Openauth configuration

The following configuration items set up authentication and permissioning information for Liberator’s openauth auth module.

Openauth is the simplest Auth Module possible; it allows any username to log on to Liberator with any password. It can also specify through configuration what level of access all users have to any object in the system.

You should only use openauth for Liberator installations where you’re sure that it’s safe for users to access the Liberator without being authenticated first; for example, in development environments.

For background information, see the Liberator Features and Concepts page about User authentication and permissioning.

The general auth module configuration also applies to openauth. In particular, you use an auth-module configuration item to specify that Liberator is to use the openauth module.

auth-module openauth

The openauth.conf configuration file

The configuration for openauth is kept in a separate Liberator configuration file called openauth.conf. If you’re not using the Caplin Deployment Framework, you should put the openauth configuration items you require into this file. When no configuration is set, the default permissions for all users are: read access to all objects, no write access to any objects, and no permission to create any objects.

The OpenPermissioning blade

If you deploy Liberator using the Deployment Framework, the OpenPermissioning Config blade is automatically activated. This blade sets the Liberator’s auth module to openauth and configures openauth to give every user read, write and create permission for all objects. The configuration’s defined in the file openauth.conf in <Framework-root>/global-config/overrides/servers/Liberator/etc/

(Note that <Framework-root> represents the file path of the Deployment Framework’s topmost directory for the Platform installation).

If you want to change the access permissions (typically to deny write access whilst retaining read access), edit the above file. Don’t edit the openauth.conf file in <Framework-root>/kits/Liberator\Liberator-<version>/etc/blades/OpenPermissioning/Liberator/etc/

read-access

read-access specifes every Liberator user’s read access to objects.

Syntax: read-access <access-flag>

Type: integer

Default value: 1 (Every user can read all objects.)

Values accepted:

  • 0 No user can read any objects.

  • 1 Every user can read all objects.

write-access

write-access specifies every Liberator user’s permission to write to, or create, any object.

Syntax: write-access <access-flag>

Type: integer

Default value: 0 (No user can write to, or create, any object.)

Values accepted:

  • 0 No user can write to, or create, any object.

  • 1 Every user can write to, or create, any object.


See also: