SVS Login Supervisor

The SVS Login Supervisor is a special type of worker that can react to login events, such as a user attempting to log in to Jedox. It can, for example, be used to delegate the authentication procedure to a third-party system, such as Active Directory. The SVS Login Supervisor is a special type of worker that has three different modes: workerlogin information, workerlogin authentication, and workerlogin authorization.

Workerlogin information

With this option, the standard worker becomes a login worker and can now react to the events login and logout. The appropriate handlers are defined as OnUserLogin and OnUserLogout, and both have a parameter username such that the PHP script can react in different ways to the login of different users.

Workerlogin authentication

When using this option, the system worker has additional login functionality and database access based on a user password.

Note: when using the Login Supervisor worker in workerlogin authentication mode, only the password will be checked against the worker and/or third-party system. User, user groups and group-role mappings have to be defined on the Jedox OLAP server. Passwords stored on the Jedox OLAP server will be ignored and passwords fetched by the worker or coming from a third party system will be used instead.

Workerlogin authorization

This option includes additional functionality to the standard worker:

  • login functionality
  • database access based on a user password
  • monitoring of the groups the users belong to

This option eliminates the need for the Jedox OLAP server system cube to be responsible for this data.

Note: when using the Login Supervisor worker in workerlogin authorization mode, username, password, and group come from outside Jedox, i.e. from the worker and/or third-party system. Only group-role mappings have to be defined directly on the Jedox OLAP server.

The users “admin” and “_internal_suite” are treated differently. If SVS authentication fails for these users, the OLAP server instead tries to authenticate against its own system database, checking the provided password against the password defined there.