Configuration of the way of authentication via environment variables

You may configurer the way of authentication directly in the interface of administration of Themis or with environment variables at the launch of Themis.

To this end, it is enough that you inform several environment variables before the launch of Themis via Docker.

Significant: The configuration by environment variable take the top on the configuration already present within Themis or the one modified in the Administration part.

Chose of the way of authentication

  • THEMIS_AUTH_SERVICE: Defines the service used for authentication
    • "classic"
    • "azure"
    • "active-directory"
    • "reverse-proxy"

!! Attention !! If that variable is present, the change of the way of authentication will not be possible within the Administration of Themis part.

 

Azure Active Directory ("azure") mode

  • THEMIS_AUTH_CONFIG_TENANT_NAME (Tenant)
  • THEMIS_AUTH_CONFIG_TOKEN_ENDPOINT (URL of the termination point)
  • THEMIS_AUTH_CONFIG_CLIENT_ID (ID of the application)
  • THEMIS_AUTH_CONFIG_CLIENT_SECRET (secret)

Details of the parameters for a configuration with Azure Active Directory

 

Active Directory ("active-directory") mode

  • THEMIS_AUTH_CONFIG_HOSTNAME (Hostname of the LDAP server. Example: ldap.example.com)
  • THEMIS_AUTH_CONFIG_PORT (Port)
  • THEMIS_AUTH_CONFIG_ROOT_DN (Root node in LDAP from which the users and the groups will be searched. Example: CN=user,DC=domain,DC=name)
  • THEMIS_AUTH_CONFIG_GROUP_DN (Group allowed to access to the application (elective))
  • THEMIS_AUTH_CONFIG_ROOT_USERNAME (Username)
  • THEMIS_AUTH_CONFIG_ROOT_PASSWORD (Password)
  • THEMIS_AUTH_CONFIG_SECURE (true / false to define the use of LDAP or LDAPS)

Details of the parameters for a configuration with Active Directory

 

SSO ("reverse-proxy") mode

  • THEMIS_AUTH_CONFIG_LOGIN_HEADER_NAME_PARAM (header matching the login)
  • THEMIS_AUTH_CONFIG_GROUPS_HEADER_NAME_PARAM (groups allowed)
  • THEMIS_AUTH_CONFIG_PROXY_AUTH_GROUPS_SEPARATOR (Separator of groups)
  • THEMIS_AUTH_CONFIG_PROXY_AUTH_GROUPS_ALLOWED (Groups allowed)
  • THEMIS_AUTH_CONFIG_MAIL_HEADER_NAME_PARAM (Header for the mail)
  • THEMIS_AUTH_CONFIG_DISPLAY_NAME_HEADER_NAME_PARAM (Header for the name of display)

Details of the parameters for a configuration with SSO

OpenLdap ("open-ldap") mode

  • THEMIS_AUTH_CONFIG_HOSTNAME (Hostname of the OpenLDAP server. Example: ldap.example.com)
  • THEMIS_AUTH_CONFIG_PORT (Port)
  • THEMIS_AUTH_CONFIG_SECURE (true / false to define the use of LDAP or LDAPS)
  • THEMIS_AUTH_CONFIG_ADMIN_DN (Admin account's DN)
  • THEMIS_AUTH_CONFIG_ADMIN_PASSWORD (Admin password)
  • THEMIS_AUTH_CONFIG_SEARCH_BASE (Root DN in OpenLDAP from which users will be searched. Example: CN=user,DC=domain,DC=name)
  • THEMIS_AUTH_CONFIG_SEARCH_FILTER (Allows to filter users during search. Default: '(cn={{username}})' where username corresponds to the identified user.)
  • THEMIS_AUTH_CONFIG_GROUP_SEARCH_BASE (DN of the group allowed to access Themis.  (optional))
  • THEMIS_AUTH_CONFIG_GROUP_SEARCH_FILTER (Allows to filter group members (optional). Default: '(member={{dn}})' )
  • THEMIS_AUTH_CONFIG_DISPLAY_NAME (User attribut corresponding to the user's display name on Themis)
  • THEMIS_AUTH_CONFIG_MAIL (User attribut corresponding to the user's mail on Themis)
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.