...
Code Block | ||
---|---|---|
| ||
"security": {
"enable": true,
"inactiveInterval": 600,
"encryptionKeyFile" : "./bin/saga.ek",
"defaultRole": "admin",
"type": "<AUTHENTICATION_TYPE>",
.
.
.
} |
Saga Server counts with
...
4 authentication types
Anchor | ||||
---|---|---|---|---|
|
Config authentication is the most basic of all, ideal for demos, but not recommended for production environments, unless in a close environment. This
...
authentication uses Users, Passwords and Roles defined in the same config file, under the users field, one entry per user.
Config will allow you to login via Form and Basic Authentication
Code Block | ||
---|---|---|
|
...
"security": {
"enable": true,
"inactiveInterval": 600,
"encryptionKeyFile" : "./bin/saga.ek",
"defaultRole": "admin",
"type": "config",
"users": [
{
"username": "admin",
"password": "password",
"roles": "admin"
},
{
"username": "user1",
"password": "p@ssword",
"roles": "editor"
},
{...}
.
.
.
]
} |
Anchor | ||||
---|---|---|---|---|
|
LDAP, the Lightweight Directory Access Protocol, is a mature, flexible, and well supported standards-based mechanism for interacting with directory servers.
LDAP will allow you to login via Form and Basic Authentication
Parameter | ||||||
---|---|---|---|---|---|---|
|
Parameter | ||||||
---|---|---|---|---|---|---|
|
Parameter | ||
---|---|---|
|
...
|
Parameter | ||||||
---|---|---|---|---|---|---|
|
Parameter | ||||||
---|---|---|---|---|---|---|
|
Parameter | ||||||||
---|---|---|---|---|---|---|---|---|
|
Code Block | ||
---|---|---|
|
...
"security": {
"enable": true,
"inactiveInterval": 600,
"encryptionKeyFile" : "./bin/saga.ek",
"defaultRole": "admin",
"type": "ldap",
"ldap": {
"server": "ldap://localhost:10389",
"userAccountField": "cn",
"bindDN": "ou=Users,dc=example,dc=com",
"idField": "uid",
"passwordField": "userPassword",
"attributes": [
"givenName",
"mail"
]
},
} |
Anchor | ||
---|---|---|
|
...
|
Security Assertion Markup Language (SAML) is a login standard that helps users access applications based on sessions in another context. It’s a single sign-on (SSO) login method offering more secure authentication (with a better user experience) than usernames and passwords.
SAML will redirect you to the provider login page, so no login page is required.
Parameter | ||||||
---|---|---|---|---|---|---|
|
Parameter | ||||||
---|---|---|---|---|---|---|
|
Parameter | ||||||
---|---|---|---|---|---|---|
|
Parameter | ||||||
---|---|---|---|---|---|---|
|
Parameter | ||||||
---|---|---|---|---|---|---|
|
Parameter | ||||||||
---|---|---|---|---|---|---|---|---|
|
Parameter | ||||||
---|---|---|---|---|---|---|
|
Parameter | ||||||
---|---|---|---|---|---|---|
|
Note |
---|
You need to add the callback url (e.g. http://localhost:8080/saga/auth/callback or https://localhost:443/saga/auth/callback) to your Authentication provider |
Parameter | ||||
---|---|---|---|---|
|
Without FileSystem:
Code Block | ||
---|---|---|
| ||
"security": {
|
...
|
...
" |
...
enable": |
...
true, "encryptionKeyFile" : "./bin/saga.ek", |
...
"inactiveInterval": 600, "type": " |
...
saml", " |
...
defaultRole": " |
...
admin", "saml": { |
...
|
...
|
...
"keystorePath": " |
...
bin/samlKeystore.jks", "keystorePassword": " |
...
pac4j-demo-passwd", "privateKeyPassword": " |
...
pac4j-demo-passwd", "identityProviderUseFileSystem": false, "identityProviderMetadataPath": " |
...
https://your.provider.com/identityProvider.xml", " |
...
serverURL": " |
...
http://localhost:8080",
"timeOut": 86400,
"nameIdAttribute": "nameId",
"mappedAttributes": {
"username": "field.name",
"displayName": "field.displayname",
"email": "field.emailaddress",
"id": "field.objectidentifier"
}
}
}, |
Anchor | ||||
---|---|---|---|---|
|
OpenID Connect (OIDC) is an open authentication protocol that works on top of the OAuth 2.0 framework. It allows third-party applications to verify the identity of the end-user and obtain basic user profile information in an interoperable and REST-like manner.
OIDC will redirect you to the provider login page, so no login page is required.
Parameter | ||||||
---|---|---|---|---|---|---|
|
Parameter | ||||||
---|---|---|---|---|---|---|
|
Parameter | ||||||
---|---|---|---|---|---|---|
|
Parameter | ||||||
---|---|---|---|---|---|---|
|
Note |
---|
You need to add the callback url (e.g. http://localhost:8080/saga/auth/callback?client_name=OidcClient or https://localhost/saga/auth/callback?client_name=OidcClient) to your Authentication provider |
Without FileSystem:
Code Block | ||
---|---|---|
| ||
"security": { "enable": true, "encryptionKeyFile" : "./bin/saga.ek", "inactiveInterval": 600, "type": "openid", "defaultRole": "admin", |
...
"openid": { "serverURL": "http:// |
...
localhost:8080", "clientId": "clientId", "discoveryURI": "discoveryURI" } } |
...
, |
Currently Saga Server has 3 methods to login, (besides the login of SAML)
The Form login , will enable the login page for the Saga Server, here you can user your username and password to access. This method uses a POST HTTP request.
When employing Basic Authentication, users include an encoded string in the Authorization header of each request they make. The string is used by the request’s recipient to verify user’s identity and rights to access a resource.
The Authorization header follows this format:
Authorization: Basic <credentials>
We then construct the credentials
like this:
Code Block |
---|
curl --location --request GET 'http://localhost:8080/saga/api/client/process/units' \
--header 'Authorization: Basic <Base64(USERNAME:PASSWORD)>' |
Info |
---|
This method is recommended when having communication between services without user interaction. |
When employing API Keys, the service include an API Key string in the Authorization header of each request they make. The string is used by the request’s recipient to verify service’s identity and rights to access a resource.
The Authorization header follows this format:
Authorization: Saga <API_KEY>
This API Keys, must be created in the Credentials section inside the Tools Menu. This keys can only be created by an authenticated user
Code Block |
---|
curl --location --request GET 'http://localhost:8080/saga/api/client/process/units' \
--header 'Authorization: Saga <API_KEY>' |
Login Access
FORM
Basic Authentication
...