====== Authentication and platform access ====== ===== General overview ===== Access to the Gnorm platform is provided through the **Access** button located in the top navigation bar of the interface. The system supports two authentication methods: * **Direct ITSERR access** – via system-provided credentials (username and password); * **Federated D4Science access** – via external academic or institutional providers (Google, LinkedIn, ORCID, GitHub, CNR-ISTI, etc.). ---- ===== Direct ITSERR access ===== The ITSERR login page allows users to enter: * Username * Password and proceed using the **Log in** button. Alternatively, users can authenticate directly through the **ITSERR Account** button, which automatically redirects to the centralized authentication portal, maintaining the user session active for the entire duration of navigation. {{gnorm:gnorm_login_itserr.png?650|ITSERR login page}} ---- ===== Federated access via D4Science ===== Federated authentication is managed through **Keycloak**, a secure system compliant with the digital identity standards adopted by D4Science. From the login screen, users can choose among several academic or third-party providers, including: * Academic / Other * Google * LinkedIn * Twitter * GitHub * ORCID * CNR-ISTI {{gnorm:gnorm_login_keycloak.png?650|D4Science Keycloak authentication page}} Users may also enable the **Remember me** option to keep the session active or use **Forgot Password** to recover credentials. Once authentication is completed, the user is redirected to the authenticated homepage of the platform. ---- ===== Session management ===== After authentication: * The **Access** button in the top navigation bar is replaced by **Logout**; * The user can freely navigate between corpora, perform searches, and use advanced functionalities; * Upon browser closure or prolonged inactivity, the session is automatically terminated. ---- ===== User roles and permissions ===== Three main roles are defined within the system: ^ Role ^ Description ^ Main permissions ^ | Researcher | Academic user who accesses the platform to consult, search, and annotate texts. | Search, note creation, data export, consultation of public resources. | | System_Administrator | Technical role responsible for module configuration, instance monitoring, and system maintenance. | All Researcher permissions, plus system parameter management and module administration. | | Admin | Technical–administrative user with global privileges, used for initial setup activities and supervision. | Full backend management, user and role creation and modification, general system configuration. | ---- ===== Security and credential management ===== The system guarantees: * Secure HTTPS connections for all requests; * Centralized credential management via D4Science; * Automatic session expiration to prevent unauthorized access; * SSO (Single Sign-On) compatibility for integration with other ITSERR modules.