Authentication Methods
Information
- There are two authentication methods which can be active at the same time:
- If both methods are active, a part of the users, for example, can be managed via the Active Directory and the other part can only be managed via the application.
Local Users
Information
- In
docker-compose.ymlactivate the authentication method "userpw":'METEOR_SETTINGS={..., "userAuth":{ "userpw": true, ... - Users are only managed in the database.
- Via the Disable Self-Registration parameter, the registration can be disabled.
- Users can be invited via
- Boards
- the Administration panel
SAML
Information
- Configuration of the IdP in PLANTA pulse in the file
docker-compose.yml:- The key/value pairs need to be added to the
docker-compose.ymlin'METEOR_SETTINGS={ "saml":[{...}]separated by commas. - Furthermore, the authentication method “saml” needs to be activated in the file
docker-compose.yml:'METEOR_SETTINGS={..., "userAuth":{ "saml": true, ...
- The key/value pairs need to be added to the
| Key | Description | Obligatory | Example value | Note |
|---|---|---|---|---|
provider | Identity Provider | Yes | "azure" | Currently, only “azure” is supported |
entryPoint | SAML endpoint | Yes | "https://login.microsoftonline.com/c6c70-f7f7f-9bhh.../saml2" | (Directory) tenant ID |
issuer | URL to the application | Yes | "796732dd-5ff6-2d78-90bc-49ded..." | Application ID |
federationMetaDataUrl | URL to the metadata of the IdP, mainly Azure, ADFS | Yes | "https://login.microsoftonline.com/c6c70-f7f7f-9bhh.../federationmetadata/2007-06/federationmetadata.xml" | (Directory) tenant ID |
idpSLORedirectURL | Single Logout URL on the IdP | No | "https://planta.plantapulse.de/" | |
privateKeyFile | File with the application key, Base64-encoded | No | "certs/myPrivateKey.pem" | |
privateCertFile | File with the application certificate, Base64-encoded | No | "certs/myPublicCert.pem" |
- Users are automatically created in PLANTA pulse when logging in as long as the user does not exist yet (the e-mail address is the criterion).
- Provider attributes used for user creation:
| Attribute of the IdP | Usage in pulse | Note |
|---|---|---|
| User e-mail | Has to be unique | |
| nameID | Username | Has to be unique. PLANTA Azure nameID = e-mail address |