How to use header authentication with DataZen?
We are using DataZen to visualize some data via dashboards.
We want to use header authentication, but the documentation does not provide any information which header field to set with the external_auth_key.
Does someone know which header fields to set when using DataZen's header authentication?
Quick preface: this feature really shouldn't be used. It isn't documented well because it's almost never the right way to set up the server. You should always heavily consider alternatives, like the default mode (where Datazen handles credentials for you) or better-yet, Active Directory Federation Services.
External Authentication is a relatively unsecure approach, because all faith is placed in the proxy. Unless you absolutely need it and you aren't using Active Directory, it should generally be avoided.
You have to tell Datazen which header or cookie to look for. You can do that through the Control Panel UI.
Note that the "Authentication key" setting is case-sensitive, so I typically suggest sticking to something in all lowercase.
Once you've got that setting set, just go to your proxy (in whatever form you choose to implement that) and set a header with that name, and the 1:1 Datazen username that should be authenticated.
For example, if I'm logged in on the proxy with the above settings, the proxy should make the following request:
GET /viewer HTTP/1.1
thisistheheadername: v-mhauge
...
After reading that header, Datazen server will respond as if that user was logged in.
Disclaimer: I'm a support engineer with Microsoft, paid to support Datazen.
- What is the maximum length of a URL in different browsers?
- HTTP 408 Request timeout
- How do I make an HTTP request from Rust?
- What is the HTTP request timeout?
- HTTP audio streaming
- Do HTTPS connections require HTTPS proxies or can I use HTTP proxies?
- How can I decompress gzipped http bodies in a nodejs application?
- cURL command line keep connection open
- HTTP test server accepting GET/POST requests
- How to send HTTP Headers during/after HTTP Body stream? Is there spec work on this?
- Why is jwebserver not responding to a simple manual HTTP request sent from the terminal?
- Is a slash ("/") equivalent to an encoded slash ("%2F") in the path portion of an HTTP URL
- Python requests library added an additional header "Accept-Encoding: identity"
- Troubleshooting HTTPS Issues with .NET Application on IIS Server
- What is idempotency in HTTP methods?
- How do I get the bytes that I send to the server using Requests?
- Why Doesn't my Authorization Header need "Bearer"?
- How to handle Json and Html in the same handler with Axum?
- send http request using django and get results
- ESP32 HTTP Requests Fail When Connected to Jio Air Fiber via Netis Router
- Handling whitespaces in HTTP headers
- Forward TCP connection to HTTP on Nginx
- HTTP GET with request body
- Flutter 'List<dynamic>' is not a subtype of type 'Map<String, dynamic>'
- How to solve SocketException: Failed host lookup: 'www.xyz.com' (OS Error: No address associated with hostname, errno = 7)
- Azure blocks POST requests from User-Agent Mozilla/5.0 to App Service
- Cleartext HTTP traffic to myserver.com not permitted on Android N preview
- Go file server doesn't serve folder
- Looking for the 302 redirect code, instead getting 200 OK status code
- Why can not I append script to DOM on mobile browsers