OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.
Connecting Sisense to OpenID Connect
- Place your LoginSisense.ashx handler in the selected location.
You can put your handler folder to C:\Program Files\Sisense\PrismWeb\ Requires IIS reset Or you can create custom Web Site in your IIS, following instruction for JWT handler https://documentation.sisense.com/sso-via-jwt/
- Log in to your console.developers.google.com select API Manager
- Create a new application:
- Select Web Application and fill the form on the screen.
Choose the name of the Apps
Add Authorized redirect URIs - your Handler
- Your new application will look like:
Save Client ID information.
- In the Sisense SSO page selects JWT and add Remote Login URL. Click Save
- Replace Client ID from Google and Shared Secret from Sisense SSO in your Handler.
Replace all URL to the correct ones.
http://test-google.com - location of Sisense application
http://test-google.com:8085/LoginSisense.ashx - location of the Handler
- Users who access any of the web pages on your Sisense server will be redirected to Google authentication.
Handler authorization flow:
LoginSisense handler consists of two different flows:
First flow - redirects to the Google auth page, saves return_to to the Session
Second flow - checks secure Session variable, decodes id_token generate JWT to Sisense and redirects user to the Sisense page
- Sisense application calls LoginSisense handler if user is not Logged into Sisense
- LoginSisense handler saves secure Session variable (check OpenId documentation) and redirect user to Google authorization form
- After successful authentication, Google redirects user to the Redirect URI,
To the same Redirect URI (LoginSisense Handler) that was added in the new Application in the Google API Manager
- LoginSisense Handler checks secure Session variable decodes id_token from Google and generates JWT token for user authorization.
Please read more about JWT generation https://documentation.sisense.com/sso-via-jwt/