From eefb74923538eeff9cca1a9acc0db425f951dfd4 Mon Sep 17 00:00:00 2001 From: abdelseaudi Date: Fri, 16 Mar 2018 06:24:48 +0000 Subject: Single Signon This section explains how to enable Single Signon for an ONAP Portal SDK Application. Issue-ID: PORTAL-216 Change-Id: Iea8ac4ebf724764f14cd0a6d11ff6f31f0f76cf8 Signed-off-by: abdelseaudi --- docs/tutorials/portal-sdk/index.rst | 1 + docs/tutorials/portal-sdk/single-signon.rst | 48 +++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 docs/tutorials/portal-sdk/single-signon.rst diff --git a/docs/tutorials/portal-sdk/index.rst b/docs/tutorials/portal-sdk/index.rst index 023fc622..4d20ffd3 100644 --- a/docs/tutorials/portal-sdk/index.rst +++ b/docs/tutorials/portal-sdk/index.rst @@ -19,5 +19,6 @@ Building ONAP Portal SDK Web Applications pulling-db-data google-charts dynamic-content + single-signon wrapping-up diff --git a/docs/tutorials/portal-sdk/single-signon.rst b/docs/tutorials/portal-sdk/single-signon.rst new file mode 100644 index 00000000..fb490a77 --- /dev/null +++ b/docs/tutorials/portal-sdk/single-signon.rst @@ -0,0 +1,48 @@ +Enabling Single-Signon +====================== + +This tutorial explains the Single-Signon of ONAP Portal, and how to enable it in our sample application. + +When a user logs in using the ONAP Portal Login, a cookie is created to record the logged-in session, +and it includes the username and other parameters. + +In our tutorial app so far we used "http://app-host:port/epsdk-app-os/login.htm" to login into the application. + +This is called the external login, which is used a backdoor for developers to test the applications +in a local environment, without having the entire Portal. + +Now, when the application is ready and onboarded on to the Portal, we can now use +"http://app_host:port/epsdk-app-os/welcome.htm" as the application onboarding URL in ONAP Portal. + +Onboarding steps can be found here +https://wiki.onap.org/display/DW/Application+Onboarding#ApplicationOnboarding-addapp. + +The welcome.htm page code will try to read the session cookie from the browser to detect if there is +a user that's already logged-in into the ONAP Portal. + +If a cookie is found, then this means a user is already logged-in to the ONAP Portal and +the application welcome.htm page will display showing the application frontend in a tab inside ONAP Portal. + +However, if a cookie is not found, the code will look for the redirect URL listed in the +WEB-INFO/classes/portal.properties file. + +Assuming the ecomp_redirect_url = http://portal.api.simpledemo.onap.org:8989/ONAPPORTAL/login.htm +for Amsterdam release, then, the user will be redirected to the ONAP Portal login page to log in. + +If the user login succeeds, the Portal login page will redirect the user back to the Application +welcome page. + +This should enable the application to use the Portal’s Single Signon. + +Note that the ONAP Portal and its on-boarded application must be on the same domain +(e.g. *.simpledemo.onap.org) to take advantage of the Single Signon. + +Otherwise, if the application is hosted in a different domain, its code will not be able to read ONAP +Portal session cookies. + +Due to security reasons the ONAP Portal restricts to one domain (defined in the properties) across +the applications on-boarded to it. + +However, if the application is not interested in single signon feature, then the new application can +be always be on-boarded as a “Hyperlink only application” which will be opened into a new browser +rather than the internal Portal’s tab. -- cgit 1.2.3-korg