Docs

SKOOR Auth Configuration

SKOOR Auth is automatically installed as a dependency of the SKOOR Engine.

Currently SKOOR Auth only supports the “authorization code flow” for OIDC. Therefore the SKOOR Server requires a connection (https) to the authentication provider. This connection could also be via a proxy server.

Config File

/etc/opt/eranger/eranger-auth.conf

If you only need local authentication, there is usually no need to change any configuration entries.

[listen]
# address = localhost
                            # address to listen to. Should always be localhost
                            # because accessed using a reverse proxy.
# port = 8094
                            # Port to listen to. If changed one have to
                            # change the reverse proxy config too.

This section contains configuration about the address and port the server listens to. Usually, this doesn’t have to be touched at all.

[session]
secret = <session-signing-key>
                            # Strong secret (at least 32 bit) to avoid some
                            # attacks on session cookie.
                            # If you change this, all existing sessions will
                            # be invalidated.
# maxAge = 604800000
                            # maximum cookie lifetime
# storage_path = /var/opt/run/eranger/eranger-auth/sessions
                            # location on disk to store session data

A secret is generated automatically upon the installation of SKOOR Auth. You can change this to a more secure value, but keep in mind that if you do so all existing sessions are going to be invalidated.

[logging]
# level = warn
                            # debug, info, warn, error

Logging is done to STDIO. There is no log file and log can be watched by e.g “journalctl -u eranger-auth -f”.

[engine]
# address = localhost
                            # address of the Engine V3 service
# port = 50001
                            # port of the Engine V3 Service

SKOOR Engine is usally running on the same server as SKOOR Auth. Although it is also possible to locate it on a different server.

In such a case one has to alter auth_url in the SKOOR Engine Server config respective authUrl in the SKOOR Dashboard config.

[proxy]
# http =                    # Proxy for HTTP requests. e.g. http://localhost:8080
# https =                   # Proxy for HTTPS requests. e.g. http://localhost:8080

Allows to define an HTTP proxy for e.g. OIDC HTTP/S connections.

If authentication is required, the syntax is:

http://username:password@proxyserver:proxyport/

# [provider.x]

Allows to define external authentication providers. Details can be found here.

After a config change, SKOOR Auth has to be restarted:

systemctl restart eranger-auth
Previous
Database maintenance
Next
External Authentication Providers