Successfully!

Error!

Backend Single Sign-On Plugin

  • Last update:  2024-02-01

    • Overview

    Version

    Report Server Version

    Backend SSO Plugin

    Functional Change

    11.0

    V 1.0.0

    /

    V 1.1.0

    • Added SSO Token Timeout. When this function is enabled, the single sign-on (SSO) token will expire if the login time exceeds the time set in Login Timeout under System Management > System Setting > Login > Login Timeout Setting.

    • Optimized the function to allow switching between username encryption and no encryption by selecting Username Encryption and Sample Interface in Backend SSO.

    11.0.4

    V 1.1.1

    • Added URL redirection and hid the username fine_username or the encrypted SSO token in the access link.

    • Provided a link to go to the login page when the error message (User does not exist) appears.

    11.0.16

    V 1.2.2

    Adapted to new visual styles.

    Function Description

    After installing the Backend SSO plugin, you can achieve backend SSO (with simple operations and no complex codes).

    The plugin provides two options for backend SSO:

    Option one: The username is not encrypted. You can access http://IP address:Port number/Project name/decision?fine_username=Username to achieve SSO.

    Option two: The username is encrypted.You can access http://IP address:Port number/Project name/decision?ssoToken=XXX (result after encrypting and encoding the username) to achieve SSO. The plugin also provides SSO Token Timeout. When enabled, SSO token will expire if the login time exceeds the time set in Login Timeout under System Management System Setting Login Login Timeout Setting.

    Plugin Introduction

    Plugin Download

    You can download the fr-plugin-decision-background-sso-1.2.4.zip plugin.

    For details about how to install the plugin in the designer, see Designer Plugin Management.

    For details about how to install the plugin on the server, see Server Plugin Management.

    Page Introduction

    After installing the plugin, log into the decision-making platform as the super admin, choose System Management System Setting > Integrated Backend SSO to go to its configuration interface. 

    iconNote:
    Only the super admin can see the configuration page.


    Option One: Not Encrypting the Username

    Setting Username Not Encrypted

    After installing the plugin, select Sample Interface in Backend SSO, and click Save

    iconNote:
    Skip this section if your plugin version is 1.0.0.

    Effect Display

    Access http://IP address:Port number/Project name/decision?fine_username=Username through a browser. Username is any existing and available username on the platform.

    Option Two: Encrypting the Username

    iconNote:
    This option does not allow you to access http://IP address:Port number/Project name/decision?fine_username=Username through backend SSO. For details about supported links, see section "Effect Display" in "Option Two."

    The Backend SSO plugin only allows encrypting usernames with RSA Key to improve user security.

    RSA Key Generation

    After installing the plugin of V 1.1.0, the public key will be automatically generated. 

    iconNote:
    If your plugin version is 1.0.0, you need to click Generate RSA Key.


    Note:

    • Only the default keys are supported.

    • After Public Key is generated, you can click Generate RSA key to regenerate and overwrite the previous key.

    • The generated key only supports AES transmission encryption. Base64 and SM are invalid.

    Username Encryption

    Put the generated RSA key and the username into the encryption code to encrypt the username.

    1. You are advised to use your encryption code for encryption (using an encrypted website here).

    2. The encryption procedures are shown in the following figure.

    Username Decryption Test

    Enter the encrypted username into Decryption Test. If the username can be successfully decrypted, the encryption and decryption process is correct.

    Username Encoding

    The encrypted username needs to be encoded before it can be embedded in the URL. You can use encodeURIComponent to encode the encrypted username.

    This example uses URLEncoder for encoding.

    Effect Display

    Access http://IP address:Port number/Project name/decision?ssoToken=XXX(encoded username) in a browser to achieve backend SSO with the encrypted username.

    SSO Token Timeout Setting

    The function (added to V 1.1.0) is disabled by default. When this function is enabled, the SSO token will expire if the login time exceeds the time set in Login Timeout under System Management > System Setting > Login > Login Timeout Setting.

    If you use the expired SSO token to log into the platform through SSO, an error message will prompt: Login timed out. Log in again.

    SSO Token超时设置.png

    Notes

    Generating ssoToken Through Codes

    In section "Option Two: Encrypting the Username", you need to generate SSO token manually. In actual situation, ssoToken can be generated through codes.

    Decryption Error

    Problems:

    In the case of concatenating ssoToken with Engine-X, after accessing http://IP address:Port number/Project name/decision/view/report?viewlet=WorkBook.cptx&ssoToken=XXX to achieve SSO and go to CPTX template, the decryption fails. Then an error message appears: ERROR [standard] Decrypt failed:Decryption error.

    Causes:

    Engine-X requests (in FineReport of 11.0.4 or earlier versions equipped with the Backend SSO plugin of 1.1.1 or earlier versions) are incompatible with ssoToken.

    Solution One: Embed the CPTX template into an FRM dashboard, and verify the login of the FRM template during backend SSO.

    Solution Two: Enable template authentication for CPTX templates. Jump to the CPTX template through the CPT template Loading End event and the CPT template will be verified during backend SSO.

    Attachment List


    Theme: Deployment and Integration
    Already the First
    Already the Last
    • Helpful
    • Not helpful
    • Only read
    中文(简体) 中文(繁體) 日本語
    English

    Doc Feedback