Bug 1018898
Summary: | Switchyard BPEL console should participate in Overlord SSO | ||
---|---|---|---|
Product: | [JBoss] JBoss Fuse Service Works 6 | Reporter: | Eric Wittmann <eric.wittmann> |
Component: | BPEL Integration | Assignee: | Eric Wittmann <eric.wittmann> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Jiri Sedlacek <jsedlace> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.0.0 GA | CC: | ldimaggi, oskutka, soa-p-jira |
Target Milestone: | ER7 | ||
Target Release: | 6.0.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | Type: | Bug | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Eric Wittmann
2013-10-14 16:14:28 UTC
As requested, the BPEL console now leverages Overlord SSO as its authentication mechanism rather than its own. The following implications (in no particular order) should be noted: * the FSW Installer can stop prompting for a separate BPEL user. * the FSW Installer should add "administrator" to the list of roles given to the "Governance Admin user" when creating it in overlord-idp-roles.properties * the section of standalone.xml that configures the "overlord-jaxrs" login module must have ",/bpel-console" added to the 'value' attribute of the allowedIssuers module option Also note that the BPEL REST services (located in bpel-console-server) are now protected by BASIC authentication instead of FORM auth. This should (I hope) actually be a very good change for any customers who might be using them. [Those services now also support SAML bearer token authentication] Verified in ER8: <security-domain name="bpel-console" cache-type="default"> <module-option name="allowedIssuers" value="/s-ramp-ui,/dtgov,/dtgov-ui,/gadget-web,/bpel-console"/> Verified in ER8: <security-domain name="bpel-console" cache-type="default"> <module-option name="allowedIssuers" value="/s-ramp-ui,/dtgov,/dtgov-ui,/gadget-web,/bpel-console"/> |