Is there a way to force all the users to change their password once every six months?. I am using Plone 4.2 on a linux box.This is primarily for security purposes. Help will be appreciated. Thanks
A good starting point for a PAS plugin would be Products.LoginLockout. It intercepts already the authentication process and deals with aspects like password-entered-N-times-wrong. In addition it stores already information about login time etc...it should not be so hard to extend.
There is no already-existing add-on that does this, but you could write one yourself. Core documentation for Plone's "Pluggable Authentication Service" is at http://collective-docs.readthedocs.org/en/latest/members/pluggable_authentication_service/index.html.
Related
How to integrate Magnolia CMS with Keycloak?
I need to have a Single Sign On with Keycloak, but haven't found a way (so far I was examining the configuration documentation and wiki pages for Magnolia).
I'm very new to Magnolia so this actually might be a noob question.
As a side note: Might not be best starter task if you are very new. Consider getting training where authentication and it's configuration is explained at length.
As for the task at hand, you would want to write your own authentication module and place it in the chain of JAAS modules Magnolia/Tomcat will evaluate when authenticating users.
There is similar module written looong time ago for NTLM based authentication that you can take as a blueprint (assuming you are enterprise customer and have access to enterprise code) for what you want to achieve. Otherwise, there's only stuff that is on documentation that might help.
- NTLM Module
- General security documentation
Might be frustrating starting experience tho.
Within a Symfony2 application I'm building I've managed to get user account creation, login, updating profile working using bootstrap for the frontend and 'out of the box' Symfony2 for the rest. I need to add the ability for users to reset their passwords and/or have email sent with a generated password. I'll preface these questions with the fact I am new to developing in Symfony2. My questions are 1) Do I try and use FOSUserBundle in parallel with code I have already written or 2) Are there ways to implement this without FOSUserBundle. These are questions are really coming from a place of not knowing any better.
Thank you in advance.
I'm not a symfony guy but I only know that Symfony embraces the "don't reinvent the wheel" philosophy. Symfony itself is a collection of bundles. If this is your first time with a web framework I can tell that you've passed a lot of time and effort implementing something that other developers offered to you. Believe me if you want to build something powerful and standardized FOSuserbundle will undoubtedly satisfy your need.
Always sad to see a genuinely asked question downvoted.
#Brent was a Symfony novice myself and in many ways probably still am. I wouldn't say Symfony embraces "don't reinvent the wheel" but rather "speed up app development". I am sure you can take days searching Stackoverflow and find possible (probably a little bit outdated) solutions to your problem or do as #AzizFCB suggested and use a ready Symfony bundle, in fact, the most widely used and adopted Symfony bundle. Unless your app's core activity is solving people's login and forgot password problems. I would strongly advise to use FOSUserBundle, solve that problem in a few hours importantly including updates (especially security) that you don't need to manage (but if you can please contribute to) and focus your efforts on coding your apps core activity(s).
I am a little confused as to how the identity framework works. For example in VS 2013 we can create an MVC application that the authentication is individual user accounts. Once we create it we can register with a username and password. But what if we wanted to have also a DOB in the registration or some other fields such as email or phone etc? Can we do this with the identity framework? What about the way the data base is structured, can we have a custom structure? Or if I want this should I be using forms authentication? Also what is the difference between the Identity framework and Forms authentication in terms of authentication?
Although your post has already been marked as answered, I’d like to add a little more info for future readers.
The first thing we need to understand with VS and Microsoft is that they’ve always tried to provide us with Templates to help us get started. There are many Pros and Cons to using Templates but the idea is that it gets you started quickly without having to manually include stuff yourself.
The idea of Templates is great but to the untrained eye, it provides Microsoft an opportunity to include stuff that THEY think you’ll need or better yet, what your application will need.
This opportunity includes promoting products such as Identity, Knockout.js etc...
In short, Microsoft is not wrong in doing that since the majority of the people do not second guess what is included in their project and because they…well…trust Microsoft.
A great analogy is when you purchase a new computer from a major retailer. When you arrive home and start your computer, you quickly notice that you have a bunch of pre-installed software running in the background (that you never asked for).
To the untrained eye, they will never realize that these are running in the background and their computer will work regardless. But for someone that is aware, he will most likely uninstall all of them and have a cleaner plate.
So Templates are similar to this...
As for the rest of your questioning, I’m sure by now you’ve found the answers.
Even though Microsoft sells ASP Identity as a single solution, Forms Authentication and Identity (Membership) are two distinct frameworks that work together, but serve different purposes:
Forms Authentication manages authentication session/cookies.
Membership/Identity is the store for user information (credentials, user demographics, etc.)
Look here for some additional information and links.
2 years ago i was using mysql security providers [membership,role] from code-project article:
http://www.codeproject.com/KB/database/mysqlmembershipprovider.aspx
do we still need that or the current mysql-connector provide that? i saw something called [MySql.Web.dll] so is that a replacement or not!
please en-light and guide me,
thanks,
You can use the MySQL Providers. They work great. No need for other providers. The advantage of your custom provider is maybe just more flexibility.
We customized our own provider, so we cannot switch.
Not sure what more you wanna know?
I believe you still need a third party or custom build provider to connect to a MySQL database, check out http://schleichermann.wordpress.com/2009/10/21/asp-net-mysql-membership-provider/. This will walk you through using MySQL .Net connectors
EDIT you can of course use the link you've provided in your question as well. I'm just not sure how out of date that might be.
When my user registers in Drupal and his account is created, I'd like to be able to create an account in a 3rd-party system (e.g. some moodle site).
Is that possible with an existing module? If not, what would be the preferred way to add this functionality?
You'll need to create a new custom module and implement the hook_user().
Specifically, you'll need to support the 'insert' operation, but of course you could add support for many others (such as delete or update) so you can manage users from your Drupal installation as well.
BTW: no existing module will couple exactly with your system, unless you're referring to a 3rd party application - in which case it'd help if you could tell us which one you're using :)
I second Sebs suggestion of using hook_user() for this, either after the fact on the 'insert' action, or upfront on 'validate', or on both, depending on how you need to deal with an eventual failure of Drupal itself or the 3rd-party-system.
Also, given your other question in this context, it looks like you might be interested in the following posts/discussions concerning external authentication in general:
Distributed Authentication changes (A short note/description of changes compared to Drupal-5)
Refactor distributed auth out of user.module (lengthy but informative discussion leading to the current state of things)
External Authentication in Druapl 6 (Some user experiences with the current state)
You might also want to take a look at the OpenID integration in Drupal core as a somewhat 'authoritative' source of examples.
You might also check out the Moodle module for Drupal. I used it a couple years ago and it was kind of a headache, but I'd guess that it's come a long way since then.
Interestingly, they recommend using OpenID to manage users between the sites. That may be easier than implementing your own hook_user instance if you aren't very comfortable writing Drupal modules. Just a thought.