Advanced Configuration
Custom User Disk Quotas
It is possible to assign different disk quotas or disk locations to different users or groups of users. The users can be identified by email address (a wildcard '*' is accepted) or by groupId, such as the Azure's groupId.
<UserSettings
AnonymousLoginOnly="false"
AllowAnonymousLogin="true"
UsersDataDirectory="/var/data/WebCerberus/Users/"
RequireRecaptcha="false"
RecaptchaSecret="recapture secret here"
QuotaMb="200"
>
<UserSettingsOverride
Users="*@badcompany.com"
QuotaMb="20"
UsersDataDirectory="/var/data/WebCerberus/LowQuotaUsers/"
/>
<UserSettingsOverride
Users="user1@company.com,user2@company.com"
QuotaMb="90000"
UsersDataDirectory="/var/data/WebCerberus/VeryHighQuotaUsers/"
/>
</UserSettings>
If AllowAnonymousLogin is true, the users do not need to log in. Otherwise, some way of authentication, such as OpenId, or email needs to be provided.
<UserLoginOpenId Enabled="true" SuccessURL="http://localhost:8080/" SecureURL="http://localhost:1338/secure">
<Provider name="microsoft"
ButtonLabel="Sign in with Microsoft"
MetadataUrl="https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration"
ClientId="id-here"
ClientSecret="secrets-here" />
</UserLoginOpenId>
Create Microsoft Azure web application for Web Persephone login
To be able to use Microsoft's OpenId, you will need to register your web application with Azure. Go to https://portal.azure.com
Select “Azure Active Directory” (https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade)
Change tenant if needed and go to Manage->App Registration
Create the new Application
Enter the user-facing name of the Application.
Enter RedirectURI as type Web and value: {WebPersephoneUrl}/secure
Get MetadataUrl from EndPoint->OpenID Connect metadata document:
For the Multi-tenant, MetadataUrl should be something like:
https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration
and for the Single tenant, it is similar to:
https://login.microsoftonline.com/{tenantId}/v2.0/.well-known/openid-configuration
Get ClientId here:
Create ClientSecret here:
Copy ClientSecret immediately to the clipboard.
Add the new Provider and fill the fields MetadataUrl, ClientId, ClientSecret, in the config file like:
<UserLoginOpenId Enabled="true" SuccessURL="http://localhost:8080/" SecureURL="http://localhost:1338/secure">
<Provider name="microsoft"
ButtonLabel="Sign in with Microsoft"
MetadataUrl="https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration"
ClientId="id here"
ClientSecret="secret here" />
</UserLoginOpenId>
Where name is just a unique name of the provider and, if it is ‘microsoft’, then the client will use the Microsoft icon on the login button.
ButtonLabel is the button caption on the client form.
SuccessURL is the root URL for WebPersephone
SecureURL is the link to the secure service of WebCerberus – the same as RedirectURI
Manage user’s quota per group
You can manage user’s quota per group (Microsoft Azure) or per user’s email address (see the first section above). For using groups, you need to change the value "groupMembershipClaims" from null to "All" in Manifest of the application on Azure:
Then, if you want to set quota of 4GB for all users in the group, just add the following record to the node UserSettings in the config file:
<UserSettingsOverride Groups="xxxxxxx-b08f-46f7-a0d4-xxxxxx" QuotaMb="4096" />
Where xxxxxxx-b08f-46f7-a0d4-xxxxxx is the group-id in Microsoft Azure (note: group name is not supported). One record can contain a few group-ids separated by comma.
<UserSettings
AnonymousLoginOnly="false"
AllowAnonymousLogin="true"
UsersDataDirectory="/var/data/WebCerberus/Users/"
RequireRecaptcha="false"
RecaptchaSecret="recapture secret here"
QuotaMb="200"
>
<UserSettingsOverride
Users="*@badcompany.com"
QuotaMb="20"
UsersDataDirectory="/var/data/WebCerberus/LowQuotaUsers/"
/>
<UserSettingsOverride
Users="user1@company.com,user2@company.com"
QuotaMb="90000"
UsersDataDirectory="/var/data/WebCerberus/VeryHighQuotaUsers/"
/>
<UserSettingsOverride Groups="xxxxxxx-b08f-46f7-a0d4-xxxxxx"
QuotaMb="4096"
</UserSettings>
Please note, in case of an intersection, the lines below get priority and overwrite the values above.