The Pass-through Authentication feature lets you create a direct link to a Profile's reports. A script (example below) handles authentication: the expectation is that the user has already authenticated to the page containing the direct report link.
Angelfish admins can enable pass-through authentication through the Settings screen in Configure - Global. Once enabled, a key will be generated, which can be trashed or regenerated at any time. Once pass-through authentication is successful, the current user will be able to view reports ONLY for the current profile.
Viewing Reports Without Authenticating
To view a profile using Pass-through authentication, POST the report URL as such:
|p||The ID of the profile to view|
|t||The GMT epoch seconds of the request|
|sig||The authentication signature generated using the passthrough auth key from global settings|
Once authenticated, a "ptsession" cookie will be created, restricting the users access to just the original profile ID.
Generating the AUTH_SIGNATURE
- Concatenate the profile ID and time the request is being made: PROFILE_ID + '-' + TIME
- Create an MD5 HMAC hash (base64 encoded) of #1, using the assigned pass-through auth key (from global settings).
- No more than 10 seconds may have passed between TIME and the current time.
- Once the auth signature is validated, the user will only be able to view reports for the original profile specified.
Example Script (PHP)
This script can be written in any language necessary, to achieve the same result.
// Pass-through KEY generated from Angelfish UI
$PASSTHROUGH_KEY = "foobar";
// Location of Angelfish Server
$ANGELFISH = "http://localhost:9000";
// Capture Profile ID from query
$profile_id = $_GET["p"];
/// TODO: Authenicate current user to profile ID
// Capture current epoch seconds
$time = time();
// Sign the data
$sig = base64_encode(hash_hmac("md5", $profile_id . "-" . $time, $PASSTHROUGH_KEY, true));
<form action="<?php echo $ANGELFISH; ?>/reports/#!/<?php echo $_GET["p"]; ?>/" method="post" name="frm" style="display:none;">
<input type="hidden" name="p" value="<?php echo $_GET["p"]; ?>" />
<input type="hidden" name="t" value="<?php echo $time; ?>" />
<input type="hidden" name="sig" value="<?php echo $sig; ?>" />