English Documentation

Single-Sign-On (SSO)

The Product Designer can also be operated with single-sign-on. The archetype can be used to generate the application with or without SSO. To set up SSO manually (or add it later), the following additional steps must be carried out.

In the POM the following dependencies must be added:

    <dependency>
        <groupId>de.faktorzehn.commons</groupId>
        <artifactId>f10-commons-auth-oauth2-client</artifactId>
    </dependency>
    <dependency>
        <groupId>de.faktorzehn.commons</groupId>
        <artifactId>f10-commons-auth-oauth2-resourceserver</artifactId>
    </dependency>
    <dependency>
        <groupId>de.faktorzehn.commons</groupId>
        <artifactId>f10-commons-spring-autoconfiguration</artifactId>
    </dependency>

In the configuration file src/main/resources/application.yml the used Keycloak server must be configured, for example:

keycloak-client:
  issuer-uri: <YOUR KEYCLOAK ISSUER-URI HERE>

spring:
  security:
    oauth2:
      client:
        registration:
          oauth2:
            client-id: <YOUR CLIENT ID HERE>
            client-secret: <YOUR CLIENT SECRET HERE>
            client-name: Product-Designer
            scope: openid
            redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
            authorization-grant-type: authorization_code
          f10-service-account:
            client-id: <YOUR CLIENT ID HERE>
            client-secret: <YOUR CLIENT SECRET HERE>
            scope: openid
            authorization-grant-type: client_credentials
            provider: oauth2
        provider:
          oauth2:
            issuer-uri: ${keycloak-client.issuer-uri}
            user-name-attribute: preferred_username
      resourceserver:
        jwt:
          issuer-uri: ${keycloak-client.issuer-uri}

For details, see the f10-commons documentation.

Additional beans must be added to SampleProductDesignerConfig.java. Beans for a RoleMapper and TenantMapper are required. See also here the documentation of f10-commons. For the F10 environment, there is a special productdesigner-f10 module with ready-made implementations of the RoleMapper and TenantMapper.

These settings can be combined in a configuration class that could look like this:

@Primary
@Component
public class SampleProductDesignerConfig {

    @Bean
    RoleMapper roleMapper() {
        return new F10ProductDesignerRoleMapper();
    }

    @Bean
    TenantMapper tenantMapper() {
        return new F10ProductDesignerTenantMapper();
    }

    @SessionScope
    @Bean
    public ProductDesignerPermissionService permissionService(Optional<User> user,
            IIpsProject ipsProject,
            ProductDesignerConfigurationProperties properties) {
        return ProductDesignerPermissionService.defaultFor(user, ipsProject, properties);
    }
}
If the configuration class is new, do not forget to enter the corresponding package in scanBasePackages in the @SpringBootApplication annotation.