Versions Compared

Old Version 1

changes.mady.by.user Potter (Esteban Alvarado)

Saved on

compared with

New Version 2

changes.mady.by.user Potter (Esteban Alvarado)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

On the configuration file you can find the security section, in this section option like the encryptionKey, inactive timeout, roles and authentication can be found:

  • Parameter
    summaryEnables the server authentication, including login page (if need)
    default false
    nameenable
    typeboolean
    requiredtrue
  • Parameter
    summaryDefines the timeout for an inactive session, after the timeout is trigger, the session will expire and the user will need to login again
    default600
    nameinactiveInterval
    typeinteger
    • Every action perform by the user, restarts the timeout
  • Parameter
    summaryLocation of the file holding the encryption key, Saga server provides one by default
    default./bin/saga.ek
    nameencryptionKeyFile
    requiredtrue
    • Warning

      Change the encyptionKeyFile as soon as you start a working on a new project

  • Parameter
    summaryDefault role to be use in the users if no role is provided. At the moment Saga Server has 2 roles admin and editor
    defaultadmin
    namedefaultRole
  • Parameter
    summaryDefines the type of authentication to be use by the server
    defaultconfig
    nametype

    • Additional configuration is required depending on the type of security selected


Saga_json
"security": {
      "enable": true,
      "inactiveInterval": 600,
      "encryptionKeyFile" : "./bin/saga.ek",
      "defaultRole": "admin",

      "type": "<AUTHENTICATION_TYPE>",

.
.
.
}


Saga Server counts with 3 authentication types

  • Config - Uses usernames and passwords defined in the configuration file
  • LDAP - Uses the LDAP protocol to connect to a Directory Server
  • SAML - SSO login method offering more secure authentication. (Currently on development, available Microsoft SSO)

Config

Config authentication is the most basic of all, ideal for demos, but not recommended for production environments, unless in a close environment. This authentication 

Saga_json
"security": {
 	"enable": true,
    "inactiveInterval": 600,
    "encryptionKeyFile" : "./bin/saga.ek",
    "defaultRole": "admin",
    "type": "config",

    "users": [
     	{
         	"username": "admin",
         	"password": "password",
         	"roles": "admin"
        },
        {
         	"username": "user1",
         	"password": "p@ssword",
         	"roles": "editor"
        },
        {...}
        .
        .
        .
 	]
}


LDAP


Saga_json
"security": {
	"enable": true,
 	"inactiveInterval": 600,
    "encryptionKeyFile" : "./bin/saga.ek",
    "defaultRole": "admin",
    "type": "ldap",

    "ldap": {
     	"server": "ldap://localhost:10389",
        "userAccountField": "cn",
        "bindDN": "ou=Users,dc=example,dc=com",
        "idField": "uid",
        "passwordField": "userPassword",
        "attributes": [
         	"givenName",
            "mail"
    	]
	},
}


SAML


Saga_json
"security": {
 	"enable": true,
    "inactiveInterval": 600,
    "encryptionKeyFile" : "./bin/saga.ek",
    "defaultRole": "admin",
    "type": "saml",

    "saml": {
     	"keystorePath": "config/samlKeystore.jks",
        "keystorePassword": "samlKeystore-passwd",
        "privateKeyPassword": "samlKeystore-passwd",
        "identityProviderMetadataPath": "config/potter.xml",
        "callbackUrl": "https://ui.onesearch.dev.p183229357550.aws-emea.sanofi.com:3000/callback",
        "nameIdAttribute": "http://schemas.microsoft.com/identity/claims/identityprovider"
    }
}


Login Access

FORM

Basic Authentication

API KeyServer authentication can be done via FORM authentication and Basic Authentication
Currently we have 2 ways of authorization via Config File or LDAP 
FORM Authentication
Basic Authentication