mirror of
https://github.com/ClusterCockpit/cc-backend
synced 2025-10-31 16:05:06 +01:00
97 lines
3.1 KiB
Go
97 lines
3.1 KiB
Go
// Copyright (C) NHR@FAU, University Erlangen-Nuremberg.
|
|
// All rights reserved. This file is part of cc-backend.
|
|
// Use of this source code is governed by a MIT-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package auth
|
|
|
|
var configSchema = `
|
|
{
|
|
"jwts": {
|
|
"description": "For JWT token authentication.",
|
|
"type": "object",
|
|
"properties": {
|
|
"max-age": {
|
|
"description": "Configure how long a token is valid. As string parsable by time.ParseDuration()",
|
|
"type": "string"
|
|
},
|
|
"cookieName": {
|
|
"description": "Cookie that should be checked for a JWT token.",
|
|
"type": "string"
|
|
},
|
|
"validateUser": {
|
|
"description": "Deny login for users not in database (but defined in JWT). Overwrite roles in JWT with database roles.",
|
|
"type": "boolean"
|
|
},
|
|
"trustedIssuer": {
|
|
"description": "Issuer that should be accepted when validating external JWTs ",
|
|
"type": "string"
|
|
},
|
|
"syncUserOnLogin": {
|
|
"description": "Add non-existent user to DB at login attempt with values provided in JWT.",
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"required": ["max-age"]
|
|
},
|
|
"oidc": {
|
|
"provider": {
|
|
"description": "",
|
|
"type": "string"
|
|
},
|
|
"syncUserOnLogin": {
|
|
"description": "",
|
|
"type": "boolean"
|
|
},
|
|
"updateUserOnLogin": {
|
|
"description": "",
|
|
"type": "boolean"
|
|
},
|
|
"required": ["provider"]
|
|
},
|
|
"ldap": {
|
|
"description": "For LDAP Authentication and user synchronisation.",
|
|
"type": "object",
|
|
"properties": {
|
|
"url": {
|
|
"description": "URL of LDAP directory server.",
|
|
"type": "string"
|
|
},
|
|
"user_base": {
|
|
"description": "Base DN of user tree root.",
|
|
"type": "string"
|
|
},
|
|
"search_dn": {
|
|
"description": "DN for authenticating LDAP admin account with general read rights.",
|
|
"type": "string"
|
|
},
|
|
"user_bind": {
|
|
"description": "Expression used to authenticate users via LDAP bind. Must contain uid={username}.",
|
|
"type": "string"
|
|
},
|
|
"user_filter": {
|
|
"description": "Filter to extract users for syncing.",
|
|
"type": "string"
|
|
},
|
|
"username_attr": {
|
|
"description": "Attribute with full username. Default: gecos",
|
|
"type": "string"
|
|
},
|
|
"sync_interval": {
|
|
"description": "Interval used for syncing local user table with LDAP directory. Parsed using time.ParseDuration.",
|
|
"type": "string"
|
|
},
|
|
"sync_del_old_users": {
|
|
"description": "Delete obsolete users in database.",
|
|
"type": "boolean"
|
|
},
|
|
"syncUserOnLogin": {
|
|
"description": "Add non-existent user to DB at login attempt if user exists in Ldap directory",
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"required": ["url", "user_base", "search_dn", "user_bind", "user_filter"]
|
|
},
|
|
"required": ["jwts"]
|
|
}`
|