Zum Hauptinhalt gehen

FAS 22.3.0 Upgrade Notes

Ernst Vorndran
  • Aktualisiert

    Introduction

    FAS 22.3 is compatible with the previous release.

    Single Sign On authentication (Closed Beta)

    Single Sign On (SSO) is implemented for authentication in Merchandising Studio. The
    feature is behind a feature toggle in system.xml, which is disabled by default. When enabled, the Merchandising Studio will expect a JWT token in each request and, after verification, will extract the authenticated user from it.

    To enable in the system.xml file, under the node com/frehopper/features add the following:

    <node name="sso">
        <map>
            <!--
            Enable SSO for Merchandising Studio
            -->
            <entry key="sso-enabled" value="true" />
            <!--
            The path to redirect upon logout from Merchandising Studio
            -->
            <entry key="sso-logout-path" value="/logout" />
            <!--
            The keycloak jwt token issuer url, that needs to be verified in the 'iss' property of the JWT tokens
            -->
            <entry key="issuer-url" value="" />
            <!--
            The name of the header holding the SSO JWT token
            -->
            <entry key="jwt-header-name" value="x-access-token" />
            <!--
            JWT token email claim
            -->
            <entry key="jwt-email-claim" value="email" />
            <!--
            JWT token username claim
            -->
            <entry key="jwt-username-claim" value="preferred_username" />
            <!--
            JWT token given name claim
            -->
            <entry key="jwt-given-name-claim" value="given_name" />
            <!--
            JWT token family name claim
            -->
            <entry key="jwt-family-name-claim" value="family_name" />
            <!--
            JWT token authorized party claim
            -->
            <entry key="jwt-authorized-party-claim" value="azp" />
            <!--
            JWT token email verified claim
            -->
            <entry key="jwt-email-verified-claim" value="email_verified" />
            <!--
            JWT token expected authorized party. If empty it will not be checked when validating the JWT token
            -->
            <entry key="expected-authorized-party" value="kong" />
            <!--
            Should we ignore email verified when validating the JWT token
            -->
            <entry key="ignore-email-verified" value="false" />
            <!--
            Should we ignore "iat" property when validating the JWT token
            -->
            <entry key="ignore-issued-at" value="false" />
            <!--
            Attraqt user role name (it will have all privileges)
            -->
            <entry key="attraqt-user-role-name" value="FredhopperCustomerSupport" />
            </map>
        </node>

    Migration

    Migrating from FAS 22.2 to 22.3.0 requires no specific migration steps. If SSO is required, check the description above for configuration.

     

    Verwandte Beiträge

    Kommentare

    0 Kommentare

    Bitte melden Sie sich an, um einen Kommentar zu hinterlassen.