Skip to main content
Skip table of contents

Manage user passwords

All about password management in Censhare.

Enable password change

Prerequisites

censhare and Keycloak have been configured appropriately. For example, routes to the censhare Server. 

Introduction

Users must manage password changes via the Keycloak Account Management. The clients call a fixed URL as follows:

CODE 
http(s)://gw-host:gw-port/censhare5/client/change-password

  • gw-host - hostname of the Cloud Gateway that is used by the client

  • gw-port - port of the Cloud Gateway that is used by the client

Enable password change for censhare Web

You must configure the redirect from the Change password menu item in censhare Web using the required Keycloak URL. 

Configure a rule in Cloud Gateway that maps the URL to the Keycloak Account Management page. Add an entry similar to this:

YML 
spring.cloud.gateway.routes:
        - id: censhare5_change_password_redirect
          uri: http://localhost:8080
          predicates:
            - Path=/censhare5/client/change-password
          filters:
            - SetPath=/auth/realms/censhare/account

Adjust http://localhost:8080/ with the correct hostname and port of your Keycloak server.

Enable password change for censhare Client

  1. On the censhare Server, open the Client Preferences file. It is usually located in the censhare-Custom directory:

    TEXT 
    ../app/modules/client/javaclient/javaclient-preferences.xml

  2. Add the URL to reach the Keycloak Account Management page:

    TEXT 
    <authentication change-password-url-pattern="{authServerBaseUrl}/realms/{realm}/account"/>

If censhare and Keycloak are set up correctly, the placeholders are replaced by the corresponding values.
Alternatively, you can define the complete URL to the Keycloak Account page directly or define the same URL as used by censhare Web, as described above.

Define password rules

Password rules must be defined in Keycloak and no longer in the censhare Admin Client. Keycloak has a rich set of password policies that you can enable.

For more information, see the Keycloak Password Policies

Delete user passwords

Security risk!

This server action is disabled by default. If it was enabled in your previous installation, it will be disabled with the update to this censhare version.

Only enable it on test and development systems. If you enable this action, administrators can create users with empty passwords. These users can log in to censhare without a password. 

Prerequisites

To execute this action, log into the censhare Admin Client

Steps

Proceed as follows:

  1. In the censhare Admin Client, open the Master data/Users table.

  2. Select the desired user. You can select multiple users.

  3. Open the Server actions menu ( ) and select Delete password.

  4. In the dialog window, click OK to confirm.

Reset user password (send new password)

Prerequisites

 You need the censhare Admin Client to execute this action. 

Steps

Proceed as follows:

  1. In the censhare Admin Client, open the Master data/Users table.

  2. Select the desired user. You can select multiple users.

  3. Open the Server actions menu ( ) and select Send password.

  4. In the dialog window, click OK to confirm.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close