Security Instructions

Security Instructions

This document describes the security features available in CIB ins7ght.

Application Security

User Authentication

CIB ins7ght does not have user authentication.

The application has no login system, user management, or access control. All REST API endpoints are publicly accessible without authentication.

If access control is required, it must be implemented externally (e.g., through network security, firewalls, VPNs, or reverse proxies).

CIB Seven Connection Authentication

CIB ins7ght authenticates with CIB seven to poll process data. Three authentication methods are available:

Option 1: Basic Authentication

polling:
  engineRestUrl: http://localhost:8080/engine-rest
  auth:
    type: basic
    basic:
      username: ${ENGINE_USERNAME}
      password: ${ENGINE_PASSWORD}

Option 2: WebClient Authentication

polling:
  auth:
    type: webclient
    webclient:
      url: http://localhost:8080/cib-seven-webclient/rest/login
      username: ${WEBCLIENT_USERNAME}
      password: ${WEBCLIENT_PASSWORD}

Option 3: Single Sign-On (SSO)

polling:
  auth:
    type: sso
    sso:
      url: http://localhost:8088/auth/realms/cib/protocol/openid-connect/token
      client-id: ${SSO_CLIENT_ID}
      client-secret: ${SSO_CLIENT_SECRET}
      useWebclient: true
      webclientUrl: http://localhost:8080/cib-seven-webclient/rest/login

Database Security

Credentials

Use environment variables for database credentials:

export DB_USERNAME=your_username
export DB_PASSWORD=your_password
export ENGINE_USERNAME=camunda_user
export ENGINE_PASSWORD=camunda_password
export SSO_CLIENT_SECRET=sso_secret

PostgreSQL Configuration

spring:
  datasource:
    url: jdbc:postgresql://db-host:5432/cibseven-optimize
    username: ${DB_USERNAME}
    password: ${DB_PASSWORD}
    driver-class-name: org.postgresql.Driver

Optional SSL:

spring:
  datasource:
    url: jdbc:postgresql://db-host:5432/cibseven-optimize?ssl=true&sslmode=require

H2 Configuration

spring:
  datasource:
    url: jdbc:h2:file:/ins7ght-h2-dbs/cib_ins7ght_db
    username: sa
    password: ${H2_PASSWORD}
    driver-class-name: org.h2.Driver

Logging

Configure logging in application.yaml:

logging:
  level:
    root: INFO
    de.cib.cibflow.ins7ght: DEBUG
    org.springframework.web: INFO
  file:
    name: /var/log/cib-ins7ght/application.log
    max-size: 100MB
    max-history: 30

Monitor:

  • Polling errors (CIB seven connection failures)
  • Database connection issues
  • Authentication failures (for CIB seven connection)
  • Data import errors

Health Check

Check application status:

curl http://localhost:8899/info

On this Page: