Database Authentication for Engineers

Setting the User Name and Password

The user name and password are provided in the engineer data (navigation group Access and Roles, navigation item Engineers, see Engineers). The following fields are relevant for database authentication:

• Login:
  Mandatory. This field contains the account name which has to be entered on the login page of the Web Client. Please use only international alphabetic and numeric characters, no blanks, punctuation marks, or special characters such as umlauts, hyphens, or the like.
• Email:
  Mandatory. The engineer's email address. Please use only international alphabetic and numeric characters, hyphens, underscores, periods, and the @ sign. The entry of multiple email addresses in one line is not allowed.
• Password:
  Mandatory. The engineer's password is mandatory. Please use only international alphabetic and numeric characters, and punctuation marks, do not use any special characters such as, e.g., umlauts. The password entered will be shown as a string of asterisks. Please see section Configuring the Password Policy for information about the optional password policy.

Configuring the Password Policy

This configuration is optional.

The following system properties can be used to implement a certain password policy. All following system properties are located in the module cmas-core-security. (For details about system properties, please refer to the section System Properties.)

• policy.password.pattern (String)
  RegEx pattern for the password, default value: “^.3,$” (at least 3 characters)
  Example: “^(?=.*[A-Z])(?=.*[0-9])(?=.*[a-z]).{5,}$” (at least 5 characters, at least one upper case letter, one lower case letter and one number)
• policy.password.age (Integer)
  Maximum validity period, in number of days, example 183 (6 months), default value: 5500 (= 15 years, i.e., no password change enforced).
• policy.rotation.ratio (Integer)
  This defines the number of previous passwords which may not be identical, example and default value: 1.
• policy.username.case.sensitive (Boolean)
  Defines whether the password is case-sensitive. Example and default value: true. Note that this setting is affected by the MySQL collation setting and needs the correct collation to work properly with MySQL.

Resetting an Engineer's Password

If an engineer has forgotten his password, he can request a new password by using the link Forgot your password on the initial login page. An email with a link to a URL where the engineer can set the new password is sent to the engineer.

Please note that this can only work if a valid email account is available for this engineer and if the respective value has been entered as email for the engineer in the engineer data!

The email which is sent to the engineer is based on the template password-reset-template which is stored in the Templates section of the Admin Tool. Please see section Admin Tool Templates for a detailed explanation of templates in general and section Password Reset Template for Engineers in the Web Client for details about the engineer password reset.

The password reset in the Web Client is only possible if the standard authentication mode is used. It is not possible if LDAP or Kerberos authentication is in operation. See section Authentication Methods in ConSol CM for an explanation of all possible authentication modes.