Once SSO is enabled, automatic logon will occur for all URLs that do not require explicit authentication. For example, navigating to http://yourinstance/ will take you directly to the home screen, whereas http://yourinstance/LogOn/ will still show the Log On screen.
For more information, see Automatic Windows Log On (SSO).
3. Federated authentication
Federated authentication behaves as a Single Sign On (SSO), enabling the user to access multiple services without the need for further authentication. Federated authentication is commonly used in Dundas BI to enable logon using SAML 2.0, OpenIdConnect. Automatic Log On using with federated authentication can be accomplished by setting the custom logon page configuration setting to the authentication URL:
For more information about single sign-on using federated authentication using automatic logon, see Enabling federated authentication.
4. Custom account provider
In cases where local, Windows, or federated authentication are not desired and another form authentication is being used, a custom account provider will allow you to authenticate with anything. A custom accounts provider manages user accounts, and authentication. This is done by creating a Dundas BI .NET extension that has a class that extends the ExtensionPackageInfo class and another class that will implement the IAccountsProvider2 interface. This will allow for single sign-on as the logon as it is controlled by a custom .NET extension.
For more information, see Create a custom accounts provider.
5. Anonymous logon
This can be used as a single sign-on for one user and is commonly used for to facilitate implementation of a public dashboard site or kiosk. Anonymous logon will allow for the automatic logon to a specific account specified in the application configuration settings. The two settings are Anonymous User Name, and Anonymous Password, and once both properties are set the anonymous logon will be enabled.
For more information, see How to enable anonymous log on.
6. Embedding SSO
6.1. Embedding with SSO
When using automatic windows log ln (SSO), federated authentication with automatic logon, or anonymous logon the application will be automatically authenticated. If none of these are used and a session ID or logon token are not passed the logon page will appear.
For more information, see Using the Dundas BI embed library.
6.2. Logon using server side call with admin credentials
It is possible to implement a single sign-on by using credentials of a privileged account to create a session on behalf of another account. This is done by making a call to POST /LogOn/Token and passing EffectiveAccountName. A logon token will be returned and that will be used when embedding to get acquire the session.
For more information and a working example, see POST /LogOn/Token.