2.5.1 Authentication Provider

Various providers are available for registration. These are configured in a list under <authenticationProviders>:

config_viewer.xml
<user>
<authenticationProviders>
<provider type="local" show="true" name="Goobi viewer"/>
<provider type="openId" show="true" name="Google" endpoint="https://accounts.google.com/o/oauth2/auth" clientId="CHANGEME" clientSecret="CHANGEME" image="google.png" />
<provider type="userPassword" show="false" name="VuFind" endpoint="https://vufind.example.org/Api/User/Auth" image="vufind.png" timeout="7000"/>
<provider type="userPassword" show="false" name="littera" endpoint="https://littera.example.org/externauth" image="littera.png"/>
<provider type="userPassword" label="Aleph" show="false" name="x-service" endpoint="https://aleph-x-service.example.org/X?op=bor_auth&amp;library=FOO123" image="aleph.png">
<addUserToGroup>my first group</addUserToGroup>
<addUserToGroup>my secondgroup</addUserToGroup>
</provider>
</authenticationProviders>
</user>

The attributes in <provider> Elements have the following meaning:

Attribute

Description

type

Defines the provider type. The specification is mandatory. Available are local, openId and userPassword.

show

Specifies whether the provider is to be displayed on the logon page or hidden. Default value is true

name

Name of the provider. This information is mandatory. Available are Goobi viewer, Google, VuFind, littera and x-service.

label

Optional label for the provider. If the attribute does not exist, the name is displayed.

endpoint

Authentication URL of the provider. Mandatory field for the types openId and userPassword. Please refer to the standard configuration file for examples.

clientId

Registered ID of the Goobi viewer with the provider of type openId. The attribute is also mandatory there. A new client must be registered with the provider for each Goobi viewer installation.

clientSecret

Secret key for the registered clientId. The specification is mandatory for a provider of type openId.

image

File name of the displayed provider-specific screen.

timeout

Defines the maximum time in milliseconds how long to wait for a response from the server before the logon fails.

Via optional subelements <addUserToGroup> user group names can be configured, to which a user should be automatically added as a member when logging in (provided the group already exists and the user is not already a member there).