Code and Implementations
OAuth 2.0 implementations using Apache Oltu are available at the following repo:
https://github.com/UCLALibrary/jasperserver-oauth-saml
Links below refer to JRS 6.4, if you need it for an older version, go to the root of the repo and find the version you need.
Please note, the 7.5 folder in that same repo only updates the SAML customization.
The current implementation uses the Authorization Grant Code Flow.
OAuth 2.0 Primer
A primer on the OAuth 2.0 specification and Authorization Grant Code Flow is recommended.
Please see the following links for more information:
https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2
http://tutorials.jenkov.com/oauth2/index.html
https://en.wikipedia.org/wiki/OAuth#OAuth_2.0
OAuth External Authentication Setup
Download the pre-compiled binaries located here
https://github.com/UCLALibrary/jasperserver-oauth-saml/tree/master/6.4/oauth/binaries
https://github.com/UCLALibrary/jasperserver-oauth-saml/tree/master/6.4/oauth/binaries/apacheoltu
Copy them to webapps/jasperserver-pro/WEB-INF/lib
Download the applicationContext file for the SSO setup at the following location:
https://github.com/UCLALibrary/jasperserver-oauth-saml/tree/master/6.4/oauth/WEB-INF
Copy the applicationContext file to webapps/jasperserver-pro/WEB-INF
Configure the applicationContext file as follows:
Once you have an Oauth 2.0 authorization server setup you will register Jasperserver as a client and have the following information:
- authorization location (ex: http://myoauthserver:8080/oauth2/authorize)
- client_id (name with which you register jasperserver as a client, ex: jasperserver61)
- client_secret (secret you specify or that gets generated when your register jasperserver as a client with your authorization server)
- token location (endpoint exposed by authorization server for exchanging grant codes for access or refresh tokens ex: http://myoauthserver:8080/oauth2/token)
- redirect url (location that authorization server will redirect back to with a grant code and this will be your jasperserver url plus /oauth on the end ex: http://localhost:8080/jasperserver-pro/oauth)
- scope (optional scope if you defined a scope for client access)
You will need to take these values and configure the following bean in the applicationContext file with them:
<bean id="proxyPreAuthenticatedProcessingFilter" class="com.jaspersoft.jasperserver.ps.OAuth.OAuthPreAuthenticationFilter"> <property name="externalDataSynchronizer" ref="externalDataSynchronizer"/> <property name="authenticationManager" ref="oAuthAuthenticationManager"/> <property name="authenticationFailureUrl"> <value>/oauth</value> </property> <property name="defaultTargetUrl"> <value>/loginsuccess.html</value> </property> <property name="filterProcessesUrl"> <value>/oauth</value> </property> <property name="authorization_location" > <value>http://localhost:8080/oauth2/authorize</value> </property> <property name="client_id" > <value>js61</value> </property> <property name="redirecturl" > <value>http://localhost:8061/jasperserver-pro/oauth</value> </property> <property name="token_location" > <value>http://localhost:8080/oauth2/token</value> </property> <property name="clientsecret" > <value>9700fc55-85fc-4682-807d-a881054fa665</value> </property> <property name="scopes"> <value>uri:JaspersoftReportingServer</value> </property> </bean>
Once you have setup a Resource server that returns user detail information (see section below on response type for this endpoint) and registering it with the authorization server you will have the following:
- user detail location (url to your resource server endpoint for user detail information ex: http://myresourceserver:8080/v1/tokeninfo)
- user detail key (entered or generated when registering the user detail service as a resource server with the authorization server)
- user detail secret (entered or generated when registering the user detail service as a resource server with the authorization server)
You will need to take these values and configure the following bean in the applicationContext file with them:
<bean id="OAuthAccessTokenValidator" class="com.jaspersoft.jasperserver.ps.OAuth.OAuthAccessTokenValidator"> <property name="userdetails_location"> <value>http://localhost:8080/v1/tokeninfo</value> </property> <property name="userdetails_key"> <value>27c88aca-11dc-4022-9753-53f96a1fefc6</value> </property> <property name="userdetails_secret"> <value>0ebdb578-d571-43f0-91f7-ce0e656a35f0</value> </property> </bean>
User Detail Resource Server Service
The current and compiled code expects a JSON response from your user detail information service endpoint on your Resource Server with the following fields:
Mandatory:
- name (username)
Optional:
- organization (id and name of the user's organization--if not present defaults to jasperserver default organization)
- roles (comma separated string of role names)
Possible Customization
If you require a different response type or user detail information parsing from your user detail information service you will need to potentially modify/customize the following classes:
You will then need to add your compiled libraries to WEB-INF/lib and inject your new classes into the bean definitions in the applicationContext file.
Recommended Comments
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now