Introduction
Horde ships with authentication disabled by default to make it easier to demonstrate and experiment with. Most production deployments will probably want users to log in, and restrict the actions they can perform based on their role.
To do this, Horde supports OAuth2 and OIDC, which is supported by most third party identity providers - including Okta, AWS, Azure, and Google. Configuring an external identity provider is out of scope for this documentation, though the relevant configuration points are touched on in the Deployment > Server page.
If you don't have an existing OIDC-compatible identity provider, Horde includes its own - which this guide covers.
Prerequisites
- Horde Server installation (see the Horde Installation Tutorial).
- A valid certificate, and HTTPS support enabled on your server.
Steps
- In your server.json file set the
AuthModeproperty toHorde, and restart the server. - The first time you launch the server, you'll be prompted to enter an administrator password.
- After logging in, there will be an
Accountsmenu item in theServermenu. From here, you can manage the users allowed to log in to the server, and the claims that they have. Horde's account system uses thehttp://epicgames.com/ue/horde/groupclaim for groups that a user belongs to, and the dashboard will suggest and autocomplete any groups found in the deployment's configuration files.
There are two standard groups defined in the server's default.globals.json file, which is included from the standard globals.json file by default: View and Run.
"acl": {
"entries": [
{
"claim": {
"type": "http://epicgames.com/ue/horde/group",
"value": "View"
},
"profiles": [
"default-read"
]
},
{
"claim": {
"type": "http://epicgames.com/ue/horde/group",
"value": "Run"
},
"profiles": [
"default-run"
]
}
]
}
The default-read and default-run profiles are defined in code (AclConfig.cs). You can define your own profiles within the profiles element of each AclConfig object.