JBoss.orgCommunity Documentation
DTGov integrates tightly with a compliant S-RAMP repository, and it is recommended that the Overlord S-RAMP implementation is used. The S-RAMP repository is used as the storage mechanism for all artifacts that DTGov is interested in (e.g. Deployments). This chapter describes this integration as well as how it is configured.
DTGov is integrated with S-RAMP via the Atom based REST API that all S-RAMP repositories expose. The repository is leveraged in a number of ways, including:
A number of configuration properties drive the integration between DTGov and S-RAMP. In particular note that the DTGov back-end and the DTGov User Interface each have their own separate configuration. This is because the back-end and UI are separate applications that can be independently deployed.
# S-RAMP Connection details sramp.repo.url sramp.repo.auth.provider sramp.repo.user sramp.repo.password sramp.repo.validating sramp.repo.auth.saml.issuer sramp.repo.auth.saml.service
# S-RAMP API connection endpoint dtgov-ui.s-ramp.atom-api.endpoint dtgov-ui.s-ramp.atom-api.authentication.provider dtgov-ui.s-ramp.atom-api.authentication.basic.username dtgov-ui.s-ramp.atom-api.authentication.basic.password dtgov-ui.s-ramp.atom-api.authentication.saml.issuer dtgov-ui.s-ramp.atom-api.authentication.saml.service dtgov-ui.s-ramp.atom-api.validating
Here is an example of how the back-end configuration might look:
sramp.repo.url=http://localhost:8080/s-ramp-server/ sramp.repo.auth.provider=org.overlord.sramp.governance.auth.BasicAuthenticationProvider sramp.repo.user=dtgov sramp.repo.password=DTG_PASSWORD sramp.repo.validating=true
The above configuration uses BASIC authentication when connecting to the S-RAMP repository. It will connect to S-RAMP on localhost (port 8080).
The user interface configuration might look something like this:
dtgov-ui.s-ramp.atom-api.endpoint=http://localhost:8080/s-ramp-server dtgov-ui.s-ramp.atom-api.authentication.provider=org.overlord.dtgov.ui.server.services.sramp.SAMLBearerTokenAuthenticationProvider dtgov-ui.s-ramp.atom-api.authentication.saml.issuer=/dtgov-ui dtgov-ui.s-ramp.atom-api.authentication.saml.service=/s-ramp-server dtgov-ui.s-ramp.atom-api.validating=true
The above configuration connects to S-RAMP on localhost (port 8080) and uses SAML bearer token authentication.
Both the UI and the back-end support pluggable authentication mechanisms. Out of the box DTGov provides implementations for BASIC authentication and SAML Bearer Token authentication. If the S-RAMP repository is protected by some alternative form of authentication, another implementation of the authentication provider can be created. In both cases, the authentication provider must implement the following interface:
org.overlord.sramp.client.auth.AuthenticationProvider
The DTGov back-end provides the following authentication provider implementations:
The DTGov user interface provides the following authentication provider implementations: