Knowing how external users are synchronized, the system administrator must initialize JasperReports Server and set the permissions in the repository to provide the desired authorization.
Your deployment procedure must include the following steps:
| 1. | Configure the mapping of usernames, roles, and possibly organization IDs from your external authority into JasperReports Server. The mapping depends on the external authentication mechanism, as described in the chapter for each mechanism. Optionally configure admin users that will be created in every external organization; the sample configuration files create a jasperadmin user by default. |
| 2. | Create test users in the external authority. The test users should be from every organization and have every role that you expect in your production environment. |
| 3. | If you are mapping external users to multiple organizations, log into JasperReports Server as the system administrator and prepare your organization templates and possibly themes for the new organizations. |
| 4. | Log into JasperReports Server as each of the test users. Doing so validates your configuration of the external authentication and mapping beans. When successful, it also creates the external roles and organizations that you need. |
| 5. | Log into JasperReports Server as the system administrator and: |
| a. | Ensure that the mapping and synchronization created the external users, roles, and organizations that you expect. |
| b. | In every organization, change the password of each administrator that was created automatically. |
| 6. | Initialize your repository as follows: |
| a. | If you are using multiple organizations, create additional resources in the repository, such as data sources and shared reports, around the organization folders that were created. |
| b. | Define all of your repository permissions using the external roles that were created. |
The above procedure is necessary because the external roles must exist in the internal database before you can create permissions for them. If you are using organizations, roles must be defined within organizations, so the organizations must exist as well. Optionally, you can use the administrative pages to create all the organizations that your externally authenticated users need. This allows you some additional control over the creation of the organizations, but you must ensure that their IDs match exactly the values and hierarchies that are determined by the mapping.
When your JasperReports Server enters into production, the external user accounts will be populated by the synchronization mechanism as the users log in. When the mapping is correct and consistent, the user population will have the same roles and organizations that exist in your external authority, without having to manually import users or roles into the server. And as role membership is updated in the external authority, external users are automatically synchronized in JasperReports Server.
Recommended Comments
There are no comments to display.