General parameters¶
Configuration files¶
To configure Self Service Password, you need to create a local
configuration file named config.inc.local.php
in
self-service-password/conf
. For example :
<?php
// Override config.inc.php parameters below
?>
Self Service Password default configuration file is
self-service-password/conf/config.inc.php
. It includes
config.inc.local.php
. Consequently, you can override all parameters
in config.inc.local.php
. This prevents you to be disturbed by an
upgrade.
Warning
Do not copy config.inc.php
into config.inc.local.php
, as the first one includes the second.
You would then create an infinite loop and crash your application.
Multi tenancy¶
You can load a specific configuration file by passing a HTTP header. This feature is disable by default. To enable it:
$header_name_extra_config = "SSP-Extra-Config";
Then if you send the header SSP-Extra-Config: mydomain
, the file
conf/config.inc.mydomain.php
will be loaded.
Language¶
Available languages are:
Basque (eu)
Brazilian (pt-BR)
Catalonia (ca)
Chinese (cn, zh-CN, zh-TW)
Czech (cs)
Dutch (nl)
English (en)
Estonian (ee)
French (fr)
German (de)
Greek (el)
Hungarian (hu)
Italian (it)
Japanese (ja)
Norwegian bokmål (nb-NO)
Polish (pl)
Portuguese (pt-PT)
Russian (ru)
Serbian (rs)
Slovak (sk)
Slovenian (sl)
Spanish (es)
Swedish (sv)
Turkish (tr)
Ukranian (uk)
Set one of them in $lang
:
$lang = "en";
Messages¶
Help messages provide information to users on how use the interface.
They can be disabled with $show_help
:
$show_help = false;
You can add extra messages by setting values in these parameters:
$messages['passwordchangedextramessage'] = "Congratulations!";
$messages['changehelpextramessage'] = "Contact us if you are lost...";
Graphics¶
Logo¶
You change the default logo with your own. Set the path to your logo in
$logo
:
$logo = "images/ltb-logo.png";
Tip
Comment this parameter to hide logo
Background¶
You change the background image with your own. Set the path to image in
$background_image
:
$background_image = "images/unsplash-space.jpeg";
Tip
Comment this parameter to falll back to default background color
Custom CSS¶
To easily customize CSS, you can use a separate CSS file:
$custom_css = "css/custom.css";
Security¶
You need a key phrase if you use ciphered tokens (see Reset by mail tokens)
$keyphrase = "secret";
There is also a protection on login to avoid LDAP injections. Some
characters are forbidden, you can change the list of forbidden
characters in login with $login_forbidden_chars
:
$login_forbidden_chars = "*()&|";
Tip
If no characters are configured in $login_forbidden_chars
,
only alphanumeric characters are allowed.
You can configure “obscure” messages, so that some errors are not displayed and replaced by a generic “bad credentials” error:
$obscure_failure_messages = array("mailnomatch");
You may want to limit number of tries per user/ip in a short time (especially with sms option). If you enable this defaults are 2 tries per login and per hour, and same for ip address:
$enable_ratelimit = true;
Other possible options for rate limiting:
$ratelimit_dbdir = '/tmp';
$max_attempts_per_user = 2;
$max_attempts_per_ip = 2;
$max_attempts_block_seconds = "60";
$client_ip_header = 'REMOTE_ADDR';
Default action¶
By default, the password change page is displayed. You can configure which page should be displayed when no action is defined:
$default_action = "change";
Possibles values are:
change
sendtoken
sendsms
You can disable the standard password change if you don’t need it:
$use_change = false;
In this case, be sure to also remove “change” from default action, else the change page will still be displayed.
Prefill user login¶
If Self Service Password is called from another application, you can prefill the login but sending an HTTP header.
To enable this feature:
$header_name_preset_login = "Auth-User";
Captcha¶
To require a captcha, set $use_captcha
:
$use_captcha = true;
Tip
The captcha is used on every form in Self Service Password (password change, token, questions, etc.)