Bug 1018898 - Switchyard BPEL console should participate in Overlord SSO
Switchyard BPEL console should participate in Overlord SSO
Status: CLOSED CURRENTRELEASE
Product: JBoss Fuse Service Works 6
Classification: JBoss
Component: BPEL Integration (Show other bugs)
6.0.0 GA
Unspecified Unspecified
unspecified Severity unspecified
: ER7
: 6.0.0
Assigned To: Eric Wittmann
Jiri Sedlacek
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-14 12:14 EDT by Eric Wittmann
Modified: 2015-08-02 19:45 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Eric Wittmann 2013-10-14 12:14:28 EDT
Description of problem:
The switchyard bpel console has its own set of users and its own login.  It does not participate in the SSO used by the Overlord projects.

How reproducible:
Always

Steps to Reproduce:
1. Install FSW6
2. Log in to bpel-console

Actual results:
Separate login.

Expected results:
The common overlord login is used.
Comment 2 Eric Wittmann 2013-10-21 12:04:35 EDT
As requested, the BPEL console now leverages Overlord SSO as its authentication mechanism rather than its own.

The following implications (in no particular order) should be noted:

* the FSW Installer can stop prompting for a separate BPEL user.
* the FSW Installer should add "administrator" to the list of roles given to the "Governance Admin user" when creating it in overlord-idp-roles.properties
* the section of standalone.xml that configures the "overlord-jaxrs" login module must have ",/bpel-console" added to the 'value' attribute of the allowedIssuers module option

Also note that the BPEL REST services (located in bpel-console-server) are now protected by BASIC authentication instead of FORM auth.  This should (I hope) actually be a very good change for any customers who might be using them.  [Those services now also support SAML bearer token authentication]
Comment 3 Len DiMaggio 2014-01-08 10:51:25 EST
Verified in ER8:

<security-domain name="bpel-console" cache-type="default">
                            <module-option name="allowedIssuers" value="/s-ramp-ui,/dtgov,/dtgov-ui,/gadget-web,/bpel-console"/>
Comment 4 Len DiMaggio 2014-01-08 10:52:07 EST
Verified in ER8:

<security-domain name="bpel-console" cache-type="default">
                            <module-option name="allowedIssuers" value="/s-ramp-ui,/dtgov,/dtgov-ui,/gadget-web,/bpel-console"/>

Note You need to log in before you can comment on or make changes to this bug.