Merge pull request #1 from obiba/dev

agate 1.5 documentation
obiba · Aug 13, 2019 · 46efa2c · 46efa2c
2 parents e029cb6 + 32be70f
commit 46efa2c
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 1 deletion.
diff --git a/index.rst b/index.rst
@@ -35,6 +35,7 @@ Agate is the `OBiBa <http://obiba.org/>`_'s central authentication server which
    web-user-guide/groups
    web-user-guide/applications
    web-user-guide/tickets
+   web-user-guide/realms
    web-user-guide/administration
 
 .. toctree::

diff --git a/introduction.rst b/introduction.rst
@@ -37,6 +37,8 @@ Application
 
 An application has a name and a key. Each time an external application wants to use the services of Agate, it must provide in the request its name and key. This allows Agate to check the validity of the actions to be performed and the information to be returned.
 
+Its redirect URI is used when authenticating through the :doc:`oauth2-api/openid-connect-flow` to validate the source application.
+
 Authentication Flow
 -------------------
 

diff --git a/oauth2-api/openid-connect-flow.rst b/oauth2-api/openid-connect-flow.rst
@@ -3,7 +3,7 @@ OpenID Connect Flow
 
 Summary
 -------
-OpenID connect is an extension on top of OAuth2, so the authorization and token enpoints are the same as described in :doc:`index`. Currently the `OpenID Connect <http://openid.net/specs/openid-connect-core-1_0.html>`_ implementation in Agate only supports the authorization code flow.
+OpenID connect is an extension on top of OAuth2, so the authorization and token endpoints are the same as described in :doc:`index`. Currently the `OpenID Connect <http://openid.net/specs/openid-connect-core-1_0.html>`_ implementation in Agate only supports the authorization code flow.
 
 Step 1. Authorization
 ---------------------

diff --git a/web-user-guide/realms.rst b/web-user-guide/realms.rst
@@ -0,0 +1,42 @@
+Realms Management
+=================
+
+A Realm is a data access object that provides authentication capabilities for Agate users using the underlying datasource's specific API to discover authorization data.
+
+Realm Types
+-----------
+
+LDAP Realm
+~~~~~~~~~~
+
+A realm that authenticates users by using Lightweight Directory Access Protocol to query a Directory Access Agent.
+This realm uses a user's Distinguished Name (DN) template to build queries.
+
+Active Directory Realm
+~~~~~~~~~~~~~~~~~~~~~~
+
+A realm tailored to a Microsoft Active Directory environment.
+This realm queries by using a combination of a search filter and search base.
+
+SQL Database Realm
+~~~~~~~~~~~~~~~~~~
+
+``mysql``, ``mariadb`` and ``postgresql`` are supported.
+This realm queries the user's password with the salt style used by the database.
+
+Salt styles include:
+
+- ``NO_SALT``: used when the password is in plain text.
+- ``CRYPT``: uses the database's underlying cryptographic method to decrypt the password.
+- ``COLUMN``: the salt column must be the second column included in the query.
+- ``EXTERNAL``: uses the specified algorithm to decrypt the password.
+
+
+Open ID Connect Realm
+~~~~~~~~~~~~~~~~~~~~~
+
+A realm that uses the OpenID Connect (`OIDC <https://auth0.com/docs/protocols/oidc>`_) protocol to authenticate users.
+:doc:`../oauth2-api/openid-connect-flow` explains the typical authentication flow when using this type of realm.
+
+.. note::
+  For agate to authenticate for an :ref:`domain-application`, its redirect URI must be set.