Credentials
The Credentials configuration category includes the following configurable options:
Authentication Cache Duration (millis)
Cache Successful Credentials
Create Unknown Users
Lock After Failed Attempts
Case-Sensitive Passwords
Password Encoding Scheme
Password Mismatch Error
Minimum Password Requirements
Case-Sensitive Usernames
|
|
Authentication Cache Duration (millis) |
|
|
|
| POSITIVE_INTEGER | |
| The number of milliseconds that successfully authenticated credentials will be cached for. This property is only used when the Cache Successful Credentials property is enabled. | |
|
|
20000
|
|
|
|
|
Cache Successful Credentials |
|
|
|
| BOOLEAN | |
| If enabled, the authorization service will enable a very short-term cache of successful credentials. This is useful in environments where many requests are being made using username/password credentials in each request (i.e. a backend service secured with HTTP Basic Auth). Enable with caution as this setting also has security considerations. | |
|
|
true
|
|
|
|
|
Create Unknown Users |
|
|
|
| BOOLEAN | |
| If a user is requested and does not already exist, having this setting enabled will cause that user to be created. Use this setting with caution as it can result in an unlimited number of users being created within the Smile CDR database. This setting is useful only in situations where the client is trusted (e.g. a server-to-server communication). | |
|
|
false
|
|
|
|
|
Lock After Failed Attempts |
|
|
|
| NON_NEGATIVE_INTEGER | |
| Number of failed login attempts to lock account. Zero means no limit. | |
|
|
5
|
|
|
|
|
Case-Sensitive Passwords |
|
|
|
| BOOLEAN | |
| If enabled, passwords are case-sensitive. Note that any passwords created before this setting is changed are not affected. Change with caution! | |
|
|
true
|
|
|
|
|
Password Encoding Scheme |
|
|
|
| ENUM | |
| Values |
|
| Specify the scheme that will be used to store passwords in the database. Note that changing this value will only affect newly created and updated passwords. Existing passwords will remain encoded using the scheme that was selected at the time that they were saved. See Password Hashing Algorithms for more information. | |
|
|
BCRYPT_12_ROUND
|
|
|
|
|
Password Mismatch Error |
|
|
|
| STRING | |
| Error message that will be displayed to the user if the password they are trying to create/update does not match the regular expression specified in Minimum Password Requirements. This message needs to be updated for any change in the Minimum Password Requirements. | |
|
|
Invalid password
|
|
|
|
|
Minimum Password Requirements |
|
|
|
| STRING | |
Our password validation is two-phased - Phase 1: We apply our own rules. These are unignorable (minimum length of 8 characters, at least 3 of the 4 available character types; lowercase letters, uppercase letters, numbers, and symbols, it must not contain the user's username or parts of their name, it must be unique from the previous password, complexity requirements which is a set of 5 regexes) - Phase 2: We apply the regex supplied by the customer, for which the default is {4..100}. Note that these requirements will only be enforced when evaluating newly created and updated passwords; existing passwords remain unaffected.
|
|
|
|
.{4,100}
|
|
|
|
|
Case-Sensitive Usernames |
|
|
|
| BOOLEAN | |
| Case-Sensitive Usernames | |
|
|
false
|
|
|