Single sign-on refers to one time authentication performed by the host application. Users accessing Intellicus from within a host application are already authenticated. Intellicus does not perform authentication check for such users.
This means that User can access Intellicus without going through the Intellicus Login page. Host application would require passing user credentials of currently logged-in user (in host application) to Intellicus.
In addition to the user credentials, host application can also pass business parameters that could be used in the reports for data filtering based on the user context.
Single Sign-On is briefly referred as SSO.
Note: Single Sign-On is required only when Host application and Intellicus are running as two separate web applications on the same or different web servers.
Single Sign-On is not required when Intellicus is embedded inside the Host application.
Single Sign-On Requests
Host application’s users can access Intellicus reporting features integrated in their application. Reporting features includes Report listing, Report execution, User preferences, Adhoc wizard etc.
These features can be accessed either inside an Iframe or in a new window.
So end-users of host application can request all these reporting features and also pass business/request parameters to Intellicus.
Host application would require following a sequence of steps in order to achieve SSO.
In order to access reporting features of Intellicus, a user space should exist at Intellicus for each user of host application. User space at Intellicus can be created manually through Intellicus web portal. It can also be created dynamically using Intellicus APIs.
Note: Please refer Chapter 5 of this document for settings required for dynamic user creation.
Single Sign-On Flow:
- In Web browser, Host Application user requests for reporting.
- Using Intellicus SSO Libraries, host application requests Token from Intellicus. With this request Host application sends user credentials and other business parameters.
- Intellicus Web server send request to report server for User space Identification.
- If user space exists at Intellicus, intellicus token is returned to host application web server.
- From client browser, reporting request is sent to Intellicus web server with intellicus token and the relative URL for Intellicus HTTP API.
- Intellicus receive the token and use it for user identification.
- Intellicus creates user session and serve the reporting request to Host application user.