Third-party Login
|
Collect
The content described in this document belongs to the advanced use of Sensord Analytics, involving many technical details, and is suitable for experienced users to refer to related functions. If you have any questions about the document content, please consult Sensord Analytics team for one-on-one assistance.
Sensord Analytics currently supports the following two types of third-party login methods:
- OAuth2.0 Login:Supports the standard OAuth 2.0 protocol and requires Sensord Analytics version >= 1.7.
- LDAP Login:Supports the LDAP protocol and can adapt to common LDAP services such as OpenLDAP, AdLDAP, etc., and requires Sensord Analytics version >= 1.13.
1. Authentication Method
1.1. Automatic User Creation Mode (Default)
Default behavior, under this mode, when a user authenticated by a third-party system logs in to Sensord Analytics for the first time, a corresponding user will be automatically created in the Sensord Analytics system. Therefore, by default, all authenticated users have access to Sensord Analytics.
Enablement(Enabled by default and no manual activation is required):
sbpadmin business_config set -p sbp -k enable_oauth_auto_create_user -v true
monitor_tools set_config -t server -m web -n enable_oauth_auto_create_user -v true
spadmin config set server -p sa -m web -n enable_oauth_auto_create_user -v true
1.2. Manual User Creation Mode
After enabling this mode, the user with the same name must be manually created in the Sensord Analytics system by the administrator user before the user can log in to the Sensord Analytics system through the third-party system.
Enablement:
sbpadmin business_config set -p sbp -k enable_oauth_auto_create_user -v false
monitor_tools set_config -t server -m web -n enable_oauth_auto_create_user -v false
spadmin config set server -p sa -m web -n enable_oauth_auto_create_user -v false
2. Permission Control
During OAuth2.0 Login, role information can be returned through the UserInfo API, and this role information will take effect when creating the user for the first time. If no role information is returned or when using LDAP Login, the system will use the default role information, which is the Ordinary User Role.
Modify the default role information:
- sbp >= 1.3.0
- Sensors Analytics version < 1.14
- Sensors Analytics version >= 1.14
- sbp>=0.5 && sbp< 1.1
- sbp 1.1+
sbpadmin business_config set -p sbp -k api_user_default_role -v analyst
monitor_tools set_config -t server -m web -n api_user_default_role -v analyst
spadmin config set server -p sa -m web -n api_user_default_role -v analyst
spadmin config set server -p sbp -m web -n api_user_default_role -v analyst
spadmin config set product_global -p sbp -n api_user_default_role -v analyst
If you need to modify the permission information for users who have logged in, it needs to be done by the administrator in the member and role management.
The `api_user_default_role` attribute supports admin, analyst, developer, guest. If multiple roles are required, use a comma to separate them.
In sbp1.1+ version, it supports configuring project-level default roles on the page. The priority is: Role corresponding to the `role` field in the userinfo response of the customer system > Default role configured on the page > Default role configured in `api_user_default_role` > Guest (ordinary user) as the fallback role.
Note: The content of this document is a technical document that provides details on how to use the Sensors product and does not include sales terms; the specific content of enterprise procurement products and technical services shall be subject to the commercial procurement contract.