Profile picture for user Stephan Freudl

As Marie announced last week - MashZone 2.1 is available now. It comes with a variety of new features. One major aspect of this version was webMethods integration. In this article I am going to describe how to embed MashApps into My webMethods, SAG's portal application framework.

My webMethods server (MWS) provides the user interface for many SAG products, like our all new Business Events offering published at CeBIT 2011. Integrating MashApps into other sites was introduced last year already, however, Single Sign On support was pending.

From now on embedded MashApps might be password protected as well as convenient to use at the same time. This works as you can instruct MashZone 2.1 to trust an authentication entity, MWS in this article. Therefore, once authenticated against MWS you don't need to log into MashZone again to include a password protected app.

The article assumes that both systems are connected to the same central user database, already. And, of course you need a MashApp to include within MWS. The next thing you need to install before configuration begins is the all new MWS visualization portlet. It is part of the SAG installer and configuration should be straight forward.

Now, having both systems up and running there are some values in mashzone.properties to be edited. This configuration file resides in the sub folder system of MashZone's installation directory. By updating five keys you are specifying which entity MashZone is going to trust. As you might recognize the SSO protocol both products rely on is SAML. Each of the five keys start with mashzone.saml.  and the comment nearby suggests proper values already. All you need is host name and port number of MWS. After changing the configuration you need to restart the MashZone server.

In MWS the MashZone portlet can be -- once installed and activated -- promoted to become a workspace tool. This is normally done using the sysadmin account.

The MashZone workspace tool enables you to to populate the canvas of an empty or existing workspace as depicted below.

Please note, the user Administrator is currently authenticated in MWS. This user is eligible to use MashZone, too. Until now the MashZone portlet shows an empty frame, only. Editing its properties enables you to point it to a MashApp's URL.

As soon as you accept the settings the frame loads the MashApp - without any subsequent authentication request. The link to the MashApp can be obtained in MashZone via the Share dialog. It might be useful to remove the MashZone branding while embedding it.

Finally your MWS view looks like this; the MashApp is show without authenticating Administrator again. If somebody invokes the link for the MashApp outside MWS, MashZone asks for user credentials.

by Laurent Bondon
Posted on Mon, 08/22/2011 - 15:57

Hello Stephan,

We are still very interested in having the Single sign on implemented @ Mensura but reading this article does not bring the answer for us.

We are using Mashzone as a independant application (and we do not own ay other SAG product). Is there a way we could implement it please ?

Regards

Laurente

0
by Stephan Freudl Author
Posted on Tue, 08/23/2011 - 09:04

Hello Laurent,

although we designed this feature having My webMethods server in mind it is possible to implement SSO for MashZone even without MWS. With the release of version 2.1 MashZone is able to trust foreign entities. MashZone uses the SAML 1 protocol to validate http-requests.

In the scenario described above MWS handles authentication. In addition, the portlet enhances URL requests (to invoke MashApps) with SAML tokens.

Once MashZone received such an enhanced request it verifies the token at the security provider specified in advance. In case of success MashZone will skip authentication - as it happened already in another application - and shows the MashApp.

The entire scenario requires you to have a central user management, of course. MWS provides two tasks which could be implemented by your portal software, too:

  1. The role of the SAML identity provider which handles authentication and implements the callback to verify SAML tokens.
  2. The ability to emit SAML tokens whenever a URL inside your portal is clicked.

Regards

Stephan

0

Featured achievement

Rookie
Say hello to the ARIS Community! Personalize your community experience by following forums or tags, liking a post or uploading a profile picture.
Recent Unlocks

Leaderboard

|
icon-arrow-down icon-arrow-cerulean-left icon-arrow-cerulean-right icon-arrow-down icon-arrow-left icon-arrow-right icon-arrow icon-back icon-close icon-comments icon-correct-answer icon-tick icon-download icon-facebook icon-flag icon-google-plus icon-hamburger icon-in icon-info icon-instagram icon-login-true icon-login icon-mail-notification icon-mail icon-mortarboard icon-newsletter icon-notification icon-pinterest icon-plus icon-rss icon-search icon-share icon-shield icon-snapchat icon-star icon-tutorials icon-twitter icon-universities icon-videos icon-views icon-whatsapp icon-xing icon-youtube icon-jobs icon-heart icon-heart2 aris-express bpm-glossary help-intro help-design Process_Mining_Icon help-publishing help-administration help-dashboarding help-archive help-risk icon-knowledge icon-question icon-events icon-message icon-more icon-pencil forum-icon icon-lock