Denodo Security Token Authentication¶
Virtual DataPort provides support to authenticate using an internal Denodo Security Token. See the specific section about Denodo Security Token for more information.
Denodo Security Token Authentication is used for Single Sign On in Denodo applications and to allow Denodo Solution Manager to automate certain administrative actions on other Denodo servers. To enable this option, you need to use the Denodo Control Center to set the URL to the Denodo Security Token Service (check the installation guide for details).
To enable Denodo Security Token authentication, click the menu Administration > Server configuration > Server authentication. Then, click Denodo Security Token Authentication.
Assign ‘allusers’ role for every connected user: If it is enabled, this assign the role ‘allusers’ to each user authenticated with Single Sign On.
Role configuration: It allows specify the ldap used for retrieve the roles. It can be used the Global LDAP specified in the LDAP configuration (see section LDAP Authentication) or use a custom ldap configuration for this case.
Session attributes mapping: you can define a mapping between attributes from the ticket or assertion used for authenticating the user and attributes which will be added to the user session. The name on Virtual DataPort is represented by the Session Attribute column, and the name on the ticket or assertion is the one specified on Authentication Attribute.
For example, if the authentication was done using OAuth and the token has an attribute department, you can create a mapping to a user_department attribute which will be added to the user session on Virtual DataPort. The user_department attribute is accessible to functions such GETVAR and to the Global Security Policies as session attribute audience.