Evolvis-auth-cis is an authentication system for the apache continuum. It is made to manage usermanagement and authorisation for users and projects, which are managed in a Gforge-system. Evolvis-auth-cis uses the Gforge-Ws-API to get the data it needs. It is an implementation of the plexus-redback security-system (Usermanager and RBACManager).
To install evolvis-auth-cis you have to install continuum first (version 1.1), which you can download here. After that you have to start it. When it is successfully started you can stop it.
Then you can move the evolvis-auth-cis into the continuum-lib-directory ($continuum_home/apps/continuum/webapp/WEB-INF/lib/). You have to install the evolvis-ws-api artifact with all dependencies into the continuum-lib-directory, too.
After that you have to change the component.xml files. This files are found in the adequate jar-files of the redback libraries (META-INF/plexus/components.xml). At the moment you have to change if for the libs redback-system and redback-authorization-rbac. You have to change the requirements for usermanager (<role>org.codehaus.plexus.redback.users.UserManager</role>) and rbacmanager (<role>org.codehaus.plexus.redback.rbac.RBACManager</role>) to role-hint gforge. After that you have to change the components.xml of continuum ($continuum_home/apps/continuum/webapp/WEB-INF/classes/META-INF/plexus/components.xml), too.
Finally you need to create the config file for gforge-config ($continuum_home/conf/geforge.cnf) and edit it.
Note: You might have to increase the php memsize limit on the webserver running the evolvis soap service. If the memsize limit is to low, php will fail and stop sending SOAP-Responses.
same as continuum 1.1 .
You need to disable email verification (or all Gforge Users are considered invalid) - update the security policy file ($continuum_home/conf/security.properties )
or create a new one, if none exists. Add the setting
TODO: is their a way to make contiuum belive the Gforge Users are mail validated?
Note: To configure an outgoing smtp server for notifactions, you need to edit the context-configuration (in $tomcat-dir/conf/Catalina/localhost/lds-continuum.xml).
You can set different attributes for the Evolvis-auth-cis in the configfile gforge.cnf. The following attributes can be set:
GFUrl -> The url to the GForge, which is used for user-authentication
user -> The user which is used to use the GForge-Web-Services
pwd -> The password of the GForge-user
admins -> A list of GForge-users, which are admins. The values of this attribute is seperated by ,
The following example shows a possible gforge.cnf:
user=bla pwd=blub admins=bla,blub GFUrl=http://example.com/soap/index.php
Note: Starting from version 0.0.5 you can get ev-auth-cis to read the config as a resource (aka from the war file). Make sure, you do not set PLEXUS_HOME in either the unix env. or as a system property. If you do so, ev-auth-cis will try to read the config by fetching the resource "/gforge.cnf". This might be usefull if you are trying to deploy more than one continuum into a single app-server.
user-rights in continuum
After the successfully installation of Evolvis-auth-cis you can login on continuum with your GForge-user-data. If you are admin user you have the rights to see any project-group and can also create new project-groups. All other users have the permissions of the gforge. They can do anything on the project-groups on which tey are assigned in GForge.
Attention: The project-groups in continuum must have the same name as the projectname in GForge.