Differences

This shows you the differences between two versions of the page.

--- devel:documentation:application_configuration:dev:backend [2020/11/23 10:00]
tomiskar [Application/ Server]
+++ devel:documentation:application_configuration:dev:backend [2021/02/16 14:43]
svandav [Workflow settings for approval of change user roles]
@@ Line 666: / Line 666: @@
 # Default main WF for approve all roles.
 idm.sec.core.processor.role-request-approval-processor.wf=approve-identity-change-permissions
+</code>
+==== Universal requests =====
+<code properties>
+## Universal requests
+# Role
+idm.pub.core.request.idm-role.enabled=false
+# Defines type of guarantee. Requests will be approving only by guarantee with this type.
+# If returns null, then all guarantees will be used for approving (no limitations).
+idm.sec.core.request.idm-role.approval.guarantee-type=
 </code>
@@ Line 800: / Line 810: @@
 This authentication filter reuses SSO authentication filter behavior above (''uid-suffixes'', ''forbidden-uids''), but application administrator can be logged by this filter (identity with ''APP_ADMIN'' authority).
+=== Two-factor authentication ===
+[[..:..:security:dev:security#two-factor_authentication|Two-factor authentication]] can be configured in the application profile (application.properties) with following properties:
+<code properties>
+# Verification secret length
+totp.secret.length=32
+# Time Period ~ period to generate new authentication code
+totp.time.period=30
+# Time Discrepancy - number of past (but still valid) authentication codes (e.g. when code is sent by notification, then user could need more time to fill it into CzechIdM)
+totp.time.discrepancy=1
+</code>
 ==== Backup ====
 If you want to use redeploy and backup for example in agenda (notification templates, scripts), you must define default backup folder.
@@ Line 846: / Line 869: @@
 You can disable long polling for all types of entites with use value `false`.
 ==== Provisioning ====