Skip navigation
All Places > Alfresco Process Services & Activiti (BPM) > Blog > 2018 > June
2018

Last week we made considerable progress on moving forward on the new API implementation in our core services. @erdemedeirosgot the Runtime Bundle and Query Service implementation updated and I took the lead on Audit. Now our core services should use the same data types such as ProcessInstance, Task and Variables. Our Services APIs are now in charge of receiving data in a standard format (CloudRuntimeEvent) and returning data in structures that will wrap the previously mentioned types. Our Service API layer is now in charge of transforming these “standard” types into whatever model that they need for storage, decoupling the APIs from the underlying technology used to store and retrieve data.

 

@igdianovworking on Jenkins X set up for custom example.

@daisuke-yoshimotoworked on creating examples and acceptance tests about BPMN Cloud Signals.

https://github.com/Activiti/activiti-cloud-examples/tree/feature/daisuke-1687-signal-cloud

https://github.com/Activiti/example-runtime-bundle/tree/feature/daisuke-1687-signal-cloud

https://github.com/Activiti/activiti-cloud-acceptance-tests/pull/16

@ryandawsonukcontinued working on porting the quickstart example for Jenkins-X, adding acceptance testsand beginning integration of spring cloud gateway, including submitting a PR for spring cloud gateway to support x-forwarded-prefix

@erdemedeiroscompleted work on integrating the new Java API to query service, which is no longer depending on activiti-engine for events reception.

@salaboyworking on the new API and updating Audit Service to use it internally.

This week we will be moving forward our acceptance tests to use the new APIs and make sure that we can easily run them inside our Jenkins X pipelines.

Get in touch if you want to contribute: https://gitter.im/Activiti/Activiti7

We are looking forward to mentor people on the technologies that we are using to submit their first Pull Request

Wow 50 weeks of heavy work! Last week we (the Activiti Team) presented in JDK.IOand JBCNConf. You can find the slides and the workshop instructions here:

We moved forward the Quickstart clean up and refactoring plus we made huge progress on the API side.

 

@MiguelRuizDevcontinued working with Docker and Docker Compose in order to deploy the Task Manager Service and its dependent components (Database and UI) into different containers.

@daisuke-yoshimotoworked for investigating and fixingabout the issue #1902on this week. He will return to creating examples and acceptance tests about BPMN Cloud Signals from next week

https://github.com/Activiti/activiti-cloud-examples/tree/feature/daisuke-1687-signal-cloud

https://github.com/Activiti/example-runtime-bundle/tree/feature/daisuke-1687-signal-cloud

@constantin-ciobotaruworked for export models as xml/json files endpoints

@ryandawsonukpresented with @erdemedeirosat JDK.IO. Contributed to keycloak helm chart with options to load realm with start argumentand run kcadm scripts. Worked on porting quickstart exampleto deploy on Jenkins-X using keycloak chart (and other charts).

@erdemedeirospresented and attended to JDK.IOconference with @ryandawsonuk; Reorganized the new Java API Maven modules to be able to add dependency to the model only (without the dependency to the activiti-engine).

@salaboydid a workshop at JBCNConf about Activiti Cloud, Spring Cloud and Kubernetes. We used Jenkins X to deploy services, configure environments and understand how all the pieces work together.

This week we will finish the API work plus the migration of the Quickstart to use Jenkins X conventions for creating Docker images and HELM charts for deployments. We are getting really excited with the progress that we are making so keep an eye on the gitter channel for more updates about our first Beta release. 

Get in touch if you want to contribute: https://gitter.im/Activiti/Activiti7

We are looking forward to mentor people on the technologies that we are using to submit their first Pull Request ;)

I recently wrote this blog post https://www.ziaconsulting.com/developer-help/using-docker-alfresco-process-services/  that gives instructions for getting started with Alfresco Process Services (APS) using docker. It includes additional details beyond what can be found in the APS docs and provides more of a step by step guide for starting out.

On behalf of the team, I am pleased to announce that Alfresco Process Services 1.9 has been released and is available now. This release includes new features, improvements as well as important bug fixes. Here are a few notable highlights:

New modern authentication option

Challenges

Authentication plays an important role in improving user experiences and adhering to your organization’s security standards. Alfresco Process Services (APS) and other parts of Alfresco’s platform, including Alfresco’s Application Development Framework (ADF) and Alfresco Content Services (ACS), have extension points for customizing such authentication needs. Yet, until now, these authentication experiences were unique amongst platform components—including the authentication extensibility model, implementation, and supported authentication standards.

 

Alfresco now introduces the new Alfresco Identity Service Architecture, an optional solution for customers requiring more advanced authentication services. This architecture features:

  1. Modern and unified open standards for authentication amongst APS, ADF, and ACS via OpenID Connect authentication.
  2. Alfresco Identity Service for brokering authentication to your Identity Provider (IdP) and authentication protocols such as SAML or OAuth2.

 

Conceptually, this new architecture looks like the following:

diagram

 

 

Practically, this functionality is available on a limited availability basis for APS 1.9 (and other compatible Alfresco releases) as the Alfresco Identity Service is not Generally available at the time of this writing. Customers motivated to the benefits of this new architecture can leverage the technology Keycloak, an open source project freely available under an Apache 2 license, as a stand-in until the Alfresco Identity Service is available as illustrated below:

diag2

 

 

Note, Alfresco or Partner assistance for configuring Keycloak in your environment is available as a separate service contract. This is only needed until the Alfresco Identity Service is generally available. Customers using existing APS authentication mechanism can continue doing so without change.

Benefits

This new option:

  1. Simplifies interactions with your identity provider (IdP) by centralizing configuration across Alfresco components including integration across solutions using ADF, APS, and ACS. This includes all ADF-based applications such as the Content App and Process Workspace.
  2. Allows you to leverage a wide array of authentication protocols including SAML, OAuth 2.0, OpenID Connect, and Kerberos as well as user federation with common user databases such as LDAP and Active Directory.
  3. Customers can now configure oAuth2 and leverage the Activiti-Admin console with this new solution by setting up a subset of local users in keycloak for basic authentication. (Previously, the Activiti-Admin could only be used if Activit-App was configured for Basic Authentication, not using OAuth2 or Kerberos. This new architecture removes this restriction whilst adding more authentication protocols.)  

Configuration

A basic example to get going is to ensure the configuration file activiti-identity-service.properties in your classpath, usually in .../tomcat/webapps/activiti-app/WEB-INF/classes/META-INF/.

 

Step 1

Make sure the “keycloak.enabled” stanza is true.

Step 2

Then match name in the properties file with your realm name.

Step 3

Similarly, your properties file resource matches your client.

Step 4

And, the valid URL needs to match the your Activiti-App host name.

Step 5

Lastly, ensure that your users exist in Keycloak (for authentication) and in APS (for authorization). Important: the email must match.

 

Once you restart Alfresco Process Services, the configuration will now redirect your authentication to the Alfresco Identity Service Architecture as in steps A, B, and C below:

While this is a simple example, additional configuration can be done for the following use cases:

  1. Configure the Alfresco Process Workspace to use the Alfresco identity Service Architecture. This can also be done for your own ADF application. This is the preferred interface for end-user applications.
  2. Allow the Alfresco Identity Service Architecture to authenticate with your own IdP for SAML or OAuth2
  3. Automatically sync users to the Alfresco Identity Service / Keycloak
    (note: this is needed for authentication and the traditional user sync of APS is still required for authorization)
  4. Configure the APS Admin Console (activiti-admin) to operate when the activiti-app is configured for a non-basic auth protocol (a feature not available prior to the Alfresco Identity Service Architecture)

 

Check Ciju Joseph recent blog post about implementing a strong two-factor hardware-based authentication. He used a smart card that supports Personal Identity Verification (PIV) authentication (FIPS 201, a US government standard). 

 

 

Process Workspace released independently

The Process Workspace is a new ADF-based user interface for end users to view, act and collaborate on tasks and processes. From Alfresco Process Services 1.9, Process Workspace is no longer shipped with APS but packaged as a separate distribution, giving customers the flexibility to update their environment each time there is a new release. The release cadence will follow ADF releases to keep pace and sync with its innovation cycle. Process Workspace 1.2.0 (based on ADF 2.4.0) was released July 2nd. It includes:

  • ADF 2.4 Upgrade
  • configurable landing page
  • UX Improvements
  • source code and .war file
  • bug fixes

 

Please check the following documentation for installation instructions: Installing Alfresco Process Services Workspace | Alfresco Documentation.

 

Dist folder (distribution) in Process Workspace package (.zip)

Advanced documentation generation

It is now possible to use advanced constructs to generate richer documents including information from multiple data sources such as external databases, REST endpoints, JSON objects, etc. The graphical user interface for the generate document task now includes 2 new properties:

  • additional data source names, a comma-separated list of data sources the document will use as the source of the expressions.
  • and additional data source expressions, a comma-separated list of expressions to be included in the document.

 

This makes it possible to collect data from multiple data sources including external sources that will enrich the generated documents. As an example, here is how to collect data from process variables and two custom services. The example is a simple booking app (Github repo link) which allows a user to specify a city to visit and at the end generates a document confirming the booking. The document should contain information about the booking and some extra information such as the weather and recommended places to visit.

 

Weather and recommendations information are retrieved from custom services WeatherService and RecommendationService.

 

 

Multiple data sources can be specified in the additional data source expressions

Additional data source names (weather and recommendations) can then be used to in the document template to display information.

The final generated document will look as follows.

New iOS mobile app version

A new version 1.1 of the Alfresco Process Service iOS app is available on the App Store. It adds offline capabilities and compatibility with iPhone X. Here are the detailed highlights for this update:

  • Access your task lists, downloaded files, and forms without network connectivity
  • Fill out task form and save progress for later even when you are offline
  • iPhone X compatibility
  • Date & time form field support
  • Attachment thumbnail
  • Additional enhancements and fixes

The updated app requires iOS 10 or higher and connects to Alfresco Process Services 1.7 or higher.

 

Sub-groups in task assignments

In Alfresco Process Services 1.9, if you select a candidate group or if you add a group of involved people for a user task it now includes all the users part of any sub-groups existing under the selected parent group. As an example, if you have the following group hierarchy:

  • TopGroup (user1)
    • SubGroupA (user2)
      • SubGroupA1 (user3)

 

If you select the group TopGroup as candidate group for the user task A, all 3 users (user1, user2 and user3) will see the task A in their task queue. The same behavior applies for involved groups on user tasks.

 

Next steps

If you are interested in trying out this new Process Services version, register for a free enterprise trial here. Check out the Alfresco documentation for detailed product instructions. 

Hi everyone! Yesterday we did a workshop at @JBCNConf about using Spring Cloud, Spring Cloud Kubernetes, Jenkins X and Activiti Cloud. 

It was the first time that we did a full 2hs session to deploying a set of services which implement the Activiti Cloud BluePrint. Notice that this was not a simple "hello world" exercise. We deployed 7 backend services (forking and cloning 7 repositories from github), a Front End application and we configured Jenkins X, Nexus and a Kubernetes Cluster in GKE. This can be done in 2hs if you have some Kubernetes experience, but the main focus was to help people to go through the journey and getting their hands dirty by solving issues and problems that might appear. 

Introductory slides here:

 

Cloud Native Java in Kubernetes 

 

You can find a brief description of the scenario that we are implementing here:

https://github.com/Activiti/ttc-docs/blob/develop/scenario.md

The good thing, is that you can do the workshop from the comfort of your home following the instructions provided here:

https://github.com/Activiti/ttc-docs/blob/develop/workshop.md

During the workshop you will learn about:

  • Activiti Cloud
  • Spring Cloud
  • Spring Cloud in Kubernetes
    • Configuration
    • Discovery
    • Client Side Load Balancing
  • Kubernetes Deployments
  • Jenkins X

If you are interested in having a webinar or a virtual session with this content drop us a message, and we will happy coordinate a session.

Last week we made some huge progress on the new Java Runtime APIs and refinements in our building blocks to make sure that applications can be built without the need of heavy customization and tuning. The Trending Topics Blueprint is being simplified and cleaned up to make sure we reduce the clutter required by developers when domain specific extensions.

 

@MiguelRuizDevstarted to work with Docker, connecting the Task Manager Service to a Postgresql database running in a Docker container.

@daisuke-yoshimotois working on creating examples and acceptance tests about BPMN Cloud Signals.

https://github.com/Activiti/activiti-cloud-examples/tree/feature/daisuke-1687-signal-cloud

https://github.com/Activiti/example-runtime-bundle/tree/feature/daisuke-1687-signal-cloud

Also, he is working on Investigating about the issue #1902.

@constantin-ciobotaruworked for import application from zip files to support application distribution and release

@ryandawsonukStarted work on finding the best configuration for a runtime bundle to work with rabbit and keycloak in Jenkins-X. Then paused that to prepare the presentation for next week’s JDK.IOconference.

@erdemedeirosWorked on events that are send by the runtime bundle to audit and query services so that they use the new Java API(work in progress). Same for the reception of events at the query side (work in progress). Prepared the presentation for next week’s JDK.IOconference.

@salaboyworked on the TTC BluePrint to optimize the usage of building blocks. Now the blueprint is using Spring Cloud Kubernetes Config and the new Spring Cloud Gateway with Spring Cloud Kubernetes Discovery.

 

This week, we will be presenting at JDK.IOand JBCNconf. But feel free to ping us in Gitter, we should be around finishing up the pending topics for our Beta1 release.

Get in touch if you want to contribute: https://gitter.im/Activiti/Activiti7

We are looking forward to mentor people on the technologies that we are using to submit their first Pull Request ;)

Last week we merged into our Incubator repositorythe first and initial version of our standalone Task Service created by @MiguelRuizDev. Miguel is working on in this service while he is doing his internship here @Alfresco. We will iterate this service until we can merge it back and make it one of our core components. He is also working on an Angular Application to serve as the front end for this service, and it is a great opportunity for other community members to join us to improve this, still simple, service. The rest of the team is focused on shaping up the final bits of the Beta1 Release, where the two main areas of work are around: BPMN Cloud Signals and our new Runtime Java APIs.

 

@MiguelRuizDevworked in the Task Manager UI, crafting a custom DataSource to populate the DataTable Angular Component, and improving the domain model in order for it to handle a richer server response, including links and pagination provided by the HAL format.

@daisuke-yoshimotomade a lot of progress on https://github.com/Activiti/activiti-cloud-runtime-bundle-service/pull/38BPMN Cloud Signals

@constantin-ciobotaruworked for import/export applications/models endpoints

@pancudaniel7Raised an issue regarding the action to delete application.properties from starter projects

@lucianopreaworked on some helm charts

@ryandawsonukWas on holiday then set up an AWS cluster for Jenkins-X that uses dns.

@erdemedeirosWorked on events that are send by the runtime bundle to audit and query services so that they use the new Java API (work in progress).

@salaboyworking on improving the TTC BluePrint to work with Spring Cloud Kubernetes and the new Spring Cloud Gateway.

 

Next week, the Activiti Team will be presenting at two different conferences:

 

Get in touch if you want to contribute: https://gitter.im/Activiti/Activiti7

We are looking forward to mentor people on the technologies that we are using to submit their first Pull Request ;)