AnsweredAssumed Answered

explorer and SSO + custom role provider

Question asked by heymjo on Feb 23, 2011
Latest reply on Feb 25, 2011 by tombaeyens

I am looking to integrate the process explorer into our current infrastructure. We have a company-wide SSO based on CAS for authentication and an authorization webservice that must be used to return the user's current roles for an application.

In term of process explorer flexibility i was wondering if the following is achievable:

1) no longer use the rest api for user login but assume that by the time the user reaches the web interface he will have already been logged in by the sso
2) similarly, all user roles and groups should not be retrieved through the rest api but fetched through our webservice
3) process explorer uses rest api for all process interaction IIUC. Can it be modified to not do this and just do direct database interaction via a configured process engine via a datasource ? This would remove the need for implementing system-to-system authentication on the process explorer for the rest access, something which is possible in our SSO but quite heavyweight (involves SSL, proxy granting tickets etc).

Also i was wondering what the strategy is of the REST api in general ? Is it going to play more and more a pivotal role for all activiti solutions and will it become mandatory at some point or will you always consider it to be optional for using the activiti webapps ?

Thanks for any insights !