diff options
Diffstat (limited to 'docs/tutorials/portal-sdk/single-signon.rst')
-rw-r--r-- | docs/tutorials/portal-sdk/single-signon.rst | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/docs/tutorials/portal-sdk/single-signon.rst b/docs/tutorials/portal-sdk/single-signon.rst new file mode 100644 index 00000000..fb490a77 --- /dev/null +++ b/docs/tutorials/portal-sdk/single-signon.rst @@ -0,0 +1,48 @@ +Enabling Single-Signon +====================== + +This tutorial explains the Single-Signon of ONAP Portal, and how to enable it in our sample application. + +When a user logs in using the ONAP Portal Login, a cookie is created to record the logged-in session, +and it includes the username and other parameters. + +In our tutorial app so far we used "http://app-host:port/epsdk-app-os/login.htm" to login into the application. + +This is called the external login, which is used a backdoor for developers to test the applications +in a local environment, without having the entire Portal. + +Now, when the application is ready and onboarded on to the Portal, we can now use +"http://app_host:port/epsdk-app-os/welcome.htm" as the application onboarding URL in ONAP Portal. + +Onboarding steps can be found here +https://wiki.onap.org/display/DW/Application+Onboarding#ApplicationOnboarding-addapp. + +The welcome.htm page code will try to read the session cookie from the browser to detect if there is +a user that's already logged-in into the ONAP Portal. + +If a cookie is found, then this means a user is already logged-in to the ONAP Portal and +the application welcome.htm page will display showing the application frontend in a tab inside ONAP Portal. + +However, if a cookie is not found, the code will look for the redirect URL listed in the +WEB-INFO/classes/portal.properties file. + +Assuming the ecomp_redirect_url = http://portal.api.simpledemo.onap.org:8989/ONAPPORTAL/login.htm +for Amsterdam release, then, the user will be redirected to the ONAP Portal login page to log in. + +If the user login succeeds, the Portal login page will redirect the user back to the Application +welcome page. + +This should enable the application to use the Portal’s Single Signon. + +Note that the ONAP Portal and its on-boarded application must be on the same domain +(e.g. *.simpledemo.onap.org) to take advantage of the Single Signon. + +Otherwise, if the application is hosted in a different domain, its code will not be able to read ONAP +Portal session cookies. + +Due to security reasons the ONAP Portal restricts to one domain (defined in the properties) across +the applications on-boarded to it. + +However, if the application is not interested in single signon feature, then the new application can +be always be on-boarded as a “Hyperlink only application” which will be opened into a new browser +rather than the internal Portal’s tab. |