Page History
...
Session Idle Timeout
(Default: 15 minutes)- If users are inactive for the given number of seconds then the user session expires and is terminated. Users can specify credentials and login to create a new user session.
- Should the lifetime of an access token provided by an external Identity Service be different from the maximum idle-timeout, then the JOC Cockpit will try to renew the access token with the Identity Service. Renewal of an access token does not require the user to re-specify their login credentials.
- Identity Services can restrict the lifetime of access tokens (time to live) and they can limit renewal of access tokens (maximum time to live). If an access token cannot be renewed then the user session is terminated and the user is required to perform a login.
Initial Password
(Default: initial)- If an administrator adds user accounts with the JOC Cockpit and does not specify a password then the
Initial Password
will be used. As a general rule the JOC Cockpit does not allow the use of empty passwords but populates them with theInitial Password
if a password is not specified by the user adding or modifying the account. - In addition, the operation to reset a user account's password is available. This replaces an existing password with the
Initial Password
. - If the
Initial Password
is assigned, then a flag is set for the user account to indicate that the password has to be changed with the next login. This behavior ensures that users cannot use theInitial Password
except for an initial login.
- If an administrator adds user accounts with the JOC Cockpit and does not specify a password then the
Minimum Password Length
(Default 0)- For any passwords specified - including the
Initial Password
- a minimum length is specifiedindicated. - Note that the number of characters and arbitrariness of character selection are key factors for secure passwords. Password complexity requiring e.g. digits and special characters to be used do not substantially add to password security except in case of short passwords.
- For any passwords specified - including the
Settings specific to Individual Identity Services
These settings Settings are explained for each Identity Service individually:
- JS7 - JOC Identity Service (does not require any no settings required)
- JS7 - LDAP Identity Service
- JS7 - OIDC Identity Service
- JS7 - Certificate Identity Service
- JS7 - FIDO2 Identity Service
- JS7 - HashiCorp® Vault Identity Service
- JS7 - Keycloak Identity Service
- JS7 - Shiro Identity Service (does not require no settings required)
Processing of Identity Services
...
Overview
Content Tools