In this case, I altered the mifos home page by removing the search form and inserting an iframe which links to the url
<iframe src="https://sandbox-reporting.mifos.org/pentaho/content/pentaho-cdf/RenderXCDF?solution=Dashboards&path=%2F&action=PradiptaGKBurndown.xcdf&template=mantle" width="100%" height="100%">
<p>Your browser does not support iframes.</p>
</iframe>
Standard stuff and easy peasy. The main thing is that each pentaho 'asset' (report, dashboard...) can be got to by url ... the variable part being the URI (which could be put in some config) and you can pass additional parameters using the standard 'parm=parmvalue' way.
So this is a very simple webby way of embedding pentaho. I think this works for anything e.g. if you want to run a report as part of a 'flow' then you can always either use something like outputting it into a new tab/window or an iframe/div on the same page with jquery/ajax. There may be other uses cases that demand a more programmatic approach for integration but I can't think of any right now...http://wiki.pentaho.com/display/PRESALESPORTAL/Using+Pentaho+with+other+software+stacks mentions high level integration ways available but seems to me to be suggesting url level (I might be reading it with blinkers on though).
Once I got over how cute this looked... I thought... well its not that much better (if at all) than having a completely separate browser tab (not mifos tab) named 'Mifos Dashboards' and having no direct integration with Mifos app at all (okay you might have a menu link to kick off the browser tab but that's just convenience... you could have had a 'favourite' just as easily). Of course you'd decorate the dashboards to have a mifos feel.
I did think for a moment that single signon isn't worth the price (I don't mind logging in twice) but at least it does cut down on (and centralise) the username/password/role administration which would get unwieldy without it.
Some Notes:
Some Mifos pages (the old struts sort), at least this home page, have a strange limit of 500 on the height. Thats why you see empty space and a scroll bar was needed in the iframe. Could have changed this but wasn't important enough.
The data returned from pentaho URLs does tend to be quite a bit heavier than ordinary mifos pages (not surprisingly as they have dynamical charts etc and load things like jquery)... but firebug shows they can do quite a few requests and other such stuff so maybe that's can be made better. I don't notice it much but when my internet was way slow is was frustrating (ordinary mifos page bad, pentaho frustrating)."
John,
Great work! This is really exciting to see! Although technically it may not seem like that much to have this inside Mifos, I think there is huge value in this from a user experience perspective.
I wonder if there are creative ways we could make single sign on work without a big development/administration hit.
--Van
----
Van Mittal-Henkle
Mifos Software Developer
Grameen Foundation
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
So far the ideas I’m aware of that have been put on the table are:
* login twice. Mifos, then Pentaho
* introduce an LDAP server to support single signon
* use CDA and the enterprise version of Pentaho
I’m not looking for hacks, but just asking if anyone has any ideas that are better than those above.
Sure we can also hack it and but it would be insecure in many ways :-).
Another question is do we want roles in Pentaho?
I wonder if there are creative ways we could make single sign on work without a big development/administration hit.
On 02/10/2011 09:13 AM, Van Mittal-Henkle wrote:
> So far the ideas I?m aware of that have been put on the table are:
>
> * login twice. Mifos, then Pentaho
>
> * introduce an LDAP server to support single signon
>
> * use CDA and the enterprise version of Pentaho
Apparently I was mistaken that CDA was only in the enterprise version.
This is incorrect, the enterprise version includes a script to make CDA
integration easier, but it is in fact compatible with the community edition.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk1UJiIACgkQIMOT9sRlZ5RPaACfQGAjX8xRY/NKPRsIGszP5kO5
7h0AoNmCwoc96aIVkxfPfHbXsSWZIeNz
=Je2I
-----END PGP SIGNATURE-----
The attached files show what one of our dashboards (being developed) looks like in mifos. The 2nd file shows the extra login required first time because we don't have single signon implemented yet.
So this is a very simple webby way of embedding pentaho. I think this works for anything e.g. if you want to run a report as part of a 'flow' then you can always either use something like outputting it into a new tab/window or an iframe/div on the same page with jquery/ajax. There may be other uses cases that demand a more programmatic approach for integration but I can't think of any right now...http://wiki.pentaho.com/display/PRESALESPORTAL/Using+Pentaho+with+other+software+stacks <http://wiki.pentaho.com/display/PRESALESPORTAL/Using+Pentaho+with+other+software+stacks> mentions high level integration ways available but seems to me to be suggesting url level (I might be reading it with blinkers on though).
Once I got over how cute this looked... I thought... well its not that much better (if at all) than having a completely separate browser tab (not mifos tab) named 'Mifos Dashboards' and having no direct integration with Mifos app at all (okay you might have a menu link to kick off the browser tab but that's just convenience... you could have had a 'favourite' just as easily). Of course you'd decorate the dashboards to have a mifos feel.
I did think for a moment that single signon isn't worth the price (I don't mind logging in twice) but at least it does cut down on (and centralise) the username/password/role administration which would get unwieldy without it.
Some Notes:
Some Mifos pages (the old struts sort), at least this home page, have a strange limit of 500 on the height. Thats why you see empty space and a scroll bar was needed in the iframe. Could have changed this but wasn't important enough.
The data returned from pentaho URLs does tend to be quite a bit heavier than ordinary mifos pages (not surprisingly as they have dynamical charts etc and load things like jquery)... but firebug shows they can do quite a few requests and other such stuff so maybe that's can be made better. I don't notice it much but when my internet was way slow is was frustrating (ordinary mifos page bad, pentaho frustrating)."
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
Thanks for clarifying this.
So the best ideas so far are:
* login twice. Mifos, then Pentaho (this is what we have now)
* introduce an LDAP server to support single signon
* use CDA with Pentaho
As I understand it, CDA would allow us to authenticate in Pentaho off of
login/permissions maintained in Mifos by essentially wrapping the Mifos
security mechanism. This sounds interesting since it would not require
us to introduce an LDAP server and that sounds simpler.
Open questions around CDA are how much effort it would be to configure
using the community Pentaho version and how it would work for Mifos to
provide the roles and permissions needed to control access to Pentaho
reports.
--Van
CDA is Community Data Access.
http://code.google.com/p/pentaho-cda/
Are you guys discussing CAS for authentication instead of CDA?
http://www.jasig.org/cas
if not then I would like to understand more about this proposal.
Cheers,
Udai
My bad. CAS is what I meant. (I've been looking at the BI stuff a lot,
so CDA is on my mind!)