Date Posted:
Product: TIBCO Spotfire®
Product: TIBCO Spotfire®
Problem:
How to configure External Authentication to use JWTCustomAuthenticator
Solution:
Below are the steps to configure custom authentication with JwtCustomAuthenticator.
- In order to deploy this example, compile the source code and create a JAR file containing the JwtCustomAuthenticator.class. Copy the created JAR file into the TSS installation folder\tomcat\webapps\spotfire\WEB-INF\lib or if you are on 10.3.x or above copy the JAR to "TSS installation folder\\10.3.2\tomcat\custom-ext "
- Open TIBCO Spotfire Server Config tool and go to the "External Authentication" tab on left panel under the "Configuration" tab
- Enable External Authentication. In source, enter the below details
- Type: Custom Authenticator
- Class name: com.spotfire.example.JwtCustomAuthenticator
- Initialization parameters:
- jws_alg
- jwk_url
- Save the configuration
- Restart the server
- When the external authentication site redirects to TIBCO Spotfire Server, it should have a Cookie with name "ACCESS_TOKEN" which has the JWT token. This JWT token should have at least the following claims: iss, sub, name, email.
- Below are the Initialization parameters required:
- jws_alg - the JWS algorithm (from the EC or RSA families) with which the JWT is expected to be signed
- wk_url - the URL to a JWK Set with the keys needed to verify the JWT signature
- server.jar found in C:\tibco\tss\10.3.0\tomcat\webapps\spotfire\WEB-INF\lib
- servlet-api.jar found in C:\tibco\tss\10.3.0\tomcat\lib
API References:
- https://docs.tibco.com/pub/spotfire_server/7.8.0/doc/api/TIB_sfire_server_Custom_Authentication_Filter_API_Reference/com/spotfire/example/JwtCustomAuthenticator.html
- https://docs.tibco.com/pub/spotfire_server/10.3.0/doc/api/TIB_sfire_server_Server_Platform_API_Reference/com/spotfire/server/security/CustomAuthenticator.html