Mercurial > hg > digilib

view webapp/src/main/webapp/WEB-INF/digilib-auth.xml.template @ 1499:31566778c251

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
new OpenID Connect authentication OpenIdAuthnOps works now!
author robcast
date Thu, 31 Mar 2016 17:05:28 +0200
parents f48b9a5fc650
children e7e38e1f68df
line wrap: on
line source

<?xml version="1.0" encoding="UTF-8"?>
<!-- Authentication configuration file for Digital Document Library -->
<auth-config>

  <digilib-paths>
    <!-- 
      A user must supply one of the roles under "role"
      to access the directory "name".
      Roles under "role" must be separated by comma only (no spaces).  
    -->
    <path name="histast/eastwood-collection" role="eastwood-coll" />
    <path name="ptolemaios_geo" role="ptolemaios-geo" />
  </digilib-paths>

  <digilib-addresses>
    <!-- 
      A computer with an ip address that matches "ip"
      is automatically granted all roles under "role".
      The ip address is matched from the left (in full quads).
      Roles under "role" must be separated by comma only (no spaces). 
    -->
    <address ip="127" role="local" />
    <address ip="0:0:0:0:0:0:0:1" role="local" />
    <address ip="130.92.68" role="eastwood-coll,ptolemaios-geo" />
  </digilib-addresses>

  <digilib-oauth>
    <!-- 
      A request with an "id_token" parameter containing a valid token 
      signed with the configured key including the configured issuer (iss)
      and clientid (aud) is granted the configured roles.
    -->
    <openid issuer="https://id.some.where" clientid="myclient" roles="someusers" keytype="jwk">
      {"kty":"RSA","e":"AQAB","kid":"rsa1","n":"qjQ5U3wXzamg9R...idGpIiVilMDVBs"}
    </openid>
  </digilib-oauth>

</auth-config>