Uploaded image for project: 'Camunda Optimize'
  1. Camunda Optimize
  2. OPT-1511

I can authenticate with a single sign on mechanism

    Details

    • Type: Feature Request
    • Status: Done
    • Priority: L3 - Default
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 2.3.0, 2.3.0-alpha2
    • Component/s: backend
    • Labels:

      Description

      AT:

      • There is a plugin system that can be used to implement my custom authentication based on a single sign on mechanism
      • This is documented in the technical guide on how to do that
      • the following use case should be supported:
        • given:
          • the plugin for single sign on is enabled in Optimize
          • the used signed in in the system
        • when:
          • the user accesses Optimize
        • then:
          • the user is automatically logged in into Optimize

        Issue Links

          Activity

          Hide
          sebastian.stamm Sebastian Stamm added a comment -

          Omran Abazeed: We had to do some frontend adjustments for this ticket. Could you please review this commit?

          Show
          sebastian.stamm Sebastian Stamm added a comment - Omran Abazeed : We had to do some frontend adjustments for this ticket. Could you please review this commit ?
          Hide
          omran.abazeed Omran Abazeed added a comment -

          sure

          Show
          omran.abazeed Omran Abazeed added a comment - sure
          Hide
          omran.abazeed Omran Abazeed added a comment -

          works great

          Show
          omran.abazeed Omran Abazeed added a comment - works great
          Hide
          sebastian.bathke Sebastian Bathke added a comment - - edited

          Nice job!

          1. I left some comments mostly on method renaming (Header->Cookie).
          2. The only functional suggestion I have is using the request attributes/properties to pass on a freshly issued auth token from the SsoFilter to following filters, in this case AuthenticationFilter can read that property first before checking cookies and will thus always make use of the current active token even if it was just set within the same request
            https://github.com/camunda/camunda-optimize/commit/32b6116663f793f52a01ba07b2b37b2c727e45f6
            this way authentication also works on the /api paths and not just on the root /
          3. Let's also create a ticket for moving the sample plugins used in It tests to the IT source folder, currently they sit in the test path.
          Show
          sebastian.bathke Sebastian Bathke added a comment - - edited Nice job! I left some comments mostly on method renaming (Header->Cookie). The only functional suggestion I have is using the request attributes/properties to pass on a freshly issued auth token from the SsoFilter to following filters, in this case AuthenticationFilter can read that property first before checking cookies and will thus always make use of the current active token even if it was just set within the same request https://github.com/camunda/camunda-optimize/commit/32b6116663f793f52a01ba07b2b37b2c727e45f6 this way authentication also works on the /api paths and not just on the root / Let's also create a ticket for moving the sample plugins used in It tests to the IT source folder, currently they sit in the test path.
          Hide
          johannes.heinemann Johannes Heinemann added a comment -

          Thanks for you the code! Yes, you are right this way it's a lot nicer since providing the authentication works also for the /api* paths. I refactored the remaining issue and created OPT-1620 to move the sample plugins.

          Show
          johannes.heinemann Johannes Heinemann added a comment - Thanks for you the code! Yes, you are right this way it's a lot nicer since providing the authentication works also for the /api* paths. I refactored the remaining issue and created OPT-1620 to move the sample plugins.
          Hide
          sebastian.bathke Sebastian Bathke added a comment -

          Nice! Looks good to me!

          Show
          sebastian.bathke Sebastian Bathke added a comment - Nice! Looks good to me!

            People

            • Assignee:
              Unassigned
              Reporter:
              johannes.heinemann Johannes Heinemann
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: