Authenticating embedded requests
For embedding apps within client pages, Cloudera Data Visualization uses the trusted authentication protocol to authenticate embedded requests.
-
Request a ticket from the Cloudera Data Visualization Server.
The parent Application Server sends a POST ticket request to the Cloudera Data Visualization Server, either by using the ticket-granting Cloudera Data Visualization username, an IP address, or both. The ticket request has the following syntax:
https://<appserver>/arc/trustedauth/getticket
-
Posting a ticket request using a ticket-granting user:
To authenticate the ticket request using the trusted ticket granter's Cloudera Data Visualization username and password, use the following syntax:
curl --data \ "username=cdvuser&trustedusername=ticketgranter&trustedpassword=trustedpass" \ http://127.0.0.1:8000/arc/trustedauth/getticket
If the request is valid, the Cloudera Data Visualization Server returns the ticket
cYvvmRSHSWOOWNCOeve1vA
. -
Posting a ticket request using an IP Address:
In this case, the Cloudera Data Visualization Server already has the parent Application server IP in the list of trusted IPs. The POST request includes only the Cloudera Data Visualization username to get the ticket-granting user's full credentials. To authenticate the ticket request using an IP address, use the following syntax:
curl --data "username=cdvuser" http://127.0.0.1:8000/arc/trustedauth/getticket
If the request is valid, the Cloudera Data Visualization Server returns the ticket
cYvvmRSHSWOOWNCOeve1vA
.
The following POST parameters are used in the preceding examples:- Username: User identifier for automatic login.
- Trustedusername: User identifier for ticket-granting user (optional when using trusted IP authentication).
- Trustedpassword: Password for ticket granting user.
-
-
Generate a unique URL.
The parent Application Server uses the ticket to generate a unique URL, which contains the
<iframe>
tag and the ticket for the embedded visual, and sends it to the client.For example, the URL address in the
<iframe>
would be:http://127.0.0.1:8000/arc/trustedauth/trusted/cYvvmRSHSWOOWNCOeve1vA/app/1
-
Request visual from the Cloudera Data Visualization Server.
The client browser uses the
<iframe>
URL obtained from the Application Server and forwards the same URL to the Cloudera Data Visualization Server, requesting the visual.http://127.0.0.1:8000/arc/trustedauth/trusted/cYvvmRSHSWOOWNCOeve1vA/app/1
-
Return Cloudera Data Visualization visual.
The Cloudera Data Visualization Server authenticates the
<iframe>
request based on the ticket that is part of the request URL. If the ticket is valid, it automatically logs in the username specified in the original POST request and then sends the visual to the client.