IRIS Initial setup: Unterschied zwischen den Versionen
Ddang (Diskussion | Beiträge) |
Ddang (Diskussion | Beiträge) |
||
(9 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
Zeile 5: | Zeile 5: | ||
This configuration is necessary for further functionality of IRIS. | This configuration is necessary for further functionality of IRIS. | ||
− | == Web-Interface | + | == Open Web-Interface == |
− | + | The configuration can be accessed over the Web-Interface after the first launch of IRIS. | |
− | + | For that, you need to log in to IRIS with an admin-account. | |
− | + | On the left, you will find a menu option called "System Settings". | |
− | |||
− | + | Note for the admin-account: | |
− | + | At the first launch, a user "root@localhost" will automatically be generated for you. | |
+ | |||
+ | You can find the password in the log, which looks like following: | ||
2023-02-08 17:22:38.926 -08 WARN [main] (init.ServiceInitializer:166) - A new user has been created.: | 2023-02-08 17:22:38.926 -08 WARN [main] (init.ServiceInitializer:166) - A new user has been created.: | ||
Username: root@localhost | Username: root@localhost | ||
Zeile 24: | Zeile 25: | ||
− | |||
− | + | We strongly recommend to change the password immediately, here you can go to user on the top right after the login, and then click "Change Password". | |
+ | |||
+ | A password must contain at least 12 characters and fulfill at least 3 of the following conditions: | ||
− | * | + | * contains uppercase letters A-Z |
− | * | + | * contains lowercase letters a-z |
− | * | + | * contains numbers 0-9 |
− | * | + | * contains special characters !%$§~ä#... |
== Konfiguration == | == Konfiguration == | ||
Zeile 38: | Zeile 40: | ||
==== Base URL ==== | ==== Base URL ==== | ||
− | + | The URL that leads to IRIS. It is equivalent to the (Sub-)Domain without path specification and without trailing slash, e.g. <nowiki>https://iris.firmenname.de</nowiki> | |
=== SMTP Settings === | === SMTP Settings === | ||
==== SMTP host ==== | ==== SMTP host ==== | ||
− | + | The server name of your SMTP server, e.g. smtp.office356.com for Microsoft 356 | |
==== SMTP port ==== | ==== SMTP port ==== | ||
− | + | The port uesd by your SMTP server, e.g. 587 for Microsoft 356 | |
==== TLS ==== | ==== TLS ==== | ||
− | + | Place the checkmark only if the connection with the SMTP server should be encoded via TLS. | |
==== SMTP sender e-mail address ==== | ==== SMTP sender e-mail address ==== | ||
− | + | The sender e-mail address which IRIS should use for sending mails. | |
==== SMTP username ==== | ==== SMTP username ==== | ||
− | + | The username used to login to the SMTP server. Sometimes identical with the sender e-mail. | |
==== SMTP authentication type ==== | ==== SMTP authentication type ==== | ||
− | IRIS | + | IRIS supports the login via Password or OAuth2 as well. |
− | + | The Password authentication is easier to setup, but you have to make sure that the password does not expire. | |
− | + | Choose between Password and OAuth2. | |
− | + | The OAuth2 authentication is explained further down. | |
==== SMTP password ==== | ==== SMTP password ==== | ||
− | ( | + | (Only for Password authentication) |
− | + | The Password which IRIS should use to login to the SMTP server. | |
==== Test E-Mail ==== | ==== Test E-Mail ==== | ||
− | + | If you have set up all settings, you can send a test e-mail with this button. | |
− | + | Please keep in mind that, at that time, no settings were saved. | |
− | + | The tests are running with the current listed (and unsaved) settings in the browser. | |
− | === SMTP | + | === SMTP with OAuth2 === |
− | + | If you have chosen the Password as the SMTP authentication, you can skip this chapter. | |
− | + | To use OAuth2 as the SMTP authentication, choose OAuth2 as the SMTP authentication type. | |
− | + | Please enter the remaining settings under System configuration except for the token and save these settings. | |
− | + | After that, go to the menu option "OAuth2 Clients" in IRIS. | |
==== OAuth2 clients ==== | ==== OAuth2 clients ==== | ||
− | + | By default, there are no OAuth2 Clients setup yet. | |
− | + | After you have saved a base URL in the system configuration, you will receive a Redirect URI in this menu, which you can use for the registration of the OAuth2 client at your email provider (at Microsoft 365 you have to make an app-registration under portal.azure.com, where you have to enter this Redirect URI). | |
− | + | Click on the button "New app" to create a new OAuth2 client. | |
==== Name ==== | ==== Name ==== | ||
− | + | The name you enter here only serves as a reference for you. | |
==== Client ID ==== | ==== Client ID ==== | ||
− | + | You receive the Client ID after the registration of the OAuth2 client at your email provider. | |
==== Client Secret ==== | ==== Client Secret ==== | ||
− | + | You receive the Client Secret after the registration of the OAuth2 client at your email provider. | |
==== Authorization URL ==== | ==== Authorization URL ==== | ||
− | + | This is the URL which IRIS should open at the first authorization via browser. | |
− | + | For an app applied under Azure which is only accessible from your organization, use this URL: | |
<nowiki>https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize</nowiki> | <nowiki>https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize</nowiki> | ||
==== Token URL ==== | ==== Token URL ==== | ||
− | + | This is the URL which IRIS should call to request a token. | |
− | + | For an app applied under Azure which is only accessible from your organization, use this URL: | |
<nowiki>https://login.microsoftonline.com/organizations/oauth2/v2.0/token</nowiki> | <nowiki>https://login.microsoftonline.com/organizations/oauth2/v2.0/token</nowiki> | ||
==== Refresh Token URL ==== | ==== Refresh Token URL ==== | ||
− | + | This is the URL which IRIS should call to request a refresh token. | |
− | + | For an app applied under Azure which is only accessible from your organization, use this URL: | |
<nowiki>https://login.microsoftonline.com/organizations/oauth2/v2.0/token</nowiki> | <nowiki>https://login.microsoftonline.com/organizations/oauth2/v2.0/token</nowiki> | ||
==== Scope ==== | ==== Scope ==== | ||
− | + | The scope which IRIS should request for a token request. | |
− | + | For an app applied under Azure, use this scope | |
offline_access <nowiki>https://outlook.office.com/SMTP.Send</nowiki> | offline_access <nowiki>https://outlook.office.com/SMTP.Send</nowiki> | ||
− | ==== | + | ==== Authorize created application ==== |
− | + | As soon as you created the client, please click the button "Authorize" in the newly created client. | |
− | + | A browser window opens afterwards, where you can login to the site of the email provider (e.g. Microsoft) and confirm the access of your application. | |
− | + | Note: Please be aware on which account you perform the authorization on the site of the email provider. | |
− | + | If you want to use another account for emails rather than your own (on the site of the email provider), you have to log off the site of the provider first or open the authorization with a private browser window. |
Aktuelle Version vom 10. Mai 2023, 15:03 Uhr
At the initial setup for IRIS, you determine the base url and configure a SMTP-Account.
This configuration is necessary for further functionality of IRIS.
Open Web-Interface
The configuration can be accessed over the Web-Interface after the first launch of IRIS.
For that, you need to log in to IRIS with an admin-account.
On the left, you will find a menu option called "System Settings".
Note for the admin-account:
At the first launch, a user "root@localhost" will automatically be generated for you.
You can find the password in the log, which looks like following:
2023-02-08 17:22:38.926 -08 WARN [main] (init.ServiceInitializer:166) - A new user has been created.: Username: root@localhost Password: P6oV-GK3GYsdnn_5usDg1tBmn00 Please login with this user and change your password immediately!
We strongly recommend to change the password immediately, here you can go to user on the top right after the login, and then click "Change Password".
A password must contain at least 12 characters and fulfill at least 3 of the following conditions:
- contains uppercase letters A-Z
- contains lowercase letters a-z
- contains numbers 0-9
- contains special characters !%$§~ä#...
Konfiguration
General Settings
Base URL
The URL that leads to IRIS. It is equivalent to the (Sub-)Domain without path specification and without trailing slash, e.g. https://iris.firmenname.de
SMTP Settings
SMTP host
The server name of your SMTP server, e.g. smtp.office356.com for Microsoft 356
SMTP port
The port uesd by your SMTP server, e.g. 587 for Microsoft 356
TLS
Place the checkmark only if the connection with the SMTP server should be encoded via TLS.
SMTP sender e-mail address
The sender e-mail address which IRIS should use for sending mails.
SMTP username
The username used to login to the SMTP server. Sometimes identical with the sender e-mail.
SMTP authentication type
IRIS supports the login via Password or OAuth2 as well.
The Password authentication is easier to setup, but you have to make sure that the password does not expire.
Choose between Password and OAuth2.
The OAuth2 authentication is explained further down.
SMTP password
(Only for Password authentication)
The Password which IRIS should use to login to the SMTP server.
Test E-Mail
If you have set up all settings, you can send a test e-mail with this button.
Please keep in mind that, at that time, no settings were saved.
The tests are running with the current listed (and unsaved) settings in the browser.
SMTP with OAuth2
If you have chosen the Password as the SMTP authentication, you can skip this chapter.
To use OAuth2 as the SMTP authentication, choose OAuth2 as the SMTP authentication type.
Please enter the remaining settings under System configuration except for the token and save these settings.
After that, go to the menu option "OAuth2 Clients" in IRIS.
OAuth2 clients
By default, there are no OAuth2 Clients setup yet.
After you have saved a base URL in the system configuration, you will receive a Redirect URI in this menu, which you can use for the registration of the OAuth2 client at your email provider (at Microsoft 365 you have to make an app-registration under portal.azure.com, where you have to enter this Redirect URI).
Click on the button "New app" to create a new OAuth2 client.
Name
The name you enter here only serves as a reference for you.
Client ID
You receive the Client ID after the registration of the OAuth2 client at your email provider.
Client Secret
You receive the Client Secret after the registration of the OAuth2 client at your email provider.
Authorization URL
This is the URL which IRIS should open at the first authorization via browser.
For an app applied under Azure which is only accessible from your organization, use this URL:
https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize
Token URL
This is the URL which IRIS should call to request a token.
For an app applied under Azure which is only accessible from your organization, use this URL:
https://login.microsoftonline.com/organizations/oauth2/v2.0/token
Refresh Token URL
This is the URL which IRIS should call to request a refresh token.
For an app applied under Azure which is only accessible from your organization, use this URL:
https://login.microsoftonline.com/organizations/oauth2/v2.0/token
Scope
The scope which IRIS should request for a token request.
For an app applied under Azure, use this scope
offline_access https://outlook.office.com/SMTP.Send
Authorize created application
As soon as you created the client, please click the button "Authorize" in the newly created client.
A browser window opens afterwards, where you can login to the site of the email provider (e.g. Microsoft) and confirm the access of your application.
Note: Please be aware on which account you perform the authorization on the site of the email provider.
If you want to use another account for emails rather than your own (on the site of the email provider), you have to log off the site of the provider first or open the authorization with a private browser window.