Versions Compared

Old Version 11

changes.mady.by.user Ahmad

Saved on

compared with

New Version Current

changes.mady.by.user Hugo

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

English

The Security Enhanced Directory Manager features enhanced security and control on user management. 



Once you have configured SEDM you will gain access to these features : 

    • Password policy
    • Account Timeout & Lockout
    • Account Recovery via email
    • End user have option to enable MFA, if SEDM configured to enable such MFA plugin

  • SEDM acts as middle layer before talking to Directory Manager
    • Defaults to referring to Joget users
    • Can be configured to also communicate with LDAP / Sync LDAP / other DM (Directory Manager) plugins and many more.

Once SEDM is configured, stronger password encryption for local accounts will take over. (Security Enhanced Directory Manager uses the SHA 256 encryption to store the password._

Be careful when disabling SEDM plugin, as this will cause all local passwords to be invalid. See here for Disabling Plugin


Enabling Plugin

Simply go to System Settings -> Directory Manager Settings to enable and configure.

...

NameDescription / Sample Value

Show Login Info

Enable this feature will display the info such as : Last Login Date

Failed Login Attempts for Account Lockout

Set on attempt limit for the user to input the correct password before being locked-out due to incorrect password.
Account Lockout Period (Minutes)Set a period of time (Minutes) to disabling locked-out user from login.
Allow Session Timeout (Inactivity Timeout)

Enable this feature for automatically logging out inactive user and prompt the user to log in again.

Hard Session Timeout (Hours)

Set a period of time (Hours) for inactivity session for user to be locked out

Multi-Factor Authenticator

Default Multi-Factor Authenticator (MFA) that can be selected is : Time-based One-time Password (TOTP).

Info
You may opt to have more MFA by downloading the OTP (One-Time Password) Email MFA plugin


Disabling Plugin

Panel
borderColorred
titleColorwhite
titleBGColor#f45555
titleDisabling Plugin

Once the plugin is enabled, users' password would be stored using a new encryption method. Disabling the plugin would cause all the users not to be able to login anymore as the default encryption method is effectively changed.If you decide to stop using the plugin, you will need to replace all the affected users' password in dir_user table with a new password based on md5 hash

Security Enhanced Directory Manager uses the SHA 256 encryption to store the password.

For example, the old standard encrypted hash for "User@123" is "448ddd517d3abb70045aea6929f02367" using MD5.
When you change the Joget directory manager to use SEDM, the new password becomes something like "@@@@whateverhashencryption@@@@". 

If you then later remove/disable the SEDM plugin, the password is unchanged at SHA 256 encryption. Because the SEDM is not in play anymore, Joget is unable to authenticate the username because it is expecting the password to be the old MD5 encryption.

Do note that passwords once changed to the new SHA 256 Encryption cannot be changed back to MD5.

If you decide you don't want to use SEDM and then delete the plugin setting, you will need to use your database backups to restore the table "dir_user" to revert back to the original passwords (using MD5 and before SEDM was implemented).

You can also run the following query to update the "dir_user" table back to the old password - An example of the SQL query is as follows:

Code Block
UPDATE dir_user SET password = '5f4dcc3b5aa765d61d8327deb882cf99' WHERE id = 'username'

The "5f4dcc3b5aa765d61d8327deb882cf99" value is the word "password" using the old encryption.


Panel
borderColorblack
borderStylesolid
titleTroubleshoot

Should you forgotten all the details during any Security Enhanced Directory Manager configuration and you have Locked yourself out,  please use this workaround :

To disable your Security Enhanced Directory Manager (SEDM) , get into the database

1) Remove the password column value in dir_user

  • Replace the password column value with new value based on md5 hash.


2) In wf_setup >delete any directory manager records

  • Remove the 2 rows that starts with "directoryManager".
    Image Added

Then, Joget Workflow DX 8 will fallback to the default directory manager again.


...