Bamboo's centrally-hosted services include an IAM (Identity and Access Management) suite, Collection Interoperability Hub, and proxy services to remotely-hosted tools for scholarship. This set of services runs on FUSE ESB, an enterprise distribution of Apache's open-source ServiceMix (acquired in 2012 by RedHat). A number of additional, open-source technologies are required to support these services, including Apache Web Server (httpd), and Grouper.
Information on the centrally-hosted services' architectural overview; a service developer "workbench" environment in which to extend or develop services; sys admin documentation for deployment of additional technologies in support of services; and the services' API are organized in this section of the Bamboo documentation, as follows:
- Overview: Architectural Overview of the Bamboo Services Platform
- Service Developer Workbench: Developer Workbench Environment for BSP Service Developers
- Additional technology installation instructions: see table, below
- Service APIs: Service APIs - Centrally-Hosted Bamboo Services
- Other service APIs: Service APIs - Other Services
Installing and Configuring technology components
| Technology Component(s) | Documentation Link(s) | Notes |
|---|---|---|
| Developer toolkit | Developer Workbench Environment for BSP Service Developers | Java, Maven, Eclipse and IDE plugins, required filesystem directories, required environment variables |
| FUSE ESB | Developer Workbench Environment for BSP Service Developers | Core element of Bamboo Services Platform (BSP, the deployment container for centrally-hosted services whose APIs are linked from Service APIs - Centrally-Hosted Bamboo Services) |
| PostgreSQL database | Developer Workbench Environment for BSP Service Developers | Relational database providing persistence for BSP-deployed services |
| Core BSP-deployed services | Developer Workbench Environment for BSP Service Developers | Core services, including those that support IAM |
| Apache Web Server (httpd) | Configure Apache Web Server for Client Auth | httpd supports client auth (authenticating trusted client applications), as well as proxy-forwarding over AJP of BSP services |
| Grouper | Grouper Install - Configure - Populate | Grouper provides persistence for the "Application Catalog" (known/trusted client applications in the Bamboo Trust Federation); as well as for user-created and -managed groups |
| Application Catalog data | Maintaining Application Catalog Data for Trusted Clients | For an application to be trusted (a key element of gaining permission to invoke services protected by policies that restrict access), Application Catalog data must be maintained. |
| Trust Federation metadata | Maintaining SAML Metadata that establishes a Trust Federation | Identity providers and service providers trusted within the Bamboo Trust Federation must be identified with SAML metadata. |
| Social/SAML Gateway | Social/SAML Gateway to enable social media identity provision | A Social/SAML gateway must be a part of the Authentication 'machinery' if social media Identity Providers (e.g., Google) are to be used for user logins. |
| Clients |
| When policies in effect restrict access to anonymous users or anonymous applications, only "Trusted Applications" can succeed in invoking the affected services. Only "Trusted Applications" can assert the identity of a user to BSP-deployed services (anonymous client apps imply anonymous users).
|