Skip to main content

Integration

This chapter discusses various aspects of integrating nevisMeta with other Nevis components such as nevisProxy, nevisAuth, and nevisIDM.

Integration nevisProxy

To integrate nevisMeta with the nevisProxy reverse proxy, the following XML segments need to be added to the configuration of nevisProxy:

<filter>
<filter-name>NevisMetaRoleFilter</filter-name>
<filter-class>ch::nevis::isiweb4::filter::auth::SecurityRoleFilter</filter-class>
<init-param>
<param-name>AuthenticationServlet</param-name>
<param-value>NevisAuthConnector</param-value>
<description>The configured name of the authentication servlet</description>
</init-param>
<init-param>
<param-name>LoginRendererServlet</param-name>
<param-value>BuiltinLoginRenderer</param-value>
<description>The configured name of the login renderer servlet</description>
</init-param>
<init-param>
<param-name>RolesRequired</param-name>
<param-value>
nevisMeta.admin
nevisMeta.user
</param-value>
<description>The required roles. at least one of them must be owned</description>
</init-param>
</filter>

<filter-mapping>
<filter-name>NevisIdmAuthenticationFilter</filter-name>
<url-pattern>/nevismeta/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>NevisMetaRoleFilter</filter-name>
<url-pattern>/nevismeta/*</url-pattern>
</filter-mapping>

<!-- NevisMeta administration application -->
<servlet>
<servlet-name>NevisMetaConnector</servlet-name>
<servlet-class>ch::nevis::isiweb4::servlet::connector::http::HttpsConnectorServlet</servlet-class>
<init-param>
<param-name>InetAddress</param-name>
<param-value>host:8996</param-value>
</init-param>
<init-param>
<param-name>CookieManager</param-name>
<param-value>store:^JSESSIONID$ allow:.*$</param-value>
</init-param>
<init-param>
<param-name>SSLCACertificateFile</param-name>
<param-value>/var/opt/keybox/default/truststore.pem</param-value>
</init-param>
<init-param>
<param-name>AllowedMethods</param-name>
<param-value>ALL-HTTP</param-value>
</init-param>
</servlet>

<servlet-mapping>
<servlet-name>NevisMetaConnector</servlet-name>
<url-pattern>/nevismeta/*</url-pattern>
</servlet-mapping>

Integration nevisIDM

Creating application and roles in nevisIDM

To integrate nevisMeta with nevisIDM:

  • Create a new application in nevisIDM.
  • Create "admin" and "user" roles for the nevisMeta application in nevisIDM.
  • Assign the "nevisMeta.admin" or "nevisMeta.user" roles to users as appropriate.

For details on the management of applications, roles and users in nevisIDM, refer to Reference Guide nevisIDM

Configure the User Data Service

nevisIDM User Administration Configuration

In order for the user data service to work properly, a technical client with certificate credentials has to be created in nevisIDM. Refer to the Reference Guide nevisIDM.

  • Create a new user with the name "nevismeta".
  • Add new user credentials.
  • Change type to "Certificate".
  • Untick "Create ticket for upload".
  • Enter a signed client certificate.

nevisMeta Configuration

To use the User Data Service, the config of nevisMeta has to be adapted accordingly.

  1. Run:
# nevismeta config
  1. Change userdata-service.provider and userdata-service.provider.idm.endpointUrl:
[...]

# valid options: none, nevisidm

# userdata-service.provider=none

# NevisIdm userdata-service

userdata-service.provider=nevisIdm

userdata-service.provider.idm.endpointUrl=https://iam.net:8989/nevisidm/services/v1_45/AdminService

[...]

Make sure userdata-service.provider=none is commented out and userdata-service.provider=nevisIdm as well as the userdata-service.provider.idm.endpointUrl are activated.

  1. Change the nevisMeta env configuration. This must be done to ensure the correct certificate is read out.
  • Run:
#nevismeta config env
  • Adapt the following line according to the certificate settings:
[...]
"-Djavax.net.ssl.trustStore=/var/opt/neviskeybox/default/default/truststore.jks"
"-Djavax.net.ssl.keyStore=/var/opt/neviskeybox/default/default/node_keystore.jks"

"-Djavax.net.ssl.trustStorePassword=__detect__"
"-Djavax.net.ssl.keyStorePassword=__detect__"
[...]