# SparkView Authentication

## Overview

SparkView provides secure and fully customizable authentication mechanisms to protect your application and user data.

## Create a Radius authentication server (servers.json)
```json
{
    "id": "radius",
    "displayName": "radius",
    "server": "192.168.68.112",
    "protocols": "radius",
    "radius": {
        "sharedSecret": "xxx"
    },
    "disabled": true,
    "args": [
        {
        "name": "password",
        "value": "${token}"
        }
    ]

}
```
The "radius" object can have following properties:
"sharedSecret": Default shared secret.
"authPort": Authentication Port, default is 1812.
"accPort": Accounting Port, default is 1813.
"authProtocol": Authentication protocols, default is "pap".
"requreOTP": One-Time password is required.
"timeout": request timeout, default is 6000 (ms).
"retryCount": maximum retry times, default is 3.

You can set up arguments for authentication servers. in some cased, the password or user name can be something else. You must use the predefined names: "user",  "password", or "token".

## Create a Active Directory server
{
    "id": "ad",
    "displayName": "Active Directory",
    "server": "192.168.68.113",
    "shadowing": false,
    "protocols": "http",
    "activeDirectory": {
        "domain": "domain.com"
    },
    "cached": false,
    "disabled": true
}

The "activeDirectory" object can have following properties:
"domain": default domain name.
"groups": AD groups, multi group names are separated by ",".
"serversAttribute": The attribute name which defines the servers. It's usually "otherLoginWorkstations".
"secProtocols": "ssl" or "tls"
"connectTimeout": default is 10000 (ms)
"readTimeout": default is 10000 (ms)

## Create a LDAP server
{
    "id": "ldap",
    "displayName": "LDAP",
    "server": "192.168.68.113",
    "shadowing": false,
    "protocols": "ldap",
    "ldap": {
        "domain": "domain.com"
    },
    "cached": false,
    "disabled": true
}
The "ldap" object has the same properties with "activeDirectory".

## Set up which authentication servers for user (users.json)

```json
{
  "authServers": ["radius", "ad"],
  "users": [
  ]
}
```
You can have more than one authentication servers, which means user need to authenticate again all those servers without failure.