Setup SeekTable for secure embedding

You can embed SeekTable reports into your web application in a secure way by enabling JWT-based authorization for published reports. Secure embedding is available only for self-hosted SeekTable and only for users with Advanced Publishing subscription. How it works:

Your web app
Generates secure JSON Web Token
Secure report link
JWT is passed to SeekTable report as an URL parameter or cookie
SeekTable
Decodes/verifies JWT and applies claims as report parameters.

JWT lifetime can be is limited by its expiration date. JWT claims may be used as report parameters and in this way you can organize row-level security for embedded reports (without need to use SSO). JWT may be encrypted with symmetric algorithm if needed.

If you want to evaluate this feature before purchase you can request free 14-day trial.

Part 1: Configure SeekTable JWT validation for published reports

Find docker-compose.seektable.env file and add the following lines:

SeekTable_ST:PublicReport:AuthJwtUrlParameter=auth
SeekTable_ST:PublicReport:AuthJwtCookieName=cookie_name_or_empty_if_not_used
SeekTable_ST:PublicReport:AuthJwt:ValidIssuer=your_web_app_issuer_value
SeekTable_ST:PublicReport:AuthJwt:ValidateIssuer=true
SeekTable_ST:PublicReport:AuthJwt:ValidateAudience=false
SeekTable_ST:PublicReport:AuthJwt:ValidateLifetime=true
SeekTable_ST:PublicReport:AuthJwt:ValidateIssuerSigningKey=true
SeekTable_ST:PublicReport:AuthJwt:IssuerSigningKeyString=your_secret_signing_key_min_16_chars

If you want to use encrypted JWT also add:

SeekTable_ST:PublicReport:AuthJwt:TokenDecryptionKeyString=your_secret_decryption_key_min_16_chars

Then re-start your self-hosted SeekTable docker container (docker-compose restart).
Now you should see Security tab on "Configure Published Report" form:

Configure Published Report: Security tab

Part 2: Generate JWT in your web application

The following code snippets illustrate how to generate JSON Web Token (.NET):

var handler = new JwtSecurityTokenHandler();
var signingCredentials = new SigningCredentials(
  new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes("your_secret_signing_key_min_16_chars")),
  SecurityAlgorithms.HmacSha256Signature);
var token = handler.CreateJwtSecurityToken(
  subject: new ClaimsIdentity(new[] { new Claim("report_param_name", "report_param_val") }),
  signingCredentials: signingCredentials,
  audience: "",
  issuer: "your_web_app_issuer_value",
  expires: DateTime.UtcNow.AddMinutes(30));
var jwt = handler.WriteToken(token);
var handler = new JwtSecurityTokenHandler();
var signingCredentials = new SigningCredentials(
  new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes("your_secret_signing_key_min_16_chars")),
  SecurityAlgorithms.HmacSha256Signature);
var encryptCredentials = new EncryptingCredentials(
  new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes("your_secret_decryption_key_min_16_chars")),
  SecurityAlgorithms.Aes128KW,
  SecurityAlgorithms.Aes128CbcHmacSha256);
var tokenDescriptor = new SecurityTokenDescriptor {
  Audience = "",
  Issuer = "your_web_app_issuer_value",
  Subject = new ClaimsIdentity(new[] { new Claim("report_param_name", "report_param_val") }),
  Expires = DateTime.UtcNow.AddMinutes(5),
  EncryptingCredentials = encryptCredentials,
  SigningCredentials = signingCredentials
};
var encryptedJwt = handler.CreateEncodedJwt(tokenDescriptor);

If you don't use C#/.NET please check your development platform about how to generate JSON Web Token. Notes:

Part 3: Pass JWT to embedded SeekTable report

There are 2 ways how you can pass generated JWT to the report embedded with IFRAME:

Important notes: