Overview
Version
| FineBI Version | Integrate Backend Single Sign-On Plugin | Functional Change |
6.0 | V 1.1.1 | / |
6.0.10 | V 1.2.2 | Adapted to new visual styles. |
Functions
After installing the Integrate Backend SSO plugin, you can achieve backend single sign-on (with simple operations and no complex codes).
The plugin provides two backend single sign-on solutions:
Option one: The username is not encrypted. You can access http://IP address:Port number/Project name/decision?fine_username=Username to achieve single sign-on.
Option two: The username is encrypted. You can access http://IP address:Port number/Project name/decision?ssoToken=XXX (result of encrypting and encoding the username) to achieve single sign-on. The plugin also provides the ssoToken timeout setting function. After enabling the function, sso Token will expire after reaching Login Timeout set in System Management > Login.
Introduction
Downloading the Plugin
Download the plugin: com.fr.plugin.decision.background.sso.v11-1.2.2.rar
For details, see Plugin Management.
Interface Introduction
After installing the plugin, log into FineBI as the super admin, and choose System Management > System Setting > Integrate Backend SSO to go to its configuration interface.
Note:
Option One: Username not Encrypted
Setting Username not Encryped
After the plugin is successfully installed, select Example in Backend SSO, and click Save.
Demonstration
Access http://IP address:Port number/Project name/decision?fine_username=Username through a browser. Username is any existing and available username on the platform.
Option Two: Username Encrypted
Note:The Integrate Backend SSO plugin allows encrypting usernames using RSA key to enhance security.
Generating RSA Key
After the plugin is installed, Public Key is automatically generated.
You need to note the following points:
Only the default keys are supported.
After Public Key is generated, click Generate RSA Key to regenerate and overwrite the previous key.
The generated key only supports AES transmission encryption. Installing the Base64 plugin is invalid.
Username Encryption
Put the generated RSA key and username into the encryption code to encrypt the username.
1. You are advised to use you own encryption code for encryption (using an encrypted website here).
2. The encryption steps are shown in the following figure.
Username Decryption Test
Enter the encrypted username into the Decryption Test. If the username can be successfully decrypted, it means that the encryption and decryption process is correct.
Username Encoding
The encrypted username needs to be encoded before it can be embedded in the URL. You can use URLEncoder to encode the encrypted username.
This example text is encoded through a transcode website.
Demonstration
Access http://IP address:Port number/Project name/decision?ssoToken=XXX (encoded username) through a browser to achieve backend single sign-on with encrypted username.
SSO Token Timeout Setting
The ssoToken timeout setting function is not enabled by default. Once enabled, the ssoToken will expire after reaching Login Timeout set in System Management > Login.
If you use an expired ssoToken to log into the FineBI system, an error message will prompt: Login timeout, please log in again.
Notes
The generation of ssoToken in this document needs to be manually encrypted by yourself. In actual applications, the ssoToken can be automatically generated through codes.
