-
Notifications
You must be signed in to change notification settings - Fork 36
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
187 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,187 @@ | ||
--- | ||
title: Authentication in Chemotion | ||
sidebar_label: Authentication | ||
author: Paggy Huang | ||
sidebar_position: 26 | ||
|
||
--- | ||
|
||
|
||
import { FigCaption, SubTitle } from "@site/src/js/layout"; | ||
import designBase from "@site/static/img/labimotion/design-base.png"; | ||
|
||
|
||
This page provides comprehensive instructions for all configurations related to user authentication. | ||
|
||
|
||
The default authentication method for Chemotion is database authentication, allowing users to log in with an email address or acronym. Passwords in Chemotion are encrypted. | ||
|
||
### Database Authentication | ||
|
||
This method involves hashing and storing a user's password in the database. When a user attempts to sign in, the system validates their authenticity by comparing the entered password, once hashed, with the stored hash. This process ensures that sensitive password information is never stored in plain text, enhancing the security of user data. | ||
|
||
|
||
### Third-Party Authentication | ||
|
||
|
||
We also offer third-party authentication options, including Shibboleth, OIDC (Open ID Connect), ORCID, GitHub, and NFDI AAI. To configure these options, visit the Chemotion Administration page. On the left side, under 'UI Features', find the function labeled 'User Provider'. Click on the yellow 'Edit JSON' button to access the configuration settings. | ||
|
||
![adminui-uifeatures-edit_permission](@site/static/img/admin_ui/user_provider.png) | ||
|
||
### Shibboleth | ||
|
||
```sh | ||
{ | ||
shibboleth: { | ||
enable: false, | ||
uid: 'pairwise-id', | ||
email: 'mail', | ||
last_name: 'sn', | ||
first_name: 'givenName' | ||
} | ||
} | ||
``` | ||
|
||
#### Parameters | ||
|
||
| Parameters | Value | Description | | ||
| ---------- | ----------------- | -------------------- | | ||
| enable | `true` or `false` | | | ||
| uid | 'pairwise-id' | | | ||
| email | 'mail' | | | ||
| last_name | 'sn' | | | ||
| first_name | 'givenName' | | | ||
|
||
|
||
### OIDC (Open ID Connect) | ||
|
||
```sh | ||
{ | ||
openid_connect: { | ||
enable: true, | ||
host: "oidc.address.edu", | ||
icon: "path/to/image.png", | ||
issuer: "https://oidc.address.edu/path/to/issuer", | ||
scheme: "https", | ||
client_id: "myClientID", | ||
redirect_uri: "https://your-eln.edu/users/auth/openid_connect/callback", | ||
client_secret: "secret", | ||
token_endpoint: "/oauth2/token", | ||
authorization_endpoint: "/oauth2/auth" | ||
} | ||
} | ||
``` | ||
|
||
#### Parameters | ||
|
||
| Parameter | Value | Description | | ||
| ---------------------- | -------------------------------------------------------------- | -------------------- | | ||
| enable | `true` or `false` | | | ||
| host | address of the service | | | ||
| icon | path to a public image to display on the sign-in page | | | ||
| issuer | URL of the issuer | | | ||
| scheme | `https` | | | ||
| client_id | client ID | | | ||
| redirect_uri | your Chemotion ELN URL + '/users/auth/openid_connect/callback' | | | ||
| client_secret | secret | | | ||
| token_endpoint | `/oauth2/token` | | | ||
| authorization_endpoint | `/oauth2/auth` | | | ||
|
||
|
||
### ORCID | ||
|
||
```sh | ||
{ | ||
github: { | ||
enable: false | ||
client_id: null | ||
client_secret: null | ||
} | ||
} | ||
``` | ||
|
||
#### Parameters | ||
|
||
| Parameters | Value | Description | | ||
| ---------- | ----------------- | -------------------- | | ||
| enable | `true` or `false` | | | ||
| uid | 'pairwise-id' | | | ||
| email | 'mail' | | | ||
| last_name | 'sn' | | | ||
| first_name | 'givenName' | | | ||
|
||
|
||
### GitHub | ||
|
||
|
||
```sh | ||
{ | ||
github: { | ||
enable: false | ||
client_id: null | ||
client_secret: null | ||
} | ||
} | ||
``` | ||
|
||
#### Parameters | ||
|
||
| Parameters | Value | Description | | ||
| ---------- | ----------------- | -------------------- | | ||
| enable | `true` or `false` | | | ||
| uid | 'pairwise-id' | | | ||
| email | 'mail' | | | ||
| last_name | 'sn' | | | ||
| first_name | 'givenName' | | | ||
|
||
|
||
### NFDI AAI | ||
|
||
In ELN 1.6, we've introduced several third-party login authentication methods, including Shibboleth and OpenID Connect. Since NFDI AAI RegAPP uses OpenID Connect, it is ready for use with ELN version 1.6 or higher. | ||
The integration of Chemotion with NFDI AAI RegAPP has been successfully tested and is now available on the labimotion test instance. | ||
|
||
:::info | ||
|
||
Instructions for applying for a client ID for Your Instance: | ||
|
||
Please **[send an email](mailto:[email protected]) to [email protected] with the following information: | ||
|
||
1. Your Institution name (e.g., Karlsruhe Institute of Technology) | ||
2. Your FQDN (Fully Qualified Domain Name) (e.g., https://your-eln.edu) | ||
3. ELN Version | ||
|
||
::: | ||
|
||
|
||
```sh | ||
{ | ||
openid_connect: { | ||
enable: true, | ||
host: "regapp.nfdi-aai.de", | ||
label: "NFDI AAI", | ||
issuer: "https://regapp.nfdi-aai.de/oidc/realms/nfdi", | ||
scheme: "https", | ||
client_id: "myClientID", | ||
redirect_uri: "https://https://your-eln.edu/users/auth/openid_connect/callback", | ||
client_secret: "secret", | ||
token_endpoint: "/oauth2/token", | ||
authorization_endpoint: "/oauth2/auth" | ||
} | ||
} | ||
``` | ||
|
||
#### Parameters | ||
|
||
| Parameter | Value | Description | | ||
| ---------------------- | -------------------------------------------------------------- | --------------------------- | | ||
| enable | `true` or `false` | | | ||
| host | `regapp.nfdi-aai.de` | address of the service | | ||
| label | `NFDI AAI` | label of the login button | | ||
| icon | path to a public image to display on the sign-in page | | | ||
| issuer | `https://regapp.nfdi-aai.de/oidc/realms/nfdi` | URL of the issuer | | ||
| scheme | `https` | | | ||
| client_id | client ID |Please send an email to [email protected] | | ||
| redirect_uri | your Chemotion ELN URL + '/users/auth/openid_connect/callback' | | | ||
| client_secret | secret | | | ||
| token_endpoint | `/oauth2/token` | | | ||
| authorization_endpoint | `/oauth2/auth` | | |