Contribution Camunda SSO with spnego via Active Directory
256 views
Skip to first unread message
eberha...@gmail.com
Apr 8, 2015, 8:53:57 AM4/8/15
to camunda...@googlegroups.com
Hello,
for a customer we have written a SSO module. It uses spnego and authenticates against a Microsoft Active Directory server.
We now want to contribute this module to the main branch.
Are you interested in this implementation?
And what are the next steps?
Kind regards,
Eberhard Heber
for a customer we have written a SSO module. It uses spnego and authenticates against a Microsoft Active Directory server.
We now want to contribute this module to the main branch.
Are you interested in this implementation?
And what are the next steps?
Kind regards,
Eberhard Heber
Jan Galinski
Apr 9, 2015, 9:44:23 AM4/9/15
to camunda...@googlegroups.com
Hi Eberhard
I am not speaking on behalf of camunda, but as author of some extensions, I might be of help also. I dont believe that the dev crew will agree to add vendor/platform specific additions to the core product (they'd have to maintain functionality throughout the releases). But you might have a good chance to release this as a camunda community extension.
Check out these links: http://camunda.org/contribute/ http://docs.camunda.org/latest/guides/user-guide/#introduction-community-extensions for Details.
Since you mention that it is customer work, I guess most important is to clear the code ownership and fill out a license agreement.
Then you should make your code conform to the extension template: https://github.com/camunda/camunda-community-project-blueprint
and put it on github. You will need to find a sponsor from the camunda team that checks your contribution and discusses the next steps with you.
Afterwards, the extension will move in the camunda repo space and will be built and released via camundas infrastructure.
Its not as complicated as it sounds, actually it is quite fun and you can provide cool stuff without caring about the overall release plan of the main product line.
Hope that helps
regards
Jan
Rob P
Apr 12, 2015, 7:55:32 PM4/12/15
to camunda...@googlegroups.com
Hi,
I'll second Jan's suggestion. Id be very interested in an SSO solution and contributing the code as a community extension at least gives us visibility!
regards
Rob
Daniel Meyer
Apr 14, 2015, 10:33:39 AM4/14/15
to camunda...@googlegroups.com
Hi Eberhard, Jan and Rob,
Single Sign on sounds very interesting and often requested. You just have to seach for "SSO" or "Single sign on" in our forum and it is immediately obvious that this is an important feature.
I would *really* like to add this as a community maintained extension to Camunda.
What does your current implementation look like?
Does Camunda already provide the necessary plugin points for you to be able to integrate it in a plugin-like way? If not, you will nned to create pull requests to the main code base in order to add new extension points / SPIs. We can help you with that as well.
The default process is that we create a repository under the camunda organization and you can push your code there.
See also: http://camunda.org/contribute/ (particularly the "Build a Community Extension" section)
What should be the name of the repository?
Regards,
Daniel
eberha...@gmail.com
Apr 17, 2015, 2:28:29 AM4/17/15
to camunda...@googlegroups.com
Hi Jan, Rob and Daniel,
I have added a securityfilter for an account mapping to the LDAP Plugin. The filter implements the class Filter and sets the Authentication with the principal information of the HttpServletRequest.
To start the new SecurityFilter, I integrated the compiled SecurityFilter into the camunda webapp and changed the filter link in the web.xml.
Then I added some spnego configuration to the web.xml and added the two files jboss-web.xml and jboss deployment-description.xml to the webapp folder WEB-INF.
The camunda engine lacks of a plugin point for custom or new security filters.
Daniel, you can name the repository like this: jboss-sso-spnego
Kind Regards,
Eberhard
I have added a securityfilter for an account mapping to the LDAP Plugin. The filter implements the class Filter and sets the Authentication with the principal information of the HttpServletRequest.
To start the new SecurityFilter, I integrated the compiled SecurityFilter into the camunda webapp and changed the filter link in the web.xml.
Then I added some spnego configuration to the web.xml and added the two files jboss-web.xml and jboss deployment-description.xml to the webapp folder WEB-INF.
The camunda engine lacks of a plugin point for custom or new security filters.
Daniel, you can name the repository like this: jboss-sso-spnego
Kind Regards,
Eberhard
eberha...@gmail.com
Apr 28, 2015, 2:43:45 AM4/28/15
to camunda...@googlegroups.com
Hello Daniel,
have you created a repository? Is the naming correct? Or is it better to name the repository like camunda-jboss-sso?
Kind Regards,
Eberhard
have you created a repository? Is the naming correct? Or is it better to name the repository like camunda-jboss-sso?
Kind Regards,
Eberhard
Daniel Meyer
Apr 28, 2015, 2:49:38 AM4/28/15
to camunda...@googlegroups.com
Hi Eberhard,
The best is if you first create the repository under your own github profile and we then transfer it to the Camunda organization. Github has this functionalitity and it will transfer all repository metadata such as stars, forks and documentation.
You can use this repository as a template of what your repository can look like:
In terms of naming: I prefer "camunda-sso-jboss" :)
Cheers,
Daniel
eberha...@gmail.com
Apr 28, 2015, 8:45:01 AM4/28/15
to camunda...@googlegroups.com
Hi Daniel,
the repository is located on this link: https://github.com/eberhardheber/camunda-sso-jboss
Kind Regards,
Eberhard
the repository is located on this link: https://github.com/eberhardheber/camunda-sso-jboss
Kind Regards,
Eberhard
Daniel Meyer
Apr 29, 2015, 11:14:14 AM4/29/15
to camunda...@googlegroups.com
Hi Eberhard,
cool! I think we can transfer the repsitory to the camunda organization now.
https://help.github.com/articles/transferring-a-repository/
Daniel
cool! I think we can transfer the repsitory to the camunda organization now.
https://help.github.com/articles/transferring-a-repository/
Daniel
eberha...@gmail.com
May 4, 2015, 2:54:13 AM5/4/15
to camunda...@googlegroups.com
Hello Daniel,
i have transfered the ropsitory to you.
Have fun!
Eberhard
i have transfered the ropsitory to you.
Have fun!
Eberhard
Daniel Meyer
May 4, 2015, 6:23:06 AM5/4/15
to camunda...@googlegroups.com
Hi Eberhard,
I transferred it to the camunda organization: https://github.com/camunda/camunda-sso-jboss
Which Github account should I give push access to?
Cheers,
Daniel
Ingo Richtsmeier
Jun 8, 2015, 3:17:48 PM6/8/15
to camunda...@googlegroups.com
Hi,
I cloned the repo and tried to build it, but eclipse and mvn on command line failed:
The import org.camunda.bpm.webapp.impl.security cannot be resolved AuthenticationFilter.java /camunda-bpm-build-webapp/src/main/java/de/novatec/bpm/webapp/impl/security/auth line 18 Java Problem
etc.
Google told me, that maven has problem when using a war for compile dependency.
Do you have any hints how to compile the AuthenticationFilter?
Kind Regards, Ingo
Ingo Richtsmeier
Jun 9, 2015, 2:36:08 PM6/9/15
to camunda...@googlegroups.com
After a forced reboot of my computer everything is fine now.
Kind Regards, Ingo
eberha...@gmail.com
Jun 15, 2015, 2:03:34 AM6/15/15
to camunda...@googlegroups.com
Sounds good! If you have other issues, just write them in this thread.
Kind Regards,
Eberhard
Kind Regards,
Eberhard
Reply all
Reply to author
Forward
0 new messages