Single Sign On

Before implementing the plugin make sure that you have setup your environment.

This feature allows you to register your own hook into the Optimize authentication system such that you can integrate Optimize with your single sign on system. This allows you to skip the log in via the Optimize interface.

For that, the Optimize plugin system provides the following interface:

public interface AuthenticationExtractor {

  AuthenticationResult extractAuthenticatedUser(HttpServletRequest servletRequest);
}

Implement this interface to extract your custom auth header from the JAX-RS servlet request, which is represented by servletRequest. With the given request you are able to extract your information both from the request header and from the request cookies.

The following example extracts a header with the name user and if the header exists the user name from the header is authenticated:

package com.example.optimize.security.authentication;

import org.camunda.optimize.plugin.security.authentication.AuthenticationExtractor;
import org.camunda.optimize.plugin.security.authentication.AuthenticationResult;

import javax.servlet.http.HttpServletRequest;

public class AutomaticallySignInUserFromHeaderPlugin implements AuthenticationExtractor {

  @Override
  public AuthenticationResult extractAuthenticatedUser(HttpServletRequest servletRequest) {
    String userToAuthenticate = servletRequest.getHeader("user");
    AuthenticationResult result = new AuthenticationResult();
    result.setAuthenticatedUser(userToAuthenticate);
    result.setAuthenticated(userToAuthenticate != null);
    return result;
  }
}

As for the Variable Import Customization, you have to package your plugin in a jar, add it to the plugin folder and make Optimize find it by adding the following configuration to environment-config.yaml:

plugin:
  authenticationExtractor:
    # Looks in the given base package list for authentication extractor plugins.
    # If empty, the standard Optimize authentication mechanism is used.
    basePackages: ["com.example.optimize.security.authentication"]