Local user security provider in Jitterbit App Builder
The Local User security provider type is a forms-based authentication provider. It allows users to log into App Builder using a user name and password. Passwords are stored within App Builder.
Configuration
The Local User security provider is enabled by default. It cannot be disabled. However, individual users must have the Allow Local Authentication option enabled.
Parameters
The Local User security provider defines the following parameters.
| Parameter | Default | Description |
|---|---|---|
| AccountLockoutThreshold | Maximum number of failed attempts before the account is locked. A value of zero (0) indicates that the account lockout feature is disabled. | |
| AccountLockoutDuration | The period of time (in minutes) for which the account will remain locked. A value of zero (0) indicates that the account will remain locked until an Administrator manually unlocks the account. | |
| AccountLockoutReset | The period of time (in minutes) after which the failed attempt counter is reset. A value of zero (0) indicates that the counter will not be reset. |
Password storage
As noted above, when using the Local User security provider, passwords are stored within App Builder. Passwords are stored in a cryptographically secure manner. Specifically, App Builder uses the following scheme:
| ----------------------- | -------- |
| Key Derivation Function | PBKDF2 |
| Hash Algorithm | SHA-256 |
| Key Length | 16 bytes |
| Iterations | 10,000 |
| Salt Length | 16 bytes |
Account lockout
See Account Lockout (3.2, 3.3) for information regarding the account lockout feature.