Authentication
docuteam box has two different authentication mechanisms, one for the user interface and one for the API.
User interface
Authentication for the user interface is managed using a Keycloak instance. Users are either managed directly in this instance, or using an external identiy provider using OpenID Connect or SAML 2.0 (e.g. AzureAD).
API
Requests to the API are authenticated with an X-Auth-Token
header. The actual tokens are managed through the user interface:
Each key has the following properties:
- Choose a
label
to easier remember the usage/context of the token. - The
token
is generated automatically when creating a new API key. - A
Fedora user/password
that is used for accessing the respective objects in the repository. You can restrict the permission of such a user using Fedora's authorization functionality. - The
role
is eitherRead
orQuery
:Read
permits access to objects specific endpoints, i.e. getting previews, originals or entire DIPsQuery
also allows overall search in the repository using the triplestore.