Documentation‎ > ‎

Authentication authorities

A custum number of authentication authorities can be added to an S3DB deployment by submitting authority information to the "Config" project, available by default on every S3DB deployment and editable only by the "Admin" user. 

Figure 1. Structure of the Authorities collection, created by default on every S3DB deployment.

To add a new authority, use the web interface or the S3QL protocol to add a new Item. 
Supported protocols are HTTP, FTP or LDAP

FTP and HTTP authorities

For FTP or HTTP protocol, provide at least the URI/FTP where the authentication will be accepted. Provide a "Display" label for the authority name that will be displayed at the login interface:

Note: Use the "Endorsed" Rule to indicate whether any user with an account on the added authority has immediate access to the data "Endorsed = true". 
A not-endorsed authority requires that the account be added to the Deployment previous to endorsed login.
 


LDAP authorities

For LDAP, you will need to provide more data, depending on whether the LDAP query requires a primary administrative user. Use the "serviceAccountUserName" and "serviceAccountPassword" Rules to provide the account that has permission to browser the directory tree. Please make sure that THIS PASSWORD IS ENCRIPTED with the deployment's RSA private key using the encription service. 


A small script is available for adding an LDAP authority. 
1. Download and directly save this script under your root /s3db directory
2. Edit and alter the LDAP paramenters according to your needs (indicated with // <<=== CHANGE THIS)
3. Login using the Admin account
4. Execute the ldap_create.php script by pointing your browser to http://mys3dbdeployment/s3db/ldap_create.php


Clean the cache
Note that authority data are kept in a cache, therefore these modifications will not take immediate effect once you logout. To display the newly added authorities, return to the login.php screen and add the argument "clean=usermanagement", for example http://mys3dbdeployment/s3db/login.php?clean=usermanagement.
Your newly added authentication authorities should be displayed on the interface:

The "(e)" after the authority label indicates whether the Authority is endorsed (immediate login upon authentication).

Adding credentials to an account


To add more credentials to an account, use the "My account" interface (for Admin users, this is under the "Admin" tab):
Note this these will ONLY allow access to your account if the correct password is provided. 

Other Notes


  • Authentication through alternative authorities is also available through the API using the apilogin.php function .
  • Please note, if you are using an institutional account, make sure your s3db deployment is SSH encrypted. This assures security of your password. If your deployment is encrypted, the protocol portion of your URL should indicate https://... . 

ą
Lena Deus,
May 26, 2010, 4:25 AM
ą
Lena Deus,
May 26, 2010, 4:02 AM
ą
Lena Deus,
May 26, 2010, 4:08 AM
ċ
ldap_create.php
(3k)
Lena Deus,
May 26, 2010, 4:14 AM
ą
Lena Deus,
May 26, 2010, 4:30 AM
ą
Lena Deus,
May 26, 2010, 3:55 AM
Comments