Backend Single Sign-On Plugin

Version

Functions

After installing the Integrate Backend SSO plugin, you can achieve backend single sign-on (with simple operations and no complex codes).

The plugin provides two backend single sign-on solutions:

• Option one: The username is not encrypted. You can access http://IP address:Port number/Project name/decision?fine_username=Username to achieve single sign-on.

• Option two: The username is encrypted. You can access http://IP address:Port number/Project name/decision?ssoToken=XXX (result of encrypting and encoding the username) to achieve single sign-on. The plugin also provides the ssoToken timeout setting function. After enabling the function, sso Token will expire after reaching Login Timeout set in System Management > Login.

Downloading the Plugin

Download the plugin: com.fr.plugin.decision.background.sso.v11-1.2.2.rar

For details, see Plugin Management.

Interface Introduction

After installing the plugin, log into FineBI as the super admin, and choose System Management > System Setting > Integrate Backend SSO to go to its configuration interface.

Note:

Only super admins can see the configuration page.

Setting Username not Encryped

After the plugin is successfully installed, select Example in Backend SSO, and click Save.

Demonstration

Access http://IP address:Port number/Project name/decision?fine_username=Username through a browser. Username is any existing and available username on the platform.

Note:

This option no longer allows accessing http://IP address:Port number/Project name/decision?fine_username=Username to achieve backend single sign-on.

The Integrate Backend SSO plugin allows encrypting usernames using RSA key to enhance security.

Generating RSA Key

After the plugin is installed, Public Key is automatically generated.

You need to note the following points:

• Only the default keys are supported.

• After Public Key is generated, click Generate RSA Key to regenerate and overwrite the previous key.

• The generated key only supports AES transmission encryption. Installing the Base64 plugin is invalid.

Username Encryption

Put the generated RSA key and username into the encryption code to encrypt the username.

1. You are advised to use you own encryption code for encryption (using an encrypted website here).

2. The encryption steps are shown in the following figure.

Username Decryption Test

Enter the encrypted username into the Decryption Test. If the username can be successfully decrypted, it means that the encryption and decryption process is correct.

Username Encoding

The encrypted username needs to be encoded before it can be embedded in the URL. You can use URLEncoder to encode the encrypted username.

This example text is encoded through a transcode website.

Demonstration

Access http://IP address:Port number/Project name/decision?ssoToken=XXX (encoded username) through a browser to achieve backend single sign-on with encrypted username.

SSO Token Timeout Setting

The ssoToken timeout setting function is not enabled by default. Once enabled, the ssoToken will expire after reaching Login Timeout set in System Management > Login.

If you use an expired ssoToken to log into the FineBI system, an error message will prompt: Login timeout, please log in again.

The generation of ssoToken in this document needs to be manually encrypted by yourself. In actual applications, the ssoToken can be automatically generated through codes.