English Documentation

Single-Sign-On (SSO)

The Product Designer can also be operated with single-sign-on. The archetype can be used to generate the application with or without SSO. To set up SSO manually (or add it later), the following additional steps must be carried out.

    <dependency>
        <groupId>de.faktorzehn.commons</groupId>
        <artifactId>f10-commons-auth-oauth2-client</artifactId>
    </dependency>
    <dependency>
        <groupId>de.faktorzehn.commons</groupId>
        <artifactId>f10-commons-auth-oauth2-resourceserver</artifactId>
    </dependency>
    <dependency>
        <groupId>de.faktorzehn.commons</groupId>
        <artifactId>f10-commons-spring-autoconfiguration</artifactId>
    </dependency>

In the configuration file src/main/resources/application.yml the used Keycloak server must be configured, for example:

keycloak-client:
  issuer-uri: <YOUR KEYCLOAK ISSUER-URI HERE>

spring:
  security:
    oauth2:
      client:
        registration:
          oauth2:
            client-id: <YOUR CLIENT ID HERE>
            client-secret: <YOUR CLIENT SECRET HERE>
            client-name: Product-Designer
            scope: openid
            redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
            authorization-grant-type: authorization_code
          f10-service-account:
            client-id: <YOUR CLIENT ID HERE>
            client-secret: <YOUR CLIENT SECRET HERE>
            scope: openid
            authorization-grant-type: client_credentials
            provider: oauth2
        provider:
          oauth2:
            issuer-uri: ${keycloak-client.issuer-uri}
            user-name-attribute: preferred_username
      resourceserver:
        jwt:
          issuer-uri: ${keycloak-client.issuer-uri}

For details, see the f10-commons documentation.

Additional beans must be added to SampleProductDesignerConfig.java. Beans for a RoleMapper and TenantMapper are required. See also here the documentation of f10-commons. For the F10 environment, there is a special productdesigner-f10 module with ready-made implementations of the RoleMapper and TenantMapper.

These settings can be combined in a configuration class that could look like this:

@Primary
@Component
public class SampleProductDesignerConfig {

    @Bean
    RoleMapper roleMapper() {
        return new F10ProductDesignerRoleMapper();
    }

    @Bean
    TenantMapper tenantMapper() {
        return new F10ProductDesignerTenantMapper();
    }

    @SessionScope
    @Bean
    public ProductDesignerPermissionService permissionService(Optional<User> user,
            IModifiableRuntimeRepository repository,
            ProductDesignerConfigurationProperties properties) {
        return new DefaultProductDesignerPermissionService(user.orElse(new LocalUser()), repository,
                properties.readOnlyMode() ? ProductDesignerMode.READ_ONLY_MODE : ProductDesignerMode.EDIT_MODE);
    }
}
If the configuration class is new, do not forget to enter the corresponding package in scanBasePackages in the @SpringBootApplication annotation.