1.5.1 Authentication Provider
Last updated
Last updated
Various providers are available for registration. These are configured in a list under <authenticationProviders>
:
The attributes in <provider>
Elements have the following meaning:
Optional subelements <addUserToGroup>
can be used to configure names of user groups to which a user should be automatically added as a member when logging in (provided the group already exists and the user is not already a member of it.
Attribute
Description
type
Defines the provider type. The specification is mandatory. Available are local
, openId
, userPassword
and saml
.
enabled
Specifies whether the provider is to be displayed on the logon page or hidden. Default value is true
name
Name of the provider. This information is mandatory. With the type="openId" Google
is available as name. With the type="userPassword"
you can choose between VuFind
, littera
, x-service
and bibliotheca
. With type="local"
and type="saml"
a free name can be chosen.
label
Optional label for the provider. If the attribute does not exist, the name is displayed.
endpoint
Authentication URL of the provider. Mandatory field for the types openId,
userPassword
and httpHeader
. For examples, see the standard configuration file.
clientId
Registered ID of the Goobi viewer with the provider of type openId. The attribute is also mandatory there. A new client must be registered with the provider for each Goobi viewer installation.
clientSecret
Secret key for the registered clientId. The specification is mandatory for a provider of type openId.
image
File name of the displayed provider-specific screen.
timeout
Defines in milliseconds the maximum amount of time to wait for a response from the server before the login fails.
parameterType
The parameterType only works with the httpHeader provider and is mandatory there. It specifies what is to be evaluated. Possible values are header
and attribute
.
parameterName
The parameterName only works with the httpHeader provider and is mandatory there. It specifies which concrete header or which attribute name is to be evaluated. The parameter should contain a valid e-mail address.