On the configuration file you can find the security section, in this section option like the encryptionKey, inactive timeout, roles and authentication can be found:
Parameter |
---|
summary | Enables the server authentication, including login page (if need) |
---|
default | false |
---|
name | enable |
---|
type | boolean |
---|
required | true |
---|
|
Parameter |
---|
summary | Defines the timeout for an inactive session, after the timeout is trigger, the session will expire and the user will need to login again |
---|
default | 600 |
---|
name | inactiveInterval |
---|
type | integer |
---|
|
- Every action perform by the user, restarts the timeout
Parameter |
---|
summary | Location of the file holding the encryption key, Saga server provides one by default |
---|
default | ./bin/saga.ek |
---|
name | encryptionKeyFile |
---|
required | true |
---|
|
Warning |
---|
Change the encyptionKeyFile as soon as you start a working on a new project |
Parameter |
---|
summary | Default role to be use in the users if no role is provided. At the moment Saga Server has 2 roles admin and editor |
---|
default | admin |
---|
name | defaultRole |
---|
|
Parameter |
---|
summary | Defines the type of authentication to be use by the server |
---|
default | config |
---|
name | type |
---|
|
- Additional configuration is required depending on the type of security selected
Saga_json |
---|
"security": {
"enable": true,
"inactiveInterval": 600,
"encryptionKeyFile" : "./bin/saga.ek",
"defaultRole": "admin",
"type": "<AUTHENTICATION_TYPE>",
.
.
.
} |
Saga Server counts with 3 authentication types
- Config - Uses usernames and passwords defined in the configuration file
- LDAP - Uses the LDAP protocol to connect to a Directory Server
- SAML - SSO login method offering more secure authentication. (Currently on development, available Microsoft SSO)
Config
Config authentication is the most basic of all, ideal for demos, but not recommended for production environments, unless in a close environment. This authentication
Saga_json |
---|
"security": {
"enable": true,
"inactiveInterval": 600,
"encryptionKeyFile" : "./bin/saga.ek",
"defaultRole": "admin",
"type": "config",
"users": [
{
"username": "admin",
"password": "password",
"roles": "admin"
},
{
"username": "user1",
"password": "p@ssword",
"roles": "editor"
},
{...}
.
.
.
]
} |
LDAP
Saga_json |
---|
"security": {
"enable": true,
"inactiveInterval": 600,
"encryptionKeyFile" : "./bin/saga.ek",
"defaultRole": "admin",
"type": "ldap",
"ldap": {
"server": "ldap://localhost:10389",
"userAccountField": "cn",
"bindDN": "ou=Users,dc=example,dc=com",
"idField": "uid",
"passwordField": "userPassword",
"attributes": [
"givenName",
"mail"
]
},
} |
SAML
Saga_json |
---|
"security": {
"enable": true,
"inactiveInterval": 600,
"encryptionKeyFile" : "./bin/saga.ek",
"defaultRole": "admin",
"type": "saml",
"saml": {
"keystorePath": "config/samlKeystore.jks",
"keystorePassword": "samlKeystore-passwd",
"privateKeyPassword": "samlKeystore-passwd",
"identityProviderMetadataPath": "config/potter.xml",
"callbackUrl": "https://ui.onesearch.dev.p183229357550.aws-emea.sanofi.com:3000/callback",
"nameIdAttribute": "http://schemas.microsoft.com/identity/claims/identityprovider"
}
} |
Login Access
FORM
Basic Authentication
API KeyServer authentication can be done via FORM authentication and Basic Authentication
Currently we have 2 ways of authorization via Config File or LDAP
FORM Authentication
Basic Authentication