storage.yaml - Hyland Nuxeo
This section explains how to set up the configuration in storage.yaml to connect from aqishare to Hyland Nuxeo. It includes detailed instructions for specifying the connection parameters and handling authentication to ensure a successful integration with the Nuxeo repository.
Parameter Overview
The table outlines the available parameters in storage.yaml for specifying a connection to Hyland Nuxeo.
Use the name parameter to introduce a new element in the context of YAML syntax. This can be useful for easier identification, as this name must be referenced in the SAP in the Tasks configuration files.
| Parameter | Mandatory | Type | Default | Description |
|---|---|---|---|---|
| name | Yes | string | The value must be unique and should not contain special characters; only alphanumeric characters (0-9, A-Z) and dashes are allowed. | |
| type | Yes | string | The type of the repository that should be connected. Since the connection routes to Nuxeo, the value must be nuxeo. | |
| baseUrl | Yes | string | The URL for logging into Nuxeo, including the port number. | |
| auth | Yes | Object | Specifies the authentication credentials. Refer to the Configure Authentication section below. | |
| apiUrl | No | string | api/v1 | The URL for the Nuxeo REST endpoint. |
| proxy | No | string | Specifies the URL to the proxy server. |
Configure Authentication
For authentication (see parameter auth in the table above), two methods are currently available: Basic Authentication, which uses a straightforward username and password mechanism, and Keycloak, a robust identity and access management solution that supports multiple authentication protocols.
Basic Authentication
To utilize basic authentication, set up the parameter as follows.
| Parameter | Mandatory | Type | Description |
|---|---|---|---|
| type | Yes | string | The authentication type to be used. Since the connection is the basic authentication in this case, the value must be basic. |
| user | Yes | string | The user that should be used to log in to Nuxeo. We recommend creating a separate Nuxeo user for the connection. |
| password | Yes | string | The password for the user above. To enhance security, the password can be encrypted. Refer to Password Encryption. |
auth:
type: basic
user: Administrator
password: F_fGf567_A4DMdV3JWTs6!A3_7Kg
Keycloak Authentication
Parameter to configure the use of Keycloak, the open-source identity and access management system, for authentication.
| Parameter | Mandatory | Type | Description |
|---|---|---|---|
| type | Yes | string | The authentication type to be used. Since the connection is the basic authentication in this case, the value must be keycloak. |
| authServer | Yes | string | URL to the keycloak server. |
| realm | Yes | string | Specify which Keycloak security domain your application should authenticate against. |
| username | Yes | string | The user that should be used to log in to Keycloak. |
| password | Yes | string | The pasword for the username above. |
| clientSecret | Yes | string | The client secret. |
| clientId | Yes | string | The client Id. |
| scope | No | string[] | The scope parameter in OAuth 2.0, defined as an array of strings (string[]), specifies the permissions or access rights that the client requests from the authorization server. It limits the access that the client will have to the user's resources on the server. |
| grantType | No | string | Specify the method by which aqishare obtains authorization and an access token from the Keycloak server. Default: password. |
auth:
type: keycloak
authServer: https://keycloak.myserver.com
realm: CompanyServices
username: keycloak_user1
password: A_990815f_1S8akco3JWTs6A99_cZG
clientSecret: ePq8Z5E6TG1lVbRpqMzHTA4D5Q2bZ6e4
clientId: 82ca0c64-d83e-4b45-ad00-3b2c800
scope:
- openid
grantType: password
Example Configurations
These sample configurations include the most relevant properties as explained above.
Using Basic Authentication
An example with the minimum required settings to connect from aqishare to Nuxeo using Basic Authentication.
- name: storage-nuxeo
type: nuxeo
baseUrl: http://nuxeo:8080/nuxeo
auth:
type: basic
user: Administrator
password: F_fGf567_A4DMdV3JWTs6!A3_7Kg
Utilize multiple Connections
An example involving two connections to different Nuxeo systems (development and staging), where the Nuxeo development system uses Basic Authentication, and the Nuxeo staging system is connected via Keycloak and utilizes the certificate cache.
- name: storage-nuxeo-dev
type: nuxeo
baseUrl: http://dev.nuxeo:8080/nuxeo
auth:
type: basic
user: Administrator
password: F_fGf567_A4DMdV3JWTs6!A3_7Kg
- name: storage-nuxeo-staging
type: nuxeo
baseUrl: http://staging.nuxeo:8080/nuxeo
type: keycloak
authServer: https://keycloak.myserver.com
realm: CompanyServices
username: keycloak_user1
password: A_990815f_1S8akco3JWTs6A99_cZG
clientSecret: ePq8Z5E6TG1lVbRpqMzHTA4D5Q2bZ6e4
clientId: 82ca0c64-d83e-4b45-ad00-3b2c800
grantType: password
certCache:
enabled: true
expiration: 1d