2024 Update Rollup 2

Configuration of Fabasoft FolioPermanent link for this heading

This chapter describes the configuration of Fabasoft Folio for the usage of the Fabasoft Folio Portlet.

Note: After changing configurations on Fabasoft site as well as on portal server site restart the Apache Tomcat server.

Automatic User CreationPermanent link for this heading

Fabasoft Folio Portlet Privileged UserPermanent link for this heading

Whenever a portal user signs up for an account or an existing portal user accesses a Fabasoft Folio Portlet for the first time, user synchronization automatically triggers the creation of a new Fabasoft Folio Domain user representing the portal user.

To enable communication between the Fabasoft Folio Domain and the portal server a portal service user only designed to connect to the Fabasoft Folio Domain has to be created. This portal service user has to be a privileged user of the Fabasoft Folio Domain.

Verify if a user object for the portal service user exists in the Fabasoft Folio Domain. Open the Current Domain object. In the Privileged Users property enter the user object of the portal service user.

If the Fabasoft Folio Portlet is installed by the Fabasoft server setup the user should be already defined as privileged user.

Note: If a user with the given login name already exists, no new service user object is created. Verify that the service user in Fabasoft has got his default role as Portal Service User.

Fabasoft Folio Group for Portal UsersPermanent link for this heading

A group with the login name defined in the portal-ext.properties file in the property fabasoft.liferay.identifier has to exist in the Fabasoft Folio Domain (see also chapter “ Group Login Name”). If a new user object for a portal user has to be created it is a member of this group.

In this group object the following properties must be defined:

  • Object Class for Created User (COOSYSTEM@1.1:gruserclasstempl)
    If the creation of a new user is required an object of this object class is created.
  • Default Environment Template (COOSYSTEM@1.1:grenvirontempl)
    In this property the template of a default user environment can be specified.
  • Default Position Template (COOSYSTEM@1.1:grpositiontempl)
    In this property the default position for group members can be specified.
  • Domain (COOSYSTEM@1.1:objdomain)
    A new user object is created in the domain specified in this property.
    Note: The environment variable homedomain can be used to define another domain.
    If a client domain is specified, this client domain is the default domain of the newly created user object.

Note: This group is only required if user objects for portal users should be created automatically. If this is not desired the user objects can also be created manually.

Analogous to the group login name of the group associated with the portal server, an automatically created user is represented by a user login name <userid>@<fabasoft.liferay.identifier>.

<userid> is based on a portal server defined value that uniquely identifies a portal user and does not change throughout the portal user's lifetime.

Note: Using Liferay Portal, <userid> is based on the internal portal user identifier. The user identifier of a portal user can be determined by means of the so-called “Enterprise Admin” portlet or a database query.

User Data SynchronizationPermanent link for this heading

On the portal server, user data of a portal user can be modified by the user himself or an administrative user. User data synchronization automatically synchronizes available data with the respective user objects in the Fabasoft Folio Domain whenever data changes.

Note: Liferay Portal only provides access to the following user attributes:

  • user.name.family (Last name)
  • user.name.given (First name)
  • user.gender (Gender)
  • user.bdate (Birthdate)
  • user.home-info.online.email (Home e-mail address)
  • user.business-info.online.email (Business e-mail address; identical to home)

In the Fabasoft Folio Domain the synchronization process can be configured via the Portal Configuration (FSCPORTAL@1.1001:DefaultConfiguration).

In the Portal Configuration user attributes are mapped to Fabasoft Folio properties of the object class User (COOSYSTEM@1.1:User) or an alternative object class. The default configuration depends on the Fabasoft edition the Fabasoft Folio Domain is based on. Mappings of attributes to Fabasoft Folio properties can be done here.

The Portal Configuration contains a list of mapping aggregates in the property Mapping List (FSCPORTAL@1.1001:cfgmapping). This aggregate is comprised of the following properties:

  • Portal User Attribute Name (FSCPORTAL@1.1001:cfgmappingportaluserattrname)
    In this property the source value represented by a user attribute name can be specified. If this property is undefined and Mapping Expression (FSCPORTAL@1.1001:cfgmappingexpression) is defined, the source value is determined by the expression evaluation result.
  • Property Path (FSCPORTAL@1.1001:cfgmappingattrpath)
    In this property a list of property definitions can be specified that represent a path to the property that should be synchronized with the source value.
  • Expression to Determine a Property (FSCPORTAL@1.1001:cfgmappingexpression)
    In this property an expression can be specified. If this expression is defined, it can be used to modify or set the source value used for synchronization. The expression evaluation local scope (type: OBJECT) is the object the mapping should be applied to, the global scope (type: DICTIONARY) contains all portal user attribute names and values accessible by name.
  • Apply to (FSCPORTAL@1.1001:cfgmappingcontexttype)
    In this property the object the mapping should be applied to can be specified. “User Object” causes the mapping to be applied to the user object representing the portal user that is the subject of synchronization. “Context Expression” causes the mapping to be applied to an alternative context object determined by the expression Expression to Determine Mapping Context Object (FSCPORTAL@1.1001:cfgcontextexpression). The expression evaluation local scope (type: OBJECT) is the user object representing the portal user, the global scope is undefined.

Example:

The Portal Configuration contains a list of authorized portals in the property Authorized Portals (FSCPORTAL@1.1001:cfgauthportallist). In this list the IP address of the portal server and the client certificate of the authorized portal server (*.cer) has to be added.

A failure during the synchronization process causes a rollback of all changes.

The default HTTP header name used for passing an authenticated user from a portal server to Fabasoft Folio is "X-FSC-Authenticated-User" and is used by the Fabasoft Folio Portlet and referenced in the default portal configuration in Fabasoft Folio. The property Header variable to Identify the Authorized User represents a list of one or more server header variables the authenticated user is retrieved from during authentication. The authenticated user is read from the first matching HTTP header of an HTTP request. A header must be specified using a "HTTP_" prefix, with special characters replaced by "_", in all-uppercase.

Please note that removing or replacing the default header variable affects the Fabasoft Folio Portlet, the default header variable is required by the integration.

Example: HTTP_X_FSC_AUTHENTICATED_USER

Configuration of Liferay PortalPermanent link for this heading

The configuration WEB-INF/classes/portal-ext.properties contains Fabasoft specific configurations on Liferay Portal site.

The file contains following entries:

fabasoft.server.urlhead: Contains the complete web address of the Fabasoft Folio eService

fabasoft.server.anonymoususer: The username specified here is used to authenticate at Fabasoft if the user is not signed in at Liferay Portal.

fabasoft.liferay.identifier: This value is used to identify the username in Fabasoft. The Fabasoft login name of the user contains the suffix “@<identifier>”.

fabasoft.liferay.baseurl: This property contains the base web address of the Liferay Portal installation.

fabasoft.liferay.fschttpservlet: This property defines how the URL is created, which is used by external user to access Fabasoft Folio objects (e.g. references).

fabasoft.auth.keystore: This property specifies the full path to the client certificate which the Liferay Portal service uses to authenticate at Fabasoft.

fabasoft.auth.keystorepass: This property contains the password of the certificate.

fabasoft.auth.truststore: This property specifies the full path to the store which contains the trusted certificates.

fabasoft.auth.truststorepass: This property contains the password of the trust store.