mirror of
https://github.com/DSpace/DSpace.git
synced 2025-10-16 22:43:12 +00:00
83 lines
4.6 KiB
INI
83 lines
4.6 KiB
INI
#---------------------------------------------------------------#
|
|
#----------ENABLED AUTHENTICATION METHODS/PLUGINS---------------#
|
|
#---------------------------------------------------------------#
|
|
# This configuration setting contains the listing of all #
|
|
# currently enabled authentication plugins. DSpace supports an #
|
|
# Authentication "stack" which allows you to enable multiple #
|
|
# forms of Authentication at the same time. Enabled #
|
|
# Authentication plugins are invoked in order until one of them #
|
|
# succeeds. #
|
|
#---------------------------------------------------------------#
|
|
# Out-of-the-box DSpace Authentication Plugins include:
|
|
# * Authentication by Password
|
|
# Plugin class: org.dspace.authenticate.PasswordAuthentication
|
|
# Configuration file: authentication-password.cfg
|
|
# * Shibboleth Authentication
|
|
# Plugin class: org.dspace.authenticate.ShibAuthentication
|
|
# Configuration file: authentication-shibboleth.cfg
|
|
# * LDAP Authentication
|
|
# LDAP Plugin class: org.dspace.authenticate.LDAPAuthentication
|
|
# Configuration file: authentication-ldap.cfg
|
|
# * IP Address Authentication
|
|
# Plugin class: org.dspace.authenticate.IPAuthentication
|
|
# Configuration file: authentication-ip.cfg
|
|
# * X.509 Certificate Authentication
|
|
# Plugin class: org.dspace.authenticate.X509Authentication
|
|
# Configuration file: authentication-x509.cfg
|
|
#
|
|
# One or more of the above plugins can be enabled by listing its plugin class in
|
|
# the below setting. To configure the enabled plugin(s) visit the configuration file(s)
|
|
# listed above. See the DSpace Configuration Documentation for more details.
|
|
#
|
|
# Uncomment any of the below plugins to enable them (or copy to your local.cfg).
|
|
# You may also reorder them by simply changing their order within this file, or
|
|
# defining a new order in local.cfg.
|
|
|
|
# IP-based authentication/authorization. See authentication-ip.cfg for default configuration.
|
|
#plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.IPAuthentication
|
|
|
|
# LDAP authentication/authorization. See authentication-ldap.cfg for default configuration.
|
|
#plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.LDAPAuthentication
|
|
|
|
# Shibboleth authentication/authorization. See authentication-shibboleth.cfg for default configuration.
|
|
#plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.ShibAuthentication
|
|
|
|
# X.509 certificate authentication. See authentication-x509.cfg for default configuration.
|
|
#plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.X509Authentication
|
|
|
|
# Authentication by Password (encrypted in DSpace's database). See authentication-password.cfg for default configuration.
|
|
# Enabled by default (to disable, either comment out, or define a new list of AuthenticationMethod plugins in your local.cfg)
|
|
plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.PasswordAuthentication
|
|
|
|
|
|
#---------------------------------------------------------------#
|
|
#---------------Stateless JWT Authentication--------------------#
|
|
#---------------------------------------------------------------#
|
|
|
|
# Server key part that is a part of the key used to sign the authentication tokens.
|
|
# If this property is not set or empty, DSpace will generate a random key on startup.
|
|
# IF YOU ARE RUNNING DSPACE IN A CLUSTER, you need to set a value for this property here or as an environment variable
|
|
# jwt.token.secret =
|
|
|
|
# This property enables/disables encryption of the payload in a stateless token. Enabling this makes the data encrypted
|
|
# and unreadable by the receiver, but makes the token larger in size. false by default
|
|
jwt.encryption.enabled = false
|
|
|
|
# Encryption key to use when JWT token encryption is enabled (JWE). Note that encrypting tokens might required additional
|
|
# configuration in the REST clients
|
|
# jwt.encryption.secret =
|
|
|
|
# This enables compression of the payload of a jwt, enabling this will make the jwt token a little smaller at the cost
|
|
# of some performance, this setting WILL ONLY BE used when encrypting the jwt.
|
|
jwt.compression.enabled = true
|
|
|
|
# Expiration time of a token in minutes
|
|
jwt.token.expiration = 30
|
|
|
|
# Restrict tokens to a specific ip-address to prevent theft/session hijacking. This is achieved by making the ip-address
|
|
# a part of the JWT siging key. If this property is set to false then the ip-address won't be used as part of
|
|
# the signing key of a jwt token and tokens can be shared over multiple ip-addresses.
|
|
# For security reasons, this defaults to true
|
|
jwt.token.include.ip = true
|
|
|