...
In case of basic login the user requests the CMIS interface with username and password and the CMIS interface then generates an Access Token with these credentials at the authentication server.
| Note |
|---|
Please make sure that the issued access token provides the claim "preferred_username" at the authentication server. This is required for authentication against the CMIS interface. |
token
If you have decided to use the token authentication you have to configure an .audience and a .discovery.url parameter in the repositoy.cfg.
...
| Code Block |
|---|
<Repo>.authentication.cmis.type = token <Repo>.authentication.cmis.idprovider = openid <Repo>.authentication.cmis.openid.audience = api://cmis <Repo>.authentication.cmis.openid.discovery.url = http://localhost:8080/realms/test/.well-known/openid-configuration |
basic
The configurations described under token must also be made for basic.
...
| Code Block |
|---|
<Repo>.authentication.cmis.type = basic <Repo>.authentication.cmis.idprovider = openid <Repo>.authentication.cmis.openid.audience = api://cmis <Repo>.authentication.cmis.openid.discovery.url = http://localhost:8080/realms/test/.well-known/openid-configuration <Repo>.authentication.cmis.openid.scope = openid <Repo>.authentication.cmis.openid.client = test <Repo>.authentication.cmis.openid.clientsecret = ETOCuq6c7RjEBwVqrGSDJ2LU4pH4iQbC |
role mapping
Both variants support the mapping of roles, i.e. mapping the currently three internal role names to the actually used roles names in the auth system.
| Code Block |
|---|
<Repo>.authentication.cmis.openid.roles.admin = tia-cloud.core-fullaccess
<Repo>.authentication.cmis.openid.roles.writer = tia-cloud.core-readwrite
<Repo>.authentication.cmis.openid.roles.reader = tia-cloud.core-readonly |