Custom User Disk Quotas

It is possible to assign different disk quotas or disk locations to different users or groups of users. The users can be identified by email address (a wildcard '*' is accepted) or by groupId, such as the Azure's groupId.



<UserSettings 
AnonymousLoginOnly="false" 
AllowAnonymousLogin="true" 
UsersDataDirectory="/var/data/WebCerberus/Users/" 
RequireRecaptcha="false" 
RecaptchaSecret="recapture secret here" 
QuotaMb="200" 
>
      <UserSettingsOverride 
            Users="*@badcompany.com"
            QuotaMb="20"
            UsersDataDirectory="/var/data/WebCerberus/LowQuotaUsers/"
/>
      <UserSettingsOverride 
            Users="user1@company.com,user2@company.com"
            QuotaMb="90000"
            UsersDataDirectory="/var/data/WebCerberus/VeryHighQuotaUsers/"
/>
</UserSettings>

If AllowAnonymousLogin is true, the users do not need to log in. Otherwise, some way of authentication, such as OpenId, or email needs to be provided.

<UserLoginOpenId Enabled="true" SuccessURL="http://localhost:8080/" SecureURL="http://localhost:1338/secure">
    <Provider name="microsoft" 
              ButtonLabel="Sign in with Microsoft" 
              MetadataUrl="https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration"
              ClientId="id-here" 
              ClientSecret="secrets-here" />
  </UserLoginOpenId>


Create Microsoft Azure web application for ­­Web Persephone login


To be able to use Microsoft's OpenId, you will need to register your web application with Azure. Go to https://portal.azure.com

Select “Azure Active Directory” (https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade)

Change tenant if needed and go to Manage->App Registration


Create the new Application


Enter the user-facing name of the Application.

Enter RedirectURI as type Web and value: {WebPersephoneUrl}/secure

Get MetadataUrl from EndPoint->OpenID Connect metadata document:

For the Multi-tenant, MetadataUrl should be something like:

https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration

and for the Single tenant, it is similar to:

https://login.microsoftonline.com/{tenantId}/v2.0/.well-known/openid-configuration


Get ClientId here:


Create ClientSecret here:


Copy ClientSecret immediately to the clipboard.

Add the new Provider and fill the fields MetadataUrl, ClientId, ClientSecret, in the config file like:

<UserLoginOpenId Enabled="true" SuccessURL="http://localhost:8080/" SecureURL="http://localhost:1338/secure">
    <Provider name="microsoft" 
              ButtonLabel="Sign in with Microsoft" 
              MetadataUrl="https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration"
              ClientId="id here" 
              ClientSecret="secret here" />
  </UserLoginOpenId>


Where name is just a unique name of the provider and, if it is ‘microsoft’, then the client will use the Microsoft icon on the login button.

ButtonLabel is the button caption on the client form.

SuccessURL is the root URL for WebPersephone

SecureURL is the link to the secure service of WebCerberus – the same as RedirectURI


Manage user’s quota per group

You can manage user’s quota per group (Microsoft Azure) or per user’s email address (see the first section above). For using groups, you need to change the value "groupMembershipClaims" from null to "All" in Manifest of the application on Azure:

Then, if you want to set quota of 4GB for all users in the group, just add the following record to the node UserSettings in the config file:

<UserSettingsOverride Groups="xxxxxxx-b08f-46f7-a0d4-xxxxxx" QuotaMb="4096" />

Where xxxxxxx-b08f-46f7-a0d4-xxxxxx is the group-id in Microsoft Azure (note: group name is not supported). One record can contain a few group-ids separated by comma.

<UserSettings 
AnonymousLoginOnly="false" 
AllowAnonymousLogin="true" 
UsersDataDirectory="/var/data/WebCerberus/Users/" 
RequireRecaptcha="false" 
RecaptchaSecret="recapture secret here" 
QuotaMb="200" 
>
      <UserSettingsOverride 
            Users="*@badcompany.com"
            QuotaMb="20"
            UsersDataDirectory="/var/data/WebCerberus/LowQuotaUsers/"
/>
      <UserSettingsOverride 
            Users="user1@company.com,user2@company.com"
            QuotaMb="90000"
            UsersDataDirectory="/var/data/WebCerberus/VeryHighQuotaUsers/"
/>
      <UserSettingsOverride Groups="xxxxxxx-b08f-46f7-a0d4-xxxxxx" 
            QuotaMb="4096" 
</UserSettings>


Please note, in case of an intersection, the lines below get priority and overwrite the values above.