accessmanager

This configuration is required.

  • Documentation

  • YAML Format

  • XML Format

Fill relevant inputs (blue boxes) and click the blue bars on the left to copy XML configuration snippets.
<userRegistry
>
required
<passwordEncryptor
>
optional
string

Encryption class of the password.

</passwordEncryptor>
<userNameHandling
>
optional
string

Username transformation settings:

  • toUpperCase - The username will be automatically transformed to upper case before login

  • toLowerCase - The username will be automatically transformed to lower case before login

  • default - The username will not be transformed. Thus, it is handled by Cadenza in a case-sensitive way

Note: The password is always case-sensitive.

</userNameHandling>
<userSuggestion
<providers
<provider
xsd:string
OAuth
LDAP
CadenzaDb
Embedded
>
optionalmax. unbounded

A user provider type to include in suggestions.

</provider>
>
optional

List of user providers to include in user suggestions.

</providers>
>
optional

Specifies the user providers whose users will be shown in user pickers. Default: all user providers; if empty: no user provider.

</userSuggestion>
<userPrintNameSuggestion
<providers
<provider
xsd:string
OAuth
LDAP
CadenzaDb
Embedded
>
optionalmax. unbounded

A user provider type to include in suggestions.

</provider>
>
optional

List of user providers to include in user suggestions.

</providers>
>
optional

Specifies the user providers whose users will be shown with their real names in user pickers. (User providers must also be listed in userSuggestion.) Default: all user providers; if empty: no user provider.

</userPrintNameSuggestion>
<additionalLoginHelpLink
>
optional

DEPRECATED: This configuration is not used in Cadenza anymore.

<url
>
required
string

DEPRECATED: This configuration is not used in Cadenza anymore.

</url>
<label
>
required
string

DEPRECATED: This configuration is not used in Cadenza anymore.

</label>
</additionalLoginHelpLink>
<autoLoginUserName
xsd:string
systemVariable
optional
=
boolean
>
optional

DEPRECATED: This configuration is not used in Cadenza anymore

</autoLoginUserName>
<securityPolicies
<allowedLoginAttempts
>
optional
int

Number of possible failed attempts before a user is locked.

</allowedLoginAttempts>
<allowedChangesIn24Hours
>
optional
int

Number of password changes allowed within 24 hours.

</allowedChangesIn24Hours>
<minimumNumberOfPreviousDifferentPasswords
>
optional
int

Number of previous passwords that must be different from the new password. This only applies to passwords that are changed via the menu. Changes within the user management component for administrators are not affected.

</minimumNumberOfPreviousDifferentPasswords>
<passwordExpirationTimeInDays
>
optional
int

Number of days a password can be used.

</passwordExpirationTimeInDays>
<warnBeforePasswordExpirationInDays
>
optional
int

Number of days before password expiration from which on the user receives a warning on login.

</warnBeforePasswordExpirationInDays>
<allowedUserInactiveTimeInDays
>
optional
int

Number of days after a successful login in which a user must successfully log in again to prevent being locked.

</allowedUserInactiveTimeInDays>
<forbidUsageOfPasswordsSetByAdmin
>
optional
boolean

true to forbid a user to use a password set by an administrator a second time. It has to be changed after first usage. false to allow a user to use a password set by an administrator more than once.

Default: false

</forbidUsageOfPasswordsSetByAdmin>
<newPassword
>
optional

Specification settings for a new password.

<minimumLength
>
optional
int

Minimum number of characters in a password.

</minimumLength>
<minimumLetters
>
optional
int

Minimum number of letters in a password.

</minimumLetters>
<minimumDigits
>
optional
int

Minimum number of digits in a password.

</minimumDigits>
</newPassword>
<comparedToPreviousPassword
>
optional

Specification settings for a new password compared to the previous password.

<minimumChangedCharacters
>
optional
int

Minimum number of positions where characters of the old password must be changed.

</minimumChangedCharacters>
<minimumChangedLetters
>
optional
int

Minimum number of positions where (different) letters must be in the new password.

</minimumChangedLetters>
<minimumChangedDigits
>
optional
int

Minimum number of positions where (different) digits must be in the new password.

</minimumChangedDigits>
</comparedToPreviousPassword>
>
optionalmax. 1

Security policy settings for users that are saved in the database.

</securityPolicies>
<polling
enabled
optional
=
boolean
<duration
>
required
duration

ISO 8601 Duration Format

Format: P[n]Y[n]M[n]DT[n]H[n]M[n]S

  • P is the duration designator (period) placed at the start of the duration representation
  • Y is the number of years
  • M is the number of months
  • D is the number of days
  • T is the time designator that precedes the time components
  • H is the number of hours
  • M is the number of minutes
  • S is the number of seconds

Examples:

  • PT5M - 5 minutes
  • PT1H30M - 1 hour and 30 minutes
  • P1D - 1 day
  • P1Y2M3DT4H5M6S - 1 year, 2 months, 3 days, 4 hours, 5 minutes, and 6 seconds
</duration>
>
optionalmax. 1

DEPRECATED: This configuration is not used in Cadenza anymore

</polling>
<changelog
enabled
optional
=
boolean

true to activate the change log. false to deactivate the change log.

Default: false

>
optionalmax. 1

Settings for the change log, i.e. the logging of indirect changes to a user’s privileges in the two database schemes.

</changelog>
<authentication
>
optional

Authentication settings.

<datasource
<driverName
>
required
string

The name of the driver to use for your particular database. Some common names are:

  • For Oracle: oracle.jdbc.OracleDriver

  • For Postgres: org.postgresql.Driver

  • For H2: org.h2.Driver

  • For MS SQL Server: com.microsoft.sqlserver.jdbc.SQLServerDriver

</driverName>
<jdbcURL
>
required
string

JDBC URL of the database

Syntax:

  • For Oracle: jdbc:oracle:thin:@servername:port:sid (and also the other common syntaxes supported by Oracle)

  • For PostgreSQL: jdbc:postgresql://servername:port/instance

</jdbcURL>
<user
>
required
string

Database user to be used to establish the database connection

</user>
<password
>
required
string

Encoded password of the database user. Use the Cadenza encoder for this.

</password>
<connectionPoolSize
>
optional
int

Number of connections the connection pool may create to the database

Default: 10

</connectionPoolSize>
<connectionIdleTimeout
>
optional
int

DEPRECATED: This configuration is not used in Cadenza anymore

</connectionIdleTimeout>
<properties
<property
xsd:string
name
required
=
string

Name of the datasource property. General connection properties defined elsewhere, such as username, are not supported.

description
optional
=
string

Description of the datasource property.

>
optionalmax. unbounded

Value of a datasource property.

</property>
>
optionalmax. 1

Additional datasource properties

</properties>
>
required
</datasource>
</authentication>
<authorization
>
optional

DEPRECATED: This configuration is not used in Cadenza anymore

<datasource
<driverName
>
required
string

The name of the driver to use for your particular database. Some common names are:

  • For Oracle: oracle.jdbc.OracleDriver

  • For Postgres: org.postgresql.Driver

  • For H2: org.h2.Driver

  • For MS SQL Server: com.microsoft.sqlserver.jdbc.SQLServerDriver

</driverName>
<jdbcURL
>
required
string

JDBC URL of the database

Syntax:

  • For Oracle: jdbc:oracle:thin:@servername:port:sid (and also the other common syntaxes supported by Oracle)

  • For PostgreSQL: jdbc:postgresql://servername:port/instance

</jdbcURL>
<user
>
required
string

Database user to be used to establish the database connection

</user>
<password
>
required
string

Encoded password of the database user. Use the Cadenza encoder for this.

</password>
<connectionPoolSize
>
optional
int

Number of connections the connection pool may create to the database

Default: 10

</connectionPoolSize>
<connectionIdleTimeout
>
optional
int

DEPRECATED: This configuration is not used in Cadenza anymore

</connectionIdleTimeout>
<properties
<property
xsd:string
name
required
=
string

Name of the datasource property. General connection properties defined elsewhere, such as username, are not supported.

description
optional
=
string

Description of the datasource property.

>
optionalmax. unbounded

Value of a datasource property.

</property>
>
optionalmax. 1

Additional datasource properties

</properties>
>
required
</datasource>
</authorization>
<authenticators
>
required

Settings for authenticators. Defines the methods used for the authentication, group mapping and property mapping and their order. Multiple authenticators can be defined. If a user is not known by an authenticator, authentication is attempted with the next authenticator in the order. If the password is wrong, login fails.

Some rules should be observed when configuring these authenticators as having the wrong order may cause an authenticator to never trigger:

  • Non-interactive authenticators must come before interactive ones

  • OAuth must be named as the last SSO procedure

guestsAllowed
optional
=
boolean

true to enable guest logins, false to disable.

Default: false

disableLoginButton
optional
=
boolean

true to disable login button, false to enable. Applicable only when guestsAllowed is true.

Default: false

<authenticator
>
optionalmax. unbounded

Settings for an authenticator. They are mandatory if guest login is not used (but also can be used in combination with guest login).

refid
optional
=
string

Method or protocol for authentication. Current possible values:

  • CadenzaDb

  • LDAP

  • JWT

  • SPNEGO

  • OAuth

  • autologin-httpheader

  • Embedded

  • apikey-httpheader

<groupMapping
>
requiredmax. unbounded

A mapping of a user to user groups after successful authentication. Several group mapping variants can be specified. If assignment was not possible with the first group mapping variant, the next one will be tried. The first successful assignment will be used. If assignment was not possible with any group mapping variant, login fails.

xsd:string
refid
optional
=
string

Method or protocol for mapping. Current possible values:

  • CadenzaDb

  • LDAP

  • JWT

  • OAuth

  • Embedded

  • apikey-httpheader

</groupMapping>
<propertyMapping
>
optionalmax. unbounded

User properties that should be passed to Cadenza as user variable after successful authentication. If several propertyMappings are defined, the results of all are considered. Current possible values:

  • CadenzaDb

  • LDAP

  • JWT

  • OAuth

  • Embedded

  • UserName

xsd:string
refid
optional
=
string
</propertyMapping>
</authenticator>
</authenticators>
</userRegistry>
This is a generated sample file with fake data and all the possible options shown, refer to the Documentation tab for what combinations are valid and what is required or not. 
cadenzaconfig:
  settings:
    accessmanager:
      passwordEncryptor: "text"
      userNameHandling: "text"
      userSuggestion:
        providers:
        - "OAuth"
        - "OAuth"
      userPrintNameSuggestion:
        providers:
        - "OAuth"
        - "OAuth"
      additionalLoginHelpLink:
        url: "text"
        label: "text"
      autoLoginUserName:
        systemVariable: true
        value: "text"
      securityPolicies:
        allowedLoginAttempts: 15
        allowedChangesIn24Hours: 15
        minimumNumberOfPreviousDifferentPasswords: 15
        passwordExpirationTimeInDays: 15
        warnBeforePasswordExpirationInDays: 15
        allowedUserInactiveTimeInDays: 15
        forbidUsageOfPasswordsSetByAdmin: true
        newPassword:
          minimumLength: 15
          minimumLetters: 15
          minimumDigits: 15
        comparedToPreviousPassword:
          minimumChangedCharacters: 15
          minimumChangedLetters: 15
          minimumChangedDigits: 15
      polling:
        enabled: true
        duration: "P2DT3M"
      changelog:
        enabled: true
      authentication:
        datasource:
          driverName: "text"
          jdbcURL: "text"
          user: "text"
          password: "text"
          connectionPoolSize: 15
          connectionIdleTimeout: 15
          properties:
          - name: "text"
            description: "text"
            value: "text"
          - name: "text"
            description: "text"
            value: "text"
      authorization:
        datasource:
          driverName: "text"
          jdbcURL: "text"
          user: "text"
          password: "text"
          connectionPoolSize: 15
          connectionIdleTimeout: 15
          properties:
          - name: "text"
            description: "text"
            value: "text"
          - name: "text"
            description: "text"
            value: "text"
      authenticators:
        guestsAllowed: true
        disableLoginButton: true
        authenticator:
        - refid: "text"
          groupMapping:
          - refid: "text"
            value: "text"
          - refid: "text"
            value: "text"
          propertyMapping:
          - refid: "text"
            value: "text"
          - refid: "text"
            value: "text"
        - refid: "text"
          groupMapping:
          - refid: "text"
            value: "text"
          - refid: "text"
            value: "text"
          propertyMapping:
          - refid: "text"
            value: "text"
          - refid: "text"
            value: "text"

Filename: accessmanager-config.xml

This is a generated sample file with fake data and all the possible options shown, refer to the Documentation tab for what combinations are valid and what is required or not. 
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<userRegistry>
  <passwordEncryptor>text</passwordEncryptor>
  <userNameHandling>text</userNameHandling>
  <userSuggestion>
    <providers>
      <provider>OAuth</provider>
      <provider>OAuth</provider>
    </providers>
  </userSuggestion>
  <userPrintNameSuggestion>
    <providers>
      <provider>OAuth</provider>
      <provider>OAuth</provider>
    </providers>
  </userPrintNameSuggestion>
  <additionalLoginHelpLink>
    <url>text</url>
    <label>text</label>
  </additionalLoginHelpLink>
  <autoLoginUserName systemVariable="true">text</autoLoginUserName>
  <securityPolicies>
    <allowedLoginAttempts>15</allowedLoginAttempts>
    <allowedChangesIn24Hours>15</allowedChangesIn24Hours>
    <minimumNumberOfPreviousDifferentPasswords>15</minimumNumberOfPreviousDifferentPasswords>
    <passwordExpirationTimeInDays>15</passwordExpirationTimeInDays>
    <warnBeforePasswordExpirationInDays>15</warnBeforePasswordExpirationInDays>
    <allowedUserInactiveTimeInDays>15</allowedUserInactiveTimeInDays>
    <forbidUsageOfPasswordsSetByAdmin>true</forbidUsageOfPasswordsSetByAdmin>
    <newPassword>
      <minimumLength>15</minimumLength>
      <minimumLetters>15</minimumLetters>
      <minimumDigits>15</minimumDigits>
    </newPassword>
    <comparedToPreviousPassword>
      <minimumChangedCharacters>15</minimumChangedCharacters>
      <minimumChangedLetters>15</minimumChangedLetters>
      <minimumChangedDigits>15</minimumChangedDigits>
    </comparedToPreviousPassword>
  </securityPolicies>
  <polling enabled="true">
    <duration>P2DT3M</duration>
  </polling>
  <changelog enabled="true"/>
  <authentication>
    <datasource>
      <driverName>text</driverName>
      <jdbcURL>text</jdbcURL>
      <user>text</user>
      <password>text</password>
      <connectionPoolSize>15</connectionPoolSize>
      <connectionIdleTimeout>15</connectionIdleTimeout>
      <properties>
        <property name="text" description="text">text</property>
        <property name="text" description="text">text</property>
      </properties>
    </datasource>
  </authentication>
  <authorization>
    <datasource>
      <driverName>text</driverName>
      <jdbcURL>text</jdbcURL>
      <user>text</user>
      <password>text</password>
      <connectionPoolSize>15</connectionPoolSize>
      <connectionIdleTimeout>15</connectionIdleTimeout>
      <properties>
        <property name="text" description="text">text</property>
        <property name="text" description="text">text</property>
      </properties>
    </datasource>
  </authorization>
  <authenticators guestsAllowed="true" disableLoginButton="true">
    <authenticator refid="text">
      <groupMapping refid="text">text</groupMapping>
      <groupMapping refid="text">text</groupMapping>
      <propertyMapping refid="text">text</propertyMapping>
      <propertyMapping refid="text">text</propertyMapping>
    </authenticator>
    <authenticator refid="text">
      <groupMapping refid="text">text</groupMapping>
      <groupMapping refid="text">text</groupMapping>
      <propertyMapping refid="text">text</propertyMapping>
      <propertyMapping refid="text">text</propertyMapping>
    </authenticator>
  </authenticators>
</userRegistry>