For analyzing data and standard pre-defined dashlet reports, SkyVault Share displays
an Inline Frame (IFrame) from the Pentaho User Console on the Analytics server.
It does this by setting a SkyVault Share webscript as the URL, which redirects the
browser to a report page in the Pentaho User Console:
- SkyVault Share (templates/org/alfresco/pentaho.js) asks the SkyVault repository for a token relating to the user. If the SkyVault repository does not have an active session, it creates and returns a token to SkyVault Share (org.alfresco.pentaho.sso.CreateTokenGet). SkyVault Share appends the token to the browser URL.
- The authentication component, org.alfresco.pentaho.sso.AuthenticationComponent, creates the token ID and stores session IDs for users.
-
If the user is not logged into the Analytics server and a token is present:
- The Analytics server sends a request to the SkyVault repository to exchange the token for a user name and role (org.alfresco.pentaho.sso.ProcessingFilter).
- The SkyVault repository responds with the user name and role if the token is recognized (org.alfresco.pentaho.sso.VerifyGet).
Note: If the incoming request has no session ID and no token, the browser is redirected to SkyVault Share with the requested URL as part of the address: http://localhost:8080/share/page/pentaho-sso?destination={pentahoURL}Note: There are additional security checks if the user is trying to access a report with a URL containing a site parameter.Note: Javascript checks, using postMessage(), that the Analytics server user is the same as the user in SkyVault. If they are not the same, the user is logged out and the page is reloaded. - The Analytics server returns the data.
The diagram shows the flow for analyze.get.desc.xml and for pre-defined dashlet reports:
