Welcome to the CaPe Suite Installation Manual!
This section provides the description of the installation and administration functionalities. An administrator should be able to install, deploy, perform the sanity checks on the environment.
Get the source code from repository
git clone https://github.com/OPSILab/Cape.git
Install CaPe components
CaPe installation will involve the deployment of different architectural components, each of which can deployed either in a "on premise", "as a service" or mixed approach:
CaPe Suite uses following libraries and frameworks (already included):
|Spring Boot||2.4.5||Apache License 2.0|
|Springdoc Openapi||1.5.8||Apache License 2.0|
|Spring Data||2.4.5||Apache License 2.0|
|Nimbus Jose JWT||8.5||Apache License 2.0|
|Apache Commong Lang 3||3.11||Apache License 2.0|
|JSONSchema2Pojo||1.01||Apache License 2.0|
|Rxjs||6.6.7||Apache License 2.0|
|TypeScript||4.1.5||Apache License 2.0|
|Material-design-icons||3.0.1||Apache License 2.0|
Identity and Access Manager
CaPe must interact with any Identity Manager that supports OpenId Connect authorization framework.
Note. It is recommended to use Keycloak Identity and Access Management, which will be used as reference for the configuration sections of this installation guide.
Cape Dashboards will use the Open Id Connect protocol upon the OAuth2 Authentication workflow (Authorization Code grant), in order to perform User authentication and obtain an Access Token (JWT), which will be used to grant access to Cape APIs. This Access Token will be used by User and Data Controller Dashboards to call the Cape APIs exposed respectively by Cape Server and Cape SDK Client components.
In the same way, an external client application/service that wants to interact with Cape by using the Cape SDK APIs, must perform one of the available OAuth2 flows (Authorization Code, Client Credentials and Password grants) against the Cape Idm (e.g. Keycloak), in order to get an Access Token and then use it in the API requests.
Keycloak Identity Manager installation
In order to get Keycloak ready to be used by Cape, following steps must be performed:
- Install Keycloak, create a
Caperealm and at least one user (see here).
- Register two client applications with
cape-service-sdkand clientId (see here). Be sure to select
publicin the Access Type field.
DATA_SUBJECTrole in the
cape-service-sdkclient. (see here).
DATA_SUBJECTas default role for
DATA_CONTROLLERas default for
cape-service-sdk. (see here) and the image below.
- Create for both clients a Mapper of type User Client Role and set
rolesas Token Claim Name, in order to map client roles to the
rolesfield of the generated Access Token. (see the image below).
Any feedback on this documentation is highly welcome, including bug reports and suggestions. Please send the feedback through GitHub. Thanks!