Advanced Configuration

Important

In the case of Docker container, every new version overwrites the old copy of the configuration file during update, so, instead of editing the file directly, save the changes to custom.config, placed in the same directory as the executable: /data/WebPersephone/custom.config. It will survive the software update.

Custom User Disk Quotas

It is possible to assign different disk quotas or disk locations to different users or groups of users. The users can be identified by email address (a wildcard '*' is accepted) or by groupId, such as the Azure's groupId. Let's take a look at user section in SelfHostingWebCerberus.exe.config located in the same folder as Persephone.

...
<UserSettings
AnonymousLoginOnly="false"
AllowAnonymousLogin="true"
UsersDataDirectory="/var/data/WebCerberus/Users/"
RequireRecaptcha="false"
RecaptchaSecret="recapture secret here"
QuotaMb="200"
>
      <UserSettingsOverride
            Users="*@badcompany.com"
            QuotaMb="20"
            UsersDataDirectory="/var/data/WebCerberus/LowQuotaUsers/"
/>
      <UserSettingsOverride
            Users="user1@company.com,user2@company.com"
            QuotaMb="90000"
            UsersDataDirectory="/var/data/WebCerberus/VeryHighQuotaUsers/"
/>
</UserSettings>

If AllowAnonymousLogin is true, the users do not need to log in. Otherwise, some way of authentication, such as OpenId, or email needs to be provided.

In the case of Docker container, save the changes in custom.config. For example, to change the default disk quota for all users to 10 GB, add this line to custom.config:

UserSettings.QuotaMb=10000

To change the quota for specific users, add a new section using the keyword _ADD like this:

UserSettings._ADD=<UserSettingsOverride Users="user1@mycompany.com,user2@mycompany.com" QuotaMb="10240" UsersDataDirectory="{PWD}/Users/"/>

More details and examples of using custom.config can be found here.

Assigning Admin Role to Users

The users with Admin role can run some privileged operations, such as listing the users who are currently online via a web interface or deleting user-created gene models in the track with Manual annotation.

Assigning the Admin role is done in the configuration file for Persephone, SelfHostingWebCerberus.exe.config. In the case of Docker container, the file is located at /data/WebPersephone/SelfHostingWebCerberus.exe.config. Let's see the section for user configuration:

In the case of Docker container, add this line to custom.config (using the right email address or email mask):

UserSettings._ADD=<UserSettingsOverride Users="*@mycompany.com" QuotaMb="10240" UsersDataDirectory="{PWD}/Users/" Admin="true"/>

After this change, all users that match the email will be assigned the Admin role.

Enable Manual Gene Annotation

A special node in the configuration file specifies settings for manual annotation:

Registered users can suggest their gene model edits. The existing genes cannot be modified, but instead, the users can create copies of the genes and save their modifications in a special track "Manual annotation".

StoreAnnotationAdminOnly: if true, only the Admin users can save the new gene models.

AdminCanDeleteAnyAnnotation: if true, the Admin users can delete gene models created by other users. Otherwise, only the user who created the model can delete it.

In the case of Docker container, save the custom changes to custom.config:

ManualAnnotation.Enable=false

Create Microsoft Azure Web Application for Web Persephone Login

To be able to use Microsoft's OpenId, you will need to register your web application with Azure. Go to https://portal.azure.com

Select “Azure Active Directory” (https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade)

Change tenant if needed and go to Manage->App Registration

Create the new Application

Enter the user-facing name of the Application.

Enter RedirectURI as type Web and value: {WebPersephoneUrl}/secure

Get MetadataUrl from EndPoint->OpenID Connect metadata document:

For the Multi-tenant, MetadataUrl should be something like:

https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration

and for the Single tenant, it is similar to:

https://login.microsoftonline.com/{tenantId}/v2.0/.well-known/openid-configuration

Get ClientId here:

Create ClientSecret here:

Copy ClientSecret immediately to the clipboard.

Add the new Provider and fill the fields MetadataUrl, ClientId, ClientSecret, in the config file like:

Where name is just a unique name of the provider and, if it is ‘microsoft’, then the client will use the Microsoft icon on the login button.

ButtonLabel is the button caption on the client form.

SuccessURL is the root URL for WebPersephone

SecureURL is the link to the secure service of WebCerberus – the same as RedirectURI

Manage user’s quota per group

You can manage user’s quota per group (Microsoft Azure) or per user’s email address (see the first section above). For using groups, you need to change the value "groupMembershipClaims" from null to "All" in Manifest of the application on Azure:

Then, if you want to set quota of 4GB for all users in the group, just add the following record to the node UserSettings in the config file:

Where xxxxxxx-b08f-46f7-a0d4-xxxxxx is the group-id in Microsoft Azure (note: group name is not supported). One record can contain a few group-ids separated by comma.

Please note, in case of an intersection, the lines below get priority and overwrite the values above.