Setting Up Login via OAuth

In this article:

Step 1. Setting Up Repository Connection

Step 2. Setting Up Parameters for OAuth Protocols

Step 3. Preparing BI Server

Step 4. Preparing and Opening Web Application

To log in on repository connection, in the web application it is available to use OAuth protocols of 1.1 version and OAuth of the 2.0 version.

The OAuth 1.1 protocol enables logging in under the Twitter account, the OAuth 2.0 protocol - under accounts of other services supporting the protocol, for example, Google.

To set up system login with simultaneous use of OAuth 1.1 and OAuth 2.0 protocols, follow the steps specified below.

Step 1. Setting Up Repository Connection

To set up repository connection:

  1. Add the Alg parameter to the registry:

In Windows OS start registry editor using the regedit.exe file located in C:\Windows:

1.2.  Go to the HKEY_CURRENT_USER\SOFTWARE\Foresight\Foresight Analytics Platform\9.0\Debug\Crypt section where security certificate privacy key is stored.

1.3.  Create the Alg string parameter:

    1. In the section context menu select the Create > String Parameter item.

    2. The parameter will be created, its name will be opened in edit mode. Enter the Alg name and press ENTER.

NOTE. If the Alg parameter already exists, skip the step.

1.4.  Set the GOST value for the Alg parameter:

    1. Double click with the main mouse button the Alg parameter or select the Change parameter context menu item.

    2. In the Change String Parameter opened dialog box in the Value field enter the GOST value.

    3. Click the OK button.

In Linux OS open the registry.reg file where registry settings are stored and select one more method:

  • Add the Alg parameter with the GOST value in the HKEY_CURRENT_USER\SOFTWARE\Foresight\Foresight Analytics Platform\9.0\Debug\Crypt registry section manually.

  • Export the Windows OS registry section with the added Alg parameter to the file and import it to Linux OS.

For detailed information about registry settings in Linux OS, see the Configuration and Setup section.

  1. Start the PP.Util utility located in the Foresight Analytics Platform installation folder, using command line or as administrator.

2.1.  Make sure that for web application pull, the operating system account.

2.2.  Save encrypted password to log in the repository:

PP.Util /save_creds "repository identifier" /dc "repository user name"

After executing the operation, the password to connect the repository will be asked. Enter the password, after that the Password for metabase 'repository identifier' and login 'user name' saved message will be displayed.

2.3.  Generate privacy key and certificate that are private digital signature of the user. The privacy key and the certificate are generated in PEM format using specific software tools (such as OpenSSL). For details about certificate use see the Example of Setting Up Two-Factor Authentication in WindowsExample of Setting Up Two-Factor Authentication in Linux section.

The client certificate will be generated as a file with the *.cer extension, the privacy key will be generated as a file with the *.key extension. Certificate and key names may be custom, for example, client.cer and client.key.

2.4.  Save the generated client certificate in the repository:

PP.Util /save_cert "path to certificate" <repository identifier> <user name>

After executing the operation, the password of the specified user will be asked. The obtained account data is used to connect to the repository. If the authorization and certificate saving are successful, the Certificate from file 'path to certificate' with identifier 'certificate identifier' saved to metabase 'repository identifier' message will be displayed.

2.5.  Save the generated privacy key in the registry:

PP.Util /save_private_key "path to key file" <certificate identifier> <algorithm 
of encryption := gos|pro, if not specified, then pro>

Identifier of the certificate that is required to execute the command is displayed in the previous command result.

After executing the operation, the Certificate from file 'path to key' with identifier 'certificate identifier' saved message will be displayed.

After executing the operations, the repository connection will be set up.

Step 2. Setting Up Parameters for OAuth Protocols

For OAuth protocols in the Windows OS registry editor or in the registry.reg file in Linux OS add subsections containing names of OAuth servers and set corresponding registry settings in the HKLM\SOFTWARE\Foresight\Foresight Analytics Platform\9.0\PP\BIS\System\OAuth registry section or generation the System section in the settings.xml file:

Values specified in the ConsumerKey and ConsumerSecret parameters can be obtained after registering developed application at the required OAuth server. Those parameters are required in order that BI server can check after authorization on OAuth server and authorizr the corresponding user in repository.

If the ConsumerKey and ConsumerSecret parameters are not specified, internal settings of the BI server are used; the OAuth server must contain registered application based on Foresight Analytics Platform.

After executing the operations, parameters for the OAuth protocols will be set.

Step 3. Preparing BI Server

To prepare BI server, check whether there is internet connection on the server where BI server is installed and make sure that access to services sites is open.

If proxy server is used for internet connection, then create the CURLOPT_PROXY and CURLOPT_PROXYUSERPWD system variables:

In Windows OS open advanced system settings using the Properties > Advanced System Settings computer context menu»:

  1. On the Advanced tab in the System Properties section click the Environment Variables button.

  2. In the System Variables section of the Environment Variables dialog box click the Create button:

    • CURLOPT_PROXY. Set the proxy.sever.ru:8080 value to the variable where proxy server URL and port used for connection are specified.

    • CURLOPT_PROXYUSERPWD. Set the login:password value to the variable where user name and password for internet connection are specified.

In Linux OS add environment variables to the envvars file located at: /etc/opt/Foresight/fp9.2-biserver. The file contains environment variables which are read on BI server start with the Apache2 instance.

Add variables:

  • CURLOPT_PROXY. Set the proxy.sever.ru:8080 value to the variable where proxy server URL and port used for connection are specified

  • CURLOPT_PROXYUSERPWD. Set the login:password value to the variable where user name and password for internet connection are specified.

Variables are added to the file in the format:

export <variable name>=<value>

For detailed information about adding environment variables in Linux OS, see the Configuration and Setup section.

After executing the operation, the BI server will be ready.

Step 4. Preparing and Opening Web Application

To prepare web application:

  1. In the PP.xml file set the OAuth value to the authentication attribute in the <metabase> section and set the true value for the enabled attribute in the <oAuthService> section:

<pp>

    <metabase authentication="OAuth" id="repository identifier"/>
    <oAuthService enabled="true"/>

</pp>
  1. Restart the BI server.

  2. Open web application.

After executing the operations, system login authorization buttons using the OAuth protocols will be available on the login.html page:

Select the repository and click the button of any authorization services without entering user name and password. After that navigation to the account page of corresponding service, for example, Twitter or Google, will be executed. Enter user name and password on the service page and click the Log In button. After successful login, the web application start page opens.

See also:

Questions and Answers | Setting Up Login via SAML