foundation-accounts¶
Accounts is a Foundation's module responsible for managing users and authentication in general.
Main roles:
- Login page
- Validate credentials
- Manage session tokens
- Allow access to protected resources
- Logout endpoint
Login page¶
When you open the foundation or any protected application in our platform in a web-browser, you are redirected to foundation accounts login page.
Validate user credentials¶
When you submit the user name and password information, foundation-accounts try to authenticate the data with all configured authentication providers in it.
Accounts has a authentication provider support. The currently supported providers are:
- Local Autentication: Uses a postgres database to manage users
- Multi-tenancy: Allows configure multiple providers
Authentication x Authorization¶
It is important to separate this two concepts:
Authentication is the process of ascertaining that somebody really is who he claims to be.
Authorization refers to rules that determine who is allowed to do what.
Currently, Foundation has support to Authentication and relies on each Application to perform it's own Authorization, based on the credentials it pass to them.
Local Authentication¶
This is a internal mechanism for local authentication, used by Applications that relies on Foundation User Management. It provides a simple UI to manage both users and groups.
inMemory¶
By default the user and password are both admin, admin. You need to change it once installed using foundation passwd command at foundation client.
Remote Authentication¶
Remote Authentication is a mechanism that uses an external provider to authenticate Foundation Users. Currently 5 types of remote authentication are supported:
- Solfis (Solução Fiscal)
- Ldap
- DFe Manager (Documentos Fiscais Eletrônicos)
- Multi-tenancy (Multiple SolFis instances)
- Remote (API Authentication)
SolFis¶
Foundation Accounts is able to connect to Solução Fiscal user base in order to authenticate a user. The connection configuration is pretty straightforward. You only need to inform JDBC Oracle Connection String, Database User Name and Database User Password.
Ldap with authentication¶
Foundation Accounts is able to connect to LDAP Provider to authenticate a user.
The LDAP Authentication Provider have four parameters, but only Host is required:
- Host
- Manager DN
- Manager Password
- User Search Filter
With that in mind:
- Host is the hostname of the LDAP Provider.
- Manager DN and Manager Password are the credentials of a known user used to establish the first connection within the LDAP Provider.
- User Search Filter is the query used to find a user being authenticated.
DFe Manager¶
Foundation Accounts is able to connect to Documentos Fiscais Eletrônicos user base in order to authenticate a user. The connection configuration is pretty straightforward.
DFe provider requires:
- Inform JDBC Oracle Connection String, Database User Name and Database User Password.
- As a complement it is required inform field ORG_ID at tenant variables provider.
Remote¶
Foundation Accounts is able to connect to remote API in order to authenticate a user. You only need to inform URL.
Multi-tenancy¶
Starting on version 19.06.1, you are now able to configure a SolFis multi-tenant authentication. Using this provider type, Foundation should manage access to N instances of SolFis, each one configured through the Tenant menu.
Once configured, all tenants will be available to be selected as below:
Authenticating with multi-tenancy¶
To login to a tenant, the tenant ID needs to be passed as shown in the below example:
<USER-LOGIN>@<TENANT-ID>
EX: admin@example
You can choose a default tenant to auto select it when you don't provide the @TENANT in username field.
No validate user credentials¶
Once configured, all providers will be available for use the application, it is just necessary do a request in accounts endpoint, send a GET request to the tenant details.
Providers available¶
Currently 5 providers are supported:
- Agr (Automação de Guias de Pagamento)
- Gestaocreditos (Gestão de créditos)
- Sfw (Solução Fiscal Web)
- Variables
- Ldap
Agr¶
You only need to inform JDBC Oracle Connection String, Database User Name and Database User Password.
Gestaocreditos¶
You only need to inform JDBC Oracle Connection String, Database User Name and Database User Password.
Sfw¶
You only need to inform JDBC Oracle Connection String, Database User Name and Database User Password.
Variables¶
With Variables provider, it is possible to create a provider configuration by tenant (key, value).
Warning
The variables provider is not Environment Variables
Ldap without authentication¶
You can set ldap to check any rules.
The LDAP Authentication Provider have four parameters, but only Host is required:
- Host
- Manager DN
- Manager Password
- User Search Filter
With that in mind:
- Host is the hostname of the LDAP Provider.
- Manager DN and Manager Password are the credentials of a known user used to establish the first connection within the LDAP Provider.
- User Search Filter is the query used to find a user being authenticated.