Services
In order to provision user data to services, you can add services to your reg-app installation. To provide data for different services, each service has a configured "register bean". This is a java class which implements a specific interface (edu.kit.scc.webreg.service.reg.RegisterUserWorkflow).
Configuration
| Name | Type | Description |
|---|---|---|
| Name | String | Display name of the service. |
| Short name | String | Short name is used for REST API endpoint |
| Parent service | Reference | A parent service can used in special cases. See below. |
| Approver role | Reference | If the service uses an approval workflow, the approver role must be set here. Which approval workflow is used, will be defined in the approver role. |
| Admin role | Reference | Users in the admin role of a service can see registered users and their status. They can deregister users from the service and trigger the deprovisioned status. |
| Hotline role | Reference | Users in the hotline role can see registered users and their status. |
| Group admin role | Reference | Group admins can edit service local groups. |
| Register bean | String | The classname of the register bean. See below |
| Access rule | Reference | Access rule (package) for this service. See below |
| Mandatory values rule | Reference | If the service needs specific values to function, these values should be specified in a rule. See access rule below |
| Group filter role | Reference | Filter rule for group See below |
| Published | Boolean | If a service is not published, it will be hidden on the services page. It can still be access directly with the correct URL. |
| Image | Reference | Image for the service |
Common Service Properties
| Name | Type | Default | Descrption |
|---|---|---|---|
| attrq_expire_time | Long | 60s | Time in milliseconds, after which user update will be triggered again. |
| delegate_entities | String | If a delegated Login (Assertion is consumed via password) should be allowed, the entityIDs must be specified here (whitespace seperated) | |
| delegate_assertion_timeout | Long | 4h | The time how old the assertion may be, that is used for the delegated login. |
Register Bean
| Class | Groups | Service Password | Description |
|---|---|---|---|
| edu.kit.scc.webreg.service.reg.impl.NullRegisterWorkflowImpl | x | Does nothing, except for logging in the info level | |
| edu.kit.scc.webreg.service.reg.ldap.LdapSimpleRegisterWorkflow | Simple LDAP workflow, without groups and service password | ||
| edu.kit.scc.webreg.service.reg.ldap.LdapSimpleGroupRegisterWorkflow | x | Simple LDAP workflow, without service password, but with groups | |
| edu.kit.scc.webreg.service.reg.ldap.LdapRegisterWorkflow | x | x | Simple LDAP workflow, with groups and service password |
| edu.kit.scc.webreg.service.reg.ldap.ScriptedLdapRegisterWorkflow | x | x | LDAP workflow, which can be customized using Javascript |
| edu.kit.scc.syncshare.reg.PowerFolderRegisterWorkflow | Workflow for Powerfolder up to API version 13 | ||
| edu.kit.scc.syncshare.reg.PFApi14RegisterWorkflow | Workflow for Powerfolder for API version 14 and newer | ||
| edu.kit.scc.cloud.reg.OpenStackRegisterWorkflow | x | Workflow for Openstack. Based on SSH and Python script |
Parent Service
If a parent service is referenced from a service, it will be also registered for a user, if he registeres for a child service. If the user deregisteres from the last child service, which is referenced from a parent, the parent will also be registered.
This feature can be used for a filesystem, that is used by more than one service. The filesystem can have its own LDAP tree, where the users are present once, if they have registered with one or more child services.
Caution: This feature has only been tested and not used in production yet.
Access Rule
Access rules determine, if a user may register or use a service. This rule is checked on registration, user login to reg-app and on a service access, if the REST API is called.
Group Filter Rule
Filters the group list for a specific service. Can be used to provision only the relevat groups for a service.