From ad2a49fec42156f23706bf1f575ce5876bf5eedc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabrice=20Flore-Th=C3=A9bault?= Date: Wed, 29 Jan 2025 16:51:15 +0100 Subject: [PATCH 1/4] RHIDP-5489 Enabling authentication with your custom authentication provider MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Fabrice Flore-Thébault --- artifacts/attributes.adoc | 4 +- .../assembly-enabling-authentication.adoc | 2 + ...h-your-custom-authentication-provider.adoc | 231 ++++++++++++++++++ 3 files changed, 235 insertions(+), 2 deletions(-) create mode 100644 modules/authentication/proc-enabling-authentication-with-your-custom-authentication-provider.adoc diff --git a/artifacts/attributes.adoc b/artifacts/attributes.adoc index db23e741df..e5dedc13f5 100644 --- a/artifacts/attributes.adoc +++ b/artifacts/attributes.adoc @@ -109,8 +109,8 @@ :release-notes-url: https://docs.redhat.com/en/documentation/red_hat_developer_hub/{product-version}/html-single/release_notes/index :release-notes-title: Release notes -:installing-and-viewing-dynamic-plugins-url: https://docs.redhat.com/en/documentation/red_hat_developer_hub/{product-version}/html-single/installing_and_viewing_dynamic_plugins/index -:installing-and-viewing-dynamic-plugins-title: Installing and viewing dynamic plugins +:installing-and-viewing-dynamic-plugins-url: https://docs.redhat.com/en/documentation/red_hat_developer_hub/{product-version}/html-single/installing_and_viewing_plugins/index +:installing-and-viewing-dynamic-plugins-title: Installing and viewing plugins :authentication-book-url: https://docs.redhat.com/documentation/en-us/red_hat_developer_hub/{product-version}/html-single/authentication/index :authentication-book-title: Authentication diff --git a/assemblies/assembly-enabling-authentication.adoc b/assemblies/assembly-enabling-authentication.adoc index d9100a0bde..e96a6e9ecd 100644 --- a/assemblies/assembly-enabling-authentication.adoc +++ b/assemblies/assembly-enabling-authentication.adoc @@ -61,3 +61,5 @@ include::assembly-authenticating-with-github.adoc[leveloffset=+1] include::assembly-authenticating-with-microsoft-azure.adoc[leveloffset=+1] + +include::modules/authentication/proc-enabling-authentication-with-your-custom-authentication-provider.adoc[leveloffset=+1] diff --git a/modules/authentication/proc-enabling-authentication-with-your-custom-authentication-provider.adoc b/modules/authentication/proc-enabling-authentication-with-your-custom-authentication-provider.adoc new file mode 100644 index 0000000000..a213af1f56 --- /dev/null +++ b/modules/authentication/proc-enabling-authentication-with-your-custom-authentication-provider.adoc @@ -0,0 +1,231 @@ +[id="enabling-authentication-with-your-custom-authentication-provider"] += Enabling authentication with your custom authentication provider + +To authenticate users with your custom authentication provider, create, install and configure your custom authentication backend and frontend plugins in {product}. + +.Prerequisites +* You link:{configuring-book-url}[added a custom {product-short} application configuration], and have sufficient permissions to modify it. +* link:{installing-and-viewing-dynamic-plugins-url}#assembly-third-party-plugins[Exporting, packaging, and installing third-party plugins] knowledge. +* You collected the relevant information to connect to your custom authentication provider. ++ +[WARNING] +==== +This procedure is using a custom LDAP authentication provider as an example. +This example is not intended for production use. +==== + +.Procedure + +. Add the identified key/value pairs to link:{plugins-configure-book-url}#provisioning-your-custom-configuration[your {product-short} secrets]. +.. To allow {product-short} to use plugins for authentication rather than the builtin authentication providers, set the `ENABLE_AUTH_PROVIDER_MODULE_OVERRIDE` environment variable to true. +`ENABLE_AUTH_PROVIDER_MODULE_OVERRIDE`:: `true` +.. To add your custom authentication provider credentials to {product-short}, add the identified key/value pairs. ++ +.Secrets for the LDAP example +==== +LDAP_URL:: Your LDAP server URL, such as `ldap://__:3893`. +LDAP_BIND_DN:: Your LDAP bind distinguished name, such as `cn=serviceuser,ou=svcaccts,dc=glauth,dc=com`. +LDAP_BIND_PASSWORD:: Your LDAP password, such as `mysecret`. +==== + +. Create your custom authentication provider backend plugin, that: +* Provides an authentication provider API. +* Bridges authentication to your custom authentication provider. +* Includes an example backend configuration in an `app-config.yaml`file. ++ +-- +.LDAP backend plugin +==== +.`src/index.ts` wrapper re-exporting the original plugin +[source,javascript] +---- +export { default as default } from "@immobiliarelabs/backstage-plugin-ldap-auth-backend"; +---- + +.`app-config.yaml` backend configuration +[source,yaml] +---- +auth: + environment: production + providers: + ldap: + production: + ldapAuthenticationOptions: + userSearchBase: ou=users,dc=glauth,dc=com + usernameAttribute: uid + adminDn: ${LDAP_BIND_DN} + adminPassword: ${LDAP_BIND_PASSWORD} + ldapOpts: + url: + - ${LDAP_URL} +---- +==== +-- + +. Create your custom authentication provider frontend plugin, that: +* Provides a custom `SignInPage` component. +The `SignInPage` component is the place in a {product-short} app where the frontend API reference is connected to the appropriate backend authentication provider API service. +* Provides an API client for the backend authentication provider service. +* Includes an example backend configuration in an `app-config.yaml`file. ++ +-- +.LDAP frontend plugin +==== +The exported `SignInPage` component delegates to the `LDAPSignInPage` component that is provided by the `backstage-plugin-ldap-auth` package. + +.`src/index.ts` wrapper re-exporting the original plugin +[source,javascript] +---- +export * from '@immobiliarelabs/backstage-plugin-ldap-auth'; +export { SignInPage } from './components/SignInPage/SignInPage'; +---- + +.`src/components/SignInPage.ts` `SignInPage` component +[source,javascript] +---- +import React from 'react'; +import { SignInPageProps } from '@backstage/core-plugin-api'; +import { LdapAuthFrontendPage } from '@immobiliarelabs/backstage-plugin-ldap-auth'; + +export function SignInPage(props: SignInPageProps): React.JSX.Element { + return ; +} +---- + +.`app-config.yaml` frontend configuration +[source,yaml] +---- +dynamicPlugins: + frontend: + immobiliarelabs-backstage-plugin-ldap-auth: + components: + - name: SignInPage + module: PluginRoot + importName: SignInPage +---- +==== +-- + +. link:{installing-and-viewing-dynamic-plugins-url}#assembly-third-party-plugins[Export, package, and install your custom plugins]. +. Add your custom plugins configuration to `dynamic-plugins.yaml` in {product-short}. ++ +.`dynamic-plugins.yaml` excerpt for LDAP catalog support +==== +---- +plugins: + - package: ./dynamic-plugins/dist/backstage-plugin-catalog-backend-module-ldap-dynamic + disabled: false + pluginConfig: + catalog: + providers: + ldapOrg: + default: + target: ${LDAP_URL} + bind: + dn: ${LDAP_BIND_DN} + secret: ${LDAP_BIND_PASSWORD} + users: + - dn: ou=users,dc=glauth,dc=com + options: + scope: sub + filter: (accountStatus=active) + attributes: ['*', '+'] + paged: false + map: + rdn: uid + name: uid + description: description + displayName: uid + email: mail + picture: + memberOf: memberOf + groups: + - dn: ou=groups,dc=glauth,dc=com + options: + scope: sub + filter: (gidNumber=*) + attributes: ['*', '+'] + paged: false + map: + rdn: uid + name: uid + uid: uid + displayName: uid + description: description + type: groupType + email: + picture: + memberOf: memberOf + members: member + schedule: + frequency: PT10M + timeout: PT10M +# optional, this is just to suppress any examples + import: {} + rules: + - allow: [Component, System, Group, Resource, Location, Template, API, User] + locations: [] + - package: ./local-plugins/immobiliarelabs-backstage-plugin-ldap-auth + disabled: false + pluginConfig: + dynamicPlugins: + frontend: + immobiliarelabs-backstage-plugin-ldap-auth: + components: + - name: SignInPage + module: PluginRoot + importName: SignInPage +---- +==== + + +. To set up your custom authentication provider, edit your custom {product-short} ConfigMap such as `app-config-rhdh`, and add the following lines to the `app-config-rhdh.yaml` content: ++ +-- +.`app-config-rhdh.yaml` fragment with mandatory fields to enable authentication with +[source,yaml,subs="+attributes,+quotes"] +---- +auth: + environment: production + providers: + __: + production: + __ +signInPage: __ +---- + +.`app-config.yaml` excerpt for the LDAP example +==== +---- +auth: + environment: production + providers: + ldap: + production: + ldapAuthenticationOptions: + userSearchBase: ou=users,dc=glauth,dc=com + usernameAttribute: uid + adminDn: ${LDAP_BIND_DN} + adminPassword: ${LDAP_BIND_PASSWORD} + ldapOpts: + url: + - ${LDAP_URL} +signInPage: ldap +---- +==== + +`environment: production`:: +Mark the environment as `production` to hide the Guest login in the {product-short} home page. + +`__` section:: +Use the {product-short} application information that you have created in your custom authentication provider and configured in OpenShift as secrets. + +`sigInPage: __`:: +To enable the custom authentication provider as default sign-in provider. +-- + +.Verification +. Go to the {product-short} login page. +. Your {product-short} sign-in page displays *Sign in using __* and the Guest user sign-in is disabled. +. Log in with your custom authentication provider. + From 8a47329f2bbea16a9ea53741d480d5951b7bbcf5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabrice=20Flore-Th=C3=A9bault?= Date: Tue, 4 Feb 2025 14:20:39 +0100 Subject: [PATCH 2/4] Update modules/authentication/proc-enabling-authentication-with-your-custom-authentication-provider.adoc --- ...-authentication-with-your-custom-authentication-provider.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/authentication/proc-enabling-authentication-with-your-custom-authentication-provider.adoc b/modules/authentication/proc-enabling-authentication-with-your-custom-authentication-provider.adoc index a213af1f56..a03ff7dd79 100644 --- a/modules/authentication/proc-enabling-authentication-with-your-custom-authentication-provider.adoc +++ b/modules/authentication/proc-enabling-authentication-with-your-custom-authentication-provider.adoc @@ -1,6 +1,7 @@ [id="enabling-authentication-with-your-custom-authentication-provider"] = Enabling authentication with your custom authentication provider +You can extend {product} with your custom authentication provider by using your custom authentication backend and frontend plugins. To authenticate users with your custom authentication provider, create, install and configure your custom authentication backend and frontend plugins in {product}. .Prerequisites From 5001ccfc33bc44eafeb3131d844ef209f692f972 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabrice=20Flore-Th=C3=A9bault?= Date: Tue, 4 Mar 2025 16:40:18 +0100 Subject: [PATCH 3/4] docs: removed ldap example, and added content from https://github.com/redhat-developer/rhdh/pull/2446/files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Fabrice Flore-Thébault --- ...h-your-custom-authentication-provider.adoc | 229 +++--------------- 1 file changed, 37 insertions(+), 192 deletions(-) diff --git a/modules/authentication/proc-enabling-authentication-with-your-custom-authentication-provider.adoc b/modules/authentication/proc-enabling-authentication-with-your-custom-authentication-provider.adoc index a03ff7dd79..dfa6455ce1 100644 --- a/modules/authentication/proc-enabling-authentication-with-your-custom-authentication-provider.adoc +++ b/modules/authentication/proc-enabling-authentication-with-your-custom-authentication-provider.adoc @@ -1,232 +1,77 @@ [id="enabling-authentication-with-your-custom-authentication-provider"] = Enabling authentication with your custom authentication provider -You can extend {product} with your custom authentication provider by using your custom authentication backend and frontend plugins. -To authenticate users with your custom authentication provider, create, install and configure your custom authentication backend and frontend plugins in {product}. +Out of the box {product} supports all the documented authentication providers, such as GitHub or Microsoft Azure. +However, you can extend {product-short} with your custom authentication provider by using dynamic plugins that either adds more configuration options for an existing provider, or adds a new authentication provider altogether. .Prerequisites * You link:{configuring-book-url}[added a custom {product-short} application configuration], and have sufficient permissions to modify it. * link:{installing-and-viewing-dynamic-plugins-url}#assembly-third-party-plugins[Exporting, packaging, and installing third-party plugins] knowledge. * You collected the relevant information to connect to your custom authentication provider. -+ -[WARNING] -==== -This procedure is using a custom LDAP authentication provider as an example. -This example is not intended for production use. -==== .Procedure - -. Add the identified key/value pairs to link:{plugins-configure-book-url}#provisioning-your-custom-configuration[your {product-short} secrets]. -.. To allow {product-short} to use plugins for authentication rather than the builtin authentication providers, set the `ENABLE_AUTH_PROVIDER_MODULE_OVERRIDE` environment variable to true. -`ENABLE_AUTH_PROVIDER_MODULE_OVERRIDE`:: `true` -.. To add your custom authentication provider credentials to {product-short}, add the identified key/value pairs. -+ -.Secrets for the LDAP example -==== -LDAP_URL:: Your LDAP server URL, such as `ldap://__:3893`. -LDAP_BIND_DN:: Your LDAP bind distinguished name, such as `cn=serviceuser,ou=svcaccts,dc=glauth,dc=com`. -LDAP_BIND_PASSWORD:: Your LDAP password, such as `mysecret`. -==== - . Create your custom authentication provider backend plugin, that: * Provides an authentication provider API. * Bridges authentication to your custom authentication provider. * Includes an example backend configuration in an `app-config.yaml`file. -+ --- -.LDAP backend plugin -==== -.`src/index.ts` wrapper re-exporting the original plugin -[source,javascript] ----- -export { default as default } from "@immobiliarelabs/backstage-plugin-ldap-auth-backend"; ----- -.`app-config.yaml` backend configuration -[source,yaml] ----- -auth: - environment: production - providers: - ldap: - production: - ldapAuthenticationOptions: - userSearchBase: ou=users,dc=glauth,dc=com - usernameAttribute: uid - adminDn: ${LDAP_BIND_DN} - adminPassword: ${LDAP_BIND_PASSWORD} - ldapOpts: - url: - - ${LDAP_URL} ----- -==== --- + . Create your custom authentication provider frontend plugin, that: * Provides a custom `SignInPage` component. The `SignInPage` component is the place in a {product-short} app where the frontend API reference is connected to the appropriate backend authentication provider API service. * Provides an API client for the backend authentication provider service. * Includes an example backend configuration in an `app-config.yaml`file. -+ --- -.LDAP frontend plugin -==== -The exported `SignInPage` component delegates to the `LDAPSignInPage` component that is provided by the `backstage-plugin-ldap-auth` package. - -.`src/index.ts` wrapper re-exporting the original plugin -[source,javascript] ----- -export * from '@immobiliarelabs/backstage-plugin-ldap-auth'; -export { SignInPage } from './components/SignInPage/SignInPage'; ----- - -.`src/components/SignInPage.ts` `SignInPage` component -[source,javascript] ----- -import React from 'react'; -import { SignInPageProps } from '@backstage/core-plugin-api'; -import { LdapAuthFrontendPage } from '@immobiliarelabs/backstage-plugin-ldap-auth'; -export function SignInPage(props: SignInPageProps): React.JSX.Element { - return ; -} ----- +. link:{installing-and-viewing-dynamic-plugins-url}#assembly-third-party-plugins[Export, package, and install your custom plugins]. +. Add your custom plugins configuration to your `dynamic-plugins.yaml` file. -.`app-config.yaml` frontend configuration -[source,yaml] +. {product-short} users expect to see all authentication providers listed in the *User settings* section, *Authentication Providers* tab. +To add entries for an authentication provider from a dynamic plugin, use the `providerSettings` configuration in your `{my-app-config-file}` file: ++ +[source,yaml,subs="+quotes"] ---- dynamicPlugins: frontend: - immobiliarelabs-backstage-plugin-ldap-auth: - components: - - name: SignInPage - module: PluginRoot - importName: SignInPage + __: + providerSettings: + - title: __ + description: __ + provider: __ ---- -==== --- - -. link:{installing-and-viewing-dynamic-plugins-url}#assembly-third-party-plugins[Export, package, and install your custom plugins]. -. Add your custom plugins configuration to `dynamic-plugins.yaml` in {product-short}. + -.`dynamic-plugins.yaml` excerpt for LDAP catalog support -==== ----- -plugins: - - package: ./dynamic-plugins/dist/backstage-plugin-catalog-backend-module-ldap-dynamic - disabled: false - pluginConfig: - catalog: - providers: - ldapOrg: - default: - target: ${LDAP_URL} - bind: - dn: ${LDAP_BIND_DN} - secret: ${LDAP_BIND_PASSWORD} - users: - - dn: ou=users,dc=glauth,dc=com - options: - scope: sub - filter: (accountStatus=active) - attributes: ['*', '+'] - paged: false - map: - rdn: uid - name: uid - description: description - displayName: uid - email: mail - picture: - memberOf: memberOf - groups: - - dn: ou=groups,dc=glauth,dc=com - options: - scope: sub - filter: (gidNumber=*) - attributes: ['*', '+'] - paged: false - map: - rdn: uid - name: uid - uid: uid - displayName: uid - description: description - type: groupType - email: - picture: - memberOf: memberOf - members: member - schedule: - frequency: PT10M - timeout: PT10M -# optional, this is just to suppress any examples - import: {} - rules: - - allow: [Component, System, Group, Resource, Location, Template, API, User] - locations: [] - - package: ./local-plugins/immobiliarelabs-backstage-plugin-ldap-auth - disabled: false - pluginConfig: - dynamicPlugins: - frontend: - immobiliarelabs-backstage-plugin-ldap-auth: - components: - - name: SignInPage - module: PluginRoot - importName: SignInPage ----- -==== +Each provider settings entry should define the following attributes: +`title`:: The title for the authentication provider shown above the user's profile image if available. -. To set up your custom authentication provider, edit your custom {product-short} ConfigMap such as `app-config-rhdh`, and add the following lines to the `app-config-rhdh.yaml` content: -+ --- -.`app-config-rhdh.yaml` fragment with mandatory fields to enable authentication with -[source,yaml,subs="+attributes,+quotes"] ----- -auth: - environment: production - providers: - __: - production: - __ -signInPage: __ ----- +`description`:: a short description of the authentication provider. + +`provider`:: The ID of the authentication provider as provided to the `createApiRef` API call. +This value is used to look up the corresponding API factory for the authentication provider to connect the provider's Sign In/Sign Out button. -.`app-config.yaml` excerpt for the LDAP example -==== + +. Use a custom `SignInPage` component. +{product-short} is using the `SignInPage` component to connect one or more authentication providers to the application sign-in process. +By default, {product-short} has a static `SignInPage` that supports all the built-in authentication providers. +To use a different authentication provider, for example from a dynamic plugin use the `signInPage` configuration in your `{my-app-config-file}` file: ++ +[source,yaml,subs="+quotes"] ---- -auth: - environment: production - providers: - ldap: - production: - ldapAuthenticationOptions: - userSearchBase: ou=users,dc=glauth,dc=com - usernameAttribute: uid - adminDn: ${LDAP_BIND_DN} - adminPassword: ${LDAP_BIND_PASSWORD} - ldapOpts: - url: - - ${LDAP_URL} -signInPage: ldap +dynamicPlugins: + frontend: + __: + signInPage: + importName: CustomSignInPage ---- -==== - -`environment: production`:: -Mark the environment as `production` to hide the Guest login in the {product-short} home page. ++ +Only one `signInPage` is specified and used by the application, this configuration object supports the following properties: -`__` section:: -Use the {product-short} application information that you have created in your custom authentication provider and configured in OpenShift as secrets. +`module`:: optional setting to specify which set of assets should be accessed from the dynamic plugin, defaults to `PluginRoot` -`sigInPage: __`:: -To enable the custom authentication provider as default sign-in provider. --- +`importName`:: Required setting that should resolve to a component that returns a configured `SignInPage` component that connects the appropriate authentication provider factories, or a compatible custom implementation. .Verification . Go to the {product-short} login page. -. Your {product-short} sign-in page displays *Sign in using __* and the Guest user sign-in is disabled. +. Your {product-short} sign-in page displays *__* and the Guest user sign-in is disabled. . Log in with your custom authentication provider. From 62c40bc1f20bc9262c66c0e2c72a908043d6b27c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabrice=20Flore-Th=C3=A9bault?= Date: Tue, 4 Mar 2025 16:53:00 +0100 Subject: [PATCH 4/4] language fixes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Fabrice Flore-Thébault --- ...h-your-custom-authentication-provider.adoc | 25 ++++++++----------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/modules/authentication/proc-enabling-authentication-with-your-custom-authentication-provider.adoc b/modules/authentication/proc-enabling-authentication-with-your-custom-authentication-provider.adoc index dfa6455ce1..4b30220783 100644 --- a/modules/authentication/proc-enabling-authentication-with-your-custom-authentication-provider.adoc +++ b/modules/authentication/proc-enabling-authentication-with-your-custom-authentication-provider.adoc @@ -1,25 +1,23 @@ [id="enabling-authentication-with-your-custom-authentication-provider"] = Enabling authentication with your custom authentication provider -Out of the box {product} supports all the documented authentication providers, such as GitHub or Microsoft Azure. +By default, {product} supports all the documented authentication providers, such as GitHub or Microsoft Azure. However, you can extend {product-short} with your custom authentication provider by using dynamic plugins that either adds more configuration options for an existing provider, or adds a new authentication provider altogether. .Prerequisites -* You link:{configuring-book-url}[added a custom {product-short} application configuration], and have sufficient permissions to modify it. +* You link:{configuring-book-url}[added a custom {product-short} application configuration], and have enough permissions to change it. * link:{installing-and-viewing-dynamic-plugins-url}#assembly-third-party-plugins[Exporting, packaging, and installing third-party plugins] knowledge. * You collected the relevant information to connect to your custom authentication provider. .Procedure -. Create your custom authentication provider backend plugin, that: +. Create your custom authentication provider backend plugin, which: * Provides an authentication provider API. * Bridges authentication to your custom authentication provider. * Includes an example backend configuration in an `app-config.yaml`file. - - -. Create your custom authentication provider frontend plugin, that: +. Create your custom authentication provider front-end plugin, which: * Provides a custom `SignInPage` component. -The `SignInPage` component is the place in a {product-short} app where the frontend API reference is connected to the appropriate backend authentication provider API service. +The `SignInPage` component is the place in a {product-short} app where the front-end API reference connects to the appropriate backend authentication provider API service. * Provides an API client for the backend authentication provider service. * Includes an example backend configuration in an `app-config.yaml`file. @@ -42,13 +40,11 @@ dynamicPlugins: + Each provider settings entry should define the following attributes: -`title`:: The title for the authentication provider shown above the user's profile image if available. - -`description`:: a short description of the authentication provider. +`title`:: The title for the authentication provider shown next to the user profile image if available. -`provider`:: The ID of the authentication provider as provided to the `createApiRef` API call. -This value is used to look up the corresponding API factory for the authentication provider to connect the provider's Sign In/Sign Out button. +`description`:: The short description of the authentication provider, which {product-short} displays on the login page. +`provider`:: The authentication provider ID as provided to the `createApiRef` API call, which is using this value to look up the corresponding API factory for the authentication provider to connect to the provider's Sign In and Sign Out button. . Use a custom `SignInPage` component. {product-short} is using the `SignInPage` component to connect one or more authentication providers to the application sign-in process. @@ -66,10 +62,11 @@ dynamicPlugins: + Only one `signInPage` is specified and used by the application, this configuration object supports the following properties: -`module`:: optional setting to specify which set of assets should be accessed from the dynamic plugin, defaults to `PluginRoot` - `importName`:: Required setting that should resolve to a component that returns a configured `SignInPage` component that connects the appropriate authentication provider factories, or a compatible custom implementation. +`module`:: Optional setting to specify which set of assets the dynamic plugin might access. +The default value is `PluginRoot`. + .Verification . Go to the {product-short} login page. . Your {product-short} sign-in page displays *__* and the Guest user sign-in is disabled.