Difference between revisions of "Fusion Security integration with FMR"

From FMR Knowledge Base
Jump to navigation Jump to search
(Troubleshooting)
(Ensuring FMR can communicate with Fusion Security)
Line 67: Line 67:
  
 
=== Ensuring FMR can communicate with Fusion Security ===
 
=== Ensuring FMR can communicate with Fusion Security ===
TODO
+
* Explicitly log out of Fusion Security (if logged in) and then log in as the root user.
 +
* Create a new user in Fusion Security with an easy name and simple password. Do not use unusual characters in either the username or password - stick to simple alphanumerics.
 +
* Set this new user to be an Administrator
 +
* In FMR attempt to logon as this user
 +
* If you are now logged in to the FMR and can access the Settings pages the 2 systems are communicating correctly

Revision as of 11:05, 6 September 2023

Overview

This guide explains how to get Fusion Security to communicate with the Fusion Metadata Registry. Please note, that "Fusion Security" is an old Security Web Application and should not be confused with the newer product "Fusion Security Manager".

Support for Fusion Security was added in FMR version 11.9.0, so this information is only applicable to FMR 11.9.0 and subsequent versions.

Setting up Fusion Security

Fusion Security is a Java Web Application that can be deployed like any other WAR file. If possible it is recommended to have it on a different Tomcat to the one running FMR. For the purposes of this guide, it is assumed to be running on localhost, port: 8081 with the name of "Fusion Security". So direct access to its ui would be made at http://localhost:8081/FusionSecurity

Most of Fusion Security's configuration must be specified within the Fusion Security configuration file. To read more on this please see the section: XXX.

Once Fusion Security has started you can check it is operational by checking the following pages:

Setting up Communication from FMR to Fusion Security

There is no User Interface to assign Fusion Security as FMR's security mechanism. The assignment must be performed via database manipulation.

  • Start your Fusion Security instance in the Tomcat of your choice. We recommend using port 8081.
  • Determine what the entry point for your Fusion Security instance is. An example of this is: http://localhost:8081/FusionSecurity . This value is the front page of Fusion Security but should not have any explicit pages (such as overview.html or index.html) in it.


This value needs to be specified as the security.url in the database. You can not use the User Interface to do this. To modify the database:

Using the database tool of choice edit the table: registry_settings Modify or add the following values

security.auth.prov:    registry
security.url:          http://localhost:8081/FusionSecurity

or just run the following SQL:

INSERT INTO `registry_settings`(`name`,`value`) VALUES ('security.auth.prov','registry'), ('security.url','http://localhost:8081/FusionSecurity') ON DUPLICATE KEY UPDATE

   `name` = VALUES(`name`),
   `value` = VALUES(`value`);

Fusion Registry must be restarted after this. This change will not change a running Registry.


NOTE: When viewining an FMR connected to a Fusion Security, the Server Security page will not explicitly show this connection (since the UI was not updated)


Troubleshooting

Web Service Communication

FS communicate to FMR via the Web Service:

http://localhost:8080/FusionRegistry/ws/public/sdmxapi/rest/organisationscheme/all/all/latest/?references=none&detail=full

FMR communicate to FS via the Web Service:

TODO

Ensuring Fusion Security can communicate with FMR

  • In your browser of choice, navigate to the front page of Fusion Security
  • Log in as the root user
  • Select a user other than the root user - if no other users exist, create one.
  • On the right-hand side of the screen should be 2 tabs: "User Details" and "Organisations". Click on Organisations
  • A tree of structures obtained from the FMR should be displayed. This is grouped by Agencies, Data Providers and Data Consumers.
  • If this list is populated with the correct structures, then Fusion Security can get information from FMR. If not, then Fusion Security has not been set up correctly.

Ensuring FMR can communicate with Fusion Security

  • Explicitly log out of Fusion Security (if logged in) and then log in as the root user.
  • Create a new user in Fusion Security with an easy name and simple password. Do not use unusual characters in either the username or password - stick to simple alphanumerics.
  • Set this new user to be an Administrator
  • In FMR attempt to logon as this user
  • If you are now logged in to the FMR and can access the Settings pages the 2 systems are communicating correctly