Joget DX 8 Stable Released
The stable release for Joget DX 8 is now available, with a focus on UX and Governance.
Table of Contents |
---|
Children Display | ||
---|---|---|
|
English |
---|
The Security Enhanced Directory Manager |
...
features enhanced security and control on user management.
Once SEDM is configured, stronger password encryption for local accounts will take over. (Security Enhanced Directory Manager uses the SHA 256 encryption to store the password._ Be careful when disabling SEDM plugin, as this will cause all local passwords to be invalid. See here for Disabling Plugin Enabling PluginSimply go to System Settings -> Directory Manager Settings to enable and configure. |
Figure 1: Security Enhanced Directory Manager Properties Children Display
Name | Description / Sample Value | ||
---|---|---|---|
Show Login Info | Enable this feature will display the info such as : Last Login Date | ||
Failed Login Attempts for Account Lockout | Set on attempt limit for the user to input the correct password before being locked-out due to incorrect password. | ||
Account Lockout Period (Minutes) | Set a period of time (Minutes) to disabling locked-out user from login. | ||
Allow Session Timeout (Inactivity Timeout) | Enable this feature for automatically logging out inactive user and prompt the user to log in again. | ||
Hard Session Timeout (Hours) | Set a period of time (Hours) for inactivity session for user to be locked out | ||
Multi-Factor Authenticator | Default Multi-Factor Authenticator (MFA) that can be selected is : Time-based One-time Password (TOTP).
|
Panel | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
Once the plugin is enabled, users' password would be stored using a new encryption method. Disabling the plugin would cause all the users not to be able to login anymore as the default encryption method is effectively changed. If you decide to stop using the plugin, you will need to replace all the affected users' password in dir_user table with a new password based on md5 hash. |
Security Enhanced Directory Manager uses the SHA 256 encryption to store the password. For example, the old standard encrypted hash for "User@123" is "448ddd517d3abb70045aea6929f02367" using MD5. If you then later remove/disable the SEDM plugin, the password is unchanged at SHA 256 encryption. Because the SEDM is not in play anymore, Joget is unable to authenticate the username because it is expecting the password to be the old MD5 encryption. Do note that passwords once changed to the new SHA 256 Encryption cannot be changed back to MD5. You can also run the following query to update the "dir_user" table back to the old password - An example of the SQL query is as follows:
The "5f4dcc3b5aa765d61d8327deb882cf99" value is the word "password" using the old encryption.
|
Tip |
---|
If you leave the Notification tab below empty, Joget will read the default SMTP configuration values from the General Settings > SMTP Settings page. |
Panel | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
Setting up the Notification tab in this Enhanced Security Directory Manager is important and highly recommended. Do not skip the setup and remember to test sending email out to make sure that the email server settings is correct. Figure 2: Notification tab |
Name | Description | |||||
---|---|---|---|---|---|---|
From | Sender email address.
| |||||
SMTP Host | Email Server SMTP Host
| |||||
SMTP Port | Email Server SMTP Port
| |||||
Security |
Alternatively, you can click on the "hash" symbol to allow the input of hash variables. | |||||
SMTP Username | Email Server Account Username
| |||||
SMTP Password | Email Server Account Password
| |||||
CC | Fully qualified address is expected. Multiple values can be accepted by separating them with semicolons.
| |||||
HTML Content? | Check if "Message" is intended to be a HTML content. | |||||
User Creation (Subject) | ||||||
User Creation (Message) | Email Message. |
Info | ||
---|---|---|
| ||
Hit on the "Send Test Email" button to quickly validate and test the email settings. |
Email notification will be sent out on these important events:
Time-based One-time Password (TOTP)
OTP (One-Time Password) Email MFA