Integration
This chapter discusses various aspects of integrating nevisMeta with other Nevis components such as nevisProxy, nevisAuth, and nevisIDM.
Integration nevisProxy
To integrate nevisMeta with the nevisProxy reverse proxy, the following XML segments need to be added to the configuration of nevisProxy:
<filter>
<filter-name>NevisMetaRoleFilter</filter-name>
<filter-class>ch::nevis::isiweb4::filter::auth::SecurityRoleFilter</filter-class>
<init-param>
<param-name>AuthenticationServlet</param-name>
<param-value>NevisAuthConnector</param-value>
<description>The configured name of the authentication servlet</description>
</init-param>
<init-param>
<param-name>LoginRendererServlet</param-name>
<param-value>BuiltinLoginRenderer</param-value>
<description>The configured name of the login renderer servlet</description>
</init-param>
<init-param>
<param-name>RolesRequired</param-name>
<param-value>
nevisMeta.admin
nevisMeta.user
</param-value>
<description>The required roles. at least one of them must be owned</description>
</init-param>
</filter>
<filter-mapping>
<filter-name>NevisIdmAuthenticationFilter</filter-name>
<url-pattern>/nevismeta/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>NevisMetaRoleFilter</filter-name>
<url-pattern>/nevismeta/*</url-pattern>
</filter-mapping>
<!-- NevisMeta administration application -->
<servlet>
<servlet-name>NevisMetaConnector</servlet-name>
<servlet-class>ch::nevis::isiweb4::servlet::connector::http::HttpsConnectorServlet</servlet-class>
<init-param>
<param-name>InetAddress</param-name>
<param-value>host:8996</param-value>
</init-param>
<init-param>
<param-name>CookieManager</param-name>
<param-value>store:^JSESSIONID$ allow:.*$</param-value>
</init-param>
<init-param>
<param-name>SSLCACertificateFile</param-name>
<param-value>/var/opt/keybox/default/truststore.pem</param-value>
</init-param>
<init-param>
<param-name>AllowedMethods</param-name>
<param-value>ALL-HTTP</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>NevisMetaConnector</servlet-name>
<url-pattern>/nevismeta/*</url-pattern>
</servlet-mapping>
Integration nevisIDM
Creating application and roles in nevisIDM
To integrate nevisMeta with nevisIDM:
- Create a new application in nevisIDM.
- Create "admin" and "user" roles for the nevisMeta application in nevisIDM.
- Assign the "nevisMeta.admin" or "nevisMeta.user" roles to users as appropriate.
For details on the management of applications, roles and users in nevisIDM, refer to Reference Guide nevisIDM.
Configure the User Data Service
nevisIDM User Administration Configuration
For the user data service to work properly, a technical client with certificate credentials has to be created in nevisIDM (Refer to the Reference Guide nevisIDM).
- Create a new user with the name "nevismeta".
- Add new user credentials.
- Change type to "Certificate".
- Untick "Create ticket for upload".
- Enter a signed client certificate.
nevisMeta Configuration
To use the User Data Service, the config of nevisMeta has to be adapted accordingly.
- Run:
# nevismeta config
- Change userdata-service.provider and userdata-service.provider.nevisidm.endpointUrl:
[...]
# valid options: none, nevisidm
# userdata-service.provider=none
# NevisIdm userdata-service
userdata-service.provider=nevisIdm
userdata-
service.provider.nevisidm.endpointUrl=https://<server>:<port>/nevisidmcc/services/v1_33/
AdminService
[...]
Make sure userdata-service.provider=none
is commented out and userdata-service.provider=nevisIdm
as well as the userdata-service.provider.endpointUrl
are activated.
- Change the nevisMeta vmargs configuration. This must be done to ensure the correct certificate is read out.
- Run:
#nevismeta config vmargs
- Adapt the following line according to the certificate settings:
[...]
-Dcom.sun.enterprise.security.httpsOutboundKeyAlias=<certifcate_label_name>
[...]