Allowing applications to create user tokens

All applications connected to Crowd can generate Crowd tokens for any user that can authenticate into that application. This can be, for example, for remember user credentials so that they don't have to enter them upon every login. 

For security reasons, by default, applications connected to Crowd are not allowed to create user tokens.

To allow applications to create such tokens:

  1. In Crowd, go to Applications > <your_application_name> Options.
  2. Check Allow to generate user tokens

<screenshot> 

There is a possibility for applications connected to Crowd to generate Crowd tokens for users without passing their passwords in a request.

Such token can later be used to impersonate user in other SSO version 1 applications if they have similar directory setup.

User tokens can be used to impersonate user in Crowd web application if Crowd application has similar directory setup.

For this reason, it is important to connect only trusted applications to Crowd. Additionally, it's recommended that you keep the Allow to generate user tokens setting disabled unless your application and setup clearly requires this setting to be turned on.

最終更新日 2021 年 4 月 21 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.