You are looking at documentation for an older release. Not what you want? See the current release documentation.
eXo Platform supports the "Remember My Login" feature. This guideline explains how the feature works, and how to update the password encryption key in server side for security purpose.
How the feature works
If users select "Remember My Login" when they log in, their login information will be saved in both client and server sides:
A token is saved in the server side. The user password is encrypted and saved along with the token.
The token ID is sent back to the browser and saved in the "rememberme" cookie.
When the users visit the website for next time from the same browser on the same machine, they do not need to type their username and password. The browser sends the cookies, and the server validates it using the token. By that way, the login step is automatically completed.
Symmetric encryption of passwords
The user password is encrypted and stored along with the token.
The password encryption is built against JCA (Java Cryptography Architecture) and by default uses the AES algorithm. If you do not make your own configuration, a keystore is generated with defaulted attributes (such as file name, keypass, keysize). Thus, the feature works without any effort to configure anything. However, eXo Platform allows you to configure and use your own keystore to conform to your security policy.
How to customize the password
As you can see, the customization involves properties in exo.properties
,
jca-symmetric-codec.properties
and a keystore. The goal of customization is to use your own keystore instead of the default one.
Generate your own keystore file using keytool:
keytool -genseckey -alias "customAlias" -keypass "customKeyPass" -keyalg "customAlgo" -keystore "customStore" -storepass "customStorePass" -storetype "customStoreType"
The file name will be the parameter keystore ("customStore" in the example). The valid value of algorithms and other parameters can be found here.
Then, place the generated file under gatein/conf/codec
(in Tomcat)
or standalone/configuration/gatein/codec
(in JBoss).
Update the jca-symmetric-codec.properties
file with the parameters used in your keytool command:
gatein.codec.jca.symmetric.alias=customAlias gatein.codec.jca.symmetric.keypass=customKeyPass gatein.codec.jca.symmetric.keyalg=customAlgo gatein.codec.jca.symmetric.keystore=customStore gatein.codec.jca.symmetric.storepass=customStorePass gatein.codec.jca.symmetric.storetype=customStoreType
Again, in case of eXo Platform package, you need to create the jca-symmetric-codec.properties
file by yourself.
You also need to put these two properties in exo.properties
.
Updating password encryption key
The password encryption uses a keystore file. By default, the file is:
$PLATFORM_TOMCAT_HOME/gatein/conf/codec/codeckey.txt
(in Tomcat).
$PLATFORM_JBOSS_HOME/standalone/configuration/gatein/codec/codeckey.txt
(in JBoss).
$NATIVE_INSTALLER_DIR/apps/exoplatform/gatein/codec/codeckey.txt
(in Native Installer).
To update the password encryption key, just remove the file, then restart the server. The keystore file will be re-created at the startup time.
Updating the password encryption key causes the invalidation of existing tokens, so the users must re-login.
For more details about the feature and its configuration, refer to Remember me password encryption.
See also