Versions Compared

Old Version 2

changes.mady.by.user Potter (Esteban Alvarado)

Saved on

compared with

New Version 3

changes.mady.by.user Potter (Esteban Alvarado)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Parameter
    summaryEnables the server authentication, including login page (if need)
    default false
    nameenable
    typeboolean
    requiredtrue
  • Parameter
    summaryDefines the timeout for an inactive session, after the timeout is trigger, the session will expire and the user will need to login again
    default600
    nameinactiveInterval
    typeinteger
    • Every action perform by the user, restarts the timeout
  • Parameter
    summaryLocation of the file holding the encryption key, Saga server provides one by default
    default./bin/saga.ek
    nameencryptionKeyFile
    requiredtrue
    • Warning

      Change the encyptionKeyFile as soon as you start a working on a new project

  • Parameter
    summaryDefault role to be use in the users if no role is provided. At the moment Saga Server has 2 roles admin and editor
    defaultadmin
    namedefaultRole
  • Parameter
    summaryDefines the type of authentication to be use by the server
    defaultconfig
    nametype

    • Additional configuration is required depending on the type of security selected

...

  • Config - Uses usernames and passwords defined in the configuration file
  • LDAP - Uses the LDAP protocol to connect to a Directory Server
  • SAML - SSO login method offering more secure authentication. (Currently on development, available Microsoft SSO)

Authentication Type

Config

Config authentication is the most basic of all, ideal for demos, but not recommended for production environments, unless in a close environment. This authentication authentication uses Users, Passwords and Roles defined in the same config file, under the users field, one entry per user.

Config will allow you to login via Form and Basic Authentication

Saga_json
"security": {
 	"enable": true,
    "inactiveInterval": 600,
    "encryptionKeyFile" : "./bin/saga.ek",
    "defaultRole": "admin",
    "type": "config",

    "users": [
     	{
         	"username": "admin",
         	"password": "password",
         	"roles": "admin"
        },
        {
         	"username": "user1",
         	"password": "p@ssword",
         	"roles": "editor"
        },
        {...}
        .
        .
        .
 	]
}

LDAP

LDAP, the Lightweight Directory Access Protocol, is a mature, flexible, and well supported standards-based mechanism for interacting with directory servers.

LDAP will allow you to login via Form and Basic Authentication

  • Parameter
    summaryUrl to the LDAP server
    nameserver
    requiredtrue
  • Parameter
    summaryField to use as the user account
    defaultcn
    nameuserAccountField
  • Parameter
    summaryLDAP distinguished name to the location of the users
    namebindDN
    requiredtrue
  • Parameter
    summaryField to use as the user ID
    defaultuid
    nameidField
  • Parameter
    summaryField to use as the user password
    defaultpassword
    namepasswordField
  • Parameter
    summaryNames of the attributes to return for the user profile
    nameattributes
    typestring array
    requiredtrue


Saga_json
"security": {
	"enable": true,
 	"inactiveInterval": 600,
    "encryptionKeyFile" : "./bin/saga.ek",
    "defaultRole": "admin",
    "type": "ldap",

    "ldap": {
     	"server": "ldap://localhost:10389",
        "userAccountField": "cn",
        "bindDN": "ou=Users,dc=example,dc=com",
        "idField": "uid",
        "passwordField": "userPassword",
        "attributes": [
         	"givenName",
            "mail"
    	]
	},
}

SAML

Security Assertion Markup Language (SAML) is a login standard that helps users access applications based on sessions in another context. It’s a single sign-on (SSO) login method offering more secure authentication (with a better user experience) than usernames and passwords.

SAML will redirect you to the provider login page, so no login page is required.

Note

Currently it is under development, but Microsoft SSO is supported


  • Parameter
    summaryPath to the keystore holding the certificates
    namekeystorePath
    requiredtrue
  • Parameter
    summarypassword to the keystore
    namekeystorePassword
    requiredtrue
  • Parameter
    summaryPassword to the keys in the keystore
    nameprivateKeyPassword
    requiredtrue
  • Parameter
    summaryPath to the identity provider, provided by the SAML Service
    nameidentityProviderMetadataPath
    requiredtrue
  • Parameter
    summaryFull callback url back to your service. Called by the authentication provider
    namecallbackURL
    requiredtrue
  • Parameter
    summaryAttribute to use as the user ID
    namenameIdAttribute


Saga_json
"security": {
 	"enable": true,
    "inactiveInterval": 600,
    "encryptionKeyFile" : "./bin/saga.ek",
    "defaultRole": "admin",
    "type": "saml",

    "saml": {
     	"keystorePath": "config/samlKeystore.jks",
        "keystorePassword": "samlKeystore-passwd",
        "privateKeyPassword": "samlKeystore-passwd",
        "identityProviderMetadataPath": "config/potteridentityProvider.xml",
        "callbackUrlserverURL": "https://ui.onesearch.dev.p183229357550.aws-emea.sanofi.com:3000/callbackyour_server_url_here",
        "nameIdAttribute": "http://schemas.microsoft.com/identity/claims/identityprovider"
    }
}

Login

...

Methods

Currently Saga Server has 3 methods to login, (besides the login of SAML)

Form


Basic Authentication

API Key