Documentation

SKOOR Auth Configuration

SKOOR Auth is automatically installed as a dependency of the SKOOR Engine.

Currently SKOOR Auth only supports the “authorization code flow” for OIDC. Therefore the SKOOR Server requires a connection (https) to the authentication provider. This connection could also be via a proxy server.

Config File

/etc/opt/eranger/eranger-auth.conf

If you only need local authentication, there is usually no need to change any configuration entries.

[listen]
# address = localhost
                            # address to listen to. Should always be localhost
                            # because accessed using a reverse proxy.
# port = 8094
                            # Port to listen to. If changed one have to
                            # change the reverse proxy config too.

This section contains configuration about the address and port the server listens to. Usually, this doesn’t have to be touched at all.

[session]
secret = <session-signing-key>
                            # Strong secret (at least 32 bit) to avoid some
                            # attacks on session cookie.
                            # If you change this, all existing sessions will
                            # be invalidated.
# maxAge = 604800000
                            # maximum cookie lifetime
# storage_path = /var/opt/run/eranger/eranger-auth/sessions
                            # location on disk to store session data

A secret is generated automatically upon the installation of SKOOR Auth. You can change this to a more secure value, but keep in mind that if you do so all existing sessions are going to be invalidated.

[logging]
# level = warn
                            # debug, info, warn, error

Logging is done to STDIO. There is no log file and log can be watched by e.g “journalctl -u eranger-auth -f”.

[engine]
# address = localhost
                            # address of the Engine V3 service
# port = 50001
                            # port of the Engine V3 Service

SKOOR Engine is usally running on the same server as SKOOR Auth. Although it is also possible to locate it on a different server.

In such a case one has to alter auth_url in the SKOOR Engine Server config respective authUrl in the SKOOR Dashboard config.

[cors]
#allowed_origins = 
                            # Comma separated list of allowed CORS origins.

If the web service needs to be used by an application on a different orgin, this origin needs to be whitelisted here.

You don’t need to add the URL where SKOOR or the SKOOR Viewer resides. Requests from the same origin are already allowed by default.

[proxy]
# http =                    # Proxy for HTTP requests. e.g. http://localhost:8080
# https =                   # Proxy for HTTPS requests. e.g. http://localhost:8080

Allows to define an HTTP proxy for e.g. OIDC HTTP/S connections.

If authentication is required, the syntax is:

http://username:password@proxyserver:proxyport/

# [provider.x]

Allows to define external authentication providers. Details can be found here.

After a config change, SKOOR Auth has to be restarted:

systemctl restart eranger-auth
Previous
Microsoft Teams Integration
Next
External Authentication Providers