User Management - Authentication & Authorization
Botium Box User Management
Users can be configured by authorized users in the User Management tab of the Botium Box.
You can create new users and either give them an initial password, or immediately send out an email for the users to choose their own password.
Password Policies
If users have to choose a password, the policies can be configured in the Password Policy view of the System Settings
Minimum length of the password
Wether digits, special characters and/or lower/upper case characters are required
Expiration days (user will be forced to choose a new password)
Role based security
Botium Box comes with preconfigured roles following best practices for test automation projects (every role has the permissions from the ones above included):
Role GUEST has read-only access to test results and test sets
Role TESTER has permissions to author and run test cases
Role TESTMANAGER has permissions to prepare testing infrastructure
Role ADMIN has all permissions, including user management
Users can be assigned multiple roles.
Environment variable: BOTIUMBOX_DISABLE_PERMISSIONS
Comma separated list of permissions which are disabled for everyone (except admin) - useful for working with the default preconfigured roles, but disable certain behaviour.
Authentication Strategies
Botium Box supports several authentication mechanisms. The mechanism is configured with environment variables to be handed over to the Botium Box Server (see Botium Box Configuration).
The user admin is always authenticated with the password configured in Botium Box.
Authentication Strategy local (default)
Users and passwords configured and managed in Botium Box
Environment variable: BOTIUMBOX_PASSPORT_STRATEGY
set to local
Authentication Strategy ldapauth (default)
Authentication against an LDAP directory (Active Directory)
Environment variable: BOTIUMBOX_PASSPORT_STRATEGY
set to ldapauth
Environment variable: BOTIUMBOX_PASSPORT_LDAP_SERVER
Configuration options for connecting to the LDAP Server (Server address, credentials, search parameters, …). Not only authentication is supported, but you can assign Botium Box roles based on groups the user belongs to. Here is a sample configuration:
Â
1
2
3
4
5
6
7
8
9
10
{
url: 'ldap://ldap.forumsys.com',
bindDN: 'cn=read-only-admin,dc=example,dc=com',
bindCredentials: 'password',
searchBase: 'dc=example,dc=com',
searchFilter: '(uid={{username}})',
groupSearchBase: 'dc=example,dc=com',
groupSearchFilter: '(uniqueMember={{dn}})',
groupSearchAttributes: ['dn', 'cn']
}
Botium Box uses the ldapauth-fork component for connecting the the LDAP server. See https://github.com/vesse/node-ldapauth-fork for all options.
The sample configuration from above would retrieve a user record from LDAP similar to this one:
Â
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
{
dn: 'uid=tesla,dc=example,dc=com',
objectClass: [ 'inetOrgPerson', 'organizationalPerson', 'person', 'top', 'posixAccount' ],
cn: 'Nikola Tesla',
sn: 'Tesla',
uid: 'tesla',
mail: 'tesla@ldap.forumsys.com',
_groups: [
{
dn: 'ou=scientists,dc=example,dc=com',
cn: 'Scientists'
},
{
dn: 'ou=italians,ou=scientists,dc=example,dc=com',
cn: 'Italians'
}
]
}
The configuration options are JSON formatted, so make sure that for handing it over as environment variable to not split it over several lines (environment variable could be splitted, making it invalid).
Environment variable: BOTIUMBOX_PASSPORT_LDAP_PROPERTY_USERNAME
Username property (usually "dn" or "uid", default "uid")
Environment variable: BOTIUMBOX_PASSPORT_LDAP_PROPERTY_EMAIL
Email property (usually "mail" or "email", default "mail")
Environment variable: BOTIUMBOX_PASSPORT_LDAP_PROPERTY_GROUPNAME
Group name property for LDAP groups (usually "cn" or "name", default "cn")
Environment variable: BOTIUMBOX_PASSPORT_LDAP_AUTOCREATE_USER
1 (auto create users not found in Botium Box) or 0 (default 0)
Environment variable: BOTIUMBOX_PASSPORT_LDAP_GROUP2ROLE
JSON Structure to map LDAP groups to Botium Box roles
1
2
3
4
{
"Mathematicians": "TESTMANAGER",
"Scientists": "TESTER"
}
Environment variable: BOTIUMBOX_PASSPORT_LDAP_USER2ROLE
JSON Structure to map individual LDAP user names to Botium Box roles
1
2
3
{
"gauss": "ADMIN"
}
Environment variable: BOTIUMBOX_PASSPORT_LDAP_AUTOCREATE_ROLE
Assign role to auto created user (default GUEST) if nothing has been mapped
Environment variable: BOTIUMBOX_PASSPORT_LDAP_AUTOCREATE_CLIENT
Assign client to auto created user (for multi tenency environments, see below)
Â
Authentication Strategy Google OAuth2 (optional)
Optional authentication against Google OAuth2 (known as Login with Google)
Environment variable: BOTIUMBOX_PASSPORT_OAUTH2_GOOGLE_ENABLE
Set to 1 to enable or 0 to disable (default 0)
Environment variable: BOTIUMBOX_PASSPORT_OAUTH2_GOOGLE_CLIENT_ID
Set the client ID of your app credentials
You need to create an app in Google Developer Console to get the client ID
Environment variable: BOTIUMBOX_PASSPORT_OAUTH2_GOOGLE_CLIENT_SECRET
set to the client secret of your app credentials
You need to create an app in Google Developer Console to get the client secret
Environment variable: BOTIUMBOX_PASSPORT_OAUTH2_GOOGLE_AUTOCREATE_USER
1 (auto create users not found in Botium Box) or 0 (default 0)
Environment variable: BOTIUMBOX_PASSPORT_OAUTH2_GOOGLE_AUTOCREATE_ROLE
Assign role to auto created user (default GUEST) if nothing has been mapped
Environment variable: BOTIUMBOX_PASSPORT_OAUTH2_GOOGLE_AUTOCREATE_CLIENT
Assign client to auto created user (for multi tenency environments, see below)
Environment variable: BOTIUMBOX_PASSPORT_OAUTH2_GOOGLE_AUTOCREATE_DOMAIN
Only emails with the set domain are allowed to be auto created