Authentication Methods
Information
There are two authentication methods which can be active at the same time:
If both methods are active, a part of the users, for example, can be managed via the Active Directory and the other part can only be managed via the application.
Local Users
Information
In docker-compose.yml activate the authentication method "userpw":
'METEOR_SETTINGS={..., "userAuth":{ "userpw": true, ...Users are only managed in the database.
Via the Disable Self-Registration parameter, the registration can be disabled.
Users can be invited via
the Administration panel
SAML
Information
Configuration of the IdP in PLANTA pulse in the docker-compose.yml file:
The key/value pairs need to be added to the
docker-compose.ymlin'METEOR_SETTINGS={ "saml":[{...}]separated by commas.Furthermore, the authentication method “saml” needs to be activated in the file
docker-compose.yml:'METEOR_SETTINGS={..., "userAuth":{ "saml": true, ...
Key | Description | Obligatory | Example value | Note |
|---|---|---|---|---|
| Identity Provider | Yes | "azure" | Currently, only “azure” is supported |
| SAML endpoint | Yes | "https://login.microsoftonline.com/c6c70-f7f7f-9bhh.../saml2" | (Directory) tenant ID |
| URL to the application | Yes | "796732dd-5ff6-2d78-90bc-49ded..." | Application ID |
| URL to the metadata of the IdP, mainly Azure, ADFS | Yes | "https://login.microsoftonline.com/c6c70-f7f7f-9bhh.../federationmetadata/2007-06/federationmetadata.xml" | (Directory) tenant ID |
| Single Logout URL on the IdP | No | "https://planta.plantapulse.de/" | |
| File with the application key, Base64-encoded | No | "certs/myPrivateKey.pem" | |
| File with the application certificate, Base64-encoded | No | "certs/myPublicCert.pem" |
Users are automatically created in PLANTA pulse when logging in as long as the user does not exist yet (the e-mail address is the criterion).
Provider attributes used for user creation:
Attribute of the IdP | Usage in pulse | Note |
|---|---|---|
User e-mail | Has to be unique | |
nameID | Username | Has to be unique. PLANTA Azure nameID = e-mail address |