Easy authentication in Pentaho 5.3

In the previous 4.x it was possible to just pass the username and password to the server to have it authenticated. This changed in 5.0 - 5.2, as that method was not available. The jira that captured this issue was one of the more active ones, with both community votes and customer cases assigned to it. There were some known workarounds, but never fully worked.

So we made sure to address it in 5.3, optionally recovering that old method of authentication, and made it much easier to setup. This help page details the entire process, but it's as simple as:

  • Go to the biserver-ee/pentaho-solutions/system directory and open the security.properties file.
  • Set the requestParameterAuthenticationEnabled property to true like this:


  • Save and close the file.
  • Stop and restart the BA Server.

This way, by passing the usual ?userid=admin&password=password parameters, you'll be able to see the content you're interested in.

Private browsing session demonstrating authentication

Correct authentication in Pentaho 5.x

You probably noticed that this easy authentication comes disabled by default, and you have to switch a configuration flag to enable it. The reason for that is simple - You should only use this authentication method if you really know what you're doing!

This should never be used as a generic embedding approach; Anyone can capture the credentials easily; so logically, this is something that should only be used when you don't mind people know these credentials in the first place! As an example, we use this method on the webdetails website for the public demos, with permissions to do... well, nothing else!

So, not being this the recommended scenario, what are the options that should be chosen for embedding pentaho? By order:

  1. Single Sign On (CAS) authentication
  2. Cookie based authentication
  3. Basic authentication

This help page details the information on these options, and being Pentaho an extensible platform, you can "easily" roll out your own!

Allowing anonymous access in Pentaho 5.x

The last section is also a very valid option for some scenarios - we can enable Anonymous authentication, so that anyway wearing a Guy Fawkes can see the data (jeez, what a failed attempt at a joke....).

This one requires some more effort and fiddling with configuration files, and once again, all the details are available at this help.pentaho.com article