CELUM Token Verifier

One of the TokenVerifiers we provide out-of-the-box is one that lets you authenticate against CELUM. Additionally, you can also decide which Anura endpoint a user should use based on group assignments in CELUM. Note however that the endpoint still uses its configured user - in other words this does not enable you to do user-level permissions or statistics.

As this simply uses the CELUM login screen, this works with LDAP, SAML and regular local accounts. However this also means that Anura has no control over the user provisioning process, and that the user could also just login to CELUM itself. More specifically, it relies on the standard redirectUrl=...-parameter of the login screen.

Installation

Grab the anura-login-token-{version}.jar and put it in {home}/appserver/lib. You may now use anuraLoginTokenVerifier in anura.1.tokenVerifier and this snippet in your front-end.

Properties

anuraLoginToken.endPointToUserGroupMap

type: Map{String, List{Long}}, required: no, default: null

This allows you to map endpoints to user groups. In other words you can dynamically decide which Anura endpoint an authenticating user should be using for this session. Specify the endpoints with the most rights first because if a user is in several groups, he will get the first end point that was found.

Example: foo:1,2,3;bar:4,5,6;baz:7,8,9 assigns the endpoint foo to users that are in groups 1, 2 or 3, etc.

v.1.2.1+: The order of the mappings is respected and the first matching mapping is taken.

anuraLoginToken.expiresAfterNoAccessForMinutes

type: int, required: no, default: 30

Number of minutes with no access until the token expires.

anuraLoginToken.forceExpirationMinutesAfterCreation

type: int, required: no, default: 300

Number of minutes after creation whereafter a token is forced to expire, regardless of access.

anuraLoginToken.validChars

type: String, required: no, default: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-

Characters used for the token generation, they have to be valid in an URL without encoding

anuraLoginToken.tokenLength

type: int, required: no, default: 32

The length (number of characters) of the token that will be generated

anuraLoginToken.sendAllEndpoints

type: boolean, required: no, default: false

Send all end points and not just the first matching one (make sure to take the correct snippet).

Compatibility Matrix

anuraLoginToken anura CELUM
1.0 at least 2.7 at least 5.13.4
1.1 at least 2.7 at least 6.4, tested up to 6.4.2
1.2 at least 2.7 at least 6.4, tested up to 6.14

Release Notes

1.0.0

Released: 14.01.2019

Initial release

1.1.0

Released: 16.04.2020

Compatibility-Patch for CELUM 6.4

1.2.0

Released 08.01.2020

Added anuraLoginTokenStatisticsDownloader to track downloads made with these tokens on a per-user-basis, refactoring to keep track of said user IDs in the first place.

1.2.1

Released 08.12.2020

Respect order of the mappings

1.2.2

Released 16.03.2023

Added sendAllEndpoints property