1. Home
  2. OpenKM 8.1
  3. Administration guide
  4. Configuration parameters
  5. Security configuration parameters
  1.  

OpenKM 8.1
Hardware and software requirements
Installation
Setup
Troubleshooting
Administration guide
Configuration parameters
Recommended configuration parameters
Preview parameters
LDAP configuration parameters
User interface configuration parameters
AI configuration parameters
Workflow configuration parameters
Notification configuration parameters
Document version numeration configuration
Password validation configuration
Switch application to read-only mode
Security configuration parameters
Extensions configuration parameters
Performance configuration parameters
LibreOffice configuration parameters
CSV configuration parameters
Antivirus configuration parameters
Other configuration parameters
Experimental configuration parameters
AutoCAD configuration parameters
FTP configuration parameters
Two factor authentication configuration parameters
Multi-tenant configuration parameters
File plan
Search configuration parameters
MIME types
Statistics
Metadata
Manage users and roles
Profiles
Relation types
CSS
Reports
Activity log
Automation
Stamp
AI Prompt
Crontab
OCR templates
Languages
Utilities
User guide
Migration guide
Development

Security configuration parameters

Field / PropertyTypeDescription
user.admin String

Sets the default super user id. By default super user id is okmAdmin.

okmAdmin
user.assign.document.creation Boolean

By default when a user creates a node, he is added to the node with full permissions. You can disable this behavior by setting this parameter to false. By default the parameters is set to true.

true
user.password.expiration Integer

Indicates the number of days to force user change their password, the 0 value indicates the feature is disabled.

0
user.password.reset Boolean

Sometimes the user loses or forgets their password. When this option is enabled, used in landing page have got the option to restart their password and be notified with a newer one by mail. By default this option is set to false.

false

system.antivir

String

Path to antivirus.

An antivirus can decrease perfomance, taking several seconds to analyze each document and consuming a lot of CPU resources.

security.access.manager

String

Sets security access manager determinate the way on how the security is evaluated. Default value is "simple".

Values:

  • simple.
  • recursive.
  • read_recursive.

simple

 Takes a look at Security configuration

security.search.evaluation

String

Sets the security search manager and determinates the way how the security is evaluated by search engine.

Values:

  • lucene.
  • am_more, am_window or am_limited.

 Take a look at Security configuration

security.extended.mask

Integer

Security evaluation can be extended to downloaded files, starts workflows, adds, removes or modifies property groups ( metadata ) or compact history. Default value is empty.

Values:

  • DOWNLOAD = 1024;
  • START_WORKFLOW = 2048;
  • COMPACT_HISTORY = 4096;
  • PROPERTY_GROUP = 8192;

For example to enable download and property groups you should put the mask 9216 ( 1024+8192 )

9216

 Take a look at Security configuration

security.live.change.node.limit

Integer

When security changes affect more than the values set in this property the security changes are applied as a background task.

100

 Take a look at Security configuration

system.login.lowercase

Boolean

By default is empty. In case connecting to AD ( Microsoft Active Directory ) must be set to "true", that force all users to be logged with lowercase user Id. The reason is OpenKM is case sensitive and Microsoft Active Directory not.

principal.adapter

String

You must restart OpenKM service after you change this parameter.

OpenKM can handle user access using the Spring Security framework. OpenKM needs an available method for reading users and roles, so when users are stored in a database (as is the default), the class DatabasePrincipalAdapter does this job.

com.openkm.plugin.principal.DatabasePrincipalAdapter

If you configure OpenKM to authenticate against an LDAP server, you need to configure another principal adapter like LdapPrincipalAdapter.

More information at:

principal.identifier.validation

String

Sets a regular expression to validate on the creation of user names and roles names.

^[a-zA-Z0-9_]+$

Regular expression sample for Arabic:

^[\u0600-\u06FF]+$

This parameter only can be used in combination with "principal.adapter" parameter value "com.openkm.plugin.principal.DatabasePrincipalAdapter".

browser.password.autocompletion

Boolean

By default it is true (allowed autocompletion). This paremeter allows to disable the autocompletion of the password in the login frame. This is a security messure in not trusted clients.

default.security.recursive.role

String

Set the role what is used to identify what users are able to set recursive security.

ROLE_SECURITY_RECURSIVE

secure.file.delete

Boolean

Enable safe file delete from the file system. The process ensures the document might be recovered later from the file system.

false

security.login.failed.attempts

Integer

Number of login failure attemps before the user will be locked. Value 0 indicates unlimited failure attemps and the user will never be locked.

0

default.task.manager.admin.role

String

Set the role that is used to identify what users can manage all the OpenKM task.

ROLE_TASK_MANAGER_ADMIN

default.version.admin.role

String

Set the role that is used to identify the users who can change the version of a node.

ROLE_VERSION_ADMIN

default.user.hidden.role

String

Set the role that is used to identify the users hidden in the user list.

ROLE_USER_HIDDEN

 

Table of contents [ Hide Show ]

© OpenKM kcenter v.1.0.0 (build: d51a7b0). All Rights Reserved. Documentation license