Update index.adoc

georchestra · May 9, 2022 · f2cf1c9 · f2cf1c9
1 parent 5655d66
commit f2cf1c9
Showing 1 changed file with 0 additions and 168 deletions.
diff --git a/docs/index.adoc b/docs/index.adoc
@@ -18,171 +18,3 @@ and the additional property sources by means of spring-boot's
 `spring.config.import` environment property, like in:
 `spring.config.import: ${georchestra.datadir}/default.properties,${georchestra.datadir}/gateway/gateway.yaml`.
 
-
-== Authentication and Authorization
-
-== LDAP (HTTP Basic and Form Login)
-
-LDAP Authentication is enabled and set up through the following configuration properties in `application.yml`:
-
-[source,yaml]
-----
-georchestra.security.ldap:
-  enabled: true
-  url: ${ldapScheme}://${ldapHost}:${ldapPort}
-  baseDn: ${ldapBaseDn:dc=georchestra,dc=org}
-  usersRdn: ${ldapUsersRdn:ou=users}
-  userSearchFilter: ${ldapUserSearchFilter:(uid={0})}
-  rolesRdn: ${ldapRolesRdn:ou=roles}
-  rolesSearchFilter: ${ldapRolesSearchFilter:(member={0})}
-----
-
-If `georchestra.security.ldap.enabled` is `false`,the log-in page won't show the username/password form inputs.
-
-## Data directory property sources
-
-Routes and other relevant configuration properties are loaded from geOrchestra "data directory"'s
-`default.properties` and `gateway/gateway.yaml`.
-
-The location of the data directory is picked up from the `georchestra.datadir` environment property,
-and the additional property sources by means of spring-boot's 
-`spring.config.import` environment property, like in:
-`spring.config.import: ${georchestra.datadir}/default.properties,${georchestra.datadir}/gateway/gateway.yaml`.
-
-
-=== Externalized Configuration
-
-== Oauth2
-
-=== Externalized Configuration
-
-== OpenID Connect
-
-Both standard and non-standard claims can be used to set the `GeorchestraUser`'s `roles`
-`organization` short name properties using JSONPath expressions with
-`OidcUser#getClaims():Map<String, Object>` as the expresion's root object.
-
-Take as example the following claims provided by an OIDC ID Token:
-
-[source,json]
-----
-{
-    "family_name": "Doe",
-    "given_name": "John",
-    "locale": "en-US",
-    "name": "John Doe",
-    "preferred_username": "jd@example.com",
-    "sub": "...",
-    "updated_at": 1490198843,
-    "groups": [
-        "GDI Planer",
-        "GDI Editor"
-    ],
-    "PartyOrganisationID": "6007280321"
-}
-----
-
-=== Externalized Configuration
-
-The following congiuration properties can be used to extract the role names from the `groups` claim,
-and the organization's short name from the `PartyOrganisationID` claim:
-
-[source,yaml]
-----
-georchestra.gateway.security.oidc.claims:
-  organization.path: "$.PartyOrganisationID"
-  roles:
-    path: "$.groups..['name']"
-    uppercase: true
-    normalize: true
-    append: true
-----
-
-Resulting in the following property values for the `GeorchestraUser` instance associated to the request:
-
-```
-roles = ["ROLE_GDI_PLANER", "ROLE_GDI_EDITOR"]
-organization = "6007280321"
-```
-
-Which the gateway will then convey to the proxied services as the following request headers:
-
-```
-sec-roles: ROLE_GDI_PLANER;ROLE_GDI_EDITOR
-sec-org: 6007280321
-```
-
-== Authentication and Authorization
-
-=== Configuration Object Model
-
-[source,mermaid]
-----
-classDiagram
-  GatewayConfigProperties *-- HeaderMappings : defaultHeaders
-  GatewayConfigProperties *-- "0..*" RoleBasedAccessRule : globalAccessRules
-  GatewayConfigProperties *-- "0..*" Service
-  Service *-- HeaderMappings : headers
-  Service *-- "0..*" RoleBasedAccessRule : accessRules
-  class GatewayConfigProperties{
-    Map<String, Service> services
-  }
-  class HeaderMappings{
-    boolean proxy
-    boolean username
-    boolean roles
-    boolean org
-    boolean orgname
-    boolean email
-    boolean firstname
-    boolean lastname
-    boolean tel
-    boolean jsonUser
-    boolean jsonOrganization
-  }
-  class RoleBasedAccessRule{
-    List~String~ interceptUrl
-    boolean anonymous
-    List~String~ allowedRoles
-  }
-  class Service{
-    URL target
-  }
-----
-
-=== Externalized Configuration
-
-[source,yaml]
-----
-georchestra:
-  gateway:
-    default-headers:
-      proxy: true
-      username: true
-      roles: true
-      org: true
-      orgname: true
-    global-access-rules:
-    - intercept-url: /**
-      anonymous: true
-    services:
-      analytics:
-        target: http://analytics:8080/analytics/
-        access-rules:
-        - intercept-url: /analytics/**
-          allowed-roles: SUPERUSER, ORGADMIN
-      atlas: 
-        target: http://atlas:8080/atlas/
-      console: 
-        target: http://console:8080/console/
-        access-rules:
-        - intercept-url:
-          - /console/public/**
-          - /console/manager/public/**
-          anonymous: true
-        - intercept-url:
-          - /console/private/**
-          - /console/manager/**
-          allowed-roles: SUPERUSER, ORGADMIN
-----
-