You can manage and authenticate users with the built-in file internal realm. All the data about the users for the file realm is stored in the users file. The file is located in SO_PATH_CONF and are read on startup.

You need to explicitly select the file realm in the snowowl.yml configuration file in order to use it for authentication.

identity:
  providers:
    - file:
        name: users

In the above configuration the file realm is using the users file to read your users from. Each row in the file represents a username and password delimited by : character. The passwords are BCrypt encrypted hashes. The default users file comes with a default snowowl user with the default snowowl password.

You can configure security to communicate with a Lightweight Directory Access Protocol (LDAP) server to authenticate users. To integrate with LDAP, you configure an ldap realm in the snowowl.yml configuration file.

identity:
  providers:
    - ldap:
        uri: <ldap_uri>
        baseDn: dc=snowowl,dc=b2international,dc=com
        rootDn: cn=admin,dc=snowowl,dc=b2international,dc=com
        rootDnPassword: <adminpwd>
        userIdProperty: uid
        usePool: false

At a minimum, you must set the realm type to ldap, specify the url of the LDAP server and set the rootDnPassword in the snowowl.yml configuration file. Your users should be available under the specified baseDn entry, and also there should be an cn=admin entry to allow access for Snow Owl to read user data. By default Snow Owl expects that the username of a user is present in the uid property. You can change this in the userIdProperty setting.

Snow Owl security features enables you to easily secure your terminology server. You can password-protect your data as well as implement more advanced security measures such as role-based access control and auditing.

You can choose the following security realms/identity providers to authenticate your users:

• Configure a file realm

• Configure an LDAP realm