Security configuration parameters
| Field / Property | Type | Description |
|---|---|---|
| user.admin | String |
Sets the default super user ID. By default, the super user ID is okmAdmin. okmAdmin |
| user.assign.document.creation | Boolean |
By default, when a user creates a node, they are added to the node with full permissions. You can disable this behavior by setting this parameter to false. By default, the parameter is set to true. true |
| user.password.expiration | Integer |
Indicates the number of days to force the user to change their password; a value of 0 indicates the feature is disabled. 0 |
| user.password.reset | Boolean |
Sometimes the user loses or forgets their password. When this option is enabled, the landing page provides the option to reset their password and to be notified by mail with a new one. By default, this option is set to false. false |
|
system.antivir |
String |
Path to the antivirus. An antivirus can decrease performance, taking several seconds to analyze each document and consuming a lot of CPU resources. |
|
security.access.manager |
String |
Sets the security access manager that determines how security is evaluated. The default value is "simple". Values:
simple Take a look at Security configuration |
|
security.search.evaluation |
String |
Sets the security search manager and determines how the security is evaluated by the search engine. Values:
Take a look at Security configuration |
|
security.extended.mask |
Integer |
Security evaluation can be extended to downloaded files, adding, removing, or modifying property groups (metadata), or compacting history. The default value is empty. Values:
For example, to enable download and property groups, you should use the mask 9216 (1024+8192). 9216 Take a look at Security configuration |
|
security.live.change.node.limit |
Integer |
When security changes affect more than the value set in this property, they are applied as a background task. 100 Take a look at Security configuration |
|
system.login.lowercase |
Boolean |
By default it is empty. When connecting to AD (Microsoft Active Directory) it must be set to "true", which forces all users to log in with a lowercase user ID. The reason is that OpenKM is case sensitive, and Microsoft Active Directory is not. |
|
principal.adapter |
String |
You must restart the OpenKM service after you change this parameter. OpenKM can handle user access using the Spring Security framework. OpenKM needs an available method for reading users and roles, so when users are stored in a database (as is the default), the class DatabasePrincipalAdapter does this job. com.openkm.plugin.principal.DatabasePrincipalAdapter If you configure OpenKM to authenticate against an LDAP server, you need to configure another principal adapter like LdapPrincipalAdapter. More information at: |
|
principal.identifier.validation |
String |
Sets a regular expression to validate the creation of user names and role names. ^[a-zA-Z0-9_]+$ Regular expression sample for Arabic: ^[\u0600-\u06FF]+$ This parameter can only be used in combination with the "principal.adapter" parameter value "com.openkm.plugin.principal.DatabasePrincipalAdapter". |
|
browser.password.autocompletion |
Boolean |
By default, it is true (autocompletion allowed). This parameter allows disabling password autocompletion in the login frame. This is a security measure on untrusted clients. |
|
default.security.recursive.role |
String |
Sets the role that is used to identify which users are able to set recursive security. ROLE_SECURITY_RECURSIVE |
|
security.login.failed.attempts |
Integer |
The number of failed login attempts before the user is locked. A value of 0 indicates unlimited failure attempts, and the user will never be locked. 0 |
