All Products
Search

This Product

    Dataphin:Dataphin based on customer third-party SSO logon authentication

    Document Center

    Dataphin:Dataphin based on customer third-party SSO logon authentication

    Last Updated:Jan 21, 2025

    This topic discusses the integration of Dataphin with third-party Single Sign-On (SSO) authentication, covering the Ticket (Cookie) authentication interface, logout interface, login redirection, and account information retrieval.

    Background information

    If you have an established single sign-on (SSO) system, and the SSO application can manage a Ticket in the Cookie within the same domain as Dataphin, authenticate the Ticket, handle login redirection and logout, and retrieve account information, it can be integrated with Dataphin. Users can then access the Dataphin application through their SSO system.

    Authentication request time series chart

    Important

    The Cookie must be within the same domain or root domain as the Dataphin application.

    image

    Interface specifications

    Request method: GET.

    Content type: Content-Type:application/json;charset=UTF-8.

    1. Ticket (Cookie) authentication interface

      • Provides Ticket authentication capability.

      • Request path: /cookie/validCookie?ticket={ticket}.

        Success: Returns true, along with user detail information.

        {
 "success":true,
 "data":{
 "userId":"1",
 "parentUserId":"0",
 "accountName":"account1",
 "displayName":"dataphin1",
 "realName":"zhang1",
 "nickName":"zhang1feng",
 "email":"1@alib***.com",
 "mobilePhone":"188****0001"
 },
 "message":null
}

        Details of the data fields:

        Field

        Description

        userId

        Required. The unique userId within the customer's user system.

        parentUserId

        Used for user systems with a parent-child relationship.

        accountName

        Required. The unique user login account in the customer's user system.

        displayName

        Display name in the Dataphin system (recommended to be unique), used for displaying all user information within Dataphin. If displayName is null, accountName will be used as the username.

        realName

        The real name of the user.

        nickName

        The nickname of the user.

        email

        The user's email address.

        mobilePhone

        The user's contact number.

        Failed: Returns false, along with the redirection authentication address redirectUrl.

        Note

        The data.redirect can include a custom target-url return, provided the switch isCustomizeTargetUrl is enabled.

        {
 "success":false,
 "data":{
 "redirect":"http://127.0.0.1:****"
 },
 "message":""
}

    2. Provide logon authentication interface with redirection capability based on target-url

      If login authentication expires, the Dataphin application will append the current request address URL to the login authentication address URL, facilitating a return to the requested page after successful login authentication.

    3. Logout interface

      Request path: /user/logout?ticket={ticket}.

      Return format and definition:

      {
 "success":true,
 "data":{
 "redirect":"http://127.0.0.1:****"
 },
 "message":""
}

    4. User detail list interface

      Request path: /user/getAllUser.

      Return format and definition:

      {
 "success":true,
 "data":[
 {
 "userId":"1",
 "parentUserId":"0",
 "accountName":"account1",
 "displayName":"dataphin1",
 "realName":"zhang1",
 "nickName":"zhang1feng",
 "email":"1@alib***.com",
 "mobilePhone":"188****0001"
 },
 {
 "userId":"2",
 "parentUserId":"0",
 "accountName":"account2",
 "displayName":"dataphin2",
 "realName":"zhang2",
 "nickName":"zhang2feng",
 "email":"2@alib***.com",
 "mobilePhone":"188****0002"
 }
 ],
 "message":null
}

    Dataphin configuration items

    1. IDE configuration item switch and addition

      dataphin.sso.provider.session=com.alibaba.dataphin.sso.provider.thirdpart.session.ThirdPartSessionProvider
dataphin.sso.provider.account=com.alibaba.dataphin.sso.provider.thirdpart.account.ThirdPartAccountProvider
#Endpoint for providing interface request address
dataphin.thirdpart.sso.endpoint=http://127.0.0.1:****
#Configurable items
## Confirm the cookie name with the counterpart
dataphin.thirdpart.sso.cookie.name=DPN_SSO_TICKET
dataphin.thirdpart.sso.cookie.validUrl=/cookie/validCookie?ticket={ticket}
dataphin.thirdpart.sso.user.logoutUrl=/user/logout?ticket={ticket}
dataphin.thirdpart.sso.user.getUserUrl=/user/getUser?userId={userId}
dataphin.thirdpart.sso.user.getAllUserUrl=/user/getAllUser
dataphin.thirdpart.sso.isCustomizeTargetUrl=false
## Confirm the getAllUser interface retrieval method with the counterpart, default is all
## all: Retrieve all without parameters
## page: Retrieve by paging, automatically append pageNo, pageSize parameters (parameter names can be configured)
## cursor: Retrieve by cursor, automatically append userId, pageSize parameters (parameter names can be configured)
dataphin.thirdpart.sso.user.getAllUser.method=all
dataphin.thirdpart.sso.user.getAllUser.pageSize=30
dataphin.thirdpart.sso.user.param.name.userId=userId
dataphin.thirdpart.sso.user.param.name.pageSize=pageSize
dataphin.thirdpart.sso.user.param.name.pageNo=pageNo

    2. DataAssets and OneService configuration items

      For versions after Dataphin v2.9.1 and before Dataphin v3.2.x, configuration item switches and additions are necessary, similar to IDE configuration.

    Account system switch

    1. Close the original account system entry and switch to customer-provided logon

      dataphin.sso.provider.session=com.alibaba.dataphin.sso.provider.thirdpart.session.ThirdPartSessionProvider
dataphin.sso.provider.account=com.alibaba.dataphin.sso.provider.thirdpart.account.ThirdPartAccountProvider

    2. Correct the original account

      For example, consider the od_user table under the Security library in the Dataphin system.

      • SuperOps account correction: Update the Ops account to a userId from the customer's user system.

        update od_user set source_user_id = '{userId provided by the customer's user system}', source_type = 'THIRD_PART' where id = '{id of SuperOps in the od_user table}'.

      • SuperAdmin account correction: Update the Admin account to a userId from the customer's user system.

        update od_user set source_user_id = '{userId provided by the customer's user system}', source_type = 'THIRD_PART' where id = '{id of SuperAdmin in the od_user table}'.

      • Standard account correction: Update the data in the od_user table to reflect the new authentication system's userId.

        Change the original system account's sourceUserId to the new authentication system's userId.

        Alter the original account type to THIRD_PART.

        Important

        Accounts of type source_type BUILTIN_PRODUCKER_USER should remain unchanged.

    Integration completion verification

    1. Logon function verification

      Verify that you can log into Dataphin through the user login system and that the user information is displayed correctly.

    2. Sync user verification

      1. In Dataphin's Management Center - Member Management, click Account System Sync and ensure no errors are reported.

        image

      2. Click Add Member, and verify that the synchronized user is displayed correctly.

        image

    3. Logout function verification

      Click Log out in the top-right user information section. Ensure it redirects to the user-specified page, and if necessary, confirm whether to purge the Cookie and verify that the Cookie is purged correctly.

      image