4.2. Installing the RH-SSO client adapter for Business Central
After you install RH-SSO, you must install the RH-SSO client adapter for Red Hat JBoss EAP and configure it for Business Central.
Prerequisites
- Business Central is installed in a Red Hat JBoss EAP 7.2 instance, as described in as described in Installing and configuring Red Hat Decision Manager on Red Hat JBoss EAP 7.2.
- RH-SSO is installed as described in 2章Installing and configuring RH-SSO.
-
A user with the
admin
role has been added to RH-SSO as described in 3章Adding Red Hat Decision Manager users.
Procedure
Navigate to the Software Downloads page in the Red Hat Customer Portal (login required), and select the product and version from the drop-down options:
- Product: Red Hat Single Sign-On
- Version: 7.2
-
Download Red Hat Single Sign-on 7.2.0 Client Adapter for JBoss EAP 7 (
rh-sso-7.2.0-eap7-adapter.zip
). -
Unzip and install
rh-sso-7.2.0-eap7-adapter.zip
. For installation instructions, see the "JBoss EAP Adapter" section of the Red Hat Single Sign On Securing Applications and Services Guide. -
Go to
EAP_HOME/standalone/configuration
and open thestandalone.xml
andstandalone-full.xml
files. -
Delete the
<single-sign-on/>
element from both of the files. Navigate to the
EAP_HOME/standalone/configuration
directory in your Red Hat JBoss EAP installation and edit thestandalone.xml
andstandalone-full.xml
files to add the RH-SSO subsystem configuration. For example:<subsystem xmlns="urn:jboss:domain:keycloak:1.1"> <secure-deployment name="decision-central.war"> <realm>demo</realm> <realm-public-key>MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</realm-public-key> <auth-server-url>http://localhost:8180/auth</auth-server-url> <ssl-required>external</ssl-required> <enable-basic-auth>true</enable-basic-auth> <resource>kie</resource> <credential name="secret">759514d0-dbb1-46ba-b7e7-ff76e63c6891</credential> <principal-attribute>preferred_username</principal-attribute> </secure-deployment> </subsystem>
In this example:
-
secure-deployment name
is the name of your application’s WAR file. -
realm
is the name of the realm that you created for the applications to use. -
realm-public-key
is the public key of the realm you created. You can find the key in the Keys tab in the Realm settings page of the realm you created in the RH-SSO Admin Console. If you do not provide a value forrealm-public-key
, the server retrieves it automatically. -
auth-server-url
is the URL for the RH-SSO authentication server. -
enable-basic-auth
is the setting to enable basic authentication mechanism, so that the clients can use both token-based and basic authentication approaches to perform the requests. -
resource
is the name for the client that you created. -
credential name
is the secret key for the client you created. You can find the key in the Credentials tab on the Clients page of the RH-SSO Admin Console. principal-attribute
is the login name of the user. If you do not provide this value, your User Id is displayed in the application instead of your user name.注記The RH-SSO server converts the user names to lower case. Therefore, after integration with RH-SSO, your user name will appear in lower case in Red Hat Decision Manager. If you have user names in upper case hard coded in business processes, the application might not be able to identify the upper case user.
-
Navigate to
EAP_HOME/bin/
and enter the following command to start the Red Hat JBoss EAP server:./standalone.sh -c standalone-full.xml
You can also configure the RH-SSO adapter for Business Central by updating your application’s WAR file to use the RH-SSO security subsystem. However, Red Hat recommends that you configure the adapter through the RH-SSO subsystem. Doing this updates the Red Hat JBoss EAP configuration instead of applying the configuration on each WAR file.