Red Hat Bugzilla – Bug 1018898
Switchyard BPEL console should participate in Overlord SSO
Last modified: 2015-08-02 19:45:14 EDT
Description of problem:
The switchyard bpel console has its own set of users and its own login. It does not participate in the SSO used by the Overlord projects.
Steps to Reproduce:
1. Install FSW6
2. Log in to bpel-console
The common overlord login is used.
As requested, the BPEL console now leverages Overlord SSO as its authentication mechanism rather than its own.
The following implications (in no particular order) should be noted:
* the FSW Installer can stop prompting for a separate BPEL user.
* the FSW Installer should add "administrator" to the list of roles given to the "Governance Admin user" when creating it in overlord-idp-roles.properties
* the section of standalone.xml that configures the "overlord-jaxrs" login module must have ",/bpel-console" added to the 'value' attribute of the allowedIssuers module option
Also note that the BPEL REST services (located in bpel-console-server) are now protected by BASIC authentication instead of FORM auth. This should (I hope) actually be a very good change for any customers who might be using them. [Those services now also support SAML bearer token authentication]
Verified in ER8:
<security-domain name="bpel-console" cache-type="default">
<module-option name="allowedIssuers" value="/s-ramp-ui,/dtgov,/dtgov-ui,/gadget-web,/bpel-console"/>