===== Access to the platform (Login and authentication) ===== ==== General description ==== Access to the advanced functionalities of the WP6 – SANCTUARIA platform is managed through a centralized authentication system based on Keycloak, integrated with the D4Science infrastructure. Registered users can authenticate using personal credentials or through federated identity providers. Once authenticated, users gain access to their personal area (Dashboard) and to restricted features such as resource creation and data export. ---- ==== Login page ==== By clicking on the *Access* button located in the top-right corner of the upper navigation bar, the user is redirected to the authentication page. {{sanctuaria:sanctuaria_access.png?100|Access}} The login screen includes the following elements: **Login fields** * Username / email * Password **Federated login options** Authentication via external identity providers is supported, including: * Google * LinkedIn * Twitter * GitHub * ORCID * CNR-ISTI * Academic / Other **Additional actions** * *Remember me* → keeps the session active * *Forgot password?* → credential recovery * *Register* → creation of a new user account The system supports Single Sign-On (SSO), allowing users to authenticate with the same profile used across other services within the RESILIENCE network. {{sanctuaria:sanctuaria_keycloak.png?650|Keycloak}} ---- ==== Post-login state ==== After successful authentication, the portal interface is dynamically updated: * The *Access* button is replaced by a user profile icon. * Clicking on the profile icon opens a drop-down menu with the following options: * **Dashboard** → personal area containing the user’s resources * **Logout** → session termination {{sanctuaria:sanctuaria_user_menu.png?250|User Menu}} ---- ==== Dashboard ==== The Dashboard represents the personal workspace of authenticated users and displays the resources they have created or submitted for review. The *Contributions* section lists all user submissions, including drafts and published resources. If no resources are available, the following message is displayed: *No requests* {{sanctuaria:sanctuaria_dashboard.png?650|Dashboard}} ---- ==== Logout ==== From the user menu, selecting the *Logout* option ends the active session and redirects the user to the public homepage of the platform. After logout, the *Access* button reappears in its original position within the header. ---- ==== User roles ==== The WP6 – SANCTUARIA system defines three main user roles, each associated with specific permissions and responsibilities. ^ Role ^ Description ^ Main permissions ^ | **Admin** | Technical user account used by the ITSERR management team for setup, configuration, and maintenance operations. | Full system management, user creation, role configuration, backend control. | | **WPLead** | Responsible for approving, rejecting, or deleting resources submitted by Researchers. | Can view all submitted resources, approve or reject requests with motivation, and delete or edit resources. | | **Researcher** | Accredited user authorized to create new resources. | Can create, edit, save drafts, and submit resources (Ex-Voto or Foundation Legend). Can view and manage only their own submissions. | All authenticated roles are allowed to export search results. Public search functionality remains accessible to unauthenticated users. ---- ==== Technical notes ==== * Authentication is based on Keycloak (OIDC) with support for external identity providers. * Session management relies on SSO tokens. * The user interface is dynamically updated after login and logout. * Private routes (Dashboard, Add Resource, Export) are protected and accessible only to authenticated users.