Versions Compared

Old Version 12

changes.mady.by.user Luis Valverde

Saved on

compared with

New Version 13

changes.mady.by.user Potter (Esteban Alvarado)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Saga_json
"security": {
	"enable": true,
 	"inactiveInterval": 600,
    "encryptionKeyFile" : "./bin/saga.ek",
    "defaultRole": "admin",
    "type": "ldap",

    "ldap": {
     	"server": "ldap://localhost:10389",
        "userAccountField": "cn",
        "bindDN": "ou=Users,dc=example,dc=com",
        "idField": "uid",
        "passwordField": "userPassword",
        "attributes": [
         	"givenName",
            "mail"
    	]
	},
}

SAML (Removed on 1.3.3)

Security Assertion Markup Language (SAML) is a login standard that helps users access applications based on sessions in another context. It’s a single sign-on (SSO) login method offering more secure authentication (with a better user experience) than usernames and passwords.

SAML will redirect you to the provider login page, so no login page is required.

...

...

Currently it is under development, but Microsoft SSO is supported


  • Parameter
    summaryPath to the keystore holding the certificates
    namekeystorePath
    requiredtrue
  • Parameter
    summarypassword to the keystore
    namekeystorePassword
    requiredtrue
  • Parameter
    summaryPassword to the keys in the keystore
    nameprivateKeyPassword
    requiredtrue
  • Parameter
    summaryIf true, the identityProviderMetadataPath receives the path to an XML file. If false, the identityProviderMetadataPath receives a web url to find the xml file with the information of de IDP.
    nameidentityProviderUseFileSystem
    requiredtrue
  • Parameter
    summaryPath to the identity provider, provided by the SAML Service. Consult the How to Article for saml in SAGA developers space to see how to obtain this field.
    nameidentityProviderMetadataPath
    requiredtrue
  • Parameter
    summaryThe time out in seconds for the SAML server to provide an answer.
    default3600
    nametimeOut
    requiredtrue
  • Parameter
    summaryEach value correspond to a field of the IDP that must be mapped to a new variable name. For example http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name mapped to a key called username.
    namemappedAttributes
    requiredtrue
  • Parameter
    summaryServer url of the Saga Server. Called by the authentication provider
    nameserverURL
    requiredtrue

    • This will be used to generate the callback url which is form like this <Server_URL>/saga/auth/callback
    • Note

      You need to add the callback url (e.g. http://localhost:8080/saga/auth/callback or https://localhost:443/saga/auth/callback) to your Authentication provider

  • Parameter
    summaryAttribute to use as the user ID
    namenameIdAttribute

...

Saga_json
"security": {
      "enable": true,
      "encryptionKeyFile" : "./bin/saga.ek",
      "inactiveInterval": 600,
      "type": "saml",
      "defaultRole": "admin",

      "saml": {
        "keystorePath": "bin/samlKeystore.jks",
        "keystorePassword": "pac4j-demo-passwd",
        "privateKeyPassword": "pac4j-demo-passwd",
        "identityProviderUseFileSystem": false,
        "identityProviderMetadataPath": "https://your.provider.com/identityProvider.xml",
        "serverURL": "http://localhost:8080",
        "timeOut": 86400,
        "nameIdAttribute": "nameId",
        "mappedAttributes": {
          "username": "field.name",
          "displayName":  "field.displayname",
          "email":  "field.emailaddress",
          "id": "field.objectidentifier"
        }
      }
    },

Image Added


OpenId Connect (Added on 1.3.3)

OpenID Connect (OIDC) is an open authentication protocol that works on top of the OAuth 2.0 framework.03 It allows third-party applications to verify the identity of the end-user and obtain basic user profile information in an interoperable and REST-like manner.

OIDC will redirect you to the provider login page, so no login page is required.


  • Parameter
    summaryServer url of the Saga Server. Called by the authentication provider
    nameserverURL
    requiredtrue
  • Parameter
    summaryProvided by the OpenID Connect provider
    nameclientId
    requiredtrue
  • Parameter
    summaryProvided by the OpenID Connect provider (to read the metadata of the identity provider)
    namediscoveryURI
    requiredtrue
  • Parameter
    summaryScopes are used by an application during authentication to authorize access to a user's details, like name and picture
    defaultopenid email profile
    namescope


Without FileSystem:

Saga_json
"security": {
      "enable": true,
      "encryptionKeyFile" : "./bin/saga.ek",
      "inactiveInterval": 600,
      "type": "saml",
      "defaultRole": "admin",

   	  "openid": {
        "serverURL": "http://localhost:8080",
        "clientId": "clientId",
        "discoveryURI": "discoveryURI"
      }
    },

...

Login Methods

Currently Saga Server has 3 methods to login, (besides the login of SAML)

...