cancel
Showing results for 
Search instead for 
Did you mean: 

explorer and SSO + custom role provider

heymjo
Champ on-the-rise
Champ on-the-rise
Hi,

I am looking to integrate the process explorer into our current infrastructure. We have a company-wide SSO based on CAS for authentication and an authorization webservice that must be used to return the user's current roles for an application.

In term of process explorer flexibility i was wondering if the following is achievable:

1) no longer use the rest api for user login but assume that by the time the user reaches the web interface he will have already been logged in by the sso
2) similarly, all user roles and groups should not be retrieved through the rest api but fetched through our webservice
3) process explorer uses rest api for all process interaction IIUC. Can it be modified to not do this and just do direct database interaction via a configured process engine via a datasource ? This would remove the need for implementing system-to-system authentication on the process explorer for the rest access, something which is possible in our SSO but quite heavyweight (involves SSL, proxy granting tickets etc).

Also i was wondering what the strategy is of the REST api in general ? Is it going to play more and more a pivotal role for all activiti solutions and will it become mandatory at some point or will you always consider it to be optional for using the activiti webapps ?

Thanks for any insights !
Jorg
1 REPLY 1

tombaeyens
Champ in-the-making
Champ in-the-making
we don't have the authentication pluggability in the explorer.

there is pluggability for the identity data.  search for identitysession and identitysessionfactory in the userguide and in the code.

rest will always be optional.  some webapps currently depend on it.  in the future we expect that maybe less webapps will depend on the rest api.