Overview
Version
Report Server Version | Backend SSO Plugin | Functional Change |
11.0 | V 1.0.0 | / |
V 1.1.0 |
| |
11.0.4 | V 1.1.1 |
|
11.0.16 | V 1.2.2 | Adapted to new visual styles. |
Function Description
After installing the Backend SSO plugin, you can achieve backend SSO (with simple operations and no complex codes).
The plugin provides two options for backend SSO:
Option one: The username is not encrypted. You can access http://IP address:Port number/Project name/decision?fine_username=Username to achieve SSO.
Option two: The username is encrypted.You can access http://IP address:Port number/Project name/decision?ssoToken=XXX (result after encrypting and encoding the username) to achieve SSO. The plugin also provides SSO Token Timeout. When enabled, SSO token will expire if the login time exceeds the time set in Login Timeout under System Management > System Setting > Login > Login Timeout Setting.
Plugin Introduction
Plugin Download
You can download the fr-plugin-decision-background-sso-1.2.4.zip plugin.
For details about how to install the plugin in the designer, see Designer Plugin Management.
For details about how to install the plugin on the server, see Server Plugin Management.
Page Introduction
After installing the plugin, log into the decision-making platform as the super admin, choose System Management > System Setting > Integrated Backend SSO to go to its configuration interface.
Note:
Option One: Not Encrypting the Username
Setting Username Not Encrypted
After installing the plugin, select Sample Interface in Backend SSO, and click Save.
Note:
Effect Display
Access http://IP address:Port number/Project name/decision?fine_username=Username through a browser. Username is any existing and available username on the platform.
Option Two: Encrypting the Username
Note:
The Backend SSO plugin only allows encrypting usernames with RSA Key to improve user security.
RSA Key Generation
After installing the plugin of V 1.1.0, the public key will be automatically generated.
Note:
Note:
Only the default keys are supported.
After Public Key is generated, you can click Generate RSA key to regenerate and overwrite the previous key.
The generated key only supports AES transmission encryption. Base64 and SM are invalid.
Username Encryption
Put the generated RSA key and the username into the encryption code to encrypt the username.
1. You are advised to use your encryption code for encryption (using an encrypted website here).
2. The encryption procedures are shown in the following figure.
Username Decryption Test
Enter the encrypted username into Decryption Test. If the username can be successfully decrypted, the encryption and decryption process is correct.
Username Encoding
The encrypted username needs to be encoded before it can be embedded in the URL. You can use encodeURIComponent to encode the encrypted username.
This example uses URLEncoder for encoding.
Effect Display
Access http://IP address:Port number/Project name/decision?ssoToken=XXX(encoded username) in a browser to achieve backend SSO with the encrypted username.
SSO Token Timeout Setting
The function (added to V 1.1.0) is disabled by default. When this function is enabled, the SSO token will expire if the login time exceeds the time set in Login Timeout under System Management > System Setting > Login > Login Timeout Setting.
If you use the expired SSO token to log into the platform through SSO, an error message will prompt: Login timed out. Log in again.
Notes
Generating ssoToken Through Codes
In section "Option Two: Encrypting the Username", you need to generate SSO token manually. In actual situation, ssoToken can be generated through codes.
Decryption Error
Problems:
In the case of concatenating ssoToken with Engine-X, after accessing http://IP address:Port number/Project name/decision/view/report?viewlet=WorkBook.cptx&ssoToken=XXX to achieve SSO and go to CPTX template, the decryption fails. Then an error message appears: ERROR [standard] Decrypt failed:Decryption error.
Causes:
Engine-X requests (in FineReport of 11.0.4 or earlier versions equipped with the Backend SSO plugin of 1.1.1 or earlier versions) are incompatible with ssoToken.
Solution One: Embed the CPTX template into an FRM dashboard, and verify the login of the FRM template during backend SSO.
Solution Two: Enable template authentication for CPTX templates. Jump to the CPTX template through the CPT template Loading End event and the CPT template will be verified during backend SSO.
