Problem
Once Yellowfin is configured for SSO, there are still certain scenarios where a user might be directed to the Yellowfin default login page instead of an organization's SSO login portal:
- The Yellowfin default login page appears, if/when a user logs off the application
- The Yellowfin default login page appears, if/when an idle user reaches the timeout threshold, before performing a subsequent operation inside the app.
- The Yellowfin default login page appears, if/when a user who is not currently logged in, tries to access an externally shared link to a specific report or dashboard in Yellowfin.
Typically, organizations configured with SSO expect their Yellowfin users to only use their own SSO login portal as the main entry point to access Yellowfin.
Solution
An organization may perform the following steps to always redirect Yellowfin users to their SSO login page/portal for all the aforementioned non-logged-in user scenarios:
Step 1: Create a custom JSP which can be generically utilized to redirect users your SSO login page.
Paste the following code into a text editor, and make sure to replace the ‘your_login_page_URL’ with the URL of your specific SSO portal login/landing page.
<% response.sendRedirect("your_login_page_URL"); %>
Save the text file with the name ‘redirect.jsp’
NOTE: You may name this JSP whatever you wish, so long as you reference it consistently in the subsequent steps
Place your ‘redirect.jsp’ under [Your Yellowfin Directory]…/appserver/webapps/ROOT
Step 2: Ensure you add the following configuration to the Configuration table
You may first check whether the configuration already exists in your environment
SELECT * FROM Configuration WHERE configtypecode = 'CUSTOMNAVREMOTE';
If no results are returned, then you may run the following query to INSERT the configuration into your Configuration Table.
INSERT INTO Configuration VALUES( 1, 'SYSTEM', 'CUSTOMNAVREMOTE', 'TRUE');
NOTE: This will come in handy when configuring the Timeout Page settings in a subsequent step.
Step 3: Update your web.xml file with the following changes
The web.xml file can be found under [Your Yellowfin Directory].../appserver/webapps/ROOT/WEB-INF/web.xml
First, search for the <welcome-file-list> tag, and replace the existing original value of ‘index_mi.jsp’ with ‘redirect.jsp’ instead
Next, scroll to the bottom of the file, and paste the following <filter>…</filter> tag snippet at the bottom of the file, but right before the </web-app> tag:
<filter> <filter-name>NotLoggedInFilter</filter-name> <filter-class>com.hof.adapter.NotLoggedInFilter</filter-class> <init-param> <param-name>restrictedEntryPoint</param-name> <param-value>/RunReport.i4,/RunDashboard.i4</param-value> </init-param> <init-param> <param-name>redirectUrl</param-name> <param-value>http://your_yellowfin_URL/redirect.jsp?</param-value> </init-param> </filter> <filter-mapping> <filter-name>NotLoggedInFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
Make sure to replace ‘ your_yellowfin_URL ’ with the actual URL of your Yellowfin application:
Save the web.xml file with your changes above.
Step 4: Update the Timeout Page settings to point to your ‘Redirect JSP’
Login to your Default (Primary) Organization in Yellowfin.
Navigate to Administration > Configuration > Integration > Timeout Page
Set the Timeout Page display to ‘Custom’
Then in the URL field, enter in the filename of your JSP (e.g. ‘redirect.jsp’) which you created above
Step 5: Restart Yellowfin
Restart your Yellowfin Tomcat service for all the above changes to take effect.
Users should now always be redirected to your SSO login entry URL whenever they have to access or re-access Yellowfin if they are not already logged in.