49.26    CQL 49.28    Cross-Origin Resource Sharing (CORS)   

49.27.1Credentials

 

The Credentials configuration category includes the following configurable options:

  • Authentication Cache Duration (millis)

  • Cache Successful Credentials

  • Create Unknown Users

  • Lock After Failed Attempts

  • Case-Sensitive Passwords

  • Password Encoding Scheme

  • Password Mismatch Error

  • Minimum Password Requirements

  • Case-Sensitive Usernames

49.27.2Property: Authentication Cache Duration (millis)

 
Property Name Authentication Cache Duration (millis)
Property Key
Property Type POSITIVE_INTEGER
Description The number of milliseconds that successfully authenticated credentials will be cached for. This property is only used when the Cache Successful Credentials property is enabled.
Applies to Modules
  • Local Inbound Security
Default Value 20000
Example Property
module.[MODULE_ID].config.authentication_cache_duration = 20000

49.27.3Property: Cache Successful Credentials

 
Property Name Cache Successful Credentials
Property Key
Property Type BOOLEAN
Description If enabled, the authorization service will enable a very short-term cache of successful credentials. This is useful in environments where many requests are being made using username/password credentials in each request (i.e. a backend service secured with HTTP Basic Auth). Enable with caution as this setting also has security considerations.
Applies to Modules
  • Local Inbound Security
Default Value true
Example Property
module.[MODULE_ID].config.cache_successful_credentials = true

49.27.4Property: Create Unknown Users

 
Property Name Create Unknown Users
Property Key
Property Type BOOLEAN
Description If a user is requested and does not already exist, having this setting enabled will cause that user to be created. Use this setting with caution as it can result in an unlimited number of users being created within the Smile CDR database. This setting is useful only in situations where the client is trusted (e.g. a server-to-server communication).
Applies to Modules
  • Local Inbound Security
Default Value false
Example Property
module.[MODULE_ID].config.create_unknown_users = false

49.27.5Property: Lock After Failed Attempts

 
Property Name Lock After Failed Attempts
Property Key
Property Type NON_NEGATIVE_INTEGER
Description Number of failed login attempts to lock account. Zero means no limit.
Applies to Modules
  • Local Inbound Security
Default Value 5
Example Property
module.[MODULE_ID].config.max_failed_logins_until_lock = 5

49.27.6Property: Case-Sensitive Passwords

 
Property Name Case-Sensitive Passwords
Property Key
Property Type BOOLEAN
Description If enabled, passwords are case-sensitive. Note that any passwords created before this setting is changed are not affected. Change with caution!
Applies to Modules
  • Local Inbound Security
Default Value true
Example Property
module.[MODULE_ID].config.password_case_sensitive = true

49.27.7Property: Password Encoding Scheme

 
Property Name Password Encoding Scheme
Property Key
Property Type ENUM
Values
  • SHA256_1000_ROUND
  • SHA256_10000_ROUND
  • SHA256_100000_ROUND
  • PBKDF2_256_1000_RND
  • PBKDF2_256_10000_RND
  • PBKDF2_256_100000_RND
  • BCRYPT_10_ROUND
  • BCRYPT_12_ROUND
  • BCRYPT_14_ROUND
  • BCRYPT_16_ROUND
Description Specify the scheme that will be used to store passwords in the database. Note that changing this value will only affect newly created and updated passwords. Existing passwords will remain encoded using the scheme that was selected at the time that they were saved. See Password Hashing Algorithms for more information.
Applies to Modules
  • Local Inbound Security
Default Value BCRYPT_12_ROUND
Example Property
module.[MODULE_ID].config.password_encoding_type = BCRYPT_12_ROUND

49.27.8Property: Password Mismatch Error

 
Property Name Password Mismatch Error
Property Key
Property Type STRING
Description Error message that will be displayed to the user if the password they are trying to create/update does not match the regular expression specified in Minimum Password Requirements. This message needs to be updated for any change in the Minimum Password Requirements.
Applies to Modules
  • Local Inbound Security
Default Value Invalid password
Example Property
module.[MODULE_ID].config.password_mismatch_pattern_error = Invalid password

49.27.9Property: Minimum Password Requirements

 
Property Name Minimum Password Requirements
Property Key
Property Type STRING
Description Our password validation is two-phased - Phase 1: We apply our own rules. These are unignorable (minimum length of 8 characters, at least 3 of the 4 available character types; lowercase letters, uppercase letters, numbers, and symbols, it must not contain the user's username or parts of their name, it must be unique from the previous password, complexity requirements which is a set of 5 regexes) - Phase 2: We apply the regex supplied by the customer, for which the default is {4..100}. Note that these requirements will only be enforced when evaluating newly created and updated passwords; existing passwords remain unaffected.
Applies to Modules
  • Local Inbound Security
Default Value .{4,100}
Example Property
module.[MODULE_ID].config.password_pattern = .{4,100}

49.27.10Property: Case-Sensitive Usernames

 
Property Name Case-Sensitive Usernames
Property Key
Property Type BOOLEAN
Description Case-Sensitive Usernames
Applies to Modules
  • LDAP Inbound Security
  • Local Inbound Security
  • SAML Inbound Security
  • Scripted Inbound Security
Default Value false
Example Property
module.[MODULE_ID].config.username_case_sensitive = false
   49.26    CQL 49.28    Cross-Origin Resource Sharing (CORS)