waltz icon indicating copy to clipboard operation
waltz copied to clipboard

Published 20 hours ago verified publisher icon finos

Architecture for SSO into Waltz

Open shaunparsloe opened this issue 2 years ago • 1 comments

Description

Thank you for the Docker Images, it has greatly simplified our Waltz installation here.

Do you have detail of the architecture that you use to deploy Waltz there at DB? We are currently running it on a k8s cluster and have a single shared Postgres DB. I've set it up so that we have anonymous user access for now, but as more of our data feeds start coming online we will need to control the access.

I would like to use SSO as all our users will be logged in using AD and I don't want to have another separate user database.
How do you generate the header params for SSO and ensure that the requests to Waltz have those headers?

shaunparsloe avatar Mar 31 '22 10:03 shaunparsloe

At DB we deploy onto a tomcat pair. Users access the site via apache httpd, which load balances between the pair. DB also provide a drop-in sso jar which ensures a header is set on each requests. This is what we read via the HeaderBasedAuthenticationFilter.

I know NatWest did something different and provided their own Authentication Filter which provided user details. This is generally described in the settings docs and a more complete example of what NatWest has also been written up.

davidwatkins73 avatar Apr 04 '22 08:04 davidwatkins73