User Management via API
The user management system in VidiCore consists of users, groups, and roles.
Roles are special groups, which cannot be added or deleted via the API.
Regular groups and users can be added or deleted via the API.
Users can belong to any number of groups or roles.
Groups can depend on any number of groups or roles, although cyclic dependencies are not allowed.
Roles cannot depend on any group or role.
To manage users, see the following API reference: Users — Vidispine REST API documentation
For groups and roles, see: Groups and roles — Vidispine REST API documentation
User authentication
Authentication of users in VidiCore can be performed in a number of ways depending on the requirements of the calling application.
By passing the user credentials to VidiCore on each request and letting VidiCore authenticate the user based on the credentials stored in the VidiCore database.
The default HTTP authentication method is HTTP basic authentication. To use a custom HTTP authentication method, have a look at Apache Shiro Integration.
Using Run-As: The application can itself authenticate the user and then connect to VidiCore using a service account with the Run-As privilege and with the Run-As option enabled, so that the request is then performed as the already authenticated user.
Creating a time-limited token using the API with one of the options above, see Retrieve an authentication token. This token can then be used in subsequent calls as credential by specifying the HTTP header:
CODEAuthorization: token {token}
Using long-lived access keys. Access keys are used with HTTP basic authentication, just like with normal username and password credentials.
LDAP
VidiCore can authenticate users against an LDAP server and automatically synchronize users and groups from a directory at regular intervals if required.
User authentication
For users to be authenticated by an LDAP server, the server must first be configured in VidiCore.
An LDAP resource must be created, containing the connection details. There can currently only be one configured LDAP resource.
LDAP authentication must be enabled using the
ldapAuthentication
configuration property.
Users that are successfully authenticated will be added to VidiCore and will have the _user
role by default.
For more details on user management in VidiCore see:
Users, Groups, and Access control — Vidispine REST API documentation