-
Notifications
You must be signed in to change notification settings - Fork 2
CMDBuild
CMDBuild was the last application we gote SSO working.
It's configuration is, well, it's documented here
There are several large pdf's documenting installation, configuration, use and REST API.
First, let's get one thing straight. CMDBuild is a brilliant application. The admin backend allows someone to configure a datamodel that is taylor made to your organization. So whether you do stuff with servers, or you do stuff with some other type of machinery, you can define objects with their attributes as well as the relations between objects, including some basic syntax checking.
But, as soon as you are going beyond the basic level towards advanced configuration stuff (like a SSO setup), well, then it gets hard. And I mean PITA level hard. And, yes, there is a forum, but don't get your hopes up.
Of course the very nice people at Tecnoteca are always willing to help you out when you have a support subscription.
In retrospect, it was one of the touchest applications to get working.A
These settings need to be set:
- org.cmdbuild.auth.module.saml.handlerScript to "login = auth.getNameId()"
- org.cmdbuild.auth.module.saml.idp.cert
- org.cmdbuild.auth.module.saml.idp.id
- org.cmdbuild.auth.module.saml.idp.login
- org.cmdbuild.auth.module.saml.idp.logout
- org.cmdbuild.auth.module.saml.logout.enabled
- org.cmdbuild.auth.module.saml.signatureAlgorithm
- org.cmdbuild.auth.module.saml.sp.cert
- org.cmdbuild.auth.module.saml.sp.id
- org.cmdbuild.auth.module.saml.sp.key
Especially the handlerscript is a really tough one to find.
Also you should configure what authentication modules should be active. This can not be done from the GUI.
This can be done by a rest call, and from the commandline: bash -x ./cmdbuild.sh restws -username admin -password admin setconfig org.cmdbuild.auth.modules saml,default
This enables both the SAML and the default (internal cmdbuild user table in the database) login module.
You can not change settings by editing the auth.conf file. This file is generated at startup time from values in the database.
The following command gives you all the available configurations: bash cmdbuild.sh restws getconfiginfos
If you like to know the current configuration regarding authentication you can do something like this: bash cmdbuild.sh restws getconfiginfos | grep auth
As a bonus: we have an object defining a git repo, the branch of that repo and the subdirectory in that branch. These objects should be unique but combining this from the GUI is not possible but can be done from the database.
CREATE UNIQUE INDEX "_cm3_Table_Unique_Idx"
ON public."Table"
USING btree
(COALESCE("URL", ''), COALESCE("BranchName", ''), COALESCE("Path", ''))
WHERE "Status" = 'A'::bpchar;