You are viewing the documentation for an outdated or unreleased 9.5 version.
This page is also available in versions: 7.6, 7.7, 7.8, 8.0, 8.1, 9.0, 9.1, 9.2, 9.3, 9.4, 9.5, 9.7 (current), devel

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

9.5:documentation:identities [2019/02/14 14:18]
127.0.0.1 external edit
9.5:documentation:identities [2019/04/09 11:45] (current)
kopro
Line 37: Line 37:
  
 When identity starts to be valid (some of their contract starts to be valid) and identity has account at least on one target system, then new password is [[.architecture:​dev:​events#​identitysetpasswordprocessor|generated]] and changed on all identity'​s accounts => identity will have the same password in all accounts. Notification (see ''​acc:​newPasswordAllSystems''​ template) is send to identity about new password on which accounts were changed. When identity starts to be valid (some of their contract starts to be valid) and identity has account at least on one target system, then new password is [[.architecture:​dev:​events#​identitysetpasswordprocessor|generated]] and changed on all identity'​s accounts => identity will have the same password in all accounts. Notification (see ''​acc:​newPasswordAllSystems''​ template) is send to identity about new password on which accounts were changed.
 +
 +===== Password =====
 +
 +In CzechIdM is user password stored in Bcrypt hash function. User can change password only when own permission ''​IDENTITY\_PASSWORDCHANGE''​ for the given identity. Password contains also another metadata like valid till, valid from, unsuccessful attempts, block login date, last successful login and etc. For password is also possible set flag **Password never expires**. This flag disable filling valid till. Password never expires and another attributes for password like valid till, is possible set via agenda information about password that is accessible via identity detail and password agenda. For update these attributes you will need permission ''​PASSWORD\_UPDATE''​ and ''​PASSWORD\_READ''​
  
 ====== Time slices of contracts ====== ====== Time slices of contracts ======