Page tree

CategoryAuthentication

Purpose

  1. Allows users wich are coming from configured ip address automatically to be authenticated

Bootstrap Class

editor_Plugins_IpAuthentication_Init

TypePlug-in

Description

For certain roles where it makes sense it should be possible to authenticate at translate5 only by the fact, that the user comes from a certain IP address. Currently this makes sense for the roles termSearch and InstantTranslate (the user must have no other roles).

Configuration of the IpAuthentication- Plug-In

Config name

Values

Default

Description

runtimeOptions.authentication.ipbased.IpCustomerMap
map{} → empty map!

Map of IP addresses for IP based authentication. The IP based authentication will not work / not be triggered if this field is empty.

IP addresses are mapped to customer numbers map.

Example where the users coming from 192.168.2.143 are assigned to customer with number 1000 :{"192.168.2.143" : "1000"} .

Important: 1000 is the customer number, definable by the user, not the database based customer ID!

runtimeOptions.authentication.ipbased.useLocalProxy
list

[ ] → empty string

In docker setups this config must contain the hostname(s) / addresses of the proxy serving the requests. Without that configuration translate5 can not evaluate the remote IP address of the client.

By default the configuration is empty, for legacy installations.

In default docker setups based on our docker compose files the config should look like: ["proxy"]

runtimeOptions.authentication.ipbased.userRoleslist["instantTranslate","termCustomerSearch"]User roles added to users created via IP based authenticated users. 

When using a proxy (which is the default when using our docker compose setup) validate if the proxy is passing the remote IP addresses properly.

Common problems in nginx setups are:

set_real_ip_from entries are not set properly
useLocalProxy config is not set properly






  • No labels