Im using Alfresco community version 5.2 and i have to immediately implement password policy as to disable user after 3 unsuccessful login attempts in alfresco for 1 hr.
can any please help how to proceed
There is webscript which is responsible for login.Below are 2 file which are responsible for the same.You need to maintain counter on server side.Once this counter increases your specified limit.You can call webscript which will disable account.
login.get.html.ftl
login.js
How to create repository webscript is explained in below lik.
http://www.krutikjayswal.com/2016/10/alfresco-webscript-spring-webscript.html
Regarding disabling account, please check below link.You can use this api in javascript controller.
http://docs.alfresco.com/4.0/references/API-JS-disableAccount.html
Related
Is there a way to make admin not able to delete user from Active Directory? I need to disable this feature some how in global properies or else. I want admin only to create users,edit them and disable them, but not delete. The version of Alfresco is Community 5.2. Thanks in advance.
I guess you mean the other way around:
Is there a way to prevent admin from deleting users which have been created by ldap sync?
or do you mean:
Is there a way to revoke permission to delete any user?
Do you understand the difference between a user which has been created by ldap sync and a user manually created in the Alfresco admin UI?
There is no (easy and supported) way I know of to restrict admin permissions or for a member of the group ALFRESCO_ADMINISTRATORS. The ROLE_ADMINISTRATOR has always any permission.
There maybe a way to achieve what you expect in a customization module implementing a new behavior which disallows user deletion in a specific zone or by creating your own permissionGroups/permissions in a customPermissionDefinitions, setting the new introduced permissions on the user zones to specific groups but that kind of customization would be hard to maintain on later updates/upgrades.
EDIT:
What is your use case for allowing (end) users to create new users inside Alfresco although you have an user directory (AD) in place?
If your aim is to support external users, managed by specific internal user groups you may add another directory like samba4 which your internal users may get permissions to create/delete users (that's what we actually do from/thru our CRM system) or if you prefer integrations with OAuth2 providers such as Google, Facebook, Github you may take a look on the Spring Cloud Gateway for the Alfresco platform project
I am going over to a Wordpress and my WP plugin is asking me about "Authentication Code" And I have no idea where to find it.
Without the plugin name it is hard for me to determine what specific authentication code is needed, so I'll assume that you mean the OAuth Client ID. Please, forgive me if I am mistaken. You can generate a new OAuth Client ID following this steps:
Open Google Cloud Console and select your project.
Go to Navigation menu ⮞ APIs & Services ⮞ Credentials.
Select +Create credentials ⮞ OAuth client ID at the top.
You'll be prompted to select an application type. In case of a Wordpress plugin you need to choose Web application and give it a descriptive name.
Click on +ADD URI and include your webpage URL. This action will whitelist your webpage to authorize this OAuth client.
Tick Create to finish the process and annotate your client ID and secret.
With this procedure you would have created an OAuth client ID and its secret. Now we can take this client/secret pair and use it to request an authorization code over some Calendar API scopes.
After getting an authorization code, you can ask Google to exchange it for a pair of refresh and access tokens that you can use on every call to the Calendar API.
Following these steps you would have created every authentication code possible, you just need to determine which one is the required for that specific plugin. Please, don't hesitate to ask me any additional doubts.
By taking reference from this post and I am successful in authenticating the user. But this post does not authenticate new users that are not present in alfresco. I have also explored SSOAuthenticationFilter.java to find how alfresco creates user when external authentication subsystem is used but not able figure out how the creation of user takes place in the mentioned subsystem. It would be great if anyone could provide the way to create and authenticate user that are not present in alfresco.
Which version of Alfresco do you use ?
Recent version provide a similar function, please take a look to : http://docs.alfresco.com/community/concepts/auth-basics.html
The only thing you need to need is define the header name in your global properties files.
About the new user creation, in Alfresco behaviour it's based on the synchronization.syncWhenMissingPeopleLogIn properties : http://docs.alfresco.com/community/concepts/sync-props.html
When an unknown user try to loggin Alfresco will trigger a synchronization.
Y.
I am building phonegap application to show post and other pages. Logged in users can only access these pages. So, I am creating login system in phonegap with wordpress api. I am using json api,json api user for api.
After username, password entered in login form authentication cookie is generated by 'generate_auth_cookie' api and stored in local storage. It is stored as 'wordpress_logged_in_5....'=>'username|1453458845|J500gDe.....'
I am struck here. Please tell me the next steps after this. Also I need to check the user is logged in on every api call.
FOR JSON API LOGIN
Method: generate_auth_cookie
First get the nonce: http://localhost/api/get_nonce/?controller=user&method=generate_auth_cookie
Then generate cookie: http://localhost/api/user/generate_auth_cookie/?username=john&password=PASSWORD-HERE
Method: validate_auth_cookie
It needs 'cookie' var.
http://localhost/api/user/validate_auth_cookie/?cookie=admin|43089754375034fjwfn39u8
so when user sent req. of login that time you need to create nonce and then gen. auth cookie and so on. and if all good then log in to user. and save it to your site. so once user click on logout. there session will be removed.
you can also set session from here
generate cookie for 1 minute: http://localhost/api/user/generate_auth_cookie/?username=john&password=PASSWORD-HERE&seconds=60
60 means 1 minute.
details
https://wordpress.org/plugins/json-api-user/other_notes/
OR
TRY - WP REST API V2
http://v2.wp-api.org/
downlaod plugin and install it.
https://wordpress.org/plugins/json-rest-api/
just type /wp-json/wp/v2/posts in end of your site url and you will get all post.
for get all post
www.mysite.com/wp-json/wp/v2/posts
For the search functionality - search test post
/wp-json/wp/v2/posts?filter[s]=test
much more details from this link http://v2.wp-api.org/reference/posts/
Note for best result use latest version of WP
so using this you can easily get post page etc.
After referring so many forums, I am able to authenticate and sync active directory users to alfresco. The problem is we have more than 25,000 users and rite now we are planning to open alfresco only for selected users. Whenever someone search people they will be finding all the 25,000 users who are not even using alfresco. My It team is not willing to create seperate group for these selected members. Is it possible to sync only users who are logged in.
I am using alfresco 4.2e Binary Installation. Windows 7 64 bit.
The most easiest way would be to distinct users to sync via LDAP query.
You could find this link useful.
This scenario should do it:
enable ldap authentication
configure the authenication chain to include Alfresco and LDAP. This will ensure to try to authenticat against both systems. e.g.
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap-ad1:ldap-ad
disable sync
# This flag enables use of this LDAP subsystem for user and group
# synchronization. It may be that this subsytem should only be used for
# authentication, in which case this flag should be set to false.
ldap.synchronization.active=false
If you start Alfresco the very first time there is no user in Alfresco. Depending on your strategy how to control the user creatioin you could ether:
create user manual
If you're running on linux the easiest way would be to use the alfresco-shell-tools otherwise you could use the csv-import feature in the user admin. The trick is to use the same username so Alfresco will try to authenticat against both systems before it fails.
create user on first login
Another way is to enable implicit user creation on first login. This isn't my recommendation since you will get trouble later because the user has no email address configured / no user info is synced. (This way is not tested - if this doesn't work you may define a sync query which doesn't return users to enable sync)
synchronization.autoCreatePeopleOnLogin=true
you will get the auto-creation of people who were successfully authenticated but weren't brought in by the sync
you need to add/change this line also on ldap-authentication.properties :
ldap.authentication.active=true
ldap.synchronization.active=false
ldap.synchronization.autoCreatePeopleOnLogin=false
synchronization.syncOnStartup=false
synchronization.syncWhenMissingPeopleLogIn=false
and add on alfresco-global.properties :
create.missing.people=false