How does LDAP Single-Sign-On (SSO) work in Yellowfin?

Here is how LDAP Single-Sign-On works with Yellowfin. The web service authenticates with a Yellowfin user. This is usually an admin user that will authenticate communication between the client and Yellowfin web services.

The web service consists of a Request Objects:

The loginId attribute is the userid that authenticates the web service call.
The password is the for the user that authenticated the web service call.

This user will require a "web services" function to be enabled in their Yellowfin role:

The function attribute should be set to "LOGINUSERNOPASSWORD"
The orgid attribute should be set to 1.

The Request Object contains a person attribute. This is a AdministrationPerson object. This object contains the details that a user would type into the login/password box to login. It has a userId and password attribute.

In a normal case, the client application will have access to the userid and password, and these could be passed through in this object. However, with LDAP authentication, neither the client application, or Yellowfin have access to the user's password.

This requires a special Single-Sign-On call that only validates the username, it doesn't require a password. If the username is associated with an LDAP user, it will test that the user exists, and that they have the correct access, but it doesn't attempt a bind to the LDAP server.

To generate function web service stubs in .NET point your IDE to WSDL provided by Yellowfin.

Is article helpful?