Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

EN | ES

Since Platform Version 1.6.2

Capabilities

To provide greater security to users, new functionalities, restrictions and validations have been added to the platform:

These can be modified and configured by environment (a new Central Configuration managed by administrator will appear from the Control Panel

/wiki/spaces/PT/pages/214401056, the input is called EXPIRATIONUSERS, this is the default setting (Since version 1.6.2-Empire).

ExpirationUsersPass:

cron: "0 0 0? * * *"

In this parameter we are indicating that it check at 00:00:00 am every day if the passwords are expired, that is, we are indicating how often the password verification task should be executed.

timeLifePass: 180

Here it is indicated how many days the password is valid in this case by default they are marked 180 days

noticesDaysBefore: 10

With this parameter we indicate the number of days before the password expires that a message will be sent daily as a reminder, to inform that this is going to happen. (From 1.6.2-Empire)

maxInactiveDays: 30

This parameter sets to 30, the number of days that if a user has not accessed the platform, the user will remain inactive and will have to contact the administrator to be reactivated.

Authentication:

limitFailedAttemp: 3

Here the number of attempts to access the platform with a user is set to three, if the access failure occurs three times due to incorrectly entering the password, the user remains inactive, an email is sent to inform the user that it has been this fact has occurred and to indicate that you have to contact the administrator to activate the account (From 1.6.2-Empire).

numberLastEntriesToCheck: 5

This parameter is used when changing the password, the new password cannot coincide with any of the (N) last passwords used by the user, in this case with the last 5, a history of the passwords used is controlled from the platform.

ResetUserPass:

hours: 7

When a password is reset, here we indicate the number of hours that the password sent by mail will be valid.

cron: "0 0 *? * * *"

We are indicating how often the task that validates for the users the validity time of the password that has been sent by mail must be launched, to exit this state the user must change the password.

Summary

  • These functionalities are parameterized in the EXPIRATIONUSERS section accessible from configuration management.

  • For the changes in EXPIRATIONUSERS to take effect, the controlpanel and rtdb-maintainer services must be restarted from the rancher, so that the tasks that validate the user accounts are restarted.

  • The password will expire after (N) days of being established. Also, when the expiration is close (M days before), an email will be sent every day as a reminder to the user: M and N are configurable by environment (From 1.6.2-Empire).

  • When a user has not accessed the platform in N days, it will be deactivated, and only an administrator can activate it again (From 1.6.2-Empire).

  • When a password reset event occurs, either by an administrator or a user, an email will be sent to the user with the temporary random password, or when it is used for the first time to access the console, the user will be forced a change of password. o If you try to access any REST service with that random temporary password, you will be denied access. o You can reset the password from the ControlPanel or from the REST API (From 2.1.0-gradius)

  • A random temporary password (product of the reset event) will expire at N hours, being N configurable (From 2.1.0-gradius)

  • For the administrator, an option for resetting passwords has been added in the user management list to have a more agile management of users (From 2.1.0-gradius).

  • As of version 2.2.0-hyperblast it is allowed to set certain parameters with the value -1 so that they do not take effect

Password format with basic identity manager

The passwords that are allowed by default in the basic identity manager must meet a pattern which validates that it must contain uppercase letters, lowercase letters, numbers and special characters such as ! for example, the minimum length is 10 and the maximum is 255 characters.

  • No labels