This lab demonstrates the International Inc. Locations page using our newly authenticated locations API.
Applications can be built from many technologies. In this case we use a simple web application, but a wide range of Red Hat and non-Red Hat technologies could be used.
OpenShift let you automatically redeploy your changes when you setup a Continuous Integration / Continuous Deployment (CI/CD) pipeline through the use of webhook. For this lab we will trigger the new build and deployment manually through the OpenShift Console.
Go back to your OpenShift web console. Navigate to your project's overview page.
Scroll down and click in the www link in the BUILDS section.
In the build environment variables page, replace the
CHANGE_ME to the one generated from the previous lab.
Click Save button to persist the changes. A green pop up will show you that the changes were saved.
Click the Start Build button to trigger a new build using the new environment variables pointing to your service.
A new build will be triggered. Expand the row by clicking the Builds Icon.
The build process checks out the code from the git repo, runs a source-to-image container image build, and redeploys the container with the new image using a rolling upgrade strategy.
Wait for until the new Build to complete and the rolling upgrade to finish to test your new deployment.
Redirect URLs are a critical part of the OAuth flow. After a user successfully authorizes an application, the authorization server will redirect the user back to the application with either an authorization code or access token in the URL. Because the redirect URL will contain sensitive information, it is critical that the service doesn’t redirect the user to arbitrary locations.
Open a browser window and navigate to your SSO Console. Please check with your instructor for the link. It should be similar to the following. Replace userX with your assigned user and OCP_URL.
Remember to replace the X with your user number.
Log into Red Hat Single Sign On using your designated user and password. Click on Sign In.
Select Clients from the left menu.
3scale, through it's zync component, already synchronized the application information into the Red Hat SSO security realm.
Click on the CLIENT_ID link to view the details.
Remember to select CLIENT_ID with the one you got in the API Security Lab. It will easily identifiable as its and hexadecimal name.
If you do not find the CLIENT_ID, make sure you correctly executed the sync between 3scale and RHSSO in Step 3.12 Lab05
Scroll down, type in and select the following options in the application configuration:
|Standard Flow Enabled||ON|
|Implicit Flow Enabled||OFF|
|Valid Redirect URIs||http://www-userX.apps.[OCP_URL]/*|
Remember to replace the X with your user number.
Finally, click Save button to persist the changes.
International Inc web development create a Node.js application for the company home page. They added a map service to locate the offices around the world. In this step you will deploy that application.
Open a Private Browser tab and navigate to your SSO Location App. Update userX and OCP_URL :
You should now see what the development team created for International Inc. Click LOCATIONS to check the locations page.
You can notice now the Sign In button in the page.
Let's test the integration. Click the Sign In button.
You are being redirected to Red Hat Single Sign On Login Page. Login using the user credentials you created in the API Security Lab. Please check with your instructor if you need credentials.
You will be redirected again to the LOCATIONS page where now you will be able to see the map with the International Inc Offices.
In most cases, the Locations web page will NOT show the locations because of a self-signed certificate issue in your web-browser. See the below example with missing locations:
To resolve this issue in Chrome, navigate to View > Developer > Developer Tools menu. A Developer Tools console should appear.
In the developer console, a red error should appear indicating a cert issue. Click on the link and accept the certificate.
Refresh the page, and the locations should appear.
If you get an "Authentication Parameter is Missing" Error. It's most likely your backend api is not working
Also, make sure to use an Incognito Browser Window or Clear your Browser Cache when viewing the International Sample Application
Also you can try relaxing your browser security settings. In Settings > Advanced > Privacy and Security > Protect you and your device from dangerous sites
Congratulations! You have successfully tested the International Inc. Locations webpage using a full SSO authenticated API.
In total you should now have been able to follow all the steps from designing and API, deploying it's code, issuing keys, connecting OpenID connect and calling it from an application. This gives you a brief overview of the creation and deployment of an API. There are many variations and extensions of these general principles to explore!
This is the last lab of this workshop.