Making Dashboards Available to non-Foglight Users

Some users only require simple access to Foglight dashboards, ideally being able to skip the logon step.

The NoLoginUser was designed to allow the passing of a dashboard id via URL, and bypass the login step.

This should only be used on Foglight Management Server version 5.7.5.6 and lower. An easier, more secure and more scalable solution was introduced in 5.7.5.7 in February 2017.

WARNING - This NoLoginUser feature seriously weakens the security of the Foglight server. The vast majority of views in Foglight have no role restrictions. This means when this feature is activated all of these views become accessible by the NoLoginUser.

Additionally the user must be configured to have a role that give it access to the views to be made available without password protection. Additionally the user must be given the Console User role so they are allowed to login. This is an important security step if you wish to restrict what the NoLoginUser has access to.

 

The URL format currently used for this purpose is:

http://<server>:<port>/console/foglight_ext?viewId=<viewId>[&mode=(portlet|console)]

where <viewId> is the dashboard ID of WCF, such as system:core_alarms.18.

If mode is not specified "portlet" will be used. [I’m not sure what the differences are. I’ve tried both and can’t really tell.]

Note that the WCF dashboard ID may differ between Foglight Management Servers.

In order to turn this feature, following user must be added with the given password:

user name: NoLoginUser

password: abcdefg1

Example Usage

Setting up the system to show the Alarms page using the no password URL.

 

Perform the following as a Foglight Administrator.

  1. Navigate to Administration -> Users & Security
  2. Create a new role called NoLogin
  3. Create a new group called No Login Required
    1. assign the NoLogin and Console User roles to this group.
    2. the Console User role will allow the user to login to the console, this is required for all users to login, but doesn't give access to any views.
    3. the NoLogin role can now be used to configure the views the you want to be accessible to the NoLoginUser.
  4. Create the NoLoginUser with the password given above. (password: abcdefg1)
    • Assign the No Login Required group to this user
    • Uncheck “Change Password at the next logon”
  5. Go to the Alarms view. From the right hand drawer select Properties->Link to this Page. From the dialog note the Reference ID for the Alarms View.
    1. the Alarms view id should be: system:core_alarms.18
    2. The screenshot below shows where to get the Reference ID for a user's custom dashboard. Speaking of which, there is a great blog post here too.





  6. Since the majority of views have no authorization restrictions, including the Alarms view, it should now be possible to view the Alarms Dashboard without login by using this URL:
    1. http://<server>:<port>/console/foglight_ext?viewId=system:core_alarms.18
    2. However you will notice that the Alarm(s) tab has an authorization error. This is because the NoLoginUser doesn't have the right to see this particular view.
  7. To give access to the restricted view on the Alarms page navigate to Configuration->Definitions. Select the Alarms module and select the view Alarm List with Filter - Alarm List.
  8. Edit the view Alarm List with Filter - Alarm List
  9. Under Allowed Roles select the NoLogin role created above.
  10. Save the view and retry the URL. The NoLogin user should now be able to see this tab on the Alarms view.

Note – Steps 4 through 7 are only needed if you encounter a permissions error on your particular dashboard.

Here is an example of a dashboard from the DB Expansion Pack that was rendered by the NoLoginUser. You'll notice there are also no side/top panels for navigation. 

Please click here for more information on Foglight.

 

Anonymous