From: Manoop Talasila Date: Fri, 16 Mar 2018 17:47:36 +0000 (+0000) Subject: Merge "Single Signon" X-Git-Tag: v2.2.0~34 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=dd5350525356a73410e0619b2e25722dd932f893;hp=a97a49e6b51703cf4b3c93d69fc502a48c8155be;p=portal.git Merge "Single Signon" --- diff --git a/docs/tutorials/portal-sdk/index.rst b/docs/tutorials/portal-sdk/index.rst index 023fc622..4d20ffd3 100644 --- a/docs/tutorials/portal-sdk/index.rst +++ b/docs/tutorials/portal-sdk/index.rst @@ -19,5 +19,6 @@ Building ONAP Portal SDK Web Applications pulling-db-data google-charts dynamic-content + single-signon wrapping-up diff --git a/docs/tutorials/portal-sdk/single-signon.rst b/docs/tutorials/portal-sdk/single-signon.rst new file mode 100644 index 00000000..fb490a77 --- /dev/null +++ b/docs/tutorials/portal-sdk/single-signon.rst @@ -0,0 +1,48 @@ +Enabling Single-Signon +====================== + +This tutorial explains the Single-Signon of ONAP Portal, and how to enable it in our sample application. + +When a user logs in using the ONAP Portal Login, a cookie is created to record the logged-in session, +and it includes the username and other parameters. + +In our tutorial app so far we used "http://app-host:port/epsdk-app-os/login.htm" to login into the application. + +This is called the external login, which is used a backdoor for developers to test the applications +in a local environment, without having the entire Portal. + +Now, when the application is ready and onboarded on to the Portal, we can now use +"http://app_host:port/epsdk-app-os/welcome.htm" as the application onboarding URL in ONAP Portal. + +Onboarding steps can be found here +https://wiki.onap.org/display/DW/Application+Onboarding#ApplicationOnboarding-addapp. + +The welcome.htm page code will try to read the session cookie from the browser to detect if there is +a user that's already logged-in into the ONAP Portal. + +If a cookie is found, then this means a user is already logged-in to the ONAP Portal and +the application welcome.htm page will display showing the application frontend in a tab inside ONAP Portal. + +However, if a cookie is not found, the code will look for the redirect URL listed in the +WEB-INFO/classes/portal.properties file. + +Assuming the ecomp_redirect_url = http://portal.api.simpledemo.onap.org:8989/ONAPPORTAL/login.htm +for Amsterdam release, then, the user will be redirected to the ONAP Portal login page to log in. + +If the user login succeeds, the Portal login page will redirect the user back to the Application +welcome page. + +This should enable the application to use the Portal’s Single Signon. + +Note that the ONAP Portal and its on-boarded application must be on the same domain +(e.g. *.simpledemo.onap.org) to take advantage of the Single Signon. + +Otherwise, if the application is hosted in a different domain, its code will not be able to read ONAP +Portal session cookies. + +Due to security reasons the ONAP Portal restricts to one domain (defined in the properties) across +the applications on-boarded to it. + +However, if the application is not interested in single signon feature, then the new application can +be always be on-boarded as a “Hyperlink only application” which will be opened into a new browser +rather than the internal Portal’s tab.