[Mifos-developer] Mifos / Pentaho integration

[John Woodlock]

Hi all,

recently did a spike on putting a pentaho dashboard into the mifos home page

http://mifosforge.jira.com/browse/MIFOSBI-230 (with some piccies attached)

The main comment is below.  If people could take a look and see if I'm missing some major it would be great.

"The attached files show what one of our dashboards (being developed) looks like in mifos. The 2nd file shows the extra login required first time because we don't have single signon implemented yet.

In this case, I altered the mifos home page by removing the search form and inserting an iframe which links to the url

<iframe src="https://sandbox-reporting.mifos.org/pentaho/content/pentaho-cdf/RenderXCDF?solution=Dashboards&path=%2F&action=PradiptaGKBurndown.xcdf&template=mantle" width="100%" height="100%">
<p>Your browser does not support iframes.</p>
</iframe>

Standard stuff and easy peasy. The main thing is that each pentaho 'asset' (report, dashboard...) can be got to by url ... the variable part being the URI (which could be put in some config) and you can pass additional parameters using the standard 'parm=parmvalue' way.

So this is a very simple webby way of embedding pentaho. I think this works for anything e.g. if you want to run a report as part of a 'flow' then you can always either use something like outputting it into a new tab/window or an iframe/div on the same page with jquery/ajax. There may be other uses cases that demand a more programmatic approach for integration but I can't think of any right now...http://wiki.pentaho.com/display/PRESALESPORTAL/Using+Pentaho+with+other+software+stacks mentions high level integration ways available but seems to me to be suggesting url level (I might be reading it with blinkers on though).

Once I got over how cute this looked... I thought... well its not that much better (if at all) than having a completely separate browser tab (not mifos tab) named 'Mifos Dashboards' and having no direct integration with Mifos app at all (okay you might have a menu link to kick off the browser tab but that's just convenience... you could have had a 'favourite' just as easily). Of course you'd decorate the dashboards to have a mifos feel.

I did think for a moment that single signon isn't worth the price (I don't mind logging in twice) but at least it does cut down on (and centralise) the username/password/role administration which would get unwieldy without it.

Some Notes: 
Some Mifos pages (the old struts sort), at least this home page, have a strange limit of 500 on the height. Thats why you see empty space and a scroll bar was needed in the iframe. Could have changed this but wasn't important enough.

The data returned from pentaho URLs does tend to be quite a bit heavier than ordinary mifos pages (not surprisingly as they have dynamical charts etc and load things like jquery)... but firebug shows they can do quite a few requests and other such stuff so maybe that's can be made better. I don't notice it much but when my internet was way slow is was frustrating (ordinary mifos page bad, pentaho frustrating)."

[Van Mittal-Henkle]

John,

 

Great work!  This is really exciting to see!   Although technically it may not seem like that much to have this inside Mifos, I think there is huge value in this from a user experience perspective.

 

I wonder if there are creative ways we could make single sign on work without a big development/administration hit.

 

--Van

 

----

Van Mittal-Henkle

Mifos Software Developer

Grameen Foundation

va...@grameenfoundation.org

[Vivek Singh]

I too think we should not stop ourselves from putting this in front of users for the lack of single sign on. In fact can be work around it by keeping the user logged in for much longer and persisting login across browser restarts. We can make this timeout period configurable by the user.

>From coding perspective I don't like the fact that Mifos has to know about reporting URLs etc but I don't have a solution as well.

So yes, the mashup approach is good and it means very loose coupling between Mifos and MifosReporting. We can infact go on this path and then change easily when we have a better approach.

------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb

--
Vivek Singh | +91 98452 32929 | http://sites.google.com/site/petmongrels | petmongrels@twitter

[Vivek Singh]

Sure we can also hack it and but it would be insecure in many ways :-).

Another question is do we want roles in Pentaho?

------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb

[Van Mittal-Henkle]

So far the ideas I’m aware of that have been put on the table are:

* login twice. Mifos, then Pentaho

* introduce an LDAP server to support single signon

* use CDA and the enterprise version of Pentaho

 

I’m not looking for hacks, but just asking if anyone has any ideas that are better than those above.

 

Sure we can also hack it and but it would be insecure in many ways :-).

Another question is do we want roles in Pentaho?

 

I wonder if there are creative ways we could make single sign on work without a big development/administration hit.

[Sumit Shah]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/10/2011 09:13 AM, Van Mittal-Henkle wrote:
> So far the ideas I?m aware of that have been put on the table are:

>
> * login twice. Mifos, then Pentaho
>
> * introduce an LDAP server to support single signon
>
> * use CDA and the enterprise version of Pentaho

Apparently I was mistaken that CDA was only in the enterprise version.
This is incorrect, the enterprise version includes a script to make CDA
integration easier, but it is in fact compatible with the community edition.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk1UJiIACgkQIMOT9sRlZ5RPaACfQGAjX8xRY/NKPRsIGszP5kO5
7h0AoNmCwoc96aIVkxfPfHbXsSWZIeNz
=Je2I
-----END PGP SIGNATURE-----

[Ryan Whitney]

Vivek – regarding roles in reporting.  The answer is a resounding YES!

We should look at the ways we can integrate some of the reporting features we have with BIRT with the Pentaho integration.  Features are:

• Limiting access to reports based on roles (what we have now)
• Adding data scope limitations – IE, if I’m assigned to a branch I can only see branch data on some reports. - this is generally requested a lot
  

Either way, MFI’s do want to provide some granular control on their reports and control some of the data which staff see.  

Another thought would be the ability to add a role that is JUST allowed to view reports.  The scenario I’m thinking of is providing investor reports, where the investors can just login at a specified time and download the reports themselves.  Or the MFI could use the automated email feature in pentaho.

Ryan

The attached files show what one of our dashboards (being developed) looks like in mifos. The 2nd file shows the extra login required first time because we don't have single signon implemented yet.

So this is a very simple webby way of embedding pentaho. I think this works for anything e.g. if you want to run a report as part of a 'flow' then you can always either use something like outputting it into a new tab/window or an iframe/div on the same page with jquery/ajax. There may be other uses cases that demand a more programmatic approach for integration but I can't think of any right now...http://wiki.pentaho.com/display/PRESALESPORTAL/Using+Pentaho+with+other+software+stacks <http://wiki.pentaho.com/display/PRESALESPORTAL/Using+Pentaho+with+other+software+stacks>  mentions high level integration ways available but seems to me to be suggesting url level (I might be reading it with blinkers on though).

Once I got over how cute this looked... I thought... well its not that much better (if at all) than having a completely separate browser tab (not mifos tab) named 'Mifos Dashboards' and having no direct integration with Mifos app at all (okay you might have a menu link to kick off the browser tab but that's just convenience... you could have had a 'favourite' just as easily). Of course you'd decorate the dashboards to have a mifos feel.
I did think for a moment that single signon isn't worth the price (I don't mind logging in twice) but at least it does cut down on (and centralise) the username/password/role administration which would get unwieldy without it.
Some Notes: 
Some Mifos pages (the old struts sort), at least this home page, have a strange limit of 500 on the height. Thats why you see empty space and a scroll bar was needed in the iframe. Could have changed this but wasn't important enough.
The data returned from pentaho URLs does tend to be quite a bit heavier than ordinary mifos pages (not surprisingly as they have dynamical charts etc and load things like jquery)... but firebug shows they can do quite a few requests and other such stuff so maybe that's can be made better. I don't notice it much but when my internet was way slow is was frustrating (ordinary mifos page bad, pentaho frustrating)."

------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb

--
Ryan Whitney
Mifos Technical Program Manager
rwhi...@grameenfoundation.org  
Mifos® - Technology that Empowers Microfinance (www.mifos.org)
Our mission is to enable the poor, especially the poorest, to create a world without poverty.  
<http://grameenfoundation.org/take-action/ingenuity-fund-challenge/>
P please consider the environment before printing this e-mail.

[Van Mittal-Henkle]

> Apparently I was mistaken that CDA was only in the enterprise version.
> This is incorrect, the enterprise version includes a script to make
CDA
> integration easier, but it is in fact compatible with the community
> edition.

Thanks for clarifying this.

So the best ideas so far are:
* login twice. Mifos, then Pentaho (this is what we have now)

* introduce an LDAP server to support single signon

* use CDA with Pentaho

As I understand it, CDA would allow us to authenticate in Pentaho off of
login/permissions maintained in Mifos by essentially wrapping the Mifos
security mechanism. This sounds interesting since it would not require
us to introduce an LDAP server and that sounds simpler.

Open questions around CDA are how much effort it would be to configure
using the community Pentaho version and how it would work for Mifos to
provide the roles and permissions needed to control access to Pentaho
reports.

--Van

[Udai Gupta]

> * use CDA with Pentaho for Authentication?

CDA is Community Data Access.
http://code.google.com/p/pentaho-cda/

Are you guys discussing CAS for authentication instead of CDA?
http://www.jasig.org/cas

if not then I would like to understand more about this proposal.

Cheers,
Udai

[Van Mittal-Henkle]

> > * use CDA with Pentaho for Authentication?
> CDA is Community Data Access.
> http://code.google.com/p/pentaho-cda/
>
> Are you guys discussing CAS for authentication instead of CDA?
> http://www.jasig.org/cas

My bad. CAS is what I meant. (I've been looking at the BI stuff a lot,
so CDA is on my mind!)