Skip to content

exo-addons/georchestra-connector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
packaging
packaging
 
 
services
services
 
 
webapp
webapp
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

eXo Georchestra connector

This addon is using to synchronize Georchestra roles with eXo spaces memberships.

With this addon, you will be able to bind a geOrchestra in a space. Then, when a user joins the space, eXo send a request to geOrchestra to add the user in the role.

In parallel, this addon adds 2 rest endpoints to notify eXo when a user is added in a geOrchestra role. When these endpoints are called, the specified user is added/remove from spaces bind with the specified roles

A second feature is added in this addon, allowing to identify user by a header set by a front web server

Configuration

5 properties are used in this addon

Properties Default Description
org.georchestra.url Set the url of geOrchestra component.
org.georchestra.username Set the username of the service account which call geOrchestra.
org.georchestra.password Set the password of the service account which call geOrchestra.
org.georchestra.header sec-username Set the header name read to identify the user.
org.geochestra.organization.synchronization.job.expression 0 5 0 * * ? Cron expression for user synchronization job for organization profile field.

To use header authentication, 2 properties must be added : gatein.sso.login.module.enabled=true gatein.sso.login.module.class=org.gatein.sso.agent.login.SSOLoginModule

REST Endpoints

Add user :

POST /rest/private/georchestra Header : Authorization: Basic cmDvd3pgYXNzd29yZA Body :

{ "role":"geOrchestraRole" "username": "john" }

The authorization header is a classic Basic Authentication Header, build like this : 'Basic Base64encode(username:password)'

  • role : the name of the geOrchestraRole
  • user : the user to add in space

When calling this endpoint, user john will be added in all spaces bind to the role geOrchestraRole

Remove user :

DELETE /rest/private/georchestra Header : Authorization: Basic cmDvd3pgYXNzd29yZA Body :

{ "role":"geOrchestraRole" "username": "john" }

The authorization header is a classic Basic Authentication Header, build like this : 'Basic Base64encode(username:password)'

  • role : the name of the geOrchestraRole
  • user : the user to add in space

When calling this endpoint, user john will be removed from all spaces bind to the role geOrchestraRole One exception : if the user is the last manager of the space, he will not be removed.

Header Authentication

To use this functionnaly, eXo must be configured behind a reverse proxy. This proxy MUST ensure to remove existing header coming from the request, and replace it by the username of the identified user. If the header is not removed from the initial request, it can lead to a security issue : anybody can add the header he want to log into the platform

User Synchronization Job

The job get field org from users in geOrchestra, and put it in field company in user profile. This job run each day at 00h05. The cron job start date can be updated with the property

org.geochestra.organization.synchronization.job.expression

About

Georchestra Connector

Resources

Readme

License

AGPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

12 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages