This chapter describes the configuration of Fabasoft Folio for the usage of the Fabasoft Folio Portlet.
Note: After changing configurations on Fabasoft site as well as on portal server site restart the Apache Tomcat server.
Whenever a portal user signs up for an account or an existing portal user accesses a Fabasoft Folio Portlet for the first time, user synchronization automatically triggers the creation of a new Fabasoft Folio Domain user representing the portal user.
To enable communication between the Fabasoft Folio Domain and the portal server a portal service user only designed to connect to the Fabasoft Folio Domain has to be created. This portal service user has to be a privileged user of the Fabasoft Folio Domain.
Verify if a user object for the portal service user exists in the Fabasoft Folio Domain. Open the Current Domain object. In the Privileged Users property enter the user object of the portal service user.
If the Fabasoft Folio Portlet is installed by the Fabasoft server setup the user should be already defined as privileged user.
Note: If a user with the given login name already exists, no new service user object is created. Verify that the service user in Fabasoft has got his default role as Portal Service User.
A group with the login name defined in the portal-ext.properties file in the property fabasoft.liferay.identifier has to exist in the Fabasoft Folio Domain (see also chapter “ Group Login Name”). If a new user object for a portal user has to be created it is a member of this group.
In this group object the following properties must be defined:
Note: This group is only required if user objects for portal users should be created automatically. If this is not desired the user objects can also be created manually.
Analogous to the group login name of the group associated with the portal server, an automatically created user is represented by a user login name <userid>@<fabasoft.liferay.identifier>.
<userid> is based on a portal server defined value that uniquely identifies a portal user and does not change throughout the portal user's lifetime.
Note: Using Liferay Portal, <userid> is based on the internal portal user identifier. The user identifier of a portal user can be determined by means of the so-called “Enterprise Admin” portlet or a database query.
On the portal server, user data of a portal user can be modified by the user himself or an administrative user. User data synchronization automatically synchronizes available data with the respective user objects in the Fabasoft Folio Domain whenever data changes.
Note: Liferay Portal only provides access to the following user attributes:
In the Fabasoft Folio Domain the synchronization process can be configured via the Portal Configuration (FSCPORTAL@1.1001:DefaultConfiguration).
In the Portal Configuration user attributes are mapped to Fabasoft Folio properties of the object class User (COOSYSTEM@1.1:User) or an alternative object class. The default configuration depends on the Fabasoft edition the Fabasoft Folio Domain is based on. Mappings of attributes to Fabasoft Folio properties can be done here.
The Portal Configuration contains a list of mapping aggregates in the property Mapping List (FSCPORTAL@1.1001:cfgmapping). This aggregate is comprised of the following properties:
The Portal Configuration contains a list of authorized portals in the property Authorized Portals (FSCPORTAL@1.1001:cfgauthportallist). In this list the IP address of the portal server and the client certificate of the authorized portal server (*.cer) has to be added.
A failure during the synchronization process causes a rollback of all changes.
The default HTTP header name used for passing an authenticated user from a portal server to Fabasoft Folio is "X-FSC-Authenticated-User" and is used by the Fabasoft Folio Portlet and referenced in the default portal configuration in Fabasoft Folio. The property Header variable to Identify the Authorized User represents a list of one or more server header variables the authenticated user is retrieved from during authentication. The authenticated user is read from the first matching HTTP header of an HTTP request. A header must be specified using a "HTTP_" prefix, with special characters replaced by "_", in all-uppercase.
Please note that removing or replacing the default header variable affects the Fabasoft Folio Portlet, the default header variable is required by the integration.
The configuration WEB-INF/classes/portal-ext.properties contains Fabasoft specific configurations on Liferay Portal site.
The file contains following entries:
fabasoft.server.urlhead: Contains the complete web address of the Fabasoft Folio eService
fabasoft.server.anonymoususer: The username specified here is used to authenticate at Fabasoft if the user is not signed in at Liferay Portal.
fabasoft.liferay.identifier: This value is used to identify the username in Fabasoft. The Fabasoft login name of the user contains the suffix “@<identifier>”.
fabasoft.liferay.baseurl: This property contains the base web address of the Liferay Portal installation.
fabasoft.liferay.fschttpservlet: This property defines how the URL is created, which is used by external user to access Fabasoft Folio objects (e.g. references).
fabasoft.auth.keystore: This property specifies the full path to the client certificate which the Liferay Portal service uses to authenticate at Fabasoft.
fabasoft.auth.keystorepass: This property contains the password of the certificate.
fabasoft.auth.truststore: This property specifies the full path to the store which contains the trusted certificates.
fabasoft.auth.truststorepass: This property contains the password of the trust store.