1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
{
"debug": ${DEBUG_PLUGINS},
//endpoints
"login_endpoint": {
"path": "/api/account/login",
"max_login_attempts": ${MAX_LOGIN_ATTEMPS}, //10 failed attempts in 10 minutes
"failed_attempt_timeout_sec": 600 //10 minutes
},
"keepalive_endpoint": {
"path": "/api/account/keepalive",
//Regen token every 10 mins along with cookies
"token_refresh_sec": 600 //10 minutes
},
"profile_endpoint": {
"path": "/api/account/profile"
},
"password_endpoint": {
"path": "/api/account/reset"
},
"mfa_endpoint": {
"path": "/api/account/mfa"
},
"logout_endpoint": {
"path": "/api/account/logout"
},
"pki_auth_endpoint": {
"path": "/api/account/pki",
"jwt_time_dif_sec": 30,
"max_login_attempts": 10,
"failed_attempt_timeout_sec": 600,
//Configures the PATCH and DELETE methods to update the user's stored key when logged in
"enable_key_update": true
},
//If mfa is defined, configures mfa enpoints and enables mfa logins
"mfa": {
"upgrade_expires_secs": 180,
"nonce_size": 64,
//Defines totp specific arguments
"totp": {
"digits": 6,
"issuer": "CMNext",
"period_secs": 30,
"algorithm": "sha1",
"secret_size": 32,
"window_size": 2
}
},
//Defines the included account provider
"account_security": {
//Time in seconds before a session is considered expired
"session_valid_for_sec": 3600,
//Path/domain for all security cookies
"cookie_domain": "",
"cookie_path": "/",
"status_cookie_name": "cmnli", //front-end cookie name must match to detect login status
"otp_header_name": "X-Web-Token", //Front-end header name must match
"otp_time_diff_sec": 30,
"otp_key_size": 64,
"pubkey_cookie_name": "cmn-id",
"pubkey_signing_key_size": 32,
"strict_origin": false,
"strict_path": true, //Can be enabled if front-end is running on the same server
//"allowed_origins": [""]
}
}
|
