any Documentation available of attributes queried by BPM whe

Posted by Akioma on 12-Mar-2015 11:15

Hi,

is there a documentation available on the attributes that the BOM server queries when using SPA to authenticate/authorize using an OE AppServer?

We are having the problem that when using SPA the users do not see any Dashboard widgets. Also I don't know how to tell the BPM server that a user is an administrator.

I see that the BPM server is querying attributes like "management" or "administration" but I don't know in which format I have to provide the result. 

Any help greatly appreciated.

Thanks,
Mike

All Replies

Posted by Jawahar Surapaneni on 12-Mar-2015 12:14

Hi Mike,
As part of Configuring SPA in OEBPM, we have a guide SPAInstructions.pdf which depicts the complete instructions on configuring SPA. It resides at <DLC>\src\samples\security directory.
 
Now coming to Users created in SPA, who are not able to view the Dashboard widgets... i believe this is expected. Until and unless we create the same user with administrator privileges or given permissions to view  both management or administration tab using the JDBC realm and the same user should be created using OE Realm. Then only, that particular user who gets logged in using SPA will be able to view both management and administration tab.  ( I think, this is not documented)
 
Regards,
Jawahar.
 
[collapse]
From: Akioma [mailto:bounce-Akioma@community.progress.com]
Sent: 12 March 2015 21:46
To: TU.BPM@community.progress.com
Subject: [Technical Users - BPM] any Documentation available of attributes queried by BPM when using SPA?
 
Thread created by Akioma

Hi,

is there a documentation available on the attributes that the BOM server queries when using SPA to authenticate/authorize using an OE AppServer?

We are having the problem that when using SPA the users do not see any Dashboard widgets. Also I don't know how to tell the BPM server that a user is an administrator.

I see that the BPM server is querying attributes like "management" or "administration" but I don't know in which format I have to provide the result. 

Any help greatly appreciated.

Thanks,
Mike

Stop receiving emails on this subject.

Flag this post as spam/abuse.

[/collapse]

Posted by Akioma on 12-Mar-2015 15:44

Hi Jawahar,

I already read the SPAInstructions.pdf, but that does not contain any information about the attributes that are queried at runtime.

I am not sure if I understand your comments regarding user in SPA correctly. Does this mean that we have to create all the users that already exist in our application database again in the JDBC realm? How exaxtly would we do that (I am not familiar with the JDBC realm)?

I did some more testing and figured out that if I create an admin user in our application db and log into BPM portal using that account, then I see widgets in the dashboard. But I still don't get the Management or Administration Tab.

Are (some of...) the attributes which the BPM server requests from our SPA Application Server ignored? And if so, why are they queried at all...? :-)

Thanks for your help,

Mike

Posted by Phillip Molly Malone on 12-Mar-2015 22:02

Is this documentation more helpful?

REST & Mobile Single Point of Authentication

(hopefully the link works)

I had issues in the past with the Roles being passed back not having the Roles to handle the Tomcat needed roles (ROLES_USERS or whatever they are). Also, and I can't recall no, I think  you have to leave off the ROLES_ if you have defined that in another of the parameters.

Hope this helps.

Posted by Lakshmi Padmaja on 13-Mar-2015 00:16

Hi Mike,

As SPA service only authenticates users while BP Server manages permission, not having this admin user will prohibit you from administering BP Server. And when OEBPM is configured to OE Realm ,we need to  create an admin user in our application db, this user will have all the permissions by default .And further to assign admin permissions for any users created in application db .Please follow the below stated steps.

1.      Login to the portal as admin.

2.      Navigate to the administration > User Management > users

3.      Select the user to assign the permission

4.      Select the permissions tab in the User details page and assign the required permission.

 

Regards,

Lakshmi

 
[collapse]
From: Akioma [mailto:bounce-Akioma@community.progress.com]
Sent: Friday, March 13, 2015 2:15 AM
To: TU.BPM@community.progress.com
Subject: RE: [Technical Users - BPM] any Documentation available of attributes queried by BPM when using SPA?
 
Reply by Akioma

Hi Jawahar,

I already read the SPAInstructions.pdf, but that does not contain any information about the attributes that are queried at runtime.

I am not sure if I understand your comments regarding user in SPA correctly. Does this mean that we have to create all the users that already exist in our application database again in the JDBC realm? How exaxtly would we do that (I am not familiar with the JDBC realm)?

I did some more testing and figured out that if I create an admin user in our application db and log into BPM portal using that account, then I see widgets in the dashboard. But I still don't get the Management or Administration Tab.

Are (some of...) the attributes which the BPM server requests from our SPA Application Server ignored? And if so, why are they queried at all...? :-)

Thanks for your help,

Mike

Stop receiving emails on this subject.

Flag this post as spam/abuse.

[/collapse]

Posted by Akioma on 15-Mar-2015 14:54

Hi Lakshmi,

I created a "admin" user in our application database and logged into BPM using that username.

Now I see the dashboard widgets. But I still do not get the administration tab.

Any idea what I can do?

Thanks,

Mike

Posted by Lakshmi Padmaja on 16-Mar-2015 01:25

Hi Mike ,

 

Please follow the below steps provided to configure BPM with SPA and let us know if you still have an issue.

 

1.      Open portal in browser before configuring SPA and login to the portal as “admin”

2.      Stop servers

3.      Open DLC/oebpm/server/conf /umacl.conf file and change real.type and realm provider as follows

·        usermgr.realm.type=custom

·        usermgr.realm.provider=com.savvion.usermanager.OERealm

4.      Open DLC/oebpm/server/conf /bpmportal.conf  and Set bpmportal.customrealm.managegroup to true

5.      Copy paste spaservice.properties file from DLC/src/samples/security to wrk directory

6.      Open proenv and type following and press enter. Copy generated encoded password and paste in spaservice.properties file. Also will generate oespaclient.cp. in work directory

proenv>genspacp -password admin

7.      Copy  oespaclient.cp from wrk to DLC/oebpm/server/conf directory

8.      In DLC/oebpm/server/conf /umacl.conf file, change oeauth.server.clientprincipal from spadefault.cp to oespaclient.cp

9.      Create empty db in pdsoe

10.   Create an appserver project with below structure

·        <APseverProject>\ AppServer\OpenEdge\Security\Realm

·        <APseverProject>\ AppServer\OpenEdge\Security\Util

11.    copy files from following location

·        DLC\src\samples\security\OpenEdge\Security\Realm to <APseverProject>\ AppServer\OpenEdge\Security\Realm

·        DLC\src\samples\security\OpenEdge\Security\Util to <APseverProject>\ AppServer\OpenEdge\Security\Realm

 

12.   Create database and sql connection and assign to project for the empty db

13.   Create a .p file with following content and run the p file

CREATE <dbname>._User.

ASSIGN _User._Userid = "admin"

_User._Password = "admin"

_User._User_number = 1800

_User._Create_date = NOW

_User._Given_name = "Administrator"

_User._Telephone = "987888888"

_User._Email = " admin @progress.com"

_User._Description = "QA Eng"

14.   Add database to bpsbroker from run configuration and start server

 

15.   Add project to broker and publish

 

 

16.   Now login to portal with oebpm credentials and observe that now we are able to login

 
 
Regards,
Lakshmi
 
 
[collapse]
From: Akioma [mailto:bounce-Akioma@community.progress.com]
Sent: Monday, March 16, 2015 1:25 AM
To: TU.BPM@community.progress.com
Subject: RE: [Technical Users - BPM] any Documentation available of attributes queried by BPM when using SPA?
 
Reply by Akioma

Hi Lakshmi,

I created a "admin" user in our application database and logged into BPM using that username.

Now I see the dashboard widgets. But I still do not get the administration tab.

Any idea what I can do?

Thanks,

Mike

Stop receiving emails on this subject.

Flag this post as spam/abuse.

[/collapse]

This thread is closed