,
"email": "field.emailaddress",
"id": "field.objectidentifier"
}
}
}, |
Image Added
OpenId Connect (Added on 1.3.3)
OpenID Connect (OIDC) is an open authentication protocol that works on top of the OAuth 2.0 framework. It allows third-party applications to verify the identity of the end-user and obtain basic user profile information in an interoperable and REST-like manner.
OIDC will redirect you to the provider login page, so no login page is required.
Parameter |
---|
summary | Server url of the Saga Server. Called by the authentication provider |
---|
name | serverURL |
---|
required | true |
---|
|
Parameter |
---|
summary | Provided by the OpenID Connect provider |
---|
name | clientId |
---|
required | true |
---|
|
Parameter |
---|
summary | Provided by the OpenID Connect provider (to read the metadata of the identity provider) |
---|
name | discoveryURI |
---|
required | true |
---|
|
Parameter |
---|
summary | Scopes are used by an application during authentication to authorize access to a user's details, like name and picture |
---|
default | openid email profile |
---|
name | scope |
---|
|
- This will be used to generate the callback url which is form like this <Server_URL>/saga/auth/callback?client_name=OidcClient
Without FileSystem:
Code Block |
---|
|
"security": {
"enable": true,
"encryptionKeyFile" : "./bin/saga.ek",
"inactiveInterval": 600,
"type": "openid",
"defaultRole": "admin",
"openid": {
"serverURL": "http://localhost:8080",
"clientId": "clientId",
"discoveryURI": "discoveryURI"
}
}, |
Image Modified
Login Methods
Currently Saga Server has 3 methods to login, (besides the login of SAML)
The Form login , will enable the login page for the Saga Server, here you can user your username and password to access. This method uses a POST HTTP request.
Image Modified
Basic Authentication
When employing Basic Authentication, users include an encoded string in the Authorization header of each request they make. The string is used by the request’s recipient to verify user’s identity and rights to access a resource.
The Authorization header follows this format:
Authorization: Basic <credentials>
We then construct the credentials
like this:
- The user’s username and password are combined with a colon.
- The resulting string is base64 encoded.
Code Block |
---|
curl --location --request GET 'http://localhost:8080/saga/api/client/process/units' \
--header 'Authorization: Basic <Base64(USERNAME:PASSWORD)>' |
API Key
Info |
---|
This method is recommended when having communication between services without user interaction. |
When employing API Keys, the service include an API Key string in the Authorization header of each request they make. The string is used by the request’s recipient to verify service’s identity and rights to access a resource.
The Authorization header follows this format:
Authorization: Saga <API_KEY>
This API Keys, must be created in the Credentials section inside the Tools Menu. This keys can only be created by an authenticated user
Image Modified
Code Block |
---|
curl --location --request GET 'http://localhost:8080/saga/api/client/process/units' \
--header 'Authorization: Saga <API_KEY>' |