Avoiding Administrator virtual user account
Currently we do use this Administrator account for REST calls and the username/password is in configuration files for REST Calls. For security purpose we would like to avoid having password in config files. Is there any better ways for REST Calls to be authenticated ? We prefer using Administrator username for REST Calls but would like to avoid password being hard coded for rest calls. Let us know for suggestions.
Hi,
Nuxeo supports several authentication solutions. Choosing the right one depends on what you want to do.
Client side certificate
You can use client side certificate, use an Apache reverse proxy to do the certficate validation and use Nuxeo mod_sso plugin on the Nuxeo side to handle the login.
http://doc.nuxeo.com/display/ADMINDOC56/Authentication%2C+users+and+groups
Server 2 server authentication
You can use the portal_sso authentication plugin that allows to define a secret key between the 2 servers.
http://doc.nuxeo.com/display/ADMINDOC56/Authentication%2C+users+and+groups
NB : support is already included in the java AutomationClient
Use OAuth 1.0
Nuxeo can be an OAuth service provider, so if you client app can use OAUth this may be an option.
http://doc.nuxeo.com/display/ADMINDOC56/Using+OAuth
Tiry