Overview
Eclipse Dirigible is an
open-source cloud development platform that provides capabilities for
end-to-end development processes from
database modeling and management, through
RESTful services using server-side JavaScript, to pattern-based
user interface generation, role-based security,
external services integration, testing, debugging,
operations and monitoring.
Some of the unique features include:
The platform aims to unify open-source business services by providing software developers with a convenient set of tools for building, running, and operating business applications in the Cloud. Dirigible is also part of the
Eclipse Cloud Development top-level project.
Setup
Starting with
Eclipse Dirigible 5.0, there are built-in integrations with the
SAP Cloud Platform Cloud Foundry and
Kyma environments. Beyond the most basic configuration with the default Identity Provider, there are plenty of use cases where integration with the
SAP Identity and Authentication Service is needed.
In this tutorial I'm going to assume that that you have access to your own
SAP Identity and Authentication Service tenant and you've already deployed
Eclipse Dirigible either in the
SAP Cloud Platform Cloud Foundry or
Kyma environments:
First let's access the Identity and Authentication Service tenant:
(Identity and Authentication Service)
The first part of the integration is to create an
Application in the Identity and Authentication Service tenant:
- Go to Applications & Resources -> Applications.
- Click on the Add button.
- Set an application name (e.g. demo-application) and click Save.
After the new application is created, then it should be configured:
- Open the Assertion Attributes:
- This configuration is related to the assertion attributes that will be send back to the application after successful SAML authentication. The most common use case is to send the assigned User Groups as part of the SAML response, so Role Base Access Control could be implied based on the groups assertion attribute.
- Click on the Add button.
- From the list of assertion attributes, select the Groups option.
- Save the changes
The next step is to setup a trust configuration between the SAP Cloud Platform and the SAP Identity and Authentication Service. To do so, the SAML 2.0 metadata configurations should be exchanged:
- From the Identity and Authentication Service tenant, navigate to Applications & Resources -> Tenant Settings.
- Go to the SAML 2.0 Configuration.
- Click on the Download Metadata File button:
- SAML2.0 metadata file (metadata.xml) should be downloaded.
- Navigate to the SAP Cloud Platform Cockpit and to the subaccount where the trust configuration will be done.
- Go to Security -> Trust Configuration.
- Click on the New Trust Configuration button.
- In the Trust Configuration dialog, upload the metadata.xml file that was downloaded from the Identity and Authentication Service tenant:
- After the new trust configuration is created, click on the SAML Metadata button to download the SAML metadata for the SAP Cloud Platform subaccount, that is being configured:
- SAML metadata file (saml-xxxxxx-sp.xml) should be downloaded.
- Switch back to the Identity and Authentication Service tenant.
- Go to Applications & Resources -> Applications.
- Select your application (e.g. demo-application).
- Open the SAML 2.0 Configuration.
- Upload the SAML metadata file (saml-xxxxxx-sp.xml), that was downloaded from the SAP Cloud Platform Cockpit:
- Save the changes.
With this, the trust exchange between the SAP Cloud Platform and the SAP Identity and Authentication Service is done. Now let's create few
Users and
User Groups in the Identity and Authentication Service:
- Go to Users & Authorizations -> User Management.
- Click on the Add button and create few users.
- This step is optional, as you can also use in the next steps the user that's been used so far to access the Identity and Authentication Service (e.g. P000000).
- Go to Users & Authorizations -> User Groups.
- Click on the Add and create the Developers user group:
- Go back to the User Management section.
- Select the user that you want to made changes to (e.g. P000000).
- Go to the User Groups tab.
- Assign the Developers user group to the user:
Last, but not least mapping based on the assertion attributes
(groups) should be done in the
SAP Cloud Platform:
- Navigate from the SAP Cloud Platform Cockpit to the subaccount, that was used previously.
- Go to Security -> Trust Configuration.
- Select the trust configuration that was previously created (e.g. ias-demo).
- Go to the Role Collection Mapping section.
- Click on the New Role Collection Mapping button.
- Enter the following properties:
- Role Collection: <the-target-role-collection> (e.g. dirigible)
- Attribute: groups
- Value: Developers
The Rolle Collection Mapping steps, should be repeated as many times, as User Groups and Role Collections are expected in the application.
When accessing the deployed application (e.g. Eclipse Dirigible), you'll notice that there is second log in option (e.g. ias-demo), click on it, to trigger the authentication flow via the SAP Identity and Authentication Service:
After login, you should be able to access Dirigible and create "hello world" project, meaning that the Assertion Attributes to Role Collection Mapping was successful:
From the Trust Configuration section the default sap.default trust configuration could be disabled, so that the SAP Identity and Authentication Service tenant is used by default.
Notes
Next, you can visit the
Samples section to master some of the basic Eclipse Dirigible functionalities, explore the
Enterprise JavaScript APIs, check out the
YouTube channel for video content, or simply visit the
official site for news and updates.