User groups

Local authorization or authorization by an OAuth2 provider is required to use the web services. As part of the authorization, a user is authenticated. In the case of local authorization, this is done via a configured user source. When using an OAuth2 provider, this is done through the user configuration of the provider.

When authenticating the user, the user must be assigned to one or more groups in order to use corresponding functions at webPDF.

In webPDF there are currently the groups

• admin and
• user.

A user in the admin group has unrestricted access to the server and can configure the server via the Admin Portal or use the web services under

/administration/... 🔗

A user in the user group can use the portal and/or web services, but cannot change any settings.

Assignment of the user to a group must be part of the authorization. In case of local authorization with the local XML user source this is done automatically. In the user administration for the XML database, the assignment of a user to a group is made.

If a user source "LDAP/Active Directory" or "AzureAD" is configured, then the group mapping must be done via the respective configuration.

<user roleAdminGroup="webPDFAdmin" roleUserGroup="webPDFUser">

By defining the names roleAdminGroup and roleUserGroup, the user groups of LDAP, Active Directory or AzureAD must be specified, of which the user must be a member in order to be classified as admin or user.

If authorization takes place via an OAuth2 provider, this assignment must be made via the roles claim of the access token issued by the OAuth2 provider. On the side of the OAuth2 provider, it must be ensured that the corresponding group assignment of the logged-in user is stored in the access token. The corresponding mapping between the claim in the access token (definition of the claim name) and the admin and user groups can then be carried out via the configuration of the OAuth2 provider in the webPDF server.