Sign in process
CORE uses federated login to authenticate users. After a user is successfully authenticated CORE checks the local user database to see if the user exists. It then loads all the user data (user role, presentations by this user, submissions by this user, etc.) and persists the user in a session. See diagram for a complete overview.
SimpleSAML can be configured in
What is the location of your SimpleSAML installation
The name of the authentication source
The unique identifier used to identify a user.
Federated attribute for first name
Federated attribute for last name
Federated attribute for organization name
Federated attribute for email address
Federated attribute for country
Log SimpleSAML attributes upon every login attempt. You have to be in development mode for this to work!
You can invite users from the user overview page. As soon as you invite a user to CORE, a green bar will appear in front of a user's name. This means that they have not yet successfully authenticated. When they successfully login for the first time the credentials you filled in will be overwritten by their respective federated attribute values.
For example, if you invite a user email@example.com and the user logs in with their google account, the email address field will become: firstname.lastname@example.org. However, in the
useraudit db table there will be a record of what credentials you used to invite the user. You can always access these values by clicking on the respective user row.
The time before an invitation expires can be configured in
core.userInviteTtl = '3 months'. The value must be of type 'Interval' as defined by PostgreSQL.
The following user roles are defined:
- Guest (not authenticated)
- User (logged in user, this role is defined automatically. Inherits from guest)
- Submitter (inherits from user)
- Presenter (inherits from user)
- Reviewer (inherits from user)
- Chair (inherits from user)
Access Control list
For an overview of what each user is allowed to do please check out