accessmanager
The AccessManager allows the operation of Cadenza with user management. It can be configured here. For Cadenza Desktop and Cadenza Web, separate configuration files are required in the following directories: Cadenza Desktop: <cadenza_home>/CadenzaDesktop/config/ Cadenza Web: <cadenza_home>/CadenzaWeb/cadenza-config/ . Important: As they contain security relevant data (database connections, URL, usernames, passwords), these files must not be accessible by the client (i.e. via URL query) and therefore must be excluded from the directories. Note: Global Cadenza variables and system variables may be used in this file.
toUpperCase - The username will be automatically transformed to upper case before login. toLowerCase- The username will be automatically transformed to lower case before login. default - The username will not be transformed. Thus, it is handled by Cadenza in a case-sensitive way. Note: The password is always case-sensitive.
Specifies the user providers whose users will be shown with their real names in user pickers. (User providers must also be listed in userSuggestion.) Default: all user providers; if empty: no user provider.
Settings for an additional button in the login dialog. If Cadenza Desktop is started with user management, the login dialog shows the user name and password fields by default. To give users access to information about support, maintenance etc., you can integrate an additional button that opens a given URL in the browser.
Label text of the button. One of its letters can be used for operation using a keyboard shortcut (ALT + letter key). To set this, the letter must be preceded by an ampersand (&). It might be necessary to write the ampersand according to the XML encoding used, e.g. as &. Examples: &Help or &Help, if H is the shortcut letter.
true to define that the value of <autoLoginUserName> should only include the variable name without $SYSTEM{} syntax. In this case, the variable is resolved when needed on client side when running in client/server mode. The setting has no effect in standalone mode. false to define that the value of <autoLoginUserName> must be embedded into the $SYSTEM{} syntax.
Default: false
To log in to Cadenza, you can use the same username that was previously used to log in to the operating system (system variable USERNAME on Windows or USER on Linux). Attention: Please note that configuring this feature is a security risk. Anyone who logs in to your computer can access Cadenza. Example: $SYSTEM{USERNAME}.
Number of previous passwords that must be different from the new password. This only applies to passwords that are changed via the menu. Changes within the user management component for administrators are not affected.
true to forbid a user to use a password set by an administrator a second time. It has to be changed after first usage. false to allow a user to use a password set by an administrator more than once.
Default: false
Specification settings for a new password.
Specification settings for a new password compared to the previous password.
Security policy settings for users that are saved in the database.
DEPRECATED: Principal update polling has been replaced by messaging. For single-node installations, no further configuration is necessary. For clusters consisting of several Cadenza application servers using the same user management databases, consider enabling the 'Message_Broker' plugin and configuring 'messagebroker-config.xml' accordingly.
Authentication settings.
DEPRECATED: 'connectionIdleTimeout' has been deprecated and should be removed. Due to improvements in connection pooling, Cadenza works with fixed-size connection pools, so the 'connectionIdleTimeout' setting no longer has any effect. A future Cadenza version may fail to start if the configuration is still present.
Additional datasource properties
DEPRECATED: This used to configures the authorization database schema for the Classic authorization database. Classic authorization has been removed with Cadenza 10, and all authorizations stored in the configured authorization database will be ignored. A future Cadenza version may fail to start if the configuration is still present.
DEPRECATED: 'connectionIdleTimeout' has been deprecated and should be removed. Due to improvements in connection pooling, Cadenza works with fixed-size connection pools, so the 'connectionIdleTimeout' setting no longer has any effect. A future Cadenza version may fail to start if the configuration is still present.
Additional datasource properties
Settings for authenticators. Defines the methods used for the authentication, group mapping and property mapping and their order. Multiple authenticators can be defined. If a user is not known by an authenticator, authentication is attempted with the next authenticator in the order. If the password is wrong, login fails.
Some rules should be observed when configuring these authenticators as having the wrong order may cause an authenticator to never trigger: - Non-interactive authenticators must come before interactive ones - OAuth must be named as the last SSO procedure
true to disable login button, false to enable. Applicable only when guestsAllowed is true.
Default: false
Settings for an authenticator. They are mandatory if guest login is not used (but also can be used in combination with guest login).
Method or protocol for authentication. Current possible values: CadenzaDb, LDAP, JWT (only for Cadenza Web), SPNEGO (only for Cadenza Web), OAuth (only for Cadenza Web), autologin-httpheader (only for Cadenza Web).
A mapping of a user to user groups after successful authentication. Several group mapping variants can be specified. If assignment was not possible with the first group mapping variant, the next one will be tried. The first successful assignment will be used. If assignment was not possible with any group mapping variant, login fails.
Method or protocol for mapping. Current possible values: CadenzaDb, LDAP, JWT (only for Cadenza Web), OAuth (only for Cadenza Web).
A user property from the Cadenza user management or LDAP that should be passed to Cadenza as user variable after successful authentication. If several propertyMappings are defined, the results of all are considered.