...
Saga_json |
---|
"security": {
"enable": true,
"inactiveInterval": 600,
"encryptionKeyFile" : "./bin/saga.ek",
"defaultRole": "admin",
"type": "ldap",
"ldap": {
"server": "ldap://localhost:10389",
"userAccountField": "cn",
"bindDN": "ou=Users,dc=example,dc=com",
"idField": "uid",
"passwordField": "userPassword",
"attributes": [
"givenName",
"mail"
]
},
} |
SAML (Removed on 1.3.3)
Security Assertion Markup Language (SAML) is a login standard that helps users access applications based on sessions in another context. It’s a single sign-on (SSO) login method offering more secure authentication (with a better user experience) than usernames and passwords.
SAML will redirect you to the provider login page, so no login page is required.
...
...
Currently it is under development, but Microsoft SSO is supported
Parameter |
---|
summary | Path to the keystore holding the certificates |
---|
name | keystorePath |
---|
required | true |
---|
|
Parameter |
---|
summary | password to the keystore |
---|
name | keystorePassword |
---|
required | true |
---|
|
Parameter |
---|
summary | Password to the keys in the keystore |
---|
name | privateKeyPassword |
---|
required | true |
---|
|
Parameter |
---|
summary | If true, the identityProviderMetadataPath receives the path to an XML file. If false, the identityProviderMetadataPath receives a web url to find the xml file with the information of de IDP. |
---|
name | identityProviderUseFileSystem |
---|
required | true |
---|
|
Parameter |
---|
summary | Path to the identity provider, provided by the SAML Service. Consult the How to Article for saml in SAGA developers space to see how to obtain this field. |
---|
name | identityProviderMetadataPath |
---|
required | true |
---|
|
Parameter |
---|
summary | The time out in seconds for the SAML server to provide an answer. |
---|
default | 3600 |
---|
name | timeOut |
---|
required | true |
---|
|
Parameter |
---|
summary | Each value correspond to a field of the IDP that must be mapped to a new variable name. For example http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name mapped to a key called username. |
---|
name | mappedAttributes |
---|
required | true |
---|
|
Parameter |
---|
summary | Server url of the Saga Server. Called by the authentication provider |
---|
name | serverURL |
---|
required | true |
---|
|
- This will be used to generate the callback url which is form like this <Server_URL>/saga/auth/callback
Note |
---|
You need to add the callback url (e.g. http://localhost:8080/saga/auth/callback or https://localhost:443/saga/auth/callback) to your Authentication provider |
Parameter |
---|
summary | Attribute to use as the user ID |
---|
name | nameIdAttribute |
---|
|
...
Saga_json |
---|
"security": {
"enable": true,
"encryptionKeyFile" : "./bin/saga.ek",
"inactiveInterval": 600,
"type": "saml",
"defaultRole": "admin",
"saml": {
"keystorePath": "bin/samlKeystore.jks",
"keystorePassword": "pac4j-demo-passwd",
"privateKeyPassword": "pac4j-demo-passwd",
"identityProviderUseFileSystem": false,
"identityProviderMetadataPath": "https://your.provider.com/identityProvider.xml",
"serverURL": "http://localhost:8080",
"timeOut": 86400,
"nameIdAttribute": "nameId",
"mappedAttributes": {
"username": "field.name",
"displayName": "field.displayname",
"email": "field.emailaddress",
"id": "field.objectidentifier"
}
}
}, |
Image Added
OpenId Connect (Added on 1.3.3)
OpenID Connect (OIDC) is an open authentication protocol that works on top of the OAuth 2.0 framework.03 It allows third-party applications to verify the identity of the end-user and obtain basic user profile information in an interoperable and REST-like manner.
OIDC will redirect you to the provider login page, so no login page is required.
Parameter |
---|
summary | Server url of the Saga Server. Called by the authentication provider |
---|
name | serverURL |
---|
required | true |
---|
|
Parameter |
---|
summary | Provided by the OpenID Connect provider |
---|
name | clientId |
---|
required | true |
---|
|
Parameter |
---|
summary | Provided by the OpenID Connect provider (to read the metadata of the identity provider) |
---|
name | discoveryURI |
---|
required | true |
---|
|
Parameter |
---|
summary | Scopes are used by an application during authentication to authorize access to a user's details, like name and picture |
---|
default | openid email profile |
---|
name | scope |
---|
|
- This will be used to generate the callback url which is form like this <Server_URL>/saga/auth/callback?client_name=OidcClient
Without FileSystem:
Saga_json |
---|
"security": {
"enable": true,
"encryptionKeyFile" : "./bin/saga.ek",
"inactiveInterval": 600,
"type": "saml",
"defaultRole": "admin",
"openid": {
"serverURL": "http://localhost:8080",
"clientId": "clientId",
"discoveryURI": "discoveryURI"
}
}, |
...
Login Methods
Currently Saga Server has 3 methods to login, (besides the login of SAML)
...