Authenticating embedded requests

For embedding apps within client pages, Cloudera Data Visualization (CDV) uses the trusted authentication protocol to authenticate embedded requests.

Follow these steps to authenticate an embedded request from the client:
  1. Request a ticket from the CDV Server.

    The parent Application Server sends a POST ticket request to the CDV Server, either by using the ticket-granting CDV username, an IP address, or both. The ticket request has the following syntax:

    https://<appserver>/arc/trustedauth/getticket
    • Posting a ticket request using a ticket-granting user:

      To authenticate the ticket request using the trusted ticket granter's CDV username and password, use the following syntax:

      curl --data \ "username=cdvuser&trustedusername=ticketgranter&trustedpassword=trustedpass" \ 
      http://127.0.0.1:8000/arc/trustedauth/getticket

      If the request is valid, the CDV Server returns the ticket cYvvmRSHSWOOWNCOeve1vA.

    • Posting a ticket request using an IP Address:

      In this case, the CDV Server already has the parent Application server IP in the list of trusted IPs. The POST request includes only the CDV username to get the ticket-granting user's full credentials. To authenticate the ticket request using an IP address, use the following syntax:

      curl --data "username=cdvuser" http://127.0.0.1:8000/arc/trustedauth/getticket

      If the request is valid, the CDV Server returns the ticket cYvvmRSHSWOOWNCOeve1vA.

    The following POST parameters are used in the preceding examples:
    • Username: User identifier for automatic login.
    • Trustedusername: User identifier for ticket-granting user (optional when using trusted IP authentication).
    • Trustedpassword: Password for ticket granting user.
  2. Generate a unique URL.

    The parent Application Server uses the ticket to generate a unique URL, which contains the <iframe> tag and the ticket for the embedded visual, and sends it to the client.

    For example, the URL address in the <iframe> would be:

    http://127.0.0.1:8000/arc/trustedauth/trusted/cYvvmRSHSWOOWNCOeve1vA/app/1
  3. Request visual from CDV Server.

    The client browser uses the <iframe> URL obtained from the Application Server and forwards the same URL to the CDV Server, requesting the visual.

    http://127.0.0.1:8000/arc/trustedauth/trusted/cYvvmRSHSWOOWNCOeve1vA/app/1
  4. Return CDV visual.

    The CDV Server authenticates the <iframe> request based on the ticket that is part of the request URL. If the ticket is valid, it automatically logs in the username specified in the original POST request and then sends the visual to the client.