Authentication

docuteam box has two different authentication mechanisms, one for the user interface and one for the API.

User interface

Authentication for the user interface is managed using a Keycloak instance. Users are either managed directly in this instance, or using an external identiy provider using OpenID Connect or SAML 2.0 (e.g. AzureAD).

API

Requests to the API are authenticated with an X-Auth-Token header. The actual tokens are managed through the user interface:

Each key has the following properties:

• Choose a label to easier remember the usage/context of the token.
• The token is generated automatically when creating a new API key.
• A Fedora user/password that is used for accessing the respective objects in the repository. You can restrict the permission of such a user using Fedora's authorization functionality.
• The role is either Read or Query:
  • Read permits access to objects specific endpoints, i.e. getting previews, originals or entire DIPs
  • Query also allows overall search in the repository using the triplestore.