Skip to content

Commit

Permalink
Create authentication.mdx
Browse files Browse the repository at this point in the history
  • Loading branch information
@phuang26
phuang26 authored Jun 13, 2024
1 parent 6288ce0 commit 6686474
Showing 1 changed file with 187 additions and 0 deletions.
187 changes: 187 additions & 0 deletions docs/eln/install_configure/authentication.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,187 @@
---
title: Authentication in Chemotion
sidebar_label: Authentication
author: Paggy Huang
sidebar_position: 26

---


import { FigCaption, SubTitle } from "@site/src/js/layout";
import designBase from "@site/static/img/labimotion/design-base.png";


This page provides comprehensive instructions for all configurations related to user authentication.


The default authentication method for Chemotion is database authentication, allowing users to log in with an email address or acronym. Passwords in Chemotion are encrypted.

### Database Authentication

This method involves hashing and storing a user's password in the database. When a user attempts to sign in, the system validates their authenticity by comparing the entered password, once hashed, with the stored hash. This process ensures that sensitive password information is never stored in plain text, enhancing the security of user data.


### Third-Party Authentication


We also offer third-party authentication options, including Shibboleth, OIDC (Open ID Connect), ORCID, GitHub, and NFDI AAI. To configure these options, visit the Chemotion Administration page. On the left side, under 'UI Features', find the function labeled 'User Provider'. Click on the yellow 'Edit JSON' button to access the configuration settings.

![adminui-uifeatures-edit_permission](@site/static/img/admin_ui/user_provider.png)

### Shibboleth

```sh
{
shibboleth: { 
enable: false,
uid: 'pairwise-id',
email: 'mail',
last_name: 'sn',
first_name: 'givenName'
}
}
```

#### Parameters

| Parameters | Value | Description |
| ---------- | ----------------- | -------------------- |
| enable | `true` or `false` | |
| uid | 'pairwise-id' | |
| email | 'mail' | |
| last_name | 'sn' | |
| first_name | 'givenName' | |


### OIDC (Open ID Connect)

```sh
{
openid_connect: {
enable: true,
host: "oidc.address.edu",
icon: "path/to/image.png",
issuer: "https://oidc.address.edu/path/to/issuer",
scheme: "https",
client_id: "myClientID",
redirect_uri: "https://your-eln.edu/users/auth/openid_connect/callback",
client_secret: "secret",
token_endpoint: "/oauth2/token",
authorization_endpoint: "/oauth2/auth"
}
}
```

#### Parameters

| Parameter | Value | Description |
| ---------------------- | -------------------------------------------------------------- | -------------------- |
| enable | `true` or `false` | |
| host | address of the service | |
| icon | path to a public image to display on the sign-in page | |
| issuer | URL of the issuer | |
| scheme | `https` | |
| client_id | client ID | |
| redirect_uri | your Chemotion ELN URL + '/users/auth/openid_connect/callback' | |
| client_secret | secret | |
| token_endpoint | `/oauth2/token` | |
| authorization_endpoint | `/oauth2/auth` | |


### ORCID

```sh
{
github: {
enable: false
client_id: null
client_secret: null
}
}
```

#### Parameters

| Parameters | Value | Description |
| ---------- | ----------------- | -------------------- |
| enable | `true` or `false` | |
| uid | 'pairwise-id' | |
| email | 'mail' | |
| last_name | 'sn' | |
| first_name | 'givenName' | |


### GitHub


```sh
{
github: {
enable: false
client_id: null
client_secret: null
}
}
```

#### Parameters

| Parameters | Value | Description |
| ---------- | ----------------- | -------------------- |
| enable | `true` or `false` | |
| uid | 'pairwise-id' | |
| email | 'mail' | |
| last_name | 'sn' | |
| first_name | 'givenName' | |


### NFDI AAI

In ELN 1.6, we've introduced several third-party login authentication methods, including Shibboleth and OpenID Connect. Since NFDI AAI RegAPP uses OpenID Connect, it is ready for use with ELN version 1.6 or higher.
The integration of Chemotion with NFDI AAI RegAPP has been successfully tested and is now available on the labimotion test instance.

:::info

Instructions for applying for a client ID for Your Instance:

Please **[send an email](mailto:[email protected]) to [email protected] with the following information:

1. Your Institution name (e.g., Karlsruhe Institute of Technology)
2. Your FQDN (Fully Qualified Domain Name) (e.g., https://your-eln.edu)
3. ELN Version

:::


```sh
{
openid_connect: {
enable: true,
host: "regapp.nfdi-aai.de",
label: "NFDI AAI",
issuer: "https://regapp.nfdi-aai.de/oidc/realms/nfdi",
scheme: "https",
client_id: "myClientID",
redirect_uri: "https://https://your-eln.edu/users/auth/openid_connect/callback",
client_secret: "secret",
token_endpoint: "/oauth2/token",
authorization_endpoint: "/oauth2/auth"
}
}
```

#### Parameters

| Parameter | Value | Description |
| ---------------------- | -------------------------------------------------------------- | --------------------------- |
| enable | `true` or `false` | |
| host | `regapp.nfdi-aai.de` | address of the service |
| label | `NFDI AAI` | label of the login button |
| icon | path to a public image to display on the sign-in page | |
| issuer | `https://regapp.nfdi-aai.de/oidc/realms/nfdi` | URL of the issuer |
| scheme | `https` | |
| client_id | client ID |Please send an email to [email protected] |
| redirect_uri | your Chemotion ELN URL + '/users/auth/openid_connect/callback' | |
| client_secret | secret | |
| token_endpoint | `/oauth2/token` | |
| authorization_endpoint | `/oauth2/auth` | |

0 comments on commit 6686474

Please sign in to comment.