One of the TokenVerifiers we provide out-of-the-box is one that lets you authenticate against CELUM. Additionally, you can also decide which Anura endpoint a user should use based on group assignments in CELUM. Note however that the endpoint still uses its configured user - in other words this does not enable you to do user-level permissions or statistics. > > > > > As this simply uses the CELUM login screen, this works with LDAP, SAML and regular local accounts. However this also means that Anura has no control over the user provisioning process, and that the user could also just login to CELUM itself. More specifically, it relies on the standard redirectUrl=...-parameter of the login screen. ## Installation Grab the *[anura-login-token](https://mediahub.brix.ch/main/opennodeview.do?tab=transfertab&nodeId=6485)-{[version](/celum_extensions#naming-scheme)}.jar* and put it in `{home}/appserver/lib`. You may now use `anuraLoginTokenVerifier` in [anura.1.tokenVerifier](/anura/backend#anura-1-token-verifier) and this [snippet](/anura/frontend/snippets#authenticating-against-celum) in your front-end. ## Properties ##### anuraLoginToken.endPointToUserGroupMap > type: Map{String, List{Long}}, required: no, default: null This allows you to map endpoints to user groups. In other words you can dynamically decide which Anura endpoint an authenticating user should be using for this session. Specify the endpoints with the most rights first because if a user is in several groups, he will get the first end point that was found. Example: `foo:1,2,3;bar:4,5,6;baz:7,8,9` assigns the endpoint _foo_ to users that are in groups 1, 2 or 3, etc. v.1.2.1+: The order of the mappings is respected and the first matching mapping is taken. ##### anuraLoginToken.expiresAfterNoAccessForMinutes > type: int, required: no, default: 30 Number of minutes with no access until the token expires. ##### anuraLoginToken.forceExpirationMinutesAfterCreation > type: int, required: no, default: 300 Number of minutes after creation whereafter a token is forced to expire, regardless of access. ##### anuraLoginToken.validChars > type: String, required: no, default: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_- Characters used for the token generation, they have to be valid in an URL without encoding ##### anuraLoginToken.tokenLength > type: int, required: no, default: 32 The length (number of characters) of the token that will be generated ##### anuraLoginToken.sendAllEndpoints > type: boolean, required: no, default: false Send all end points and not just the first matching one (make sure to take the correct [snippet](https://docs.brix.ch/anura/frontend/snippets#authenticating-against-celum)). ## Compatibility Matrix | anuraLoginToken | anura | CELUM | :----- | :----- | 1.0 | at least 2.7 | at least 5.13.4 | 1.1 | at least 2.7 | at least 6.4, tested up to 6.4.2 | 1.2 | at least 2.7 | at least 6.4, tested up to 6.14 ## Release Notes ##### 1.0.0 > Released: 14.01.2019 Initial release ##### 1.1.0 > Released: 16.04.2020 Compatibility-Patch for CELUM 6.4 ##### 1.2.0 > Released 08.01.2020 Added [anuraLoginTokenStatisticsDownloader](/anura/backend#anura-1-download-handler) to track downloads made with these tokens on a per-user-basis, refactoring to keep track of said user IDs in the first place. ##### 1.2.1 > Released 08.12.2020 Respect order of the mappings ##### 1.2.2 > Released 16.03.2023 Added sendAllEndpoints property