Lavoisier 2 - Security Frequently Asked Questions

Security Frequently Asked Questions

Starting Lavoisier as a secure service

How to start Lavoisier with SSL security ?

Using authenticators

What authenticator do I need ?
How to configure an authenticator to authenticate a user ?
What is the result of the authentication ?

Authenticating with OAuth2

What is this authenticator used for ?
Who are OAuth2 providers ?
Do I have to configure something in my web account ?
How to configure my Google account ?
How to configure my Facebook account ?
How to configure my Github account ?

Starting Lavoisier as a secure service

How to start Lavoisier with SSL security ?: Set the 3 SSL properties in "service/service.properties" to activate the HTTPS service. Lavoisier SSL service will start on the port specified by "lavoisier.https.port". When using authentication, it is recommended to start Lavoisier over SSL. Note that the X509Authenticator requires SSL.

Using authenticators

What authenticator do I need ?

Authenticators are described here.

How to configure an authenticator to authenticate a user ?

Each type of authenticator has different parameters. Details can be found here.

What is the result of the authentication ?

It is an identifier that you can get with the XPath "user()" function. It can be either:

The Basic HTTP username (BasicHTTPAuthenticator)
The certificate DN (X509Authenticator)
The result of the CAS authentication (CASAuthenticator)
The access token (OAuth2Authenticator)
The IP address of the user (IPAddressAuthenticator)

Authenticating with OAuth2

What is this authenticator used for ?

This adaptor allows Lavoisier to get information from any web account you have that supports the OAuth2 authentication scheme. When using OAuth2, Lavoisier will never use nor store any personal login information.

Who are OAuth2 providers ?

Google, Facebook, Windows Live, Github, FourSquare, LinkedIn...

Do I have to configure something in my web account ?

Yes. Basically, you have to register Lavoisier as an authorized application (this will give you a client_id and a client_secret). To register Lavoisier you have to provide a Redirect URI. It is the URL used by the OAuth2 site to redirect your browser once the authentication is done. The redirect URI is "http[s]://server[:port]/redirect". For example if Lavoisier is installed at "https://myServer.com:8443/lavoisier", the URI will be "https://myServer.com:8443/redirect". Some sites require more detailed configuration.

How to configure my Google account ?

Follow indications at https://developers.google.com/accounts/docs/OAuth2Login

How to configure my Facebook account ?

Follow these steps:

Go to https://developers.facebook.com/ (You may have to register yourself as a developer)
Menu Apps/Create a new App
Settings/Advanced/security/Client OAuth Login=YES
Settings/Advanced/security/Valid OAuth redirect URIs=the Lavoisier redirect URI (see here)

How to configure my Github account ?

Follow indications at https://developer.github.com/v3/oauth/