Once Pentaho Transparent Authentication has been installed with success, an external application can start to use interact with Pentaho requesting a login ticket with a URL of the following form:
The request must carry three parameters:
generate-ticket: tells the login ticket generator to issue a login ticket and register it in the internal cache managed by the Pentaho Transparent Authentication plugin. The ticket is return in the body of the response as JSON with the following format:
app: the arbitrary name of the application requesting the login ticket. The name must be known to Pentaho Transparent Authentication i.e. it must be present in the current configuration of the plugin.
username: the username of the user to log in. It must be mapped to a pentaho username in the internal configuration of the Pentaho Transparent Authentication (see the configuration paragraph for further details).
Once the external app has received the ticket, it can send a redirect response to the user’s browser with a redirect URL in the following form:
Once the ticket is issued, it is valid for a certain amount of time (configurable in
pentaho-authentication-ext.properties) and it can be used by a request sent by the user’s browser to flawlessly log in to Pentaho.
Examples on how to get a ticket
Do you want to check for practical examples? Take a look at the wiki page dedicated to this purpose.
How to test
The easier way to test the Pentaho Transparent Authentication is using a REST client. You can develop your own client (using your preferred language) or use a plugin (more easier). We prefer to use the Advanced Rest Client for Google Chrome, an easy plugin for the famous browser.
Installing the Advanced Rest Client for Google Chrome is easy like a 1,2,3: open your Google Chrome browser, click on the link below and accept the installation. The plugin will be available into your browser’s plugin list. Below we show some screenshots we used for testing. We think it should be useful for you to test it and move the very first steps with the solution (and your own integration).
POST call. Authentication settings in header.
POST call. Get a Pentaho ticket specifying the payload and sending the request.