UAC Directives
The following directives configure User Access Control (UAC).
uac_user_limit
Description | Maximum number of users |
Syntax | uac_user_limit max |
Context | global |
Default | 0 |
The maximum number of users that can access RealityServer at a time. If set to 0 (or not given) then unlimited users may access.
uac_session_timeout
Description | UAC session timeout |
Syntax | uac_session_timeout seconds |
Context | global |
Default | 600 |
To prevent denial of service UAC sessions will expire after a period of time. If a session is not accessed in uac_session_timeout seconds then it is deleted and the session slot made available to other potential users.
uac_auto_session
Description | UAC automatic session allocation |
Syntax | uac_auto_session on|off |
Context | global |
Default | on |
By default RealityServer automatically allocates a session to a user if they access a UAC controlled url without a session cookie set. This behaviour can be disabled by setting uac_auto_session to off. In this case, users have to explicitly request a session id via the /uac/create/ url to obtain a session before accessing UAC controlled urls.
uac_session_cookie
Description | UAC session cookie name |
Syntax | uac_session_cookie cookie_name |
Context | global |
Default | rs-uac-sid |
UAC is implemented via session cookies. When a user is granted access a session cookie is set containing the generated session id. The name of the cookie set can be controlled via the uac_session_cookie directive.
uac_session_cookie_domain
Description | UAC session cookie domain |
Syntax | uac_session_cookie_domain domain |
Context | global |
Default | None |
By default UAC session cookies do not set a 'Domain' attribute. This makes the cookies only applicable to the exact domain that the request was made from. By using the uac_session_cookie_domain directive the 'Domain' attribute of the cookie is set to the provided domain
uac_management_base_url
Description | UAC session management url |
Syntax | uac_management_base_url url |
Context | global |
Default | /uac/ |
RealityServer provides UAC management via the uac_management_base_url url. Users can create and destroy sessions as well as associate scopes with a session by accessing commands on the url. The url used for this can be changed by setting this directive.