Botium
/
Botium Platform
/
Botium Box Enterprise

User Management - Authentication & Authorization

Created by Florian Treml
Last updated Nov 24, 2020

Botium Box User Management

Users can be configured by authorized users in the User Management tab of the Botium Box.

You can create new users and either give them an initial password, or immediately send out an email for the users to choose their own password.

Password Policies

If users have to choose a password, the policies can be configured in the Password Policy view of the System Settings

  • Minimum length of the password

  • Wether digits, special characters and/or lower/upper case characters are required

  • Expiration days (user will be forced to choose a new password)

Role based security

Botium Box comes with preconfigured roles following best practices for test automation projects (every role has the permissions from the ones above included):

  • Role GUEST has read-only access to test results and test sets

  • Role TESTER has permissions to author and run test cases

  • Role TESTMANAGER has permissions to prepare testing infrastructure

  • Role ADMIN has all permissions, including user management

Users can be assigned multiple roles.

Environment variable: BOTIUMBOX_DISABLE_PERMISSIONS

Comma separated list of permissions which are disabled for everyone (except admin) - useful for working with the default preconfigured roles, but disable certain behaviour.

Authentication Strategies

Botium Box supports several authentication mechanisms. The mechanism is configured with environment variables to be handed over to the Botium Box Server (see Botium Box Configuration).

The user admin is always authenticated with the password configured in Botium Box.

Authentication Strategy local (default)

Users and passwords configured and managed in Botium Box

Environment variable: BOTIUMBOX_PASSPORT_STRATEGY

set to local

Authentication Strategy ldapauth (default)

Authentication against an LDAP directory (Active Directory)

Environment variable: BOTIUMBOX_PASSPORT_STRATEGY

set to ldapauth

Environment variable: BOTIUMBOX_PASSPORT_LDAP_SERVER

Configuration options for connecting to the LDAP Server (Server address, credentials, search parameters, …). Not only authentication is supported, but you can assign Botium Box roles based on groups the user belongs to. Here is a sample configuration:

 

1 2 3 4 5 6 7 8 9 10 { url: 'ldap://ldap.forumsys.com', bindDN: 'cn=read-only-admin,dc=example,dc=com', bindCredentials: 'password', searchBase: 'dc=example,dc=com', searchFilter: '(uid={{username}})', groupSearchBase: 'dc=example,dc=com', groupSearchFilter: '(uniqueMember={{dn}})', groupSearchAttributes: ['dn', 'cn'] }

Botium Box uses the ldapauth-fork component for connecting the the LDAP server. See https://github.com/vesse/node-ldapauth-fork for all options.

The sample configuration from above would retrieve a user record from LDAP similar to this one:

 

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 { dn: 'uid=tesla,dc=example,dc=com', objectClass: [ 'inetOrgPerson', 'organizationalPerson', 'person', 'top', 'posixAccount' ], cn: 'Nikola Tesla', sn: 'Tesla', uid: 'tesla', mail: 'tesla@ldap.forumsys.com', _groups: [ { dn: 'ou=scientists,dc=example,dc=com', cn: 'Scientists' }, { dn: 'ou=italians,ou=scientists,dc=example,dc=com', cn: 'Italians' } ] }

The configuration options are JSON formatted, so make sure that for handing it over as environment variable to not split it over several lines (environment variable could be splitted, making it invalid).

Environment variable: BOTIUMBOX_PASSPORT_LDAP_PROPERTY_USERNAME

Username property (usually "dn" or "uid", default "uid")

Environment variable: BOTIUMBOX_PASSPORT_LDAP_PROPERTY_EMAIL

Email property (usually "mail" or "email", default "mail")

Environment variable: BOTIUMBOX_PASSPORT_LDAP_PROPERTY_GROUPNAME

Group name property for LDAP groups (usually "cn" or "name", default "cn")

Environment variable: BOTIUMBOX_PASSPORT_LDAP_AUTOCREATE_USER

1 (auto create users not found in Botium Box) or 0 (default 0)

Environment variable: BOTIUMBOX_PASSPORT_LDAP_GROUP2ROLE

JSON Structure to map LDAP groups to Botium Box roles

1 2 3 4 { "Mathematicians": "TESTMANAGER", "Scientists": "TESTER" }

Environment variable: BOTIUMBOX_PASSPORT_LDAP_USER2ROLE

JSON Structure to map individual LDAP user names to Botium Box roles

1 2 3 { "gauss": "ADMIN" }

Environment variable: BOTIUMBOX_PASSPORT_LDAP_AUTOCREATE_ROLE

Assign role to auto created user (default GUEST) if nothing has been mapped

Environment variable: BOTIUMBOX_PASSPORT_LDAP_AUTOCREATE_CLIENT

Assign client to auto created user (for multi tenency environments, see below)

 

Authentication Strategy Google OAuth2 (optional)

Optional authentication against Google OAuth2 (known as Login with Google)

Environment variable: BOTIUMBOX_PASSPORT_OAUTH2_GOOGLE_ENABLE

Set to 1 to enable or 0 to disable (default 0)

Environment variable: BOTIUMBOX_PASSPORT_OAUTH2_GOOGLE_CLIENT_ID

Set the client ID of your app credentials

You need to create an app in Google Developer Console to get the client ID

Environment variable: BOTIUMBOX_PASSPORT_OAUTH2_GOOGLE_CLIENT_SECRET

set to the client secret of your app credentials

You need to create an app in Google Developer Console to get the client secret

Environment variable: BOTIUMBOX_PASSPORT_OAUTH2_GOOGLE_AUTOCREATE_USER

1 (auto create users not found in Botium Box) or 0 (default 0)

Environment variable: BOTIUMBOX_PASSPORT_OAUTH2_GOOGLE_AUTOCREATE_ROLE

Assign role to auto created user (default GUEST) if nothing has been mapped

Environment variable: BOTIUMBOX_PASSPORT_OAUTH2_GOOGLE_AUTOCREATE_CLIENT

Assign client to auto created user (for multi tenency environments, see below)

Environment variable: BOTIUMBOX_PASSPORT_OAUTH2_GOOGLE_AUTOCREATE_DOMAIN

Only emails with the set domain are allowed to be auto created