Aditional features? Other authentication systems + sign with PKI + encrypting

Hello everyone, how are you?

I’m new to the community and I’m excited about Mayan for document management. However, my research and work require some additional functionalities that I haven’t found easily—my apologies if I’ve missed them due to being new here.

I’m interested in learning about three potential aditional features:

  • How to integrate other authentication systems? Anyone has successfully integrated with OpenID Connect?
  • Is it possible to easily configure Mayan to sign documents with an infrastructure other than GNU Privacy Guard? For example a PKI?
  • Is there any component for encrypting documents?

Thank you in advance!

2 Likes

How to integrate other authentication systems? Anyone has successfully integrated with OpenID Connect?

There is an OIDC authentication backend included. However the setup will vary depending on the OIDC provider (realms vs domains vs workgroups vs app namespaces). A Knowledge base article on using OIDC with Keycloak is in the works. This should provide some common baseline information to get other OIDC providers configured.

Is it possible to easily configure Mayan to sign documents with an infrastructure other than GNU Privacy Guard? For example a PKI?

Not at the moment but we are looking into improving the signature system to implement other signatures technologies in the future.

The main issue with these is that our philosophy is to prioritize technologies that can be self hosted or are well understood standards. PKI signatures require substantial infrastructure and setup to get a CA, a RA, and a VA running, all of which are difficult to implement and maintain. Since we don’t connect statistics it’s not possible to know how popular PKI signatures are and if it is an effective use of our development time to implement them.

Is there any component for encrypting documents?

This can be implemented in many different way. We provide the most common use case which is encryption at a rest. This is done by the included encryptedstorage backend. Enabling this backend will encrypt documents in a transparent way.