From 6686474eb61dedc13224d574213613cc75bbe9ca Mon Sep 17 00:00:00 2001 From: Pei Chi Huang Date: Thu, 13 Jun 2024 13:47:54 +0200 Subject: [PATCH] Create authentication.mdx --- docs/eln/install_configure/authentication.mdx | 187 ++++++++++++++++++ 1 file changed, 187 insertions(+) create mode 100644 docs/eln/install_configure/authentication.mdx diff --git a/docs/eln/install_configure/authentication.mdx b/docs/eln/install_configure/authentication.mdx new file mode 100644 index 00000000..5ea43b6e --- /dev/null +++ b/docs/eln/install_configure/authentication.mdx @@ -0,0 +1,187 @@ +--- +title: Authentication in Chemotion +sidebar_label: Authentication +author: Paggy Huang +sidebar_position: 26 + +--- + + +import { FigCaption, SubTitle } from "@site/src/js/layout"; +import designBase from "@site/static/img/labimotion/design-base.png"; + + +This page provides comprehensive instructions for all configurations related to user authentication. + + +The default authentication method for Chemotion is database authentication, allowing users to log in with an email address or acronym. Passwords in Chemotion are encrypted. + +### Database Authentication + +This method involves hashing and storing a user's password in the database. When a user attempts to sign in, the system validates their authenticity by comparing the entered password, once hashed, with the stored hash. This process ensures that sensitive password information is never stored in plain text, enhancing the security of user data. + + +### Third-Party Authentication + + +We also offer third-party authentication options, including Shibboleth, OIDC (Open ID Connect), ORCID, GitHub, and NFDI AAI. To configure these options, visit the Chemotion Administration page. On the left side, under 'UI Features', find the function labeled 'User Provider'. Click on the yellow 'Edit JSON' button to access the configuration settings. + +![adminui-uifeatures-edit_permission](@site/static/img/admin_ui/user_provider.png) + +### Shibboleth + +```sh +{ + shibboleth: {  + enable: false, + uid: 'pairwise-id', + email: 'mail', + last_name: 'sn', + first_name: 'givenName' + } +} +``` + +#### Parameters + +| Parameters | Value | Description | +| ---------- | ----------------- | -------------------- | +| enable | `true` or `false` | | +| uid | 'pairwise-id' | | +| email | 'mail' | | +| last_name | 'sn' | | +| first_name | 'givenName' | | + + +### OIDC (Open ID Connect) + +```sh +{ + openid_connect: { + enable: true, + host: "oidc.address.edu", + icon: "path/to/image.png", + issuer: "https://oidc.address.edu/path/to/issuer", + scheme: "https", + client_id: "myClientID", + redirect_uri: "https://your-eln.edu/users/auth/openid_connect/callback", + client_secret: "secret", + token_endpoint: "/oauth2/token", + authorization_endpoint: "/oauth2/auth" + } +} +``` + +#### Parameters + +| Parameter | Value | Description | +| ---------------------- | -------------------------------------------------------------- | -------------------- | +| enable | `true` or `false` | | +| host | address of the service | | +| icon | path to a public image to display on the sign-in page | | +| issuer | URL of the issuer | | +| scheme | `https` | | +| client_id | client ID | | +| redirect_uri | your Chemotion ELN URL + '/users/auth/openid_connect/callback' | | +| client_secret | secret | | +| token_endpoint | `/oauth2/token` | | +| authorization_endpoint | `/oauth2/auth` | | + + +### ORCID + +```sh +{ + github: { + enable: false + client_id: null + client_secret: null + } +} +``` + +#### Parameters + +| Parameters | Value | Description | +| ---------- | ----------------- | -------------------- | +| enable | `true` or `false` | | +| uid | 'pairwise-id' | | +| email | 'mail' | | +| last_name | 'sn' | | +| first_name | 'givenName' | | + + +### GitHub + + +```sh +{ + github: { + enable: false + client_id: null + client_secret: null + } +} +``` + +#### Parameters + +| Parameters | Value | Description | +| ---------- | ----------------- | -------------------- | +| enable | `true` or `false` | | +| uid | 'pairwise-id' | | +| email | 'mail' | | +| last_name | 'sn' | | +| first_name | 'givenName' | | + + +### NFDI AAI + +In ELN 1.6, we've introduced several third-party login authentication methods, including Shibboleth and OpenID Connect. Since NFDI AAI RegAPP uses OpenID Connect, it is ready for use with ELN version 1.6 or higher. +The integration of Chemotion with NFDI AAI RegAPP has been successfully tested and is now available on the labimotion test instance. + +:::info + +Instructions for applying for a client ID for Your Instance: + +Please **[send an email](mailto:chemotion-nfdi-aai@lists.kit.edu) to chemotion-nfdi-aai@lists.kit.edu with the following information: + +1. Your Institution name (e.g., Karlsruhe Institute of Technology) +2. Your FQDN (Fully Qualified Domain Name) (e.g., https://your-eln.edu) +3. ELN Version + +::: + + +```sh +{ + openid_connect: { + enable: true, + host: "regapp.nfdi-aai.de", + label: "NFDI AAI", + issuer: "https://regapp.nfdi-aai.de/oidc/realms/nfdi", + scheme: "https", + client_id: "myClientID", + redirect_uri: "https://https://your-eln.edu/users/auth/openid_connect/callback", + client_secret: "secret", + token_endpoint: "/oauth2/token", + authorization_endpoint: "/oauth2/auth" + } +} +``` + +#### Parameters + +| Parameter | Value | Description | +| ---------------------- | -------------------------------------------------------------- | --------------------------- | +| enable | `true` or `false` | | +| host | `regapp.nfdi-aai.de` | address of the service | +| label | `NFDI AAI` | label of the login button | +| icon | path to a public image to display on the sign-in page | | +| issuer | `https://regapp.nfdi-aai.de/oidc/realms/nfdi` | URL of the issuer | +| scheme | `https` | | +| client_id | client ID |Please send an email to chemotion-nfdi-aai@lists.kit.edu | +| redirect_uri | your Chemotion ELN URL + '/users/auth/openid_connect/callback' | | +| client_secret | secret | | +| token_endpoint | `/oauth2/token` | | +| authorization_endpoint | `/oauth2/auth` | |