Security configuration parameters
| Field / Property | Type | Description |
|---|---|---|
| user.admin | String |
Sets the default super user id. By default super user id is okmAdmin. okmAdmin |
| default.user.role | String |
Sets the default general connection role. Any user to successfully login in the screen needs to have default.user.role or default.admin.role, otherwise will get 403 error. ROLE_USER |
| default.admin.role | String |
Sets the default administration connection role. This role will get users access to Administration tools. Any user to successfully login in the screen need to have default.user.role or default.admin.role, otherwise will get 403 error. ROLE_ADMIN |
| user.assign.document.creation | Boolean |
By default when a user creates a node, he is added to the node with full permissions. You can disable this behavior by setting this parameter to false. By default the parameters is set to true. true |
| user.password.expiration | Integer |
Indicates the number of days to force user change their password, the 0 value indicates the feature is disabled. 0 |
| user.password.reset | Boolean |
Sometimes the user loses or forgets their password. When this option is enabled, used in landing page have got the option to restart their password and be notified with a newer one by mail. By default this option is set to false. false |
|
system.antivir |
String |
Path to antivirus. An antivirus can decrease perfomance, taking several seconds to analyze each document and consuming a lot of CPU resources. |
|
security.access.manager |
String |
Sets security access manager determinate the way on how the security is evaluated. Default value is "simple". Values:
simple Takes a look at Security configuration |
|
security.search.evaluation |
String |
Sets the security search manager and determinates the way how the security is evaluated by search engine. Values:
Take a look at Security configuration |
|
security.extended.mask |
Integer |
Security evaluation can be extended to downloaded files, starts workflows, adds, removes or modifies property groups ( metadata ) or compact history. Default value is empty. Values:
For example to enable download and property groups you should put the mask 9216 ( 1024+8192 ) 9216 Take a look at Security configuration |
|
security.live.change.node.limit |
Integer |
When security changes affect more than the values set in this property the security changes are applied as a background task. 100 Take a look at Security configuration |
|
system.login.lowercase |
Boolean |
By default is empty. In case connecting to AD ( Microsoft Active Directory ) must be set to "true", that force all users to be logged with lowercase user Id. The reason is OpenKM is case sensitive and Microsoft Active Directory not. |
|
principal.adapter |
String |
You must restart OpenKM service after you change this parameter OpenKM can handle user access using the Spring Security framework. OpenKM needs an available method for reading users and roles, so when users are stored in a database (as is the default), the class DatabasePrincipalAdapter does this job. com.openkm.core.DatabasePrincipalAdapter If you configure OpenKM to authenticate against an LDAP server, you need to configure another principal adapter like LdapPrincipalAdapter. More information at: |
|
principal.identifier.validation |
String |
Sets a regular expression to validate on the creation of user names and roles names. ^[a-zA-Z0-9_]+$ This parameter only can be used in combination with "principal.adapter" parameter value "com.openkm.core.DatabasePrincipalAdapter". |
|
browser.password.autocompletion |
Boolean |
By default it is true (allowed autocompletion). This paremeter allows to disable the autocompletion of the password in the login frame. This is a security messure in not trusted clients. |
|
user.password.remember |
Boolean |
By default it is false. When it is enabled a checkbox appears in the login form where you can decide if you are going to be remembered or not. This means that you won't be asked for user and password next time you access OpenKM, unless you make a logout from File > Logout. This configuration does not work with LDAP integration. Anyway, if yor OpenKM is configure with LDAP integration, take a look at LDAP troubleshooting which contains information about solving this incompatibility. |
|
default.security.recursive.role |
String |
Set the role what is used to identify what users are able to set recursive security. ROLE_SECURITY_RECURSIVE |
|
default.task.manager.admin.role |
String |
Set the role what is used to identify what users are able to manage all the OpenKM task. ROLE_TASK_MANAGER_ADMIN |
