Product: TIBCO Spotfire®
How to manage User Licenses and Group memberships when using OpenID Connect authentication on Spotfire Server
When using OpenID Connect authentication there is no easy way to create/manage Groups or Users and their licenses like is normally done with LDAP. When the user logins, he is added to the Everyone group by default and thus ends up without any pre-defined licenses assigned. To set the user permissions, the user needs to be manually added to the required groups by the Administrator.
For this purpose, you can use develop a Custom PostAuthenticationFilter to set up group memberships using the UserDirectory API. The Post Authentication filter is called each time a user is logged in, so in your Custom PostAuthenticationFilter code you can check if the user is part of respective groups and add them if they are not added already present.
For an example implementation of a Custom PostAuthenticationFilter, see the following Wiki post in the TIBCO Community:
Wiki: Configure Custom PostAuthentication Filter in TIBCO Spotfire® Server