Skip to content

Connect the Web Portal


Introduction

Web Portal allows you to create collections of files to share them with others. These collections are called shares. The creator and owner of a share is the only one that has the ability to edit or delete the share, or to update the list of its files. The owner can also invite other users to it or restrict the access.

Invited users can only view and download the files within the share, without having the ability to edit the shared content.

Shares can't just be created manually but also automatically by a PLOSSYS 4 printer.

Web Portal functionality also includes optional email notifications when a share gets contributed or accessed. These notifications can be disabled on a share-by-share basis. Email integration is optional for the Web Portal. If it isn't configured the Web Portal will not send emails.


Keycloak Configuration

SEAL Keycloak installation comes with a preconfigured client named seal-webportal for SEAL Web Portal. Copy the WEBPORTAL_CLIENT_SECRET from the credentials tab and continue with configuring the Web Portal connector.

If you are using an already existent Keycloak, execute the following steps to add the needed client and obtain the client secret:

  1. Open Keycloak. Create a new client with the following settings:

    • client id: seal-webportal

    • Access-Type: confidential

    • Standard Flow Enabled: OFF

    • Implicit Flow Enabled: OFF

    • Direct Access Grants Enabled: OFF

    • Service Accounts Enabled: ON

    Client Settings for the seal-webportal client in Keycloak

  2. In the Roles tab for the client add a new role with the following values:

    • name: service-account

    • description: Default role for the service user

    Adding role for the seal-webportal client in Keycloak

    Final view of the roles settings for the seal-webportal client in Keycloak

  3. Go to the Service Account Roles tab and add the following Client Roles:

    • seal-webportal > service-account - used by ALLOWED_OIDC_CLIENTS

    • realm-management > view-users - used to convert user emails to keycloak uuids

    View of the service account roles for the seal-webportal client in Keycloak

  4. In the Mappers tab use the Add Builtin button and activate the built-in client roles.

    Adding mappers for the seal-webportal client in Keycloak

  5. Copy the client secret for the seal-webportal client from the credentials tab. You will need it to configure the Web Portal connector next.

    Obtaining the client secret from Keycloak


Configure the Connector

In SEAL Operator, activate the connector and specify the keys for the connection:

  1. Open a Command Prompt or PowerShell.

  2. Export the complete configuration of SEAL Operator from Consul to a YAML file with the following command. So you're making sure the current configuration settings are being used.

    operator config export <filename>.yml --insecure
    
  3. Edit the exported file <filename>.yml.

  4. In the section of the Web Portal (webportal) connector, set cstatus to on.

    operator:
      connectors:
        ...
          webportal:
            cstatus: 'on'
            serviceName: operator-webportal
            url: 'https://localhost:3019'
        ...
    
  5. In the env section, specify the following keys for the operator-webportal service:

    env:
      service:
      ...
        operator-webportal:
          tag:
            any:
              AUTH_PROVIDER: keycloak
              KC_ADMIN_BASE_URL: https://localhost:32769/auth
              KC_ADMIN_TARGET_REALM: SEAL
              LOG_LEVEL: debug
              MONGO_SERVER_URL: mongodb://localhost:27017/operator-webportal
              OPERATOR_SERVER_URL: https://localhost:3008
              STORAGE_SERVICE_NAME: operator-fileupload
              WEBPORTAL_CLIENT_ID: seal-webportal
              WEBPORTAL_CLIENT_SECRET: 1f86ba87-64f2-4c3f-9c92-bbd5befdf6f7
      ...
    

    Literature - keys

    For further information about available keys, refer to the Key Reference.

  6. Save the <filename>.yml file and re-import it to Consul.

    operator config import <filename>.yml --insecure
    

By default, access to shares created is limited to users of the OIDC. If you want to enable the reading access to anyone with the link, execute the following steps.

  1. Open a Command Prompt or PowerShell.

  2. Export the complete configuration of SEAL Operator from Consul to a YAML file with the following command. So you're making sure the current configuration settings are being used.

    operator config export <filename>.yml --insecure
    
  3. Edit the exported file <filename>.yml.

  4. In the env section, specify the following keys for operator-webportal service:

    • ALLOW_SHARED_ENTRIES: Specifies if public Web Portal shares are enabled. Set it to true.

    • UI_BASE_URL: URL of the Web Portal UI. Only necessary if the shareLink placeholder is used in an email template and the automatic detection of this URL is prone to fail (e.g. when shares are created through a batch process).

    env:
      service:
      ...
        operator-webportal:
          tag:
            any:
              ALLOW_SHARED_ENTRIES: true
              UI_BASE_URL: https://myserver.com:3000
      ...
    
  5. In the env section, specify the key PUBLIC_SERVICES for operator-server service. Set its value to 'operator-webportal'. If the key already contains a value, extend it. The key accepts comma-separated string values.

    env:
      service:
      ...
        operator-server:
          tag:
            any:
              PUBLIC_SERVICES: 'operator-webportal'
      ...
    
  6. Save the <filename>.yml file and re-import it to Consul.

    operator config import <filename>.yml --insecure
    

Setup Email Service (Optional)

Web Portal supports email notifications, that get sent through the seal-email-service. Users will get an email when they get access to a new share, or when someone accesses a share that they own.

Notifications can be disabled on a per share basis, via the WebPortal panel inside the Operator UI.

To enable this functionality you need to specify the mail server in the email-service settings:

  1. Open a Command Prompt or PowerShell.

  2. Export the complete configuration of SEAL Operator from Consul to a YAML file with the following command. So you're making sure the current configuration settings are being used.

    operator config export <filename>.yml --insecure
    
  3. Edit the exported file <filename>.yml.

  4. In the env section, specify the following keys for the email-service service:

    env:
      service:
      ...
        email-service:
          tag:
            any:
              EMAIL_FROM: webportal@firma.de
              SMTP_PASSWORD: <smtp_password>
              SMTP_PORT: 25
              SMTP_SERVER: 192.17.17.18
              SMTP_USERNAME: webportal@firma.de
      ...
    
  5. In the env section, specify the following keys for the operator-webportal service:

    • SHARE_ACCESSED_HTML: HTML of the email sent to the owner of a share when it gets accessed by an assigned user for the first time.

    • SHARE_ACCESSED_SUBJECT: Subject of the notification email to be sent when a share gets accessed for the first time by an assigned user.

    • SHARE_ACCESSED_TEXT: Text of the email sent to the owner of a share when it gets accessed by an assigned user for the first time.

    • SHARE_ASSIGNED_HTML: HTML of the notification email sent to the assigned user(s) of a share.

    • SHARE_ASSIGNED_SUBJECT: Subject of the notification sent to the assigned user(s) of a share.

    • SHARE_ASSIGNED_TEXT: Plain text of the notification email sent to the assigned user(s) of a share.

    Hint - usage of placeholders

    The following placeholders are available:

    • {expirationDate}: Expiration date of the share. Only available for SHARE_ASSIGNED_HTML and SHARE_ASSIGNED_TEXT.

    • {shareId}: ID of the share. For the structure of public and private links refer to the examples for SHARE_ASSIGNED_TEXT at the key reference. If both, public and private links to shares should be sent, it is adviced to use the {shareLink} placeholder instead.

    • {shareLink}: Automatically generated link to the share. Depending on whether the share is private or public either a private or a public link will be generated.

    • {shareName}: Name of the share given by the creator of the share.

    • {userName}: Name of the user who accessed the share. For generic type AUTH_PROVIDER the user's name isn't available. The user's email will be inserted instead. Only available for SHARE_ACCESSED_HTML and SHARE_ACCESSED_TEXT.

    env:
      service:
      ...
        operator-webportal:
          tag:
            any:
              SHARE_ASSIGNED_SUBJECT: 'Share assigned'
              SHARE_ASSIGNED_TEXT: 'Hello! You received access to share: "{shareName}". You can access it via this link: {shareLink}.'
              SHARE_ASSIGNED_HTML: '<h1>Hello!</h1> <div><p>You received access to share: <b>{shareName}</b>.</p> <p>You can access it via this link: {shareLink}.</p></div>'
              EMAIL_SERVICE_URL: https://localhost:3030/v1
              SHARE_ACCESSED_SUBJECT: 'Share accessed!'
              SHARE_ACCESSED_TEXT: 'Hello! {userName} accessed the share: "{shareName}". You can access the share via this link: {shareLink}.'
              SHARE_ACCESSED_HTML: '<h1>Hello!</h1> <div><p>{userName} accessed the share: <b>{shareName}</b>.</p> <p>You can access the share via this link: {shareLink}</p></div>'
      ...
    
  6. Save the <filename>.yml file and re-import it to Consul.

    operator config import <filename>.yml --insecure
    

Create Shares

Shares can be created manually in the Web Portal panel of the user interface.

Additionally, in PLOSSYS 4, you can output documents directly to an on-the-fly created Web Portal share.

For detailed instructions, refer to Create Web Portal Shares.


Back to top