kaicode
commented
6 years ago Hi @dhirendraps, thanks for your question. We don't have any documentation in this area but I will try to explain here.
Authoring Services should be accessed via NGinx. Authoring Services should access Snow Owl via Nginx. For every request NGinx will authenticate the crowd token key by contacting IMS. It does this using the auth_request module, example configuration here https://gist.github.com/kaicode/cc149d3487e2408c247427df9ac3ab01 It can be difficult to get an NGinx package with this module, you may need to compile one yourself, I can't advise on this.
Once you have this setup this is the flow of requests:
- Http request made towards Authoring Services
- NGinx authenticates the request using the dev-ims-ihtsdo cookie and adds HTTP Headers "X-AUTH-username" and "X-AUTH-roles" using information from IMS and also "X-AUTH-token" which contains the cookie. Request forwarded to Authoring Services.
- Authoring Services picks up the username, roles and cookie from the X-AUTH headers. These go into the Spring security context.
- When Authoring Services makes a request to Snow Owl a client object is created which has the cookie from the security context. Http request made towards Snow Owl.
- NGinx accepts request and authenticates it against IMS using the cookie which was originally from the user but is being passed between services for requests made on behalf of the user. Forwards request to Snow Owl including the simple authentication header.
- Snow Owl picks up the username, roles and cookie from the X-AUTH headers and allows the request.
I am trying to setup the Authoring Platform. Setup the JIRA as defined in the given link(https://confluence.ihtsdotools.org/tools/deploying-tools/authoring-platform-deployment/authoring-platform-jira-setup) and created the project on JIRA following given link (https://confluence.ihtsdotools.org/display/SIAPUG/Creating+an+AP+Project+in+Jira) also added project and Task in the JIRA.
I am able to fetch tasks from JIRA in authoring-UI but when trying to fetch the project from the Authoring UI, it is looking for branch on the termserver for that particular project. In error log it is clear that it is Failed to retrieve Branch because it is unauthorized.
Initally user is authorized from the IMS and getting a crowd token key and dev-ims-ihtsdo in auhtoring service application.properties file Can be used to configure static SSO values for dev rather than using Nginx authentication.override.username=miguser authentication.override.roles=refset-administrators authentication.override.token=dev-ims-ihtsdo
I created a branch in termserver by following Terminology server setup section from the following link (https://confluence.ihtsdotools.org/display/DEVOPS/Creating+a+new+extension+in+MS) and using file authentication in termserver.
What is the authentication process to fetch branch from termserver. What role we required for proper authentication. How token are used for authentication. Please help me in understanding the process/flow of fetching project and working of authoring service with the termserver.