After the deployment of the Vidispine User Synchronization Service, you need to configure its parameters.

📘 Instructions

  1. Go to Keycloak of the current cluster, find the client for the current flow app client search for its APP ID. Enable the service account for this client and save the changes.

    Enable service account for flow app client in Keycloak

  2. Select the service account tab and assign the following client roles of IAM-API for this flow app.
    groups._groupid.members.get
    groups.name._groupname.get
    groups.name._groupname.members.get

    assign necessary client roles of IAM-API to the flow app client

  3. In the qibb portal, open the Flow Editor for the service and navigate to the Config tab.

  4. In the Config tab, you would see a couple of nodes. These nodes contain configuration parameters for the User Synchronization Service.

  5. Configure all of the parameters in the Config tab

Additional information about the parameters can be found at: https://gitlab.com/techtriq/qibb/services/flow/archive-user-sync

Vidispine’s User Sync Service Flow App Configuration

📘 General Parameters

Parameter

Type

Description

Groupmap

JSON

Maps qibb and Vidispine groups in a dictionary: {"qibb_group": "vidispine_group"}. Example: {"/customer1/admin":"_administrator","/customer1/operator":"normalUser"}

Most of the pre-defined Vidispine groups have an underscore “_” as a prefix

userExcludeList

JSON

A list containing the names of the users that won’t be deleted from Vidispine in case they are not existing in qibb.

userLimit

number

The maximum amount of users that would be created in Vidispine.

allowDeleteUser

boolean

True - would delete users from Vidispine if they are not existing in qibb, excl. the ones defined in userExcludeList
False - would not initiate user deletion in Vidispine

intervalInSeconds

number

The interval in seconds between two consecutive runs of the user synchronization service

Vidispine Starter Edition Users Limit

The Vidispine Starter Edition on which our Storage recipe is based has a limit of 20 users.

📘 Keycloak Parameters

There is no need to configure the Keycloak Parameters, as they are already set as environmental variables on the Kubernetes cluster’s node.

Parameter

Type

Description

keycloak-issuer-url

env variable

$AUTH_URL

keycloak-realm

env variable

$REALM

clientId

env variable

$CLIENT_ID

clientSecret

env variable

$CLIENT_SECRET

📘 Vidispine Parameters

To be able to create users in Vidispine you need to define a user in vidispine with admin rights.

Parameter

Type

Description

vidispine-api-url

string

The Vidispine API endpoint, this can be taken from: https://vidinet.net/dsb/dashboard/

vidispine-username

string

An admin user with rights to create and delete users in Vidispine

vidispine-password

string

The password for the Vidispine admin user

📘 IAM API Address Parameters

Parameter

Type

Description

iam-api-url

string

The Identity and Access Management API’s endpoint

User Sync Service Debugging

I assume as an integrator you have access to Kubernetes.

  • Go to the App Overview page in the qibb platform and copy the APP ID from there. This APP ID would help you to identify the Kubernetes pod. The Kubernetes pod should be of the format qcflow-<APP_ID>-app-dpl-XXXXXXXX-XXXXX.

  • Navigate to the Kubernetes Dashboard, go to Workloads Pods and click on the pod. Once in the pod view, you can click on the View Logs button to display the logs for this particular pod, this is the small button in the upper right corner

    View Logs button

  • Once done with the configuration of the User Sync Service and ready to test the User Sync Service, go to the Flow Editor, press the small square in front the of timestamp (inject) to trigger the users' synchronization.

The service will execute the user sync automatically every intervalInSeconds seconds.

  • Vidispine User Sync Service

  • Check the logs for any errors or warnings.

  • You can also check the users defined in Vidispine with Postman or curl by listing the users: https://apidoc.vidispine.com/latest/ref/user.html#list-all-users using vidispine-api-url as API endpoint, and basic authentication with vidispine-username and vidispine-password.

📋 Related articles