Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Avoiding Administrator virtual user account

smalis_
Champ on-the-rise
Champ on-the-rise

‎09-12-2012 05:03 PM

Currently we do use this Administrator account for REST calls and the username/password is in configuration files for REST Calls. For security purpose we would like to avoid having password in config files. Is there any better ways for REST Calls to be authenticated ? We prefer using Administrator username for REST Calls but would like to avoid password being hard coded for rest calls. Let us know for suggestions.

0 Kudos
2 REPLIES 2

Thierry_Delprat
Confirmed Champ
Confirmed Champ

‎09-13-2012 05:22 AM

Hi,

Nuxeo supports several authentication solutions. Choosing the right one depends on what you want to do.

Client side certificate

You can use client side certificate, use an Apache reverse proxy to do the certficate validation and use Nuxeo mod_sso plugin on the Nuxeo side to handle the login.

http://doc.nuxeo.com/display/ADMINDOC56/Authentication%2C+users+and+groups

Server 2 server authentication

You can use the portal_sso authentication plugin that allows to define a secret key between the 2 servers.

http://doc.nuxeo.com/display/ADMINDOC56/Authentication%2C+users+and+groups

NB : support is already included in the java AutomationClient

Use OAuth 1.0

Nuxeo can be an OAuth service provider, so if you client app can use OAUth this may be an option.

http://doc.nuxeo.com/display/ADMINDOC56/Using+OAuth

Tiry

0 Kudos

smalis_
Champ on-the-rise
Champ on-the-rise
In response to Thierry_Delprat

‎09-13-2012 10:53 AM

So can we use te portal_sso authentication though there is no SSO sever at this time and just for the purpose of application making REST Calls using HttpAutomationClient ? Do we still need virtual user Administrator here or does it use a different user account ? If Administrator virtual user is still used in the portal_sso , can we remove password from the config file where the Administrator virtual user is created ? Also if we use portal_sso auth with shared key, do we still store the shared key in config file ? Does it mean someone can login to Admin console using the shared key from config file ? Is it encrypted ? Please give us details to address the security concern here ?

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC