:sparkles: Single Sign On Implemented

SSO now works! Woot!

SSO - Allowed authentication to be accessed via zuul

SSO Enhancements

Moved auth to zuul filter

SSO Enhancements - Added ignoredHeaders in zuul configuration

Misc - Moved client security config to client-sec profile

SSO Enhancements - Moved ldap properties to different profiles.

Misc - Added edge server config, change redis index to 1

SSO Enhancements - Made userSearchBase a list for multiple OU filters

SSO Enhancements - Optimized searching for user in multiple OU

SSO Enhancements - Updated user-search-base

Misc - Fixed rebase conflicts

application-client-sec.yml

@@ -0,0 +1,13 @@
+security:
+  oauth2:
+    client:
+      accessTokenUri: ${security.server.url:http://localhost:8080}/uaa/oauth/access_token
+      userAuthorizationUri: ${security.server.url:http://localhost:8080}/uaa/oauth/authorize
+      clientId: crss
+      clientSecret: crsssecret
+      authorized-grant-types: authorization_code,refresh_token,password
+      scope: openid
+      access-token-validity-seconds: 3600
+    resource:
+      filter-order: 3
+      userInfoUri: ${security.server.url:http://localhost:8080}/uaa/user

application.yml

@@ -24,19 +24,7 @@ spring:
   rabbitmq:
     host: rabbitmq.marathon.l4lb.thisdcos.directory
 
-security:
-  oauth2:
-    client:
-      accessTokenUri: ${crss.security.url}/oauth/access_token
-      userAuthorizationUri: ${crss.security.url}/oauth/authorize
-      clientId: crss
-      clientSecret: crsssecret
-      authorized-grant-types: authorization_code,refresh_token,password
-      scope: openid
-      access-token-validity-seconds: 3600
-    resource:
-      filter-order: 3
-      userInfoUri: ${crss.security.url}/user
+
 
 server:
   undertow:
@@ -61,4 +49,4 @@ graylog:
 
 crss:
   api.gateway: http://crssapplication-main-ui.marathon.l4lb.thisdcos.directory:8080
-  security.url: ${crss.api.gateway}/admin
+  security.url: ${crss.api.gateway}/uaa

crss-admin/crss-admin-embedded-ldap.yml

@@ -6,7 +6,7 @@ crss:
     port: 33389
     root-dn: "dc=wesmsys,dc=local"
     ldif: "classpath:embedded-ldap.ldif"
-    user-search-base: ""
+    user-search-base: MO,MP,SO
     admin-user: "uid=crssadmin,ou=Administrators,dc=wesmsys,dc=local"
     admin-password: "1qaz@WSX"
     username-field: "uid"

crss-admin/crss-admin-ldap.yml

@@ -4,7 +4,7 @@ crss:
     host: "192.168.241.67"
     port: 636
     root-dn: "dc=wesmsys,dc=local"
-    user-search-base: ""
+    user-search-base: MO,MP,SO
     admin-user: "wesmsys\\crssadmin"
     admin-password: "1qaz@WSX"
     username-field: "userPrincipalName"

crss-admin/crss-admin-pemc-uat.yml

@@ -20,7 +20,7 @@ crss:
     host: "10.176.24.26"
     port: 636
     root-dn: "dc=wesmsys,dc=local"
-    user-search-base: ""
+    user-search-base: MO,MP,SO
     admin-user: "wesmsys\\crssadmin"
     admin-password: "123qweASD"
     username-field: "userPrincipalName"

crss-admin/crss-admin-ss-combined.yml

@@ -20,7 +20,7 @@ crss:
     host: "192.168.233.8"
     port: 636
     root-dn: "dc=wesmsys,dc=local"
-    user-search-base: ""
+    user-search-base: MO,MP,SO
     admin-user: "wesmsys\\crssadmin"
     admin-password: "123qweASD"
     username-field: "userPrincipalName"

crss-admin/crss-admin-top.yml

@@ -19,7 +19,7 @@ crss:
     host: "10.176.24.26"
     port: 636
     root-dn: "dc=wesmsys,dc=local"
-    user-search-base: ""
+    user-search-base: MO,MP,SO
     admin-user: "wesmsys\\crssadmin"
     admin-password: "123qweASD"
     username-field: "userPrincipalName"

crss-admin/crss-admin.yml

@@ -1,5 +1,6 @@
 spring:
-  profiles.include: audit
+  profiles.include: audit, client-sec
+
   http:
     multipart:
       maxFileSize: "25Mb"

crss-dataflow-app/application.yml

@@ -1,4 +1,6 @@
 spring:
+  profiles:
+    include: client-sec
   crss-dataflow:
     datasource:
       jdbcUrl: jdbc:postgresql://localhost:5432/crss_dataflow

crss-edge/crss-edge-dev.yml

@@ -0,0 +1,28 @@
+spring:
+admin-service:
+  ribbon:
+    listOfServers: http://localhost:8082
+registration-service:
+  ribbon:
+    listOfServers: http://localhost:8081
+metering-service:
+  ribbon:
+    listOfServers: http://localhost:8084
+scheduler-service:
+  ribbon:
+    listOfServers: http://localhost:8085
+data-extraction-service:
+  ribbon:
+    listOfServers: http://localhost:8086
+settlement-service:
+  ribbon:
+    listOfServers: http://localhost:9093
+crss-meterprocess-app:
+  ribbon:
+    listOfServers: http://localhost:9091
+crss-settlement-app:
+  ribbon:
+    listOfServers: http://localhost:9093
+crss-dataflow-app:
+  ribbon:
+    listOfServers: http://localhost:9092

crss-edge/crss-edge-staging.yml

@@ -0,0 +1,18 @@
+admin-service:
+  ribbon:
+    listOfServers: http://admin:8080
+registration-service:
+  ribbon:
+    listOfServers: http://registration:8080
+metering-service:
+  ribbon:
+    listOfServers: http://metering:8080
+scheduler-service:
+  ribbon:
+    listOfServers: http://scheduler:8080
+data-extraction-service:
+  ribbon:
+    listOfServers: http://data-extraction:8080
+settlement-service:
+  ribbon:
+    listOfServers: http://app.reg.settlement.pemc.com

crss-edge/crss-edge.yml

@@ -0,0 +1,105 @@
+zuul:
+  host.socket-timeout-millis: 30000
+  ignoredServices: '*'
+  sensitiveHeaders: ''
+  ignoredHeaders: Access-Control-Allow-Credentials, Access-Control-Allow-Origin
+  routes:
+    admin:
+      path: /admin/**
+      serviceId: admin-service
+    reg:
+      path: /reg/**
+      serviceId: registration-service
+    metering:
+      path: /metering/**
+      serviceId: metering-service
+    scheduler:
+      path: /sched/**
+      serviceId: scheduler-service
+    data-extraction:
+      path: /data-extraction/**
+      serviceId: data-extraction-service
+    settlement:
+      path: /settlement/**
+      serviceId: settlement-service
+    crss-meterprocess-qatool:
+      path: /qa-tool/**
+      serviceId: crss-meterprocess-qatool
+    crss-meterprocess-app:
+      path: /meter-process/**
+      serviceId: crss-meterprocess-app
+    crss-settlement-app:
+      path: /settlement/**
+      serviceId: crss-settlement-app
+    crss-dataflow-app:
+      path: /data-flow/**
+      serviceId: crss-dataflow-app
+    uaa:
+      path: /uaa/**
+      stripPrefix: false
+      url: http://localhost:9999
+
+admin-service:
+  ribbon:
+    listOfServers: http://crssadmin-service.marathon.l4lb.thisdcos.directory:8080
+registration-service:
+  ribbon:
+    listOfServers: http://crssregistration-service.marathon.l4lb.thisdcos.directory:8080
+metering-service:
+  ribbon:
+    listOfServers: http://crssmetering-service.marathon.l4lb.thisdcos.directory:8080
+scheduler-service:
+  ribbon:
+    listOfServers: http://crssscheduler-service.marathon.l4lb.thisdcos.directory:8080
+data-extraction-service:
+  ribbon:
+    listOfServers: http://crssdata-extraction-service.marathon.l4lb.thisdcos.directory:8080
+crss-meterprocess-app:
+  ribbon:
+    listOfServers: http://crss-meterprocess-app.marathon.l4lb.thisdcos.directory:8081
+crss-settlement-app:
+  ribbon:
+    listOfServers: http://crss-settlement-app.marathon.l4lb.thisdcos.directory:8082
+crss-dataflow-app:
+  ribbon:
+    listOfServers: http://crss-dataflow-app.marathon.l4lb.thisdcos.directory:8082
+
+hystrix:
+  command:
+    default:
+      execution:
+        isolation:
+          thread:
+            timeoutInMilliseconds: 300000
+zuul.host.socket-timeout-millis: 30000
+
+ribbon:
+  ConnectTimeout: 3000
+  ReadTimeout: 60000
+  maxAutoRetries: 1
+  MaxAutoRetriesNextServer: 2
+
+# NOTE: since the server is undertow who serve the static pages, the uploads config must be set here also
+#       if size was modified please update also the registration's application.yml
+spring:
+  profiles:
+    include: client-sec
+  http:
+    multipart:
+      enabled: true
+      maxFileSize: "25Mb"
+      maxRequestSize: "25Mb"
+      fileSizeThreshold: "5Mb"
+      resolveLazily: false
+  resources:
+    chain:
+      gzipped: true
+server:
+  compression:
+    enabled: true
+    min-response-size: 1
+  undertow:
+    direct-buffers: true # Instruct JVM to use native I/O operations on the buffers
+    buffer-size: 16384 # Socket buffer size. Default is 16kb
+    io-threads: 16 # The number of I/O threads created for non-blocking tasks. (#CPU * 2)
+    worker-threads: 128 # CPU * 16

crss-metering/crss-metering.yml

@@ -1,4 +1,6 @@
 spring:
+  profiles:
+    include: client-sec
   http.multipart:
     enabled: true
     maxFileSize: 3MB

crss-meterprocess-app/application.yml

@@ -1,4 +1,6 @@
 spring:
+  profiles:
+    include: client-sec
   crss-main:
     datasource:
       jdbcUrl: jdbc:postgresql://localhost:5432/crss_meterprocess

crss-reg/crss-reg.yml

@@ -1,5 +1,5 @@
 spring:
-  profiles.include: audit
+  profiles.include: audit, client-sec
   jpa:
     properties:
       hibernate:

crss-sched/crss-sched.yml

@@ -0,0 +1,3 @@
+spring:
+  profiles:
+    include: client-sec

crss-settlement-app/application.yml

@@ -1,4 +1,6 @@
 spring:
+  profiles:
+    include: client-sec
   crss-stl:
     datasource:
       jdbcUrl: jdbc:postgresql://localhost:5432/crss_settlement

crss-uaa/crss-uaa-embedded-ldap.yml

@@ -0,0 +1,14 @@
+crss:
+  ldap:
+    embedded: true
+    protocol: LDAP
+    host: "localhost"
+    port: 33389
+    root-dn: "dc=wesmsys,dc=local"
+    ldif: "classpath:embedded-ldap.ldif"
+    user-search-base: MO,MP,SO
+    admin-user: "uid=crssadmin,ou=Administrators,dc=wesmsys,dc=local"
+    admin-password: "1qaz@WSX"
+    username-field: "uid"
+    domain: "wesmsys.local"
+    passwordOpEnabled: false

crss-uaa/crss-uaa-ldap.yml

@@ -0,0 +1,13 @@
+crss:
+  ldap:
+    protocol: LDAPS
+    host: "192.168.241.67"
+    port: 636
+    root-dn: "dc=wesmsys,dc=local"
+    user-search-base: MO,MP,SO
+    admin-user: "wesmsys\\crssadmin"
+    admin-password: "1qaz@WSX"
+    username-field: "userPrincipalName"
+    domain: "wesmsys.local"
+    embedded: false
+    passwordOpEnabled: true

crss-uaa/crss-uaa.yml

@@ -0,0 +1,28 @@
+spring:
+  profiles:
+    include: embedded-ldap
+  datasource:
+    url: jdbc:postgresql://localhost:5432/crss?currentSchema=admin
+    username: crss_admin
+    password: CrssAdmin
+  redis:
+    database: 1
+
+server:
+  port: 9999
+  use-forward-headers: true
+  context-path: /uaa
+
+
+crss:
+  security:
+    oauth2:
+      default-redirect-uri: http://localhost:8087
+      auto-approve: true
+      authorized-grant-types: authorization_code,refresh_token,password
+      access-token-validity-second: 3600
+      registered-redirect-uris: http://localhost:8087,http://localhost:8089
+      client:
+        client-id: crss
+        client-secret: crsssecret
+        scope: openid

crss-ui/crss-ui.yml

@@ -3,7 +3,8 @@ zuul:
   ignoredServices: '*'
   #default is Cookie,Set-Cookie,Authorization.
   #removed Authorization from senstiive headers
-  sensitiveHeaders: 'Cookie,Set-Cookie'
+  sensitiveHeaders: ''
+  ignoredHeaders: Access-Control-Allow-Credentials, Access-Control-Allow-Origin
   routes:
     admin:
       path: /admin/**
@@ -23,6 +24,10 @@ zuul:
     settlement:
       path: /settlement/**
       serviceId: settlement-service
+    uaa:
+      path: /uaa/**
+      stripPrefix: false
+      url: http://localhost:9999
 
 admin-service:
   ribbon:
@@ -61,6 +66,8 @@ ribbon:
 # NOTE: since the server is undertow who serve the static pages, the uploads config must be set here also
 #       if size was modified please update also the registration's application.yml
 spring:
+  profiles:
+    include: client-sec
   http:
     multipart:
       enabled: true

ui-bsmd/application.yml

@@ -8,7 +8,7 @@ endpoints:
 
 zuul:
   ignored-services: '*'
-  sensitiveHeaders: 'Cookie,Set-Cookie'
+  sensitiveHeaders: ''
   routes:
     crss-meterprocess-qatool:
       path: /qa-tool/**
@@ -22,16 +22,16 @@ zuul:
     crss-dataflow-app:
       path: /data-flow/**
       serviceId: crss-dataflow-app
-    admin:
-      path: /admin/**
-      serviceId: crss-admin
     registration:
       path: /registration/**
       serviceId: crss-reg
     crss-audit:
       path: /audit/**
       serviceId: crss-audit
-
+    uaa:
+      path: /uaa/**
+      stripPrefix: false
+      url: http://localhost:9999
 # developers profile
 crss-meterprocess-app:
   ribbon:
@@ -42,9 +42,6 @@ crss-settlement-app:
 crss-dataflow-app:
   ribbon:
     listOfServers: http://localhost:9092
-crss-admin:
-  ribbon:
-    listOfServers: http://localhost:8082
 crss-reg:
   ribbon:
     listOfServers: http://localhost:8081
@@ -71,4 +68,8 @@ hystrix:
             timeoutInMilliseconds: 1440000
 
 security:
-  ignored: /**
+  ignored: /**
+
+spring:
+  profiles:
+    include: client-sec