authentication
30 views
Skip to first unread message
Stevenson Gossage
Sep 1, 2022, 2:50:46 PM9/1/22
to DSpace Developers
Hello,
We are using default DSpace authentication and were wondering about passwords expiry and max failed login attempts. Is there any support for these features?
Thanks,
Stevenson
Tim Donohue
Sep 2, 2022, 10:25:45 AM9/2/22
to DSpace Developers
Hi Stevenson,
No these features are not yet available in the default DSpace authentication system. Obviously they are available in many of the external authentication systems (if you integrate DSpace with LDAP or Shib or OIDC, etc).
That said, I think many would be interested in these features & we are making improvements of this sort all the time (e.g. we have improvements coming soon to force more secure passwords in the default authentication system: https://github.com/DSpace/dspace-angular/pull/1776).
No these features are not yet available in the default DSpace authentication system. Obviously they are available in many of the external authentication systems (if you integrate DSpace with LDAP or Shib or OIDC, etc).
That said, I think many would be interested in these features & we are making improvements of this sort all the time (e.g. we have improvements coming soon to force more secure passwords in the default authentication system: https://github.com/DSpace/dspace-angular/pull/1776).
So, if you are interested in helping build these, we'd welcome that. Or, you are also simply welcome to create a ticket (or two) in our ticketing system to suggest these improvements...and we can then see if we can find a similar minded volunteer to build them out! https://github.com/DSpace/dspace-angular/issues
Tim
Stevenson Gossage
Sep 2, 2022, 11:02:03 AM9/2/22
to DSpace Developers
HI Tim,
Thanks for the info, our plan is to use OIDC as the primary authentication method but was curious about the out-of-box support for this. In any case I want to get my developers more involved in the DSpace communities and I agree that this enhancement to DSpace default authentication would be nice. If we want to contribute this code should we first create the ticket or is this all outlined in the "how to contribute documentation"?
Thanks,
Stevenson
Tim Donohue
Sep 2, 2022, 11:12:24 AM9/2/22
to DSpace Developers
Hi Stevenson,
Yes, creating a ticket is a good way to get started. Especially since that allows us to track who is doing this work (as we don't want two developers accidentally working on the same thing). And I do agree these sound like worthwhile improvements to the default authentication.
Our code contribution guidelines are at https://wiki.lyrasis.org/display/DSPACE/Code+Contribution+Guidelines
Honestly though, if you have any questions about the process, reach out and let me know... either via email or via our Slack (https://wiki.lyrasis.org/display/DSPACE/Slack).
Tim
Reply all
Reply to author
Forward
0 new messages