Fusion Security integration with FMR

From FMR Knowledge Base
Revision as of 11:58, 6 September 2023 by Plazarou (talk | contribs) (Setting up Fusion Security)
Jump to navigation Jump to search

Overview

This guide explains how to get Fusion Security to communicate with the Fusion Metadata Registry. Please note, that "Fusion Security" is an old Security Web Application and should not be confused with the newer product "Fusion Security Manager".

Support for Fusion Security was added in FMR version 11.9.0, so this information is only applicable to FMR 11.9.0 and subsequent versions.

Setting up Fusion Security

Fusion Security is a Java Web Application that can be deployed like any other WAR file. If possible it is recommended to have it on a different Tomcat to the one running FMR. For the purposes of this guide, it is assumed to be running on localhost, port: 8081 with the name of "Fusion Security". So direct access to its ui would be made at http://localhost:8081/FusionSecurity

Most of Fusion Security's configuration must be specified within the Fusion Security configuration file. To read more on this please see the section: XXX.

Once Fusion Security has started you can check it is operational by checking the following pages:

Setting up Communication from FMR to Fusion Security

There is no User Interface to assign Fusion Security as FMR's security mechanism. The assignment must be performed via database manipulation.

  • Start your Fusion Security instance in the Tomcat of your choice. We recommend using port 8081.
  • Determine what the entry point for your Fusion Security instance is. An example of this is: http://localhost:8081/FusionSecurity . This value is the front page of Fusion Security but should not have any explicit pages (such as overview.html or index.html) in it.


This value needs to be specified as the security.url in the database. You can not use the User Interface to do this. To modify the database:

Using the database tool of choice edit the table: registry_settings Modify or add the following values 

security.auth.prov:    registry
security.url:          http://localhost:8081/FusionSecurity

or just run the following SQL:

INSERT INTO `registry_settings`(`name`,`value`) VALUES ('security.auth.prov','registry'), ('security.url','http://localhost:8081/FusionSecurity') ON DUPLICATE KEY UPDATE 

   `name` = VALUES(`name`),
   `value` = VALUES(`value`);

Fusion Registry must be restarted after this. This change will not change a running Registry.


NOTE: When viewining an FMR connected to a Fusion Security, the Server Security page will not explicitly show this connection (since the UI was not updated)


Troubleshooting

Ensuring Fusion Security can communicate with FMR

  • In your browser of choice, navigate to the front page of Fusion Security
  • Log in as the root user
  • Select a user other than the root user - if no other users exist, create one.
  • On the right-hand side of the screen should be 2 tabs: "User Details" and "Organisations". Click on Organisations
  • A tree of structures obtained from the FMR should be displayed. This is grouped by Agencies, Data Providers and Data Consumers.
  • If this list is populated with the correct structures, then Fusion Security can get information from FMR. If not, then Fusion Security has not been set up correctly.

Ensuring FMR can communicate with Fusion Security

TODO

Retrieved from "https://fmrwiki.sdmxcloud.org/index.php?title=Fusion_Security_integration_with_FMR&oldid=7136"