PRIS Tokens (User Setup in Pitram Portal)

Step 1

In the Pitram Portal, on the Manage Connectors and Applications page, add a new application which we will use to access PRIS via our security tokens.

In the following example, we have added myapp:

Step 2

Go to the Manage Roles page and add a new role for the new application:

Now add actions. Currently, these are "hard-wired" to each of the PRIS base resources:

In the example above, it is possible to mix applications for the role (but we probably shouldn't?)

Step 3

Add users to the role, as per normal.

Step 4 (test)

Test what is returned by the Pitram Portal (Dome). This can be seen using the following test route:

We can see the returned data by using the test route:

http://localhost/prisdev//v1/system/security/authenticateandgetclaims/myappuser/myappuser

In the above example the returned data is:

AuthenticationState: Valid
IsAdministrator: False
nRoleActions:
Id: 30, RoleId: 9, Site: *, Application: myapp, Service: Location, Item: *, Permission: FullAccess (1)
id: 31, RoleId: 9, Site: *, Application: Pitram Connect, Service: Equipment, Item: *, Permission: FullAccess (1)
RoleMineRegions:

Step 5 (test)

Get a token using this new user.

This is a POST request, which means you cannot use a browser, so will therefore need to use a test tool such as Postman to see the following:

We can see the field access_token which contains the encoded claims against that user.

This is now what is passed in the header of all PRIS requests, and is validated against the route.

See Programmers Guide for more information.

You can now use this login in any external PRIS consuming application.

Notes / Shortcomings

• The list of actions in the Pitram Portal is currently hard-wired. It would be preferable, perhaps, to be able to select these, and have the option to add anything, which could then be configured against any PRIS route
• We don't seem to use "application" anywhere in the security configuration