Introduce realms in documentation

This commit is contained in:
Nico Schottelius 2018-11-17 09:51:06 +01:00
parent a58886979f
commit 9f7e76f066
1 changed files with 19 additions and 1 deletions

View File

@ -34,7 +34,25 @@ The usual instructions on how to setup an https proxy should be followed.
Access is granting/denied based on realms. There are two reserved Access is granting/denied based on realms. There are two reserved
realms, all other realms can be used by the users: realms, all other realms can be used by the users:
* ungleich-admin: realm?? ### Reserved realms
Conceptually the realms "ungleich-admin" and "ungleich-auth" are
reserved for higher priviliged applications.
Usually there is only 1 entry in ungleich-admin that is used to
bootstrap and manage ungleich-otp.
All micro services that are trusted to authenticate another micro
service should have an entry in the ungleich-auth realm, which allows
them to verify a token of somebody else.
| Name | Capabilities |
|------------------+--------------------------------------------|
| ungleich-admin | authenticate, create, delete, list, update |
| ungleich-auth | authenticate |
| all other realms | NO ACCESS |
## Status ## ## Status ##