Hi,
One of our users is currently evaluating a new architecture to provide external users access to DataMiner dashboards.
At the moment, dashboard access is exposed using a SAML-based configuration with an internal identity provider (IdP). However, this component is planned to be decommissioned by the end of 2027, so alternative approaches are being explored.
One option under consideration is to avoid SAML entirely and instead rely on a reverse proxy-based setup. Specifically, the idea is to:
- Place reverse proxies in front of the DataMiner front-end environments
- Inject authentication and user context via HTTP headers
- Allow dashboards to be accessed based on this upstream-authenticated context
The key questions are:
- Is this type of configuration (authentication via HTTP headers from reverse proxies) supported in DataMiner?
- If so, which HTTP headers and user attributes should be provided to ensure correct authentication and authorization?
- Are there any best practices or known limitations when implementing this setup?
The goal is to validate this approach in a pre-production environment before making architectural decisions.
Any insights or experiences with similar setups would be highly appreciated.
Thanks in advance,
In the past I had a similar scenario (before cloud connection was an option):
I believe a so-called "Dashboard Gateway" could potentially fit this use-case too (it would be similar or work side by side to the reverse proxy you have described) – but not aware if still offered via the latest licensing models – subscribing to get the latest info – will post a link if I'm able to find it
I think this was the module:
https://docs.dataminer.services/dataminer/Functions/Dashboards_and_Low_Code_Apps/Dashboards_app/Dashboard_Gateway_installation.html
HTH
Thanks for the input, Alberto – much appreciated!
I’ll take this offline for now, as it seems stepping away from SAML might not be the right approach in this case.
Worth noting that Cloud Connectivity is currently not possible for this user.