1.5.1 Authentication Provider
Various providers are available for registration. These are configured in a list under <authenticationProviders>:
<provider type="local" enabled="true" name="Goobi viewer"/>
<provider type="openId" enabled="true" name="Google" endpoint="https://accounts.google.com/o/oauth2/auth" clientId="CHANGEME" clientSecret="CHANGEME" image="google.png" />
<provider type="userPassword" enabled="false" name="VuFind" endpoint="https://vufind.example.org/Api/User/Auth" image="vufind.png" timeout="7000"/>
<provider type="userPassword" enabled="false" name="littera" endpoint="https://littera.example.org/externauth" image="littera.png"/>
<provider type="userPassword" label="Aleph" enabled="false" name="x-service" endpoint="https://aleph-x-service.example.org/X?op=bor_auth&amp;library=FOO123" image="aleph.png">
<addUserToGroup>my first group</addUserToGroup>
<addUserToGroup>my secondgroup</addUserToGroup>
<provider type="userPassword" enabled="false" name="bibliotheca" endpoint="https://example.oclcbibliotheca.org/auth.asp?client=goobiviewer" />
<provider type="saml" enabled="false" name="samltest.id" idpMetadataUrl="https://samltest.id/saml/" relyingPartyIdentifier="GoobiViewerExampleTest" publicKeyPath="/opt/digiverso/viewer/config/samlX509cert.cert" privateKeyPath="/opt/digiverso/viewer/config/samlPrivatekey" timeout="60000" />
The attributes in <provider> Elements have the following meaning:
Defines the provider type. The specification is mandatory. Available are local, openId, userPassword and saml.
Specifies whether the provider is to be displayed on the logon page or hidden. Default value is true
Name of the provider. This information is mandatory. With the type="openId" Google is available as name. With the type="userPassword" you can choose between VuFind, littera, x-service and bibliotheca. With type="local" and type="saml" a free name can be chosen.
Optional label for the provider. If the attribute does not exist, the name is displayed.
Authentication URL of the provider. Mandatory field for the types openId and userPassword. For examples, see the standard configuration file.
Registered ID of the Goobi viewer with the provider of type openId. The attribute is also mandatory there. A new client must be registered with the provider for each Goobi viewer installation.
Secret key for the registered clientId. The specification is mandatory for a provider of type openId.
File name of the displayed provider-specific screen.
Defines in milliseconds the maximum amount of time to wait for a response from the server before the login fails.
URL where the metadata of the identity provider can be retrieved. This specification is mandatory for the provider of the type saml.
Name of the Goobi viewer service. This name must match the entityID in the metadata sent to the identity provider. This specification is mandatory for the provider of type saml.
Path to the public X509 certificate. This specification is mandatory for the provider of the type saml.
Path to the private key for the certificate. This specification is mandatory for the provider of type saml.
Optional subelements <addUserToGroup> can be used to configure names of user groups to which a user should be automatically added as a member when logging in (provided the group already exists and the user is not already a member of it.
Copy link