Difference between revisions of "Fusion Security integration with FMR"
(→Ensuring FMR can communicate with Fusion Security) |
|||
Line 47: | Line 47: | ||
== Troubleshooting == | == Troubleshooting == | ||
− | == Web Service Communication == | + | === Web Service Communication === |
− | + | Fusion Security communicate to FMR via the Web Service: | |
<pre> | <pre> | ||
http://localhost:8080/FusionRegistry/ws/public/sdmxapi/rest/organisationscheme/all/all/latest/?references=none&detail=full | http://localhost:8080/FusionRegistry/ws/public/sdmxapi/rest/organisationscheme/all/all/latest/?references=none&detail=full | ||
</pre> | </pre> | ||
+ | This Web Service must be returning in SDMX 2.1 format all of the Organisations present in FMR. | ||
− | FMR communicate to | + | FMR communicate to Fusion Security via the Web Service: |
<pre> | <pre> | ||
TODO | TODO | ||
</pre> | </pre> | ||
+ | This is 2-way communication. FMR will make requests and FS will respond. | ||
+ | |||
=== Ensuring Fusion Security can communicate with FMR === | === Ensuring Fusion Security can communicate with FMR === |
Revision as of 11:07, 6 September 2023
Contents
Overview
This guide explains how to get Fusion Security to communicate with the Fusion Metadata Registry. Please note, that "Fusion Security" is an old Security Web Application and should not be confused with the newer product "Fusion Security Manager".
Support for Fusion Security was added in FMR version 11.9.0, so this information is only applicable to FMR 11.9.0 and subsequent versions.
Setting up Fusion Security
Fusion Security is a Java Web Application that can be deployed like any other WAR file. If possible it is recommended to have it on a different Tomcat to the one running FMR. For the purposes of this guide, it is assumed to be running on localhost, port: 8081 with the name of "Fusion Security". So direct access to its ui would be made at http://localhost:8081/FusionSecurity
Most of Fusion Security's configuration must be specified within the Fusion Security configuration file. To read more on this please see the section: XXX.
Once Fusion Security has started you can check it is operational by checking the following pages:
- The front page of the User Interface: http://localhost:8081/FusionSecurity
- The product information page: http://localhost:8081/FusionSecurity/ws/fusion/info/product
Setting up Communication from FMR to Fusion Security
There is no User Interface to assign Fusion Security as FMR's security mechanism. The assignment must be performed via database manipulation.
- Start your Fusion Security instance in the Tomcat of your choice. We recommend using port 8081.
- Determine what the entry point for your Fusion Security instance is. An example of this is: http://localhost:8081/FusionSecurity . This value is the front page of Fusion Security but should not have any explicit pages (such as overview.html or index.html) in it.
This value needs to be specified as the security.url in the database. You can not use the User Interface to do this. To modify the database:
Using the database tool of choice edit the table: registry_settings Modify or add the following values
security.auth.prov: registry security.url: http://localhost:8081/FusionSecurity
or just run the following SQL:
INSERT INTO `registry_settings`(`name`,`value`) VALUES ('security.auth.prov','registry'), ('security.url','http://localhost:8081/FusionSecurity') ON DUPLICATE KEY UPDATE
`name` = VALUES(`name`), `value` = VALUES(`value`);
Fusion Registry must be restarted after this. This change will not change a running Registry.
NOTE: When viewining an FMR connected to a Fusion Security, the Server Security page will not explicitly show this connection (since the UI was not updated)
Troubleshooting
Web Service Communication
Fusion Security communicate to FMR via the Web Service:
http://localhost:8080/FusionRegistry/ws/public/sdmxapi/rest/organisationscheme/all/all/latest/?references=none&detail=full
This Web Service must be returning in SDMX 2.1 format all of the Organisations present in FMR.
FMR communicate to Fusion Security via the Web Service:
TODO
This is 2-way communication. FMR will make requests and FS will respond.
Ensuring Fusion Security can communicate with FMR
- In your browser of choice, navigate to the front page of Fusion Security
- Log in as the root user
- Select a user other than the root user - if no other users exist, create one.
- On the right-hand side of the screen should be 2 tabs: "User Details" and "Organisations". Click on Organisations
- A tree of structures obtained from the FMR should be displayed. This is grouped by Agencies, Data Providers and Data Consumers.
- If this list is populated with the correct structures, then Fusion Security can get information from FMR. If not, then Fusion Security has not been set up correctly.
Ensuring FMR can communicate with Fusion Security
- Explicitly log out of Fusion Security (if logged in) and then log in as the root user.
- Create a new user in Fusion Security with an easy name and simple password. Do not use unusual characters in either the username or password - stick to simple alphanumerics.
- Set this new user to be an Administrator
- In FMR attempt to logon as this user
- If you are now logged in to the FMR and can access the Settings pages the 2 systems are communicating correctly