External Authentication with Jasper Server
Jasper Server by default uses its internal authentication process, where any users,roles, organizations created from Jasper Server reside in its internal repository. It utilizes the Spring Security architecture to allow external authentication of users.
Authorization (repository access permissions, access to various modules of Jasper) cannot be externally defined but has to be done through JasperServer itself.
External Authentication mechanisms supported by Jasper Server
1. LDAP Authentication
JasperServer can be configured to perform external authentication with LDAP. Whenever a user request is made to the JasperServer configured with LDAP, the credentials are sent to LDAP server for authentication and authenticated user’s roles (user groups), organization are also retrieved. As a part of the authentication, JasperServer synchronizes the user information such as roles, organization from LDAP into its own user database. Such users are marked as external users in the Jasper’s internal user repo.
The LDAP Authentication can also be customized to map user’s full name, email information or profile attributes that may exist in LDAP Server into Jasper Server.
If any roles, organization, attributes for a user change on LDAP, the same will be synchronized each time the user logs into Jasper.
With this we can also use Microsoft Active Directory as external authentication mechanism.
LDAP authentication does not provide single sign-on (SSO) functionality. You must implement additional mechanisms and configure their use within JasperReports Server to enable SSO with LDAP
2. CAS Authentication
Central Authentication Service (CAS) is an open source, Java-based authentication server that includes a mechanism for single sign-on (SSO) across web applications. JasperServer can be configured with the CAS Server.
With the CAS protocol, the client application (such as JasperReports Server) never receives or transmits the user’s password. As a result, the client application does not need to apply any encryption to protect passwords. However, unlike LDAP, CAS does not provide any user context, such as roles or organizations, that can be mapped to JasperReports Server. Instead, you can configure and organization and static roles that apply to every CAS-authenticated user, or pull user details from an external data source.
3. External Database Authentication
JasperReports Server can be configured to perform external authentication and authorization using tables in an external database. This external DB will be queried to check if the user credentials received are valid. JasperReports Server maps the username to a predefined set of roles and an organization ID. The username, roles, and organization are also synchronized with the internal database, where the user account is marked as an external user.
Again this is not a SSO implemention, but means of externally authenticating a user.
4. Token based Authentication
If you have an application or portal you want to use with JasperReports Server, but do not have an existing single sign-on environment, you can use the Jaspersoft token-based authentication.
Basically, You authenticate the end user according to the standards of your environment or application. Then construct and optionally encrypt a token based on the authenticated user values within your application or process. The token values can include username, tenant (if multi-tenancy is enabled), roles, and profile attributes. You can configure the token based on your needs for reporting and analysis within the JasperReports Server.If the token is successfully parsed, use the information in the token to create and update the external user within JasperReports Server automatically.
All the above can be extended further by adding custom classes like creating custom processors to implement some additional behavior post user authentication etc.
Shraddha Tambe | Helical IT Solutions