Loading...
 
(Cached)

Log-in - General preferences

Option Description Default
Authentication method Tiki supports several authentication methods. The default method is to use the internal user database.
Tiki | Tiki and OpenID Connect | Tiki and PAM | Tiki and LDAP | CAS (Central Authentication Service) | Shibboleth | Web Server | phpBB
Tiki
Intertiki Allows several Tiki sites (slaves) to get authentication from a master Tiki site Disabled
Users can register Allow site visitors to register, using the registration form. The log-in module will include a "Register" link. If this is not activated, new users will have to be added manually by the admin on the Admin-Users page. Disabled
Validate new user registrations by email Tiki will send an email message to the user. The message contains a link that must be clicked to validate the registration. After clicking the link, the user will be validated. You can use this option to limit false registrations or fake email addresses. Enabled
Validate user's email server Tiki will attempt to validate the user’s email address by examining the syntax of the email address. It must be a string of letters, or digits or _ or . or - follows by a @ follows by a string of letters, or digits or _ or . or -. Tiki will perform a DNS lookup and attempt to open a SMTP session to validate the email server.
No | Yes | Yes, with "deep MX" search
No
Require validation by Admin The administrator will receive an email for each new user registration, and must validate the user before the user can log in. Disabled
Validator emails (separated by comma) if different than the sender email None
Require passcode to register Users must enter an alphanumeric code to register. The site administrator must inform users of this code. This is to restrict registration to invited users. Disabled
Passcode Alphanumeric code required to complete the registration None
Show passcode on registration form Displays the required passcode on the registration form. This is helpful for legitimate users who want to register while making it difficult for automated robots because the passcode is unique for each site and because it is displayed in JavaScript. Disabled
Registration page key To register, users need to go to, for example: tiki-register.php?key=yourregistrationkeyvalue
Key required to be on included the URL to access the registration page (if not empty).
None
Generate password Display a button on the registration form to automatically generate a very secure password for the user.
The generated password may not include any restrictions (such as minimum/maximum length.
Disabled
Registration referrer check Use the HTTP referrer to check registration POST is sent from same host. (May not work on some setups.) Enabled
Display Disposable Emails Show if a user's email address is from a disposable / temporary email address provider Disabled
Anonymous editors must enter anti-bot code (CAPTCHA) Use CAPTCHA to ensure that anonymous input is from a person. Enabled
CAPTCHA image word length Number of characters the CAPTCHA will display. 6 characters
CAPTCHA image width Width of the CAPTCHA image in pixels. 180 pixels
CAPTCHA image noise Level of noise of the CAPTCHA image.
Choose a smaller number for less noise and easier reading.
100
Use reCAPTCHA Use reCAPTCHA, a specialized captcha service, instead of default CAPTCHA
You will need to register at http://www.google.com/recaptcha
Disabled
Site key reCAPTCHA public key obtained after registering. None
Secret key reCAPTCHA private key obtained after registering. None
reCAPTCHA theme Choose a theme for the reCAPTCHA widget.
Clean | Black Glass | Red | White
Clean
Version reCAPTCHA version.
1.0 | 2.0 | 3.0
2.0
CAPTCHA questions Requires anonymous visitors to enter the answer to a question. Disabled
CAPTCHA questions and answers Add some simple questions that only humans should be able to answer, in the format: "Question?: Answer" with one per line
One question per line with a colon separating the question and answer
None
Users must choose a group at registration Users cannot register without choosing one of the groups indicated above. Disabled
URL the user is redirected to after account validation The default page a Registered user sees after account validation is "tiki-information.php?msg=Account validated successfully".
Default: tiki-information.php?msg=Account validated successfully.
None
Use a tracker to collect more user information Display a tracker form for the user to complete as part of the registration process. This tracker will receive and store additional information about each user.
Go to Admin Groups to select which tracker and fields to display.
Disabled
Present different input fields in the User Wizard than are in the Registration form Ask a different set of fields for the User Details section in the User Wizard than the ones shown in the Registration form Disabled
Tracker fields presented in the User Wizard as User Details User's information tracker fields presented in the User Wizard as User Details (separate field IDs with colons) None
Use pretty trackers for registration form Allows a site manager to design forms using registration fields and have the results of each field displayed in customizable way on a Wiki page or Smarty template. Disabled
Registration pretty tracker template Use a wiki page name or Smarty template file with a .tpl extension. None
Hide Mandatory Hide mandatory fields indication with an asterisk (shown by default). Disabled
Output the registration results Use a wiki page as template to output the registration results to Disabled
Output registration pretty tracker template Wiki page only None
Page name field ID User the tracker's field ID whose value is used as the output page name. None
User tracker IDs to sync prefs from Select one or more trackers to sync user preferences from. None
Tracker field IDs to sync the "real name" pref from Enter the comma-separated IDs in order of priority to be chosen; each item can concatenate multiple fields using "+", for example "2+3,4". None
Tracker field IDs to sync user groups Enter the comma-separated IDs of all fields that contain group names to which to sync user groups. None
Synchronize long/lat/zoom to location field Synchronize user geolocation preferences with the main location field. Disabled
Change user system language when changing user tracker item language Disabled
Assign a user tracker item when registering if email equals this field None
Force users to upload an avatar. Require the user to upload a profile picture if they haven't done so already by prompting them with a modal popup. Disabled
Require users to fill in tracker information Require users to fill in a tracker form if not done already by prompting them with a modal dialog. Disabled
Tracker ID of tracker required to be filled in A tracker for articles must contain an "Articles" field None
Mandatory tracker field to check for required filling in The permname of field that is checked to see if user has completed the form. If field is empty, user has not completed it. None
Fields that are asked for in the modal for force-filling Comma-separated permanent names of fields that are requested in the modal for required filling in. If empty, all fields are requested None
Use tracker to collect more group information Go to Admin Groups to select which tracker and fields to display. Disabled
Re-validate user email after The number of days after which an email will be sent to the user with a link to revalidate the account. The user will not be able to login (that is, the account will be invalid), until the user clicks the link. Use this feature to verify that a user’s email is still valid.
Use "-1" for never
-1 days
Re-validate user by email after After a certain number of consecutive unsuccessful log-in attempts, the user will receive an email with instruction to validate his or her account. However, the user can still log in with the old password.
Use "-1" for never
20 unsuccessful login attempts
Suspend account after After a certain number of consecutive unsuccessful login attempts, the account is suspended. An admin must revalidate the account before the user can use it again.
Use "-1" for never
50 unsuccessful login attempts
Create a new group for each user Automatically create a group for each user in order to, for example, assign permissions on the individual-user level.
The group name will be the same as the user's username
Disabled
Disable browser's autocomplete feature for username and password fields Use to deactivate the autocomplete in the log-in box. The autocomplete features can be optionally set in the user’s browser to remember the form input and proposes the remember the password. If enabled, the user log-in name and password cannot be remembered. You should enable this feature for highly secure sites. Disabled
On permission denied, display login module If an anonymous visitor attempts to access a page for which permission is not granted, Tiki will automatically display the Log-in module. Alternatively, use the Send to URL field to display a specific page (relative to your Tiki installation) instead. Disabled
Descriptive sentence to ask a user to log in If the login module is called on the page and shown to users who are not logged in, this sentence may ask them to enter their credentials (supports wiki syntax) None
Prevent multiple log-ins by the same user Users (other than admin) cannot log in simultaneously with multiple browsers. Disabled
Clean expired cookies Automatically clean expired cookies from the database when anyone logs in. Enabled
Grab session if already logged in If users are blocked from logging in simultaneously, grab the session. Will force existing user to be logged out Disabled
Protect all sessions with HTTPS Always redirect to HTTPS to prevent a session hijack through network sniffing.
Warning: activate only if SSL is already configured; otherwise, all users including admin will be locked out of the site
Disabled
Use HTTPS login Increase security by allowing to transmit authentication credentials over SSL. Certificates must be configured on the server.
Do not require HTTPS until the connection has been set up and tested; otherwise, the website will be inaccessible
Disabled | Allow secure (HTTPS) login | Encourage secure (HTTPS) login | Consider we are always in HTTPS, but do not check | Require secure (HTTPS) login
Allow secure (HTTPS) login
HTTP Basic Authentication Check credentials from HTTP Basic Authentication, which is useful to allow webservices to use credentials.
Disable | SSL Only (Recommended) | Always
Disable
Users can choose to stay in SSL mode after an HTTPS login Enabled
Users can switch between secured or standard mode at login Disabled
HTTP port The port used to access this server; if not specified, port %0 will be used
If not specified, port %0 will be used
None
HTTPS port the HTTPS port for this server. 443
HTTPS for user-specific links When building notification emails, RSS feeds, the canonical URL or other externally available links, use HTTPS when the content applies to a specific user. HTTPS must be configured on the server. Disabled
Remember me After logging in, users will automatically be logged in again when they leave and return to the site.
Disabled | User's choice | Always
Disabled
Duration The length of time before the user will need to log in again.
5 minutes | 15 minutes | 30 minutes | 1 hour | 2 hours | 4 hours | 6 hours | 8 hours | 10 hours | 20 hours | 1 day | 1 week | 1 month | 1 year
2 hours
Refresh the remember-me cookie expiration Each time a user is logged in with a cookie set in a previous session, the cookie expiration date is updated. Disabled
Cookie name Name of the cookie to remember the user's login
Changing the cookie name forces an instant logout for all user sessions. Including yours.
Tikiwiki
Domain The domain that the cookie is available to. None
Path The path on the server in which the cookie will be available on. Tiki will detect if it is installed in a subdirectory and will use that automatically.
N.B. Needs to start with a / character to work properly in Safari
/
Cookie Consent Ask permission of the user before setting any cookies, and comply with the response.
Complies with EU Privacy and Electronic Communications Regulations.
Disabled
Cookie consent name Name of the cookie to record the user's consent if the user agrees. Tiki_cookies_accepted
Cookie consent expiration Expiration date of the cookie to record consent (in days). 365 days
Cookie consent text Description for the dialog.
Wiki-parsed
This website would like to ...
Cookie consent question Specific question next to the checkbox for agreement. Leave empty to not display a checkbox.
Wiki-parsed
I accept cookies from this ...
Cookie consent for analytics Make it possible for users to opt in to essential cookies, such as "remember login", "timezone" etc without opting in to third party cookies such as those for Google Analytics and other external services.
Makes the checkbox opt in to accept "non-essential" cookies
Disabled
Cookie consent alert Alert displayed when user tries to access or use a feature requiring cookies. Sorry, cookie consent required
Cookie consent button Label on the agreement button. Continue
Cookie consent display mode Appearance of consent dialog
Plain | Banner | Dialog
None
Cookie consent dialog ID DOM id for the dialog container div. Cookie_consent_div
Cookie consent disabled Do not give the option to refuse cookies but still inform the user about cookie usage. Disabled
Banning system Deny access to specific users based on username, IP, and date/time range. Disabled
Ban usernames and emails Banning rules use both email and username to match rules. Disabled
Use email as username Instead of creating new usernames, use the user's email address for authentication. On the registration form, there will be no Username field. Disabled
Obscure email when using email as username This will attempt as much as possible to hide the email address, showing the real name or the truncated email address instead.
Coverage will not be complete
Disabled
User emails must be unique The email address of each user must be unique. Disabled
User can login via username or email. This will allow users to login using their email (as well as their username). Disabled
Minimum length The least possible number of characters for a valid username. 1 characters
Maximum length The greatest number of characters for a valid username. 50 characters
Force lowercase Automatically convert all alphabetic characters in the username to lowercase letters. For example JohnDoe becomes johndoe. Disabled
Username pattern This regex pattern requires or forbids the use of certain characters for username. For example, to add Hebrew, use: /
'\-_a-zA-Z0-9@\.א-ת*$/ or, for Chinese, use: /
'\-_a-zA-Z0-9@\.\x00-\xff*$/
/^[ '\-_a-zA-Z0-9@\.]*$/
Auto-generate 6-digit username on registration This will auto-generate a 6-digit username for users who sign up (they will normally log in with emails only). Disabled
Forgot password Users can request a password reset. They will receive a link by email.
Since passwords are stored securely, it's not possible to tell the user what the password is. It's only possible to change it.
Enabled
Allow users to use 2FA Allow users to enable Two-factor Authentication. Disabled
Users can change their password Registered users can change their password from their User Preferences page. If not, passwords can be changed only by the admin. Enabled
Require characters and numerals For improved security, require users to include a mix of alphabetical characters and numerals in passwords. Disabled
Require alphabetical characters in lower and upper case Password must contain at least one lowercase alphabetical character like "a" and one uppercase character like "A". Use this option to require users to select stronger passwords. Disabled
Require special characters Password must contain at least one special character in lower case like " / $ % ? & * ( ) _ + . Use this option to require users to select stronger passwords. Disabled
Require no consecutive repetition of the same character Password must not contain a consecutive repetition of the same character such as "111" or "aab". Disabled
Prevent common passwords For improved security, prevent users from creating blacklisted passwords. Use default blacklist or create custom blacklists through Control Panel -> Log in -> Password Blacklist. Disabled
The password must be different from the user's log-in name Enabled
Minimum length The least possible number of characters for a valid password. 5 characters
Password expires after The number of days after which a password will expire. Days are counted starting with the user’s first login. When the password expires, users will be required to select a new password when logging in.
Use "-1" for never
-1 days
Option Description Default
Authentication method Tiki supports several authentication methods. The default method is to use the internal user database.
Tiki | Tiki and OpenID | Tiki and OpenID Connect | Tiki and PAM | Tiki and LDAP | CAS (Central Authentication Service) | Shibboleth | Web Server | phpBB
Tiki
Intertiki Allows several Tiki sites (slaves) to get authentication from a master Tiki site Disabled
Users can register Allow site visitors to register, using the registration form. The log-in module will include a "Register" link. If this is not activated, new users will have to be added manually by the admin on the Admin-Users page. Disabled
Validate new user registrations by email Tiki will send an email message to the user. The message contains a link that must be clicked to validate the registration. After clicking the link, the user will be validated. You can use this option to limit false registrations or fake email addresses. Enabled
Validate user's email server Tiki will attempt to validate the user’s email address by examining the syntax of the email address. It must be a string of letters, or digits or _ or . or - follows by a @ follows by a string of letters, or digits or _ or . or -. Tiki will perform a DNS lookup and attempt to open a SMTP session to validate the email server.
No | Yes | Yes, with "deep MX" search
No
Require validation by Admin The administrator will receive an email for each new user registration, and must validate the user before the user can log in. Disabled
Validator emails (separated by comma) if different than the sender email None
Require passcode to register Users must enter an alphanumeric code to register. The site administrator must inform users of this code. This is to restrict registration to invited users. Disabled
Passcode Alphanumeric code required to complete the registration None
Show passcode on registration form Displays the required passcode on the registration form. This is helpful for legitimate users who want to register while making it difficult for automated robots because the passcode is unique for each site and because it is displayed in JavaScript. Disabled
Registration page key To register, users need to go to, for example: tiki-register.php?key=yourregistrationkeyvalue
Key required to be on included the URL to access the registration page (if not empty).
None
Generate password Display a button on the registration form to automatically generate a very secure password for the user.
The generated password may not include any restrictions (such as minimum/maximum length.
Disabled
Registration referrer check Use the HTTP referrer to check registration POST is sent from same host. (May not work on some setups.) Enabled
Anonymous editors must enter anti-bot code (CAPTCHA) Use CAPTCHA to ensure that anonymous input is from a person. Enabled
CAPTCHA image word length Number of characters the CAPTCHA will display. 6 characters
CAPTCHA image width Width of the CAPTCHA image in pixels. 180 pixels
CAPTCHA image noise Level of noise of the CAPTCHA image.
Choose a smaller number for less noise and easier reading.
100
Use reCAPTCHA Use reCAPTCHA, a specialized captcha service, instead of default CAPTCHA
You will need to register at http://www.google.com/recaptcha
Disabled
Site key reCAPTCHA public key obtained after registering. None
Secret key reCAPTCHA private key obtained after registering. None
reCAPTCHA theme Choose a theme for the reCAPTCHA widget.
Clean | Black Glass | Red | White
Clean
Version reCAPTCHA version.
1.0 | 2.0 | 3.0
2.0
CAPTCHA questions Requires anonymous visitors to enter the answer to a question. Disabled
CAPTCHA questions and answers Add some simple questions that only humans should be able to answer, in the format: "Question?: Answer" with one per line
One question per line with a colon separating the question and answer
None
Users must choose a group at registration Users cannot register without choosing one of the groups indicated above. Disabled
URL the user is redirected to after account validation The default page a Registered user sees after account validation is "tiki-information.php?msg=Account validated successfully".
Default: tiki-information.php?msg=Account validated successfully.
None
Use a tracker to collect more user information Display a tracker form for the user to complete as part of the registration process. This tracker will receive and store additional information about each user.
Go to Admin Groups to select which tracker and fields to display.
Disabled
Present different input fields in the User Wizard than are in the Registration form Ask a different set of fields for the User Details section in the User Wizard than the ones shown in the Registration form Disabled
Tracker fields presented in the User Wizard as User Details User's information tracker fields presented in the User Wizard as User Details (separate field IDs with colons) None
Use pretty trackers for registration form Allows a site manager to design forms using registration fields and have the results of each field displayed in customizable way on a Wiki page or Smarty template. Disabled
Registration pretty tracker template Use a wiki page name or Smarty template file with a .tpl extension. None
Hide Mandatory Hide mandatory fields indication with an asterisk (shown by default). Disabled
Output the registration results Use a wiki page as template to output the registration results to Disabled
Output registration pretty tracker template Wiki page only None
Page name field ID User the tracker's field ID whose value is used as the output page name. None
User tracker IDs to sync prefs from Select one or more trackers to sync user preferences from. None
Tracker field IDs to sync the "real name" pref from Enter the comma-separated IDs in order of priority to be chosen; each item can concatenate multiple fields using "+", for example "2+3,4". None
Tracker field IDs to sync user groups Enter the comma-separated IDs of all fields that contain group names to which to sync user groups. None
Synchronize long/lat/zoom to location field Synchronize user geolocation preferences with the main location field. Disabled
Change user system language when changing user tracker item language Disabled
Assign a user tracker item when registering if email equals this field None
Force users to upload an avatar. Require the user to upload a profile picture if they haven't done so already by prompting them with a modal popup. Disabled
Require users to fill in tracker information Require users to fill in a tracker form if not done already by prompting them with a modal dialog. Disabled
Tracker ID of tracker required to be filled in A tracker for articles must contain an "Articles" field None
Mandatory tracker field to check for required filling in The permname of field that is checked to see if user has completed the form. If field is empty, user has not completed it. None
Fields that are asked for in the modal for force-filling Comma-separated permanent names of fields that are requested in the modal for required filling in. If empty, all fields are requested None
Use tracker to collect more group information Go to Admin Groups to select which tracker and fields to display. Disabled
Re-validate user email after The number of days after which an email will be sent to the user with a link to revalidate the account. The user will not be able to login (that is, the account will be invalid), until the user clicks the link. Use this feature to verify that a user’s email is still valid.
Use "-1" for never
-1 days
Re-validate user by email after After a certain number of consecutive unsuccessful log-in attempts, the user will receive an email with instruction to validate his or her account. However, the user can still log in with the old password.
Use "-1" for never
20 unsuccessful login attempts
Suspend account after After a certain number of consecutive unsuccessful login attempts, the account is suspended. An admin must revalidate the account before the user can use it again.
Use "-1" for never
50 unsuccessful login attempts
Create a new group for each user Automatically create a group for each user in order to, for example, assign permissions on the individual-user level.
The group name will be the same as the user's username
Disabled
Disable browser's autocomplete feature for username and password fields Use to deactivate the autocomplete in the log-in box. The autocomplete features can be optionally set in the user’s browser to remember the form input and proposes the remember the password. If enabled, the user log-in name and password cannot be remembered. You should enable this feature for highly secure sites. Disabled
On permission denied, display login module If an anonymous visitor attempts to access a page for which permission is not granted, Tiki will automatically display the Log-in module. Alternatively, use the Send to URL field to display a specific page (relative to your Tiki installation) instead. Disabled
Prevent multiple log-ins by the same user Users (other than admin) cannot log in simultaneously with multiple browsers. Disabled
Clean expired cookies Automatically clean expired cookies from the database when anyone logs in. Enabled
Grab session if already logged in If users are blocked from logging in simultaneously, grab the session. Will force existing user to be logged out Disabled
Protect all sessions with HTTPS Always redirect to HTTPS to prevent a session hijack through network sniffing.
Warning: activate only if SSL is already configured; otherwise, all users including admin will be locked out of the site
Disabled
Use HTTPS login Increase security by allowing to transmit authentication credentials over SSL. Certificates must be configured on the server.
Do not require HTTPS until the connection has been set up and tested; otherwise, the website will be inaccessible
Disabled | Allow secure (HTTPS) login | Encourage secure (HTTPS) login | Consider we are always in HTTPS, but do not check | Require secure (HTTPS) login
Allow secure (HTTPS) login
HTTP Basic Authentication Check credentials from HTTP Basic Authentication, which is useful to allow webservices to use credentials.
Disable | SSL Only (Recommended) | Always
Disable
Users can choose to stay in SSL mode after an HTTPS login Enabled
Users can switch between secured or standard mode at login Disabled
HTTP port The port used to access this server; if not specified, port 80 will be used
If not specified, port 80 will be used
None
HTTPS port the HTTPS port for this server. 443
HTTPS for user-specific links When building notification emails, RSS feeds, the canonical URL or other externally available links, use HTTPS when the content applies to a specific user. HTTPS must be configured on the server. Disabled
Remember me After logging in, users will automatically be logged in again when they leave and return to the site.
Disabled | User's choice | Always
Disabled
Duration The length of time before the user will need to log in again.
5 minutes | 15 minutes | 30 minutes | 1 hour | 2 hours | 4 hours | 6 hours | 8 hours | 10 hours | 20 hours | 1 day | 1 week | 1 month | 1 year
2 hours
Refresh the remember-me cookie expiration Each time a user is logged in with a cookie set in a previous session, the cookie expiration date is updated. Disabled
Cookie name Name of the cookie to remember the user's login
Changing the cookie name forces an instant logout for all user sessions. Including yours.
Tikiwiki
Domain The domain that the cookie is available to. None
Path The path on the server in which the cookie will be available on. Tiki will detect if it is installed in a subdirectory and will use that automatically.
N.B. Needs to start with a / character to work properly in Safari
/
Cookie Consent Ask permission of the user before setting any cookies, and comply with the response.
Complies with EU Privacy and Electronic Communications Regulations.
Disabled
Cookie consent name Name of the cookie to record the user's consent if the user agrees. Tiki_cookies_accepted
Cookie consent expiration Expiration date of the cookie to record consent (in days). 365 days
Cookie consent text Description for the dialog.
Wiki-parsed
This website would like to ...
Cookie consent question Specific question next to the checkbox for agreement. Leave empty to not display a checkbox.
Wiki-parsed
I accept cookies from this ...
Cookie consent for analytics Make it possible for users to opt in to essential cookies, such as "remember login", "timezone" etc without opting in to third party cookies such as those for Google Analytics and other external services.
Makes the checkbox opt in to accept "non-essential" cookies
Disabled
Cookie consent alert Alert displayed when user tries to access or use a feature requiring cookies. Sorry, cookie consent required
Cookie consent button Label on the agreement button. Continue
Cookie consent display mode Appearance of consent dialog
Plain | Banner | Dialog
None
Cookie consent dialog ID DOM id for the dialog container div. Cookie_consent_div
Cookie consent disabled Do not give the option to refuse cookies but still inform the user about cookie usage. Disabled
Banning system Deny access to specific users based on username, IP, and date/time range. Disabled
Ban usernames and emails Banning rules use both email and username to match rules. Disabled
Use email as username Instead of creating new usernames, use the user's email address for authentication. On the registration form, there will be no Username field. Disabled
Obscure email when using email as username This will attempt as much as possible to hide the email address, showing the real name or the truncated email address instead.
Coverage will not be complete
Disabled
User emails must be unique The email address of each user must be unique. Disabled
User can login via username or email. This will allow users to login using their email (as well as their username). Disabled
Minimum length The least possible number of characters for a valid username. 1 characters
Maximum length The greatest number of characters for a valid username. 50 characters
Force lowercase Automatically convert all alphabetic characters in the username to lowercase letters. For example JohnDoe becomes johndoe. Disabled
Username pattern This regex pattern requires or forbids the use of certain characters for username. For example, to add Hebrew, use: /
'\-_a-zA-Z0-9@\.א-ת*$/ or, for Chinese, use: /
'\-_a-zA-Z0-9@\.\x00-\xff*$/
/^[ '\-_a-zA-Z0-9@\.]*$/
Auto-generate 6-digit username on registration This will auto-generate a 6-digit username for users who sign up (they will normally log in with emails only). Disabled
Forgot password Users can request a password reset. They will receive a link by email.
Since passwords are stored securely, it's not possible to tell the user what the password is. It's only possible to change it.
Enabled
Allow users to use 2FA Allow users to enable Two-factor Authentication. Disabled
Users can change their password Registered users can change their password from their User Preferences page. If not, passwords can be changed only by the admin. Enabled
Require characters and numerals For improved security, require users to include a mix of alphabetical characters and numerals in passwords. Disabled
Require alphabetical characters in lower and upper case Password must contain at least one lowercase alphabetical character like "a" and one uppercase character like "A". Use this option to require users to select stronger passwords. Disabled
Require special characters Password must contain at least one special character in lower case like " / $ % ? & * ( ) _ + . Use this option to require users to select stronger passwords. Disabled
Require no consecutive repetition of the same character Password must not contain a consecutive repetition of the same character such as "111" or "aab". Disabled
Prevent common passwords For improved security, prevent users from creating blacklisted passwords. Use default blacklist or create custom blacklists through Control Panel -> Log in -> Password Blacklist. Disabled
The password must be different from the user's log-in name Enabled
Minimum length The least possible number of characters for a valid password. 5 characters
Password expires after The number of days after which a password will expire. Days are counted starting with the user’s first login. When the password expires, users will be required to select a new password when logging in.
Use "-1" for never
-1 days
Option Description Default
Authentication method Tiki supports several authentication methods. The default method is to use the internal user database.
Tiki | Tiki and OpenID | Tiki and OpenID Connect | Tiki and PAM | Tiki and LDAP | CAS (Central Authentication Service) | Shibboleth | Web Server | phpBB
Tiki
Intertiki Allows several Tiki sites (slaves) to get authentication from a master Tiki site Disabled
Users can register Allow site visitors to register, using the registration form. The log-in module will include a "Register" link. If this is not activated, new users will have to be added manually by the admin on the Admin-Users page. Disabled
Validate new user registrations by email Tiki will send an email message to the user. The message contains a link that must be clicked to validate the registration. After clicking the link, the user will be validated. You can use this option to limit false registrations or fake email addresses. Enabled
Validate user's email server Tiki will attempt to validate the user’s email address by examining the syntax of the email address. It must be a string of letters, or digits or _ or . or - follows by a @ follows by a string of letters, or digits or _ or . or -. Tiki will perform a DNS lookup and attempt to open a SMTP session to validate the email server.
No | Yes | Yes, with "deep MX" search
No
Require validation by Admin The administrator will receive an email for each new user registration, and must validate the user before the user can log in. Disabled
Validator emails (separated by comma) if different than the sender email None
Require passcode to register Users must enter an alphanumeric code to register. The site administrator must inform users of this code. This is to restrict registration to invited users. Disabled
Passcode Alphanumeric code required to complete the registration None
Show passcode on registration form Displays the required passcode on the registration form. This is helpful for legitimate users who want to register while making it difficult for automated robots because the passcode is unique for each site and because it is displayed in JavaScript. Disabled
Registration page key To register, users need to go to, for example: tiki-register.php?key=yourregistrationkeyvalue
Key required to be on included the URL to access the registration page (if not empty).
None
Generate password Display a button on the registration form to automatically generate a very secure password for the user.
The generated password may not include any restrictions (such as minimum/maximum length.
Disabled
Registration referrer check Use the HTTP referrer to check registration POST is sent from same host. (May not work on some setups.) Enabled
Anonymous editors must enter anti-bot code (CAPTCHA) Use CAPTCHA to ensure that anonymous input is from a person. Enabled
CAPTCHA image word length Number of characters the CAPTCHA will display. 6 characters
CAPTCHA image width Width of the CAPTCHA image in pixels. 180 pixels
CAPTCHA image noise Level of noise of the CAPTCHA image.
Choose a smaller number for less noise and easier reading.
100
Use reCAPTCHA Use reCAPTCHA, a specialized captcha service, instead of default CAPTCHA
You will need to register at http://www.google.com/recaptcha
Disabled
Site key reCAPTCHA public key obtained after registering. None
Secret key reCAPTCHA private key obtained after registering. None
reCAPTCHA theme Choose a theme for the reCAPTCHA widget.
Clean | Black Glass | Red | White
Clean
Version reCAPTCHA version.
1.0 | 2.0 | 3.0
2.0
CAPTCHA questions Requires anonymous visitors to enter the answer to a question. Disabled
CAPTCHA questions and answers Add some simple questions that only humans should be able to answer, in the format: "Question?: Answer" with one per line
One question per line with a colon separating the question and answer
None
Users must choose a group at registration Users cannot register without choosing one of the groups indicated above. Disabled
URL the user is redirected to after account validation The default page a Registered user sees after account validation is "tiki-information.php?msg=Account validated successfully".
Default: tiki-information.php?msg=Account validated successfully.
None
Use a tracker to collect more user information Display a tracker form for the user to complete as part of the registration process. This tracker will receive and store additional information about each user.
Go to Admin Groups to select which tracker and fields to display.
Disabled
Present different input fields in the User Wizard than are in the Registration form Ask a different set of fields for the User Details section in the User Wizard than the ones shown in the Registration form Disabled
Tracker fields presented in the User Wizard as User Details User's information tracker fields presented in the User Wizard as User Details (separate field IDs with colons) None
Use pretty trackers for registration form Use pretty trackers for registration form Disabled
Registration pretty tracker template Use a wiki page name or Smarty template file with a .tpl extension. None
Hide Mandatory Hide mandatory fields indication with an asterisk (shown by default). Disabled
Output the registration results Use a wiki page as template to output the registration results to Disabled
Output registration pretty tracker template Wiki page only None
Page name field ID User the tracker's field ID whose value is used as the output page name. None
User tracker IDs to sync prefs from Select one or more trackers to sync user preferences from. None
Tracker field IDs to sync the "real name" pref from Enter the comma-separated IDs in order of priority to be chosen; each item can concatenate multiple fields using "+", for example "2+3,4". None
Tracker field IDs to sync user groups Enter the comma-separated IDs of all fields that contain group names to which to sync user groups. None
Synchronize long/lat/zoom to location field Synchronize user geolocation preferences with the main location field. Disabled
Change user system language when changing user tracker item language Disabled
Assign a user tracker item when registering if email equals this field None
Force users to upload an avatar. Require the user to upload a profile picture if they haven't done so already by prompting them with a modal popup. Disabled
Require users to fill in tracker information Require users to fill in a tracker form if not done already by prompting them with a modal dialog. Disabled
Tracker ID of tracker required to be filled in A tracker for articles must contain an "Articles" field None
Mandatory tracker field to check for required filling in The permname of field that is checked to see if user has completed the form. If field is empty, user has not completed it. None
Fields that are asked for in the modal for force-filling Comma-separated permanent names of fields that are requested in the modal for required filling in. If empty, all fields are requested None
Use tracker to collect more group information Go to Admin Groups to select which tracker and fields to display. Disabled
Re-validate user email after The number of days after which an email will be sent to the user with a link to revalidate the account. The user will not be able to login (that is, the account will be invalid), until the user clicks the link. Use this feature to verify that a user’s email is still valid.
Use "-1" for never
-1 days
Re-validate user by email after After a certain number of consecutive unsuccessful log-in attempts, the user will receive an email with instruction to validate his or her account. However, the user can still log in with the old password.
Use "-1" for never
20 unsuccessful login attempts
Suspend account after After a certain number of consecutive unsuccessful login attempts, the account is suspended. An admin must revalidate the account before the user can use it again.
Use "-1" for never
50 unsuccessful login attempts
Create a new group for each user Automatically create a group for each user in order to, for example, assign permissions on the individual-user level.
The group name will be the same as the user's username
Disabled
Disable browser's autocomplete feature for username and password fields Use to deactivate the autocomplete in the log-in box. The autocomplete features can be optionally set in the user’s browser to remember the form input and proposes the remember the password. If enabled, the user log-in name and password cannot be remembered. You should enable this feature for highly secure sites. Disabled
On permission denied, display login module If an anonymous visitor attempts to access a page for which permission is not granted, Tiki will automatically display the Log-in module. Alternatively, use the Send to URL field to display a specific page (relative to your Tiki installation) instead. Disabled
Prevent multiple log-ins by the same user Users (other than admin) cannot log in simultaneously with multiple browsers. Disabled
Grab session if already logged in If users are blocked from logging in simultaneously, grab the session. Will force existing user to be logged out Disabled
Protect all sessions with HTTPS Always redirect to HTTPS to prevent a session hijack through network sniffing.
Warning: activate only if SSL is already configured; otherwise, all users including admin will be locked out of the site
Disabled
Use HTTPS login Increase security by allowing to transmit authentication credentials over SSL. Certificates must be configured on the server.
Do not require HTTPS until the connection has been set up and tested; otherwise, the website will be inaccessible
Disabled | Allow secure (HTTPS) login | Encourage secure (HTTPS) login | Consider we are always in HTTPS, but do not check | Require secure (HTTPS) login
Allow secure (HTTPS) login
HTTP Basic Authentication Check credentials from HTTP Basic Authentication, which is useful to allow webservices to use credentials.
Disable | SSL Only (Recommended) | Always
Disable
Users can choose to stay in SSL mode after an HTTPS login Enabled
Users can switch between secured or standard mode at login Disabled
HTTP port The port used to access this server; if not specified, port 80 will be used
If not specified, port 80 will be used
None
HTTPS port the HTTPS port for this server. 443
HTTPS for user-specific links When building notification emails, RSS feeds, the canonical URL or other externally available links, use HTTPS when the content applies to a specific user. HTTPS must be configured on the server. Disabled
Remember me After logging in, users will automatically be logged in again when they leave and return to the site.
Disabled | User's choice | Always
Disabled
Duration The length of time before the user will need to log in again.
5 minutes | 15 minutes | 30 minutes | 1 hour | 2 hours | 4 hours | 6 hours | 8 hours | 10 hours | 20 hours | 1 day | 1 week | 1 month | 1 year
2 hours
Refresh the remember-me cookie expiration Each time a user is logged in with a cookie set in a previous session, the cookie expiration date is updated. Disabled
Cookie name Name of the cookie to remember the user's login
Changing the cookie name forces an instant logout for all user sessions. Including yours.
Tikiwiki
Domain The domain that the cookie is available to. None
Path The path on the server in which the cookie will be available on. Tiki will detect if it is installed in a subdirectory and will use that automatically.
N.B. Needs to start with a / character to work properly in Safari
/
Cookie Consent Ask permission of the user before setting any cookies, and comply with the response.
Complies with EU Privacy and Electronic Communications Regulations.
Disabled
Cookie consent name Name of the cookie to record the user's consent if the user agrees. Tiki_cookies_accepted
Cookie consent expiration Expiration date of the cookie to record consent (in days). 365 days
Cookie consent text Description for the dialog.
Wiki-parsed
This website would like to ...
Cookie consent question Specific question next to the checkbox for agreement. Leave empty to not display a checkbox.
Wiki-parsed
I accept cookies from this ...
Cookie consent for analytics Make it possible for users to opt in to essential cookies, such as "remember login", "timezone" etc without opting in to third party cookies such as those for Google Analytics and other external services.
Makes the checkbox opt in to accept "non-essential" cookies
Disabled
Cookie consent alert Alert displayed when user tries to access or use a feature requiring cookies. Sorry, cookie consent required
Cookie consent button Label on the agreement button. Continue
Cookie consent display mode Appearance of consent dialog
Plain | Banner | Dialog
None
Cookie consent dialog ID DOM id for the dialog container div. Cookie_consent_div
Cookie consent disabled Do not give the option to refuse cookies but still inform the user about cookie usage. Disabled
Banning system Deny access to specific users based on username, IP, and date/time range. Disabled
Use email as username Instead of creating new usernames, use the user's email address for authentication. On the registration form, there will be no Username field. Disabled
Obscure email when using email as username This will attempt as much as possible to hide the email address, showing the real name or the truncated email address instead.
Coverage will not be complete
Disabled
User emails must be unique The email address of each user must be unique. Disabled
User can login via username or email. This will allow users to login using their email (as well as their username). Disabled
Minimum length The least possible number of characters for a valid username. 1 characters
Maximum length The greatest number of characters for a valid username. 50 characters
Force lowercase Automatically convert all alphabetic characters in the username to lowercase letters. For example JohnDoe becomes johndoe. Disabled
Username pattern This regex pattern requires or forbids the use of certain characters for username. For example, to add Hebrew, use: /
'\-_a-zA-Z0-9@\.א-ת*$/ or, for Chinese, use: /
'\-_a-zA-Z0-9@\.\x00-\xff*$/
/^[ '\-_a-zA-Z0-9@\.]*$/
Auto-generate 6-digit username on registration This will auto-generate a 6-digit username for users who sign up (they will normally log in with emails only). Disabled
Forgot password Users can request a password reset. They will receive a link by email.
Since passwords are stored securely, it's not possible to tell the user what the password is. It's only possible to change it.
Enabled
Allow users to use 2FA Allow users to enable Two-factor Authentication. Disabled
Users can change their password Registered users can change their password from their User Preferences page. If not, passwords can be changed only by the admin. Enabled
Require characters and numerals For improved security, require users to include a mix of alphabetical characters and numerals in passwords. Disabled
Require alphabetical characters in lower and upper case Password must contain at least one lowercase alphabetical character like "a" and one uppercase character like "A". Use this option to require users to select stronger passwords. Disabled
Require special characters Password must contain at least one special character in lower case like " / $ % ? & * ( ) _ + . Use this option to require users to select stronger passwords. Disabled
Require no consecutive repetition of the same character Password must not contain a consecutive repetition of the same character such as "111" or "aab". Disabled
Prevent common passwords For improved security, prevent users from creating blacklisted passwords. Use default blacklist or create custom blacklists through Control Panel -> Log in -> Password Blacklist. Disabled
The password must be different from the user's log-in name Enabled
Minimum length The least possible number of characters for a valid password. 5 characters
Password expires after The number of days after which a password will expire. Days are counted starting with the user’s first login. When the password expires, users will be required to select a new password when logging in.
Use "-1" for never
-1 days
Option Description Default
Authentication method Tiki supports several authentication methods. The default method is to use the internal user database.
Tiki | Tiki and OpenID | Tiki and PAM | Tiki and LDAP | CAS (Central Authentication Service) | Shibboleth | Web Server | phpBB
Tiki
Intertiki Allows several Tiki sites (slaves) to get authentication from a master Tiki site Disabled
Users can register Allow site visitors to register, using the registration form. The log-in module will include a "Register" link. If this is not activated, new users will have to be added manually by the admin on the Admin-Users page. Disabled
Validate new user registrations by email Tiki will send an email message to the user. The message contains a link that must be clicked to validate the registration. After clicking the link, the user will be validated. You can use this option to limit false registrations or fake email addresses. Enabled
Validate user's email server Tiki will attempt to validate the user’s email address by examining the syntax of the email address. It must be a string of letters, or digits or _ or . or - follows by a @ follows by a string of letters, or digits or _ or . or -. Tiki will perform a DNS lookup and attempt to open a SMTP session to validate the email server.
No | Yes | Yes, with "deep MX" search
No
Require validation by Admin The administrator will receive an email for each new user registration, and must validate the user before the user can log in. Disabled
Validator emails (separated by comma) if different than the sender email None
Require passcode to register Users must enter an alphanumeric code to register. The site administrator must inform users of this code. This is to restrict registration to invited users. Disabled
Passcode Alphanumeric code required to complete the registration None
Show passcode on registration form Displays the required passcode on the registration form. This is helpful for legitimate users who want to register while making it difficult for automated robots because the passcode is unique for each site and because it is displayed in JavaScript. Disabled
Registration page key To register, users need to go to, for example: tiki-register.php?key=yourregistrationkeyvalue
Key required to be on included the URL to access the registration page (if not empty).
None
Generate password Display a button on the registration form to automatically generate a very secure password for the user.
The generated password may not include any restrictions (such as minimum/maximum length.
Disabled
Registration referrer check Use the HTTP referrer to check registration POST is sent from same host. (May not work on some setups.) Enabled
Anonymous editors must enter anti-bot code (CAPTCHA) Use CAPTCHA to ensure that anonymous input is from a person. Enabled
CAPTCHA image word length Number of characters the CAPTCHA will display. 6 characters
CAPTCHA image width Width of the CAPTCHA image in pixels. 180 pixels
CAPTCHA image noise Level of noise of the CAPTCHA image.
Choose a smaller number for less noise and easier reading.
100
Use reCAPTCHA Use reCAPTCHA, a specialized captcha service, instead of default CAPTCHA
You will need to register at http://www.google.com/recaptcha
Disabled
Site key reCAPTCHA public key obtained after registering. None
Secret key reCAPTCHA private key obtained after registering. None
reCAPTCHA theme Choose a theme for the reCAPTCHA widget.
Clean | Black Glass | Red | White
Clean
Version reCAPTCHA version.
1.0 | 2.0 | 3.0
2.0
CAPTCHA questions Requires anonymous visitors to enter the answer to a question. Disabled
CAPTCHA questions and answers Add some simple questions that only humans should be able to answer, in the format: "Question?: Answer" with one per line
One question per line with a colon separating the question and answer
None
Users must choose a group at registration Users cannot register without choosing one of the groups indicated above. Disabled
URL the user is redirected to after account validation The default page a Registered user sees after account validation is "tiki-information.php?msg=Account validated successfully".
Default: tiki-information.php?msg=Account validated successfully.
None
Use a tracker to collect more user information Display a tracker form for the user to complete as part of the registration process. This tracker will receive and store additional information about each user.
Go to Admin Groups to select which tracker and fields to display.
Disabled
Present different input fields in the User Wizard than are in the Registration form Ask a different set of fields for the User Details section in the User Wizard than the ones shown in the Registration form Disabled
Tracker fields presented in the User Wizard as User Details User's information tracker fields presented in the User Wizard as User Details (separate field IDs with colons) None
Use pretty trackers for registration form Use pretty trackers for registration form Disabled
Registration pretty tracker template Use a wiki page name or Smarty template file with a .tpl extension. None
Hide Mandatory Hide mandatory fields indication with an asterisk (shown by default). Disabled
Output the registration results Use a wiki page as template to output the registration results to Disabled
Output registration pretty tracker template Wiki page only None
Page name field ID User the tracker's field ID whose value is used as the output page name. None
User tracker IDs to sync prefs from Select one or more trackers to sync user preferences from. None
Tracker field IDs to sync the "real name" pref from Enter the comma-separated IDs in order of priority to be chosen; each item can concatenate multiple fields using "+", for example "2+3,4". None
Tracker field IDs to sync user groups Enter the comma-separated IDs of all fields that contain group names to which to sync user groups. None
Synchronize long/lat/zoom to location field Synchronize user geolocation preferences with the main location field. Disabled
Change user system language when changing user tracker item language Disabled
Assign a user tracker item when registering if email equals this field None
Force users to upload an avatar. Require the user to upload a profile picture if they haven't done so already by prompting them with a modal popup. Disabled
Require users to fill in tracker information Require users to fill in a tracker form if not done already by prompting them with a modal dialog. Disabled
Tracker ID of tracker required to be filled in A tracker for articles must contain an "Articles" field None
Mandatory tracker field to check for required filling in The permname of field that is checked to see if user has completed the form. If field is empty, user has not completed it. None
Fields that are asked for in the modal for force-filling Comma-separated permanent names of fields that are requested in the modal for required filling in. If empty, all fields are requested None
Use tracker to collect more group information Go to Admin Groups to select which tracker and fields to display. Disabled
Re-validate user email after The number of days after which an email will be sent to the user with a link to revalidate the account. The user will not be able to login (that is, the account will be invalid), until the user clicks the link. Use this feature to verify that a user’s email is still valid.
Use "-1" for never
-1 days
Re-validate user by email after After a certain number of consecutive unsuccessful log-in attempts, the user will receive an email with instruction to validate his or her account. However, the user can still log in with the old password.
Use "-1" for never
20 unsuccessful login attempts
Suspend account after After a certain number of consecutive unsuccessful login attempts, the account is suspended. An admin must revalidate the account before the user can use it again.
Use "-1" for never
50 unsuccessful login attempts
Create a new group for each user Automatically create a group for each user in order to, for example, assign permissions on the individual-user level.
The group name will be the same as the user's username
Disabled
Disable browser's autocomplete feature for username and password fields Use to deactivate the autocomplete in the log-in box. The autocomplete features can be optionally set in the user’s browser to remember the form input and proposes the remember the password. If enabled, the user log-in name and password cannot be remembered. You should enable this feature for highly secure sites. Disabled
On permission denied, display login module If an anonymous visitor attempts to access a page for which permission is not granted, Tiki will automatically display the Log-in module. Alternatively, use the Send to URL field to display a specific page (relative to your Tiki installation) instead. Disabled
Prevent multiple log-ins by the same user Users (other than admin) cannot log in simultaneously with multiple browsers. Disabled
Grab session if already logged in If users are blocked from logging in simultaneously, grab the session. Will force existing user to be logged out Disabled
Protect all sessions with HTTPS Always redirect to HTTPS to prevent a session hijack through network sniffing.
Warning: activate only if SSL is already configured; otherwise, all users including admin will be locked out of the site
Disabled
Use HTTPS login Increase security by allowing to transmit authentication credentials over SSL. Certificates must be configured on the server.
Do not require HTTPS until the connection has been set up and tested; otherwise, the website will be inaccessible
Disabled | Allow secure (HTTPS) login | Encourage secure (HTTPS) login | Consider we are always in HTTPS, but do not check | Require secure (HTTPS) login
Allow secure (HTTPS) login
HTTP Basic Authentication Check credentials from HTTP Basic Authentication, which is useful to allow webservices to use credentials.
Disable | SSL Only (Recommended) | Always
Disable
Users can choose to stay in SSL mode after an HTTPS login Enabled
Users can switch between secured or standard mode at login Disabled
HTTP port The port used to access this server; if not specified, port 80 will be used
If not specified, port 80 will be used
None
HTTPS port the HTTPS port for this server. 443
HTTPS for user-specific links When building notification emails, RSS feeds, the canonical URL or other externally available links, use HTTPS when the content applies to a specific user. HTTPS must be configured on the server. Disabled
Remember me After logging in, users will automatically be logged in again when they leave and return to the site.
Disabled | User's choice | Always
Disabled
Duration The length of time before the user will need to log in again.
5 minutes | 15 minutes | 30 minutes | 1 hour | 2 hours | 4 hours | 6 hours | 8 hours | 10 hours | 20 hours | 1 day | 1 week | 1 month | 1 year
2 hours
Refresh the remember-me cookie expiration Each time a user is logged in with a cookie set in a previous session, the cookie expiration date is updated. Disabled
Cookie name Name of the cookie to remember the user's login
Changing the cookie name forces an instant logout for all user sessions. Including yours.
Tikiwiki
Domain The domain that the cookie is available to. None
Path The path on the server in which the cookie will be available on. Tiki will detect if it is installed in a subdirectory and will use that automatically.
N.B. Needs to start with a / character to work properly in Safari
/
Cookie Consent Ask permission of the user before setting any cookies, and comply with the response.
Complies with EU Privacy and Electronic Communications Regulations.
Disabled
Cookie consent name Name of the cookie to record the user's consent if the user agrees. Tiki_cookies_accepted
Cookie consent expiration Expiration date of the cookie to record consent (in days). 365 days
Cookie consent text Description for the dialog.
Wiki-parsed
This website would like to ...
Cookie consent question Specific question next to the checkbox for agreement. Leave empty to not display a checkbox.
Wiki-parsed
I accept cookies from this ...
Cookie consent alert Alert displayed when user tries to access or use a feature requiring cookies. Sorry, cookie consent required
Cookie consent button Label on the agreement button. Continue
Cookie consent mode Appearance of consent dialog
Dialog style requires feature_jquery_ui
Plain | Banner | Dialog
None
Cookie consent dialog ID DOM id for the dialog container div. Cookie_consent_div
Cookie consent disabled Do not give the option to refuse cookies but still inform the user about cookie usage. Disabled
Banning system Deny access to specific users based on username, IP, and date/time range. Disabled
Use email as username Instead of creating new usernames, use the user's email address for authentication. On the registration form, there will be no Username field. Disabled
Obscure email when using email as username This will attempt as much as possible to hide the email address, showing the real name or the truncated email address instead.
Coverage will not be complete
Disabled
User emails must be unique The email address of each user must be unique. Disabled
User can login via username or email. This will allow users to login using their email (as well as their username). Disabled
Minimum length The least possible number of characters for a valid username. 1 characters
Maximum length The greatest number of characters for a valid username. 50 characters
Force lowercase Automatically convert all alphabetic characters in the username to lowercase letters. For example JohnDoe becomes johndoe. Disabled
Username pattern This regex pattern requires or forbids the use of certain characters for username. For example, to add Hebrew, use: /
'\-_a-zA-Z0-9@\.א-ת*$/ or, for Chinese, use: /
'\-_a-zA-Z0-9@\.\x00-\xff*$/
/^[ '\-_a-zA-Z0-9@\.]*$/
Auto-generate 6-digit username on registration This will auto-generate a 6-digit username for users who sign up (they will normally log in with emails only). Disabled
Forgot password Users can request a password reset. They will receive a link by email.
Since passwords are stored securely, it's not possible to tell the user what the password is. It's only possible to change it.
Enabled
Allow users to use 2FA Allow users to enable Two-factor Authentication. Disabled
Users can change their password Registered users can change their password from their User Preferences page. If not, passwords can be changed only by the admin. Enabled
Require characters and numerals For improved security, require users to include a mix of alphabetical characters and numerals in passwords. Disabled
Require alphabetical characters in lower and upper case Password must contain at least one lowercase alphabetical character like "a" and one uppercase character like "A". Use this option to require users to select stronger passwords. Disabled
Require special characters Password must contain at least one special character in lower case like " / $ % ? & * ( ) _ + . Use this option to require users to select stronger passwords. Disabled
Require no consecutive repetition of the same character Password must not contain a consecutive repetition of the same character such as "111" or "aab". Disabled
Prevent common passwords For improved security, prevent users from creating blacklisted passwords. Use default blacklist or create custom blacklists through Control Panel -> Log in -> Password Blacklist. Disabled
The password must be different from the user's log-in name Enabled
Minimum length The least possible number of characters for a valid password. 5 characters
Password expires after The number of days after which a password will expire. Days are counted starting with the user’s first login. When the password expires, users will be required to select a new password when logging in.
Use "-1" for never
-1 days
Option Description Default
Authentication method Tiki supports several authentication methods. The default method is to use the internal user database.
Tiki | Tiki and OpenID | Tiki and PAM | Tiki and LDAP | CAS (Central Authentication Service) | Shibboleth | Web Server | phpBB
Tiki
Intertiki Allows several Tiki sites (slaves) to get authentication from a master Tiki site Disabled
Users can register Allow site visitors to register, using the registration form. The log-in module will include a "Register" link. If this is not activated, new users will have to be added manually by the admin on the Admin-Users page. Disabled
Validate new user registrations by email Tiki will send an email message to the user. The message contains a link that must be clicked to validate the registration. After clicking the link, the user will be validated. You can use this option to limit false registrations or fake email addresses. Enabled
Validate user's email server Tiki will attempt to validate the user’s email address by examining the syntax of the email address. It must be a string of letters, or digits or _ or . or - follows by a @ follows by a string of letters, or digits or _ or . or -. Tiki will perform a DNS lookup and attempt to open a SMTP session to validate the email server.
No | Yes | Yes, with "deep MX" search
No
Require validation by Admin The administrator will receive an email for each new user registration, and must validate the user before the user can log in. Disabled
Validator emails (separated by comma) if different than the sender email None
Require passcode to register Users must enter an alphanumeric code to register. The site administrator must inform users of this code. This is to restrict registration to invited users. Disabled
Passcode Alphanumeric code required to complete the registration None
Show passcode on registration form Displays the required passcode on the registration form. This is helpful for legitimate users who want to register while making it difficult for automated robots because the passcode is unique for each site and because it is displayed in JavaScript. Disabled
Registration page key To register, users need to go to, for example: tiki-register.php?key=yourregistrationkeyvalue
Key required to be on included the URL to access the registration page (if not empty).
None
Generate password Display a button on the registration form to automatically generate a very secure password for the user.
The generated password may not include any restrictions (such as minimum/maximum length.
Disabled
Registration referrer check Use the HTTP referrer to check registration POST is sent from same host. (May not work on some setups.) Enabled
Anonymous editors must enter anti-bot code (CAPTCHA) Use CAPTCHA to ensure that anonymous input is from a person. Enabled
CAPTCHA image word length Number of characters the CAPTCHA will display. 6 characters
CAPTCHA image width Width of the CAPTCHA image in pixels. 180 pixels
CAPTCHA image noise Level of noise of the CAPTCHA image.
Choose a smaller number for less noise and easier reading.
100
Use reCAPTCHA Use reCAPTCHA, a specialized captcha service, instead of default CAPTCHA
You will need to register at http://www.google.com/recaptcha
Disabled
Site key reCAPTCHA public key obtained after registering. None
Secret key reCAPTCHA private key obtained after registering. None
reCAPTCHA theme Choose a theme for the reCAPTCHA widget.
Clean | Black Glass | Red | White
Clean
Version reCAPTCHA version.
1.0 | 2.0 | 3.0
2.0
CAPTCHA questions Requires anonymous visitors to enter the answer to a question. Disabled
CAPTCHA questions and answers Add some simple questions that only humans should be able to answer, in the format: "Question?: Answer" with one per line
One question per line with a colon separating the question and answer
None
Users must choose a group at registration Users cannot register without choosing one of the groups indicated above. Disabled
URL the user is redirected to after account validation The default page a Registered user sees after account validation is "tiki-information.php?msg=Account validated successfully".
Default: tiki-information.php?msg=Account validated successfully.
None
Use a tracker to collect more user information Display a tracker form for the user to complete as part of the registration process. This tracker will receive and store additional information about each user.
Go to Admin Groups to select which tracker and fields to display.
Disabled
Present different input fields in the User Wizard than are in the Registration form Ask a different set of fields for the User Details section in the User Wizard than the ones shown in the Registration form Disabled
Tracker fields presented in the User Wizard as User Details User's information tracker fields presented in the User Wizard as User Details (separate field IDs with colons) None
Use pretty trackers for registration form Use pretty trackers for registration form Disabled
Registration pretty tracker template Use a wiki page name or Smarty template file with a .tpl extension. None
Hide Mandatory Hide mandatory fields indication with an asterisk (shown by default). Disabled
Output the registration results Use a wiki page as template to output the registration results to Disabled
Output registration pretty tracker template Wiki page only None
Page name field ID User the tracker's field ID whose value is used as the output page name. None
User tracker IDs to sync prefs from Select one or more trackers to sync user preferences from. None
Tracker field IDs to sync the "real name" pref from Enter the comma-separated IDs in order of priority to be chosen; each item can concatenate multiple fields using "+", for example "2+3,4". None
Tracker field IDs to sync user groups Enter the comma-separated IDs of all fields that contain group names to which to sync user groups. None
Synchronize long/lat/zoom to location field Synchronize user geolocation preferences with the main location field. Disabled
Change user system language when changing user tracker item language Disabled
Assign a user tracker item when registering if email equals this field None
Force users to upload an avatar. Require the user to upload a profile picture if they haven't done so already by prompting them with a modal popup. Disabled
Require users to fill in tracker information Require users to fill in a tracker form if not done already by prompting them with a modal dialog. Disabled
Tracker ID of tracker required to be filled in A tracker for articles must contain an "Articles" field None
Mandatory tracker field to check for required filling in The permname of field that is checked to see if user has completed the form. If field is empty, user has not completed it. None
Fields that are asked for in the modal for force-filling Comma-separated permanent names of fields that are requested in the modal for required filling in. If empty, all fields are requested None
Use tracker to collect more group information Go to Admin Groups to select which tracker and fields to display. Disabled
Re-validate user email after The number of days after which an email will be sent to the user with a link to revalidate the account. The user will not be able to login (that is, the account will be invalid), until the user clicks the link. Use this feature to verify that a user’s email is still valid.
Use "-1" for never
-1 days
Re-validate user by email after After a certain number of consecutive unsuccessful log-in attempts, the user will receive an email with instruction to validate his or her account. However, the user can still log in with the old password.
Use "-1" for never
20 unsuccessful login attempts
Suspend account after After a certain number of consecutive unsuccessful login attempts, the account is suspended. An admin must revalidate the account before the user can use it again.
Use "-1" for never
50 unsuccessful login attempts
Create a new group for each user Automatically create a group for each user in order to, for example, assign permissions on the individual-user level.
The group name will be the same as the user's username
Disabled
Disable browser's autocomplete feature for username and password fields Use to deactivate the autocomplete in the log-in box. The autocomplete features can be optionally set in the user’s browser to remember the form input and proposes the remember the password. If enabled, the user log-in name and password cannot be remembered. You should enable this feature for highly secure sites. Disabled
On permission denied, display login module If an anonymous visitor attempts to access a page for which permission is not granted, Tiki will automatically display the Log-in module. Alternatively, use the Send to URL field to display a specific page (relative to your Tiki installation) instead. Disabled
Prevent multiple log-ins by the same user Users (other than admin) cannot log in simultaneously with multiple browsers. Disabled
Grab session if already logged in If users are blocked from logging in simultaneously, grab the session. Will force existing user to be logged out Disabled
Protect all sessions with HTTPS Always redirect to HTTPS to prevent a session hijack through network sniffing.
Warning: activate only if SSL is already configured; otherwise, all users including admin will be locked out of the site
Disabled
Use HTTPS login Increase security by allowing to transmit authentication credentials over SSL. Certificates must be configured on the server.
Do not require HTTPS until the connection has been set up and tested; otherwise, the website will be inaccessible
Disabled | Allow secure (HTTPS) login | Encourage secure (HTTPS) login | Consider we are always in HTTPS, but do not check | Require secure (HTTPS) login
Allow secure (HTTPS) login
HTTP Basic Authentication Check credentials from HTTP Basic Authentication, which is useful to allow webservices to use credentials.
Disable | SSL Only (Recommended) | Always
Disable
Users can choose to stay in SSL mode after an HTTPS login Enabled
Users can switch between secured or standard mode at login Disabled
HTTP port The port used to access this server; if not specified, port 80 will be used
If not specified, port 80 will be used
None
HTTPS port the HTTPS port for this server. 443
HTTPS for user-specific links When building notification emails, RSS feeds, the canonical URL or other externally available links, use HTTPS when the content applies to a specific user. HTTPS must be configured on the server. Disabled
Remember me After logging in, users will automatically be logged in again when they leave and return to the site.
Disabled | User's choice | Always
Disabled
Duration The length of time before the user will need to log in again.
5 minutes | 15 minutes | 30 minutes | 1 hour | 2 hours | 4 hours | 6 hours | 8 hours | 10 hours | 20 hours | 1 day | 1 week | 1 month | 1 year
2 hours
Refresh the remember-me cookie expiration Each time a user is logged in with a cookie set in a previous session, the cookie expiration date is updated. Disabled
Cookie name Name of the cookie to remember the user's login
Changing the cookie name forces an instant logout for all user sessions. Including yours.
Tikiwiki
Domain The domain that the cookie is available to. None
Path The path on the server in which the cookie will be available on. Tiki will detect if it is installed in a subdirectory and will use that automatically.
N.B. Needs to start with a / character to work properly in Safari
/
Cookie Consent Ask permission of the user before setting any cookies, and comply with the response.
Complies with EU Privacy and Electronic Communications Regulations.
Disabled
Cookie consent name Name of the cookie to record the user's consent if the user agrees. Tiki_cookies_accepted
Cookie consent expiration Expiration date of the cookie to record consent (in days). 365 days
Cookie consent text Description for the dialog.
Wiki-parsed
This website would like to ...
Cookie consent question Specific question next to the checkbox for agreement. Leave empty to not display a checkbox.
Wiki-parsed
I accept cookies from this ...
Cookie consent alert Alert displayed when user tries to access or use a feature requiring cookies. Sorry, cookie consent required
Cookie consent button Label on the agreement button. Continue
Cookie consent mode Appearance of consent dialog
Dialog style requires feature_jquery_ui
Plain | Banner | Dialog
None
Cookie consent dialog ID DOM id for the dialog container div. Cookie_consent_div
Cookie consent disabled Do not give the option to refuse cookies but still inform the user about cookie usage. Disabled
Banning system Deny access to specific users based on username, IP, and date/time range. Disabled
Use email as username Instead of creating new usernames, use the user's email address for authentication. On the registration form, there will be no Username field. Disabled
Obscure email when using email as username This will attempt as much as possible to hide the email address, showing the real name or the truncated email address instead.
Coverage will not be complete
Disabled
User emails must be unique The email address of each user must be unique. Disabled
User can login via username or email. This will allow users to login using their email (as well as their username). Disabled
Minimum length The least possible number of characters for a valid username. 1 characters
Maximum length The greatest number of characters for a valid username. 50 characters
Force lowercase Automatically convert all alphabetic characters in the username to lowercase letters. For example JohnDoe becomes johndoe. Disabled
Username pattern This regex pattern requires or forbids the use of certain characters for username. For example, to add Hebrew, use: /
'\-_a-zA-Z0-9@\.א-ת*$/ or, for Chinese, use: /
'\-_a-zA-Z0-9@\.\x00-\xff*$/
/^[ '\-_a-zA-Z0-9@\.]*$/
Auto-generate 6-digit username on registration This will auto-generate a 6-digit username for users who sign up (they will normally log in with emails only). Disabled
Forgot password Users can request a password reset. They will receive a link by email.
Since passwords are encrypted, it's not possible to tell the user what the password is. It's only possible to change it.
Enabled
Allow users to use 2FA Allow users to enable Two-factor Authentication. Disabled
Users can change their password Registered users can change their password from their User Preferences page. If not, passwords can be changed only by the admin. Enabled
Require characters and numerals For improved security, require users to include a mix of alphabetical characters and numerals in passwords. Disabled
Require alphabetical characters in lower and upper case Password must contain at least one lowercase alphabetical character like "a" and one uppercase character like "A". Use this option to require users to select stronger passwords. Disabled
Require special characters Password must contain at least one special character in lower case like " / $ % ? & * ( ) _ + . Use this option to require users to select stronger passwords. Disabled
Require no consecutive repetition of the same character Password must not contain a consecutive repetition of the same character such as "111" or "aab". Disabled
Prevent common passwords For improved security, prevent users from creating blacklisted passwords. Use default blacklist or create custom blacklists through Control Panel -> Log in -> Password Blacklist. Disabled
The password must be different from the user's log-in name Enabled
Minimum length The least possible number of characters for a valid password. 5 characters
Password expires after The number of days after which a password will expire. Days are counted starting with the user’s first login. When the password expires, users will be required to select a new password when logging in.
Use "-1" for never
-1 days
Option Description Default
Authentication method Tiki supports several authentication methods. The default method is to use the internal user database.
Tiki | Tiki and OpenID | Tiki and PAM | Tiki and LDAP | CAS (Central Authentication Service) | Shibboleth | Web Server | phpBB
Tiki
Intertiki Allows several Tiki sites (slaves) to get authentication from a master Tiki site Disabled
Users can register Allow site visitors to register, using the registration form. The log-in module will include a "Register" link. If this is not activated, new users will have to be added manually by the admin on the Admin-Users page. Disabled
Validate new user registrations by email Tiki will send an email message to the user. The message contains a link that must be clicked to validate the registration. After clicking the link, the user will be validated. You can use this option to limit false registrations or fake email addresses. Enabled
Validate user's email server Tiki will attempt to validate the user’s email address by examining the syntax of the email address. It must be a string of letters, or digits or _ or . or - follows by a @ follows by a string of letters, or digits or _ or . or -. Tiki will perform a DNS lookup and attempt to open a SMTP session to validate the email server.
No | Yes | Yes, with "deep MX" search
No
Require validation by Admin The administrator will receive an email for each new user registration, and must validate the user before the user can log in. Disabled
Validator emails (separated by comma) if different than the sender email None
Require passcode to register Users must enter an alphanumeric code to register. The site administrator must inform users of this code. This is to restrict registration to invited users. Disabled
Passcode Alphanumeric code required to complete the registration None
Show passcode on registration form Displays the required passcode on the registration form. This is helpful for legitimate users who want to register while making it difficult for automated robots because the passcode is unique for each site and because it is displayed in JavaScript. Disabled
Registration page key To register, users need to go to, for example: tiki-register.php?key=yourregistrationkeyvalue
Key required to be on included the URL to access the registration page (if not empty).
None
Generate password Display a button on the registration form to automatically generate a very secure password for the user.
The generated password may not include any restrictions (such as minimum/maximum length.
Disabled
Registration referrer check Use the HTTP referrer to check registration POST is sent from same host. (May not work on some setups.) Enabled
Anonymous editors must enter anti-bot code (CAPTCHA) Use CAPTCHA to ensure that anonymous input is from a person. Enabled
CAPTCHA image word length Number of characters the CAPTCHA will display. 6 characters
CAPTCHA image width Width of the CAPTCHA image in pixels. 180 pixels
CAPTCHA image noise Level of noise of the CAPTCHA image.
Choose a smaller number for less noise and easier reading.
100
Use reCAPTCHA Use reCAPTCHA, a specialized captcha service, instead of default CAPTCHA
You will need to register at http://www.google.com/recaptcha
Disabled
Site key reCAPTCHA public key obtained after registering. None
Secret key reCAPTCHA private key obtained after registering. None
reCAPTCHA theme Choose a theme for the reCAPTCHA widget.
Clean | Black Glass | Red | White
Clean
Version reCAPTCHA version.
1.0 | 2.0 | 3.0
2.0
CAPTCHA questions Requires anonymous visitors to enter the answer to a question. Disabled
CAPTCHA questions and answers Add some simple questions that only humans should be able to answer, in the format: "Question?: Answer" with one per line
One question per line with a colon separating the question and answer
None
Users must choose a group at registration Users cannot register without choosing one of the groups indicated above. Disabled
URL the user is redirected to after account validation The default page a Registered user sees after account validation is "tiki-information.php?msg=Account validated successfully".
Default: tiki-information.php?msg=Account validated successfully.
None
Use a tracker to collect more user information Display a tracker form for the user to complete as part of the registration process. This tracker will receive and store additional information about each user.
Go to Admin Groups to select which tracker and fields to display.
Disabled
Present different input fields in the User Wizard than are in the Registration form Ask a different set of fields for the User Details section in the User Wizard than the ones shown in the Registration form Disabled
Tracker fields presented in the User Wizard as User Details User's information tracker fields presented in the User Wizard as User Details (separate field IDs with colons) None
Use pretty trackers for registration form Use pretty trackers for registration form Disabled
Registration pretty tracker template Use a wiki page name or Smarty template file with a .tpl extension. None
Hide Mandatory Hide mandatory fields indication with an asterisk (shown by default). Disabled
Output the registration results Use a wiki page as template to output the registration results to Disabled
Output registration pretty tracker template Wiki page only None
Page name field ID User the tracker's field ID whose value is used as the output page name. None
User tracker IDs to sync prefs from Select one or more trackers to sync user preferences from. None
Tracker field IDs to sync the "real name" pref from Enter the comma-separated IDs in order of priority to be chosen; each item can concatenate multiple fields using "+", for example "2+3,4". None
Tracker field IDs to sync user groups Enter the comma-separated IDs of all fields that contain group names to which to sync user groups. None
Synchronize long/lat/zoom to location field Synchronize user geolocation preferences with the main location field. Disabled
Change user system language when changing user tracker item language Disabled
Assign a user tracker item when registering if email equals this field None
Force users to upload an avatar. Require the user to upload a profile picture if they haven't done so already by prompting them with a modal popup. Disabled
Require users to fill in tracker information Require users to fill in a tracker form if not done already by prompting them with a modal dialog. Disabled
Tracker ID of tracker required to be filled in A tracker for articles must contain an "Articles" field None
Mandatory tracker field to check for required filling in The permname of field that is checked to see if user has completed the form. If field is empty, user has not completed it. None
Fields that are asked for in the modal for force-filling Comma-separated permanent names of fields that are requested in the modal for required filling in. If empty, all fields are requested None
Use tracker to collect more group information Go to Admin Groups to select which tracker and fields to display. Disabled
Re-validate user email after The number of days after which an email will be sent to the user with a link to revalidate the account. The user will not be able to login (that is, the account will be invalid), until the user clicks the link. Use this feature to verify that a user’s email is still valid.
Use "-1" for never
-1 days
Re-validate user by email after After a certain number of consecutive unsuccessful log-in attempts, the user will receive an email with instruction to validate his or her account. However, the user can still log in with the old password.
Use "-1" for never
20 unsuccessful login attempts
Suspend account after After a certain number of consecutive unsuccessful login attempts, the account is suspended. An admin must revalidate the account before the user can use it again.
Use "-1" for never
50 unsuccessful login attempts
Create a new group for each user Automatically create a group for each user in order to, for example, assign permissions on the individual-user level.
The group name will be the same as the user's username
Disabled
Disable browser's autocomplete feature for username and password fields Use to deactivate the autocomplete in the log-in box. The autocomplete features can be optionally set in the user’s browser to remember the form input and proposes the remember the password. If enabled, the user log-in name and password cannot be remembered. You should enable this feature for highly secure sites. Disabled
On permission denied, display login module If an anonymous visitor attempts to access a page for which permission is not granted, Tiki will automatically display the Log-in module. Alternatively, use the Send to URL field to display a specific page (relative to your Tiki installation) instead. Disabled
Prevent multiple log-ins by the same user Users (other than admin) cannot log in simultaneously with multiple browsers. Disabled
Grab session if already logged in If users are blocked from logging in simultaneously, grab the session. Will force existing user to be logged out Disabled
Protect all sessions with HTTPS Always redirect to HTTPS to prevent a session hijack through network sniffing.
Warning: activate only if SSL is already configured; otherwise, all users including admin will be locked out of the site
Disabled
Use HTTPS login Increase security by allowing to transmit authentication credentials over SSL. Certificates must be configured on the server.
Do not require HTTPS until the connection has been set up and tested; otherwise, the website will be inaccessible
Disabled | Allow secure (HTTPS) login | Encourage secure (HTTPS) login | Consider we are always in HTTPS, but do not check | Require secure (HTTPS) login
Allow secure (HTTPS) login
HTTP Basic Authentication Check credentials from HTTP Basic Authentication, which is useful to allow webservices to use credentials.
Disable | SSL Only (Recommended) | Always
Disable
Users can choose to stay in SSL mode after an HTTPS login Enabled
Users can switch between secured or standard mode at login Disabled
HTTP port The port used to access this server; if not specified, port 80 will be used
If not specified, port 80 will be used
None
HTTPS port the HTTPS port for this server. 443
HTTPS for user-specific links When building notification emails, RSS feeds, the canonical URL or other externally available links, use HTTPS when the content applies to a specific user. HTTPS must be configured on the server. Disabled
Remember me After logging in, users will automatically be logged in again when they leave and return to the site.
Disabled | User's choice | Always
Disabled
Duration The length of time before the user will need to log in again.
5 minutes | 15 minutes | 30 minutes | 1 hour | 2 hours | 10 hours | 20 hours | 1 day | 1 week | 1 month | 1 year
2 hours
Refresh the remember-me cookie expiration Each time a user is logged in with a cookie set in a previous session, the cookie expiration date is updated. Disabled
Cookie name Name of the cookie to remember the user's login
Changing the cookie name forces an instant logout for all user sessions. Including yours.
Tikiwiki
Domain The domain that the cookie is available to. None
Path The path on the server in which the cookie will be available on. Tiki will detect if it is installed in a subdirectory and will use that automatically.
N.B. Needs to start with a / character to work properly in Safari
/
Cookie Consent Ask permission of the user before setting any cookies, and comply with the response.
Complies with EU Privacy and Electronic Communications Regulations.
Disabled
Cookie consent name Name of the cookie to record the user's consent if the user agrees. Tiki_cookies_accepted
Cookie consent expiration Expiration date of the cookie to record consent (in days). 365 days
Cookie consent text Description for the dialog.
Wiki-parsed
This website would like to ...
Cookie consent question Specific question next to the checkbox for agreement. Leave empty to not display a checkbox.
Wiki-parsed
I accept cookies from this ...
Cookie consent alert Alert displayed when user tries to access or use a feature requiring cookies. Sorry, cookie consent required
Cookie consent button Label on the agreement button. Continue
Cookie consent mode Appearance of consent dialog
Dialog style requires feature_jquery_ui
Plain | Banner | Dialog
None
Cookie consent dialog ID DOM id for the dialog container div. Cookie_consent_div
Cookie consent disabled Do not give the option to refuse cookies but still inform the user about cookie usage. Disabled
Banning system Deny access to specific users based on username, IP, and date/time range. Disabled
Use email as username Instead of creating new usernames, use the user's email address for authentication. On the registration form, there will be no Username field. Disabled
Obscure email when using email as username This will attempt as much as possible to hide the email address, showing the real name or the truncated email address instead.
Coverage will not be complete
Disabled
User emails must be unique The email address of each user must be unique. Disabled
User can login via username or email. This will allow users to login using their email (as well as their username). Disabled
Minimum length The least possible number of characters for a valid username. 1 characters
Maximum length The greatest number of characters for a valid username. 50 characters
Force lowercase Automatically convert all alphabetic characters in the username to lowercase letters. For example JohnDoe becomes johndoe. Disabled
Username pattern This regex pattern requires or forbids the use of certain characters for username. For example, to add Hebrew, use: /
'\-_a-zA-Z0-9@\.א-ת*$/ or, for Chinese, use: /
'\-_a-zA-Z0-9@\.\x00-\xff*$/
/^[ '\-_a-zA-Z0-9@\.]*$/
Auto-generate 6-digit username on registration This will auto-generate a 6-digit username for users who sign up (they will normally log in with emails only). Disabled
Forgot password Users can request a password reset. They will receive a link by email.
Since passwords are encrypted, it's not possible to tell the user what the password is. It's only possible to change it.
Enabled
Users can change their password Registered users can change their password from their User Preferences page. If not, passwords can be changed only by the admin. Enabled
Require characters and numerals For improved security, require users to include a mix of alphabetical characters and numerals in passwords. Disabled
Require alphabetical characters in lower and upper case Password must contain at least one lowercase alphabetical character like "a" and one uppercase character like "A". Use this option to require users to select stronger passwords. Disabled
Require special characters Password must contain at least one special character in lower case like " / $ % ? & * ( ) _ + . Use this option to require users to select stronger passwords. Disabled
Require no consecutive repetition of the same character Password must not contain a consecutive repetition of the same character such as "111" or "aab". Disabled
Prevent common passwords For improved security, prevent users from creating blacklisted passwords. Use default blacklist or create custom blacklists through Control Panel -> Log in -> Password Blacklist. Disabled
The password must be different from the user's log-in name Enabled
Minimum length The least possible number of characters for a valid password. 5 characters
Password expires after The number of days after which a password will expire. Days are counted starting with the user’s first login. When the password expires, users will be required to select a new password when logging in.
Use "-1" for never
-1 days
Option Description Default
Authentication method Tiki supports several authentication methods. The default method is to use the internal user database.
Tiki | Tiki and OpenID | Tiki and PAM | Tiki and LDAP | CAS (Central Authentication Service) | Shibboleth | Web Server | phpBB
Tiki
Intertiki Allows several Tiki sites (slaves) to get authentication from a master Tiki site Disabled
Users can register Allow site visitors to register, using the registration form. The log-in module will include a "Register" link. If this is not activated, new users will have to be added manually by the admin on the Admin-Users page. Disabled
Validate new user registrations by email Tiki will send an email message to the user. The message contains a link that must be clicked to validate the registration. After clicking the link, the user will be validated. You can use this option to limit false registrations or fake email addresses. Enabled
Validate user's email server Tiki will attempt to validate the user’s email address by examining the syntax of the email address. It must be a string of letters, or digits or _ or . or - follows by a @ follows by a string of letters, or digits or _ or . or -. Tiki will perform a DNS lookup and attempt to open a SMTP session to validate the email server.
No | Yes | Yes, with "deep MX" search
No
Require validation by Admin The administrator will receive an email for each new user registration, and must validate the user before the user can log in. Disabled
Validator emails (separated by comma) if different than the sender email None
Require passcode to register Users must enter an alphanumeric code to register. The site administrator must inform users of this code. This is to restrict registration to invited users. Disabled
Passcode Alphanumeric code required to complete the registration None
Show passcode on registration form Displays the required passcode on the registration form. This is helpful for legitimate users who want to register while making it difficult for automated robots because the passcode is unique for each site and because it is displayed in JavaScript. Disabled
Registration page key To register, users need to go to, for example: tiki-register.php?key=yourregistrationkeyvalue
Key required to be on included the URL to access the registration page (if not empty).
None
Generate password Display a button on the registration form to automatically generate a very secure password for the user.
The generated password may not include any restrictions (such as minimum/maximum length.
Disabled
Registration referrer check Use the HTTP referrer to check registration POST is sent from same host. (May not work on some setups.) Enabled
Anonymous editors must enter anti-bot code (CAPTCHA) Use CAPTCHA to ensure that anonymous input is from a person. Enabled
CAPTCHA image word length Number of characters the CAPTCHA will display. 6 characters
CAPTCHA image width Width of the CAPTCHA image in pixels. 180 pixels
CAPTCHA image noise Level of noise of the CAPTCHA image.
Choose a smaller number for less noise and easier reading.
100
Use reCAPTCHA Use reCAPTCHA, a specialized captcha service, instead of default CAPTCHA
You will need to register at http://www.google.com/recaptcha
Disabled
Site key reCAPTCHA public key obtained after registering. None
Secret key reCAPTCHA private key obtained after registering. None
reCAPTCHA theme Choose a theme for the reCAPTCHA widget.
Clean | Black Glass | Red | White
Clean
Version reCAPTCHA version.
1.0 | 2.0
2.0
CAPTCHA questions Requires anonymous visitors to enter the answer to a question. Disabled
CAPTCHA questions and answers Add some simple questions that only humans should be able to answer, in the format: "Question?: Answer" with one per line
One question per line with a colon separating the question and answer
None
Users must choose a group at registration Users cannot register without choosing one of the groups indicated above. Disabled
URL the user is redirected to after account validation The default page a Registered user sees after account validation is "tiki-information.php?msg=Account validated successfully".
Default: tiki-information.php?msg=Account validated successfully.
None
Use a tracker to collect more user information Display a tracker form for the user to complete as part of the registration process. This tracker will receive and store additional information about each user.
Go to the "Admin Groups" page to select which tracker and fields to display
Disabled
Present different input fields in the User Wizard than are in the Registration form Ask a different set of fields for the User Details section in the User Wizard than the ones shown in the Registration form Disabled
Tracker fields presented in the User Wizard as User Details User's information tracker fields presented in the User Wizard as User Details (separate field IDs with colons) None
Use pretty trackers for registration form Use pretty trackers for registration form Disabled
Registration pretty tracker template Use a wiki page name or Smarty template file with a .tpl extension. None
Hide Mandatory Hide mandatory fields indication with an asterisk (shown by default). Disabled
Output the registration results Use a wiki page as template to output the registration results to Disabled
Output registration pretty tracker template Wiki page only None
Page name field ID User the tracker's field ID whose value is used as the output page name. None
User tracker IDs to sync prefs from Enter the comma-separated IDs of trackers to sync user preferences from. None
Tracker field IDs to sync the "real name" pref from Enter the comma-separated IDs in order of priority to be chosen; each item can concatenate multiple fields using "+", for example "2+3,4". None
Tracker field IDs to sync user groups Enter the comma-separated IDs of all fields that contain group names to which to sync user groups. None
Synchronize long/lat/zoom to location field Synchronize user geolocation preferences with the main location field. Disabled
Change user system language when changing user tracker item language Disabled
Assign a user tracker item when registering if email equals this field None
Force users to upload an avatar. Require the user to upload a profile picture if they haven't done so already by prompting them with a modal popup. Disabled
Require users to fill in tracker information Require users to fill in a tracker form if not done already by prompting them with a modal dialog. Disabled
Tracker ID of tracker required to be filled in A tracker for articles must contain an "Articles" field None
Mandatory tracker field to check for required filling in The permname of field that is checked to see if user has completed the form. If field is empty, user has not completed it. None
Fields that are asked for in the modal for force-filling Comma-separated permanent names of fields that are requested in the modal for required filling in. If empty, all fields are requested None
Use tracker to collect more group information Go to the "Admin Groups" page to select which tracker and fields to display Disabled
Re-validate user email after The number of days after which an email will be sent to the user with a link to revalidate the account. The user will not be able to login (that is, the account will be invalid), until the user clicks the link. Use this feature to verify that a user’s email is still valid.
Use "-1" for never
-1 days
Re-validate user by email after After a certain number of consecutive unsuccessful log-in attempts, the user will receive an email with instruction to validate his or her account. However, the user can still log in with the old password.
Use "-1" for never
20 unsuccessful login attempts
Suspend account after After a certain number of consecutive unsuccessful login attempts, the account is suspended. An admin must revalidate the account before the user can use it again.
Use "-1" for never
50 unsuccessful login attempts
Create a new group for each user Automatically create a group for each user in order to, for example, assign permissions on the individual-user level.
The group name will be the same as the user's username
Disabled
Disable browser's autocomplete feature for username and password fields Use to deactivate the autocomplete in the log-in box. The autocomplete features can be optionally set in the user’s browser to remember the form input and proposes the remember the password. If enabled, the user log-in name and password cannot be remembered. You should enable this feature for highly secure sites. Disabled
On permission denied, display login module If an anonymous visitor attempts to access a page for which permission is not granted, Tiki will automatically display the Log-in module. Alternatively, use the Send to URL field to display a specific page (relative to your Tiki installation) instead. Disabled
Prevent multiple log-ins by the same user Users (other than admin) cannot log in simultaneously with multiple browsers. Disabled
Grab session if already logged in If users are blocked from logging in simultaneously, grab the session. Will force existing user to be logged out Disabled
Protect all sessions with HTTPS Always redirect to HTTPS to prevent a session hijack through network sniffing.
Warning: activate only if SSL is already configured; otherwise, all users including admin will be locked out of the site
Disabled
Use HTTPS login Increase security by allowing to transmit authentication credentials over SSL. Certificates must be configured on the server.
Do not require HTTPS until the connection has been set up and tested; otherwise, the website will be inaccessible
Disabled | Allow secure (HTTPS) login | Encourage secure (HTTPS) login | Consider we are always in HTTPS, but do not check | Require secure (HTTPS) login
Allow secure (HTTPS) login
HTTP Basic Authentication Check credentials from HTTP Basic Authentication, which is useful to allow webservices to use credentials.
Disable | SSL Only (Recommended) | Always
Disable
Users can choose to stay in SSL mode after an HTTPS login Enabled
Users can switch between secured or standard mode at login Disabled
HTTP port The port used to access this server; if not specified, port 80 will be used
If not specified, port 80 will be used
None
HTTPS port the HTTPS port for this server. 443
HTTPS for user-specific links When building notification emails, RSS feeds, the canonical URL or other externally available links, use HTTPS when the content applies to a specific user. HTTPS must be configured on the server. Disabled
Remember me After logging in, users will automatically be logged in again when they leave and return to the site.
Disabled | User's choice | Always
Disabled
Duration The length of time before the user will need to log in again.
5 minutes | 15 minutes | 30 minutes | 1 hour | 2 hours | 10 hours | 20 hours | 1 day | 1 week | 1 month | 1 year
2 hours
Refresh the remember-me cookie expiration Each time a user is logged in with a cookie set in a previous session, the cookie expiration date is updated. Disabled
Cookie name Name of the cookie to remember the user's login
Changing the cookie name forces an instant logout for all user sessions. Including yours.
Tikiwiki
Domain The domain that the cookie is available to. None
Path The path on the server in which the cookie will be available on. Tiki will detect if it is installed in a subdirectory and will use that automatically.
N.B. Needs to start with a / character to work properly in Safari
/
Cookie Consent Ask permission of the user before setting any cookies, and comply with the response.
Complies with EU Privacy and Electronic Communications Regulations.
Disabled
Cookie consent name Name of the cookie to record the user's consent if the user agrees. Tiki_cookies_accepted
Cookie consent expiration Expiration date of the cookie to record consent (in days). 365 days
Cookie consent text Description for the dialog.
Wiki-parsed
This website would like to ...
Cookie consent question Specific question next to the checkbox for agreement. Leave empty to not display a checkbox.
Wiki-parsed
I accept cookies from this ...
Cookie consent alert Alert displayed when user tries to access or use a feature requiring cookies. Sorry, cookie consent required
Cookie consent button Label on the agreement button. Continue
Cookie consent mode Appearance of consent dialog
Dialog style requires feature_jquery_ui
Plain | Banner | Dialog
None
Cookie consent dialog ID DOM id for the dialog container div. Cookie_consent_div
Cookie consent disabled Do not give the option to refuse cookies but still inform the user about cookie usage. Disabled
Banning system Deny access to specific users based on username, IP, and date/time range. Disabled
Use email as username Instead of creating new usernames, use the user's email address for authentication. On the registration form, there will be no Username field. Disabled
Obscure email when using email as username This will attempt as much as possible to hide the email address, showing the real name or the truncated email address instead.
Coverage will not be complete
Disabled
User emails must be unique The email address of each user must be unique. Disabled
User can login via username or email. This will allow users to login using their email (as well as their username). Disabled
Minimum length The least possible number of characters for a valid username. 1 characters
Maximum length The greatest number of characters for a valid username. 50 characters
Force lowercase Automatically convert all alphabetic characters in the username to lowercase letters. For example JohnDoe becomes johndoe. Disabled
Username pattern This regex pattern requires or forbids the use of certain characters for username. For example, to add Hebrew, use: /
'\-_a-zA-Z0-9@\.א-ת*$/ or, for Chinese, use: /
'\-_a-zA-Z0-9@\.\x00-\xff*$/
/^[ '\-_a-zA-Z0-9@\.]*$/
Auto-generate 6-digit username on registration This will auto-generate a 6-digit username for users who sign up (they will normally log in with emails only). Disabled
Forgot password Users can request a password reset. They will receive a link by email.
Since passwords are encrypted, it's not possible to tell the user what the password is. It's only possible to change it.
Enabled
Users can change their password Registered users can change their password from their User Preferences page. If not, passwords can be changed only by the admin. Enabled
Require characters and numerals For improved security, require users to include a mix of alphabetical characters and numerals in passwords. Disabled
Require alphabetical characters in lower and upper case Password must contain at least one lowercase alphabetical character like "a" and one uppercase character like "A". Use this option to require users to select stronger passwords. Disabled
Require special characters Password must contain at least one special character in lower case like " / $ % ? & * ( ) _ + . Use this option to require users to select stronger passwords. Disabled
Require no consecutive repetition of the same character Password must not contain a consecutive repetition of the same character such as "111" or "aab". Disabled
Prevent common passwords For improved security, prevent users from creating blacklisted passwords. Use default blacklist or create custom blacklists through Control Panel -> Log in -> Password Blacklist. Disabled
The password must be different from the user's log-in name Enabled
Minimum length The least possible number of characters for a valid password. 5 characters
Password expires after The number of days after which a password will expire. Days are counted starting with the user’s first login. When the password expires, users will be required to select a new password when logging in.
Use "-1" for never
-1 days
Option Description Default
Authentication method Tiki supports several authentication methods. The default method is to use the internal user database.
Tiki | Tiki and OpenID | Tiki and PAM | Tiki and LDAP | CAS (Central Authentication Service) | Shibboleth | Web Server | phpBB
Tiki
Intertiki Allows several Tiki sites (slaves) to get authentication from a master Tiki site Disabled
Users can register Allow site visitors to register, using the registration form. The log-in module will include a "Register" link. If this is not activated, new users will have to be added manually by the admin on the Admin-Users page. Disabled
Validate new user registrations by email Tiki will send an email message to the user. The message contains a link that must be clicked to validate the registration. After clicking the link, the user will be validated. You can use this option to limit false registrations or fake email addresses. Enabled
Validate user's email server Tiki will attempt to validate the user’s email address by examining the syntax of the email address. It must be a string of letters, or digits or _ or . or - follows by a @ follows by a string of letters, or digits or _ or . or -. Tiki will perform a DNS lookup and attempt to open a SMTP session to validate the email server.
No | Yes | Yes, with "deep MX" search
No
Require validation by Admin The administrator will receive an email for each new user registration, and must validate the user before the user can log in. Disabled
Validator emails (separated by comma) if different than the sender email None
Require passcode to register Users must enter an alphanumeric code to register. The site administrator must inform users of this code. This is to restrict registration to invited users. Disabled
Passcode Alphanumeric code required to complete the registration None
Show passcode on registration form Displays the required passcode on the registration form. This is helpful for legitimate users who want to register while making it difficult for automated robots because the passcode is unique for each site and because it is displayed in JavaScript. Disabled
Registration page key To register, users need to go to, for example: tiki-register.php?key=yourregistrationkeyvalue
Key required to be on included the URL to access the registration page (if not empty).
None
Generate password Display a button on the registration form to automatically generate a very secure password for the user.
The generated password may not include any restrictions (such as minimum/maximum length.
Disabled
Registration referrer check Use the HTTP referrer to check registration POST is sent from same host. (May not work on some setups.) Enabled
Anonymous editors must enter anti-bot code (CAPTCHA) Use CAPTCHA to ensure that anonymous input is from a person. Enabled
CAPTCHA image word length Number of characters the CAPTCHA will display. 6 characters
CAPTCHA image width Width of the CAPTCHA image in pixels. 180 pixels
CAPTCHA image noise Level of noise of the CAPTCHA image.
Choose a smaller number for less noise and easier reading.
100
Use ReCAPTCHA Use this security service provided by Google instead of the default CAPTCHA
You will need to register at http://www.google.com/recaptcha
Disabled
Site key ReCAPTCHA public key obtained after registering None
Secret key ReCAPTCHA private key obtained after registering None
ReCAPTCHA theme Choose a theme for the ReCAPTCHA widget.
Clean | Black Glass | Red | White
Clean
Version ReCAPTCHA version
1.0 | 2.0
2.0
CAPTCHA questions Requires anonymous visitors to enter the answer to a question. Disabled
CAPTCHA questions and answers Add some simple questions that only humans should be able to answer, in the format: "Question?: Answer" with one per line
One question per line with a colon separating the question and answer
None
Users must choose a group at registration Users cannot register without choosing one of the groups indicated above. Disabled
URL the user is redirected to after account validation The default page a Registered user sees after account validation is "tiki-information.php?msg=Account validated successfully".
Default: tiki-information.php?msg=Account validated successfully.
None
Use a tracker to collect more user information Display a tracker form for the user to complete as part of the registration process. This tracker will receive and store additional information about each user.
Go to the "Admin Groups" page to select which tracker and fields to display
Disabled
Present different input fields in the User Wizard than are in the Registration form Ask a different set of fields for the User Details section in the User Wizard than the ones shown in the Registration form Disabled
Tracker fields presented in the User Wizard as User Details User's information tracker fields presented in the User Wizard as User Details (separate field IDs with colons) None
Use pretty trackers for registration form Use pretty trackers for registration form Disabled
Registration pretty tracker template Use a wiki page name or Smarty template file with a .tpl extension. None
Hide Mandatory Hide mandatory fields indication with an asterisk (shown by default). Disabled
Output the registration results Use a wiki page as template to output the registration results to Disabled
Output registration pretty tracker template Wiki page only None
Page name field ID User the tracker's field ID whose value is used as the output page name. None
User tracker IDs to sync prefs from Enter the comma-separated IDs of trackers to sync user preferences from. None
Tracker field IDs to sync the "real name" pref from Enter the comma-separated IDs in order of priority to be chosen; each item can concatenate multiple fields using "+", for example "2+3,4". None
Tracker field IDs to sync user groups Enter the comma-separated IDs of all fields that contain group names to which to sync user groups. None
Synchronize long/lat/zoom to location field Synchronize user geolocation preferences with the main location field. Disabled
Change user system language when changing user tracker item language Disabled
Assign a user tracker item when registering if email equals this field None
Force users to upload an avatar. Require the user to upload a profile picture if they haven't done so already by prompting them with a modal popup. Disabled
Require users to fill in tracker information. Require users to fill in a tracker form if not done already by prompting them with a modal dialog Disabled
Tracker ID of tracker required to be filled in A tracker for articles must contain an "Articles" field. None
Mandatory tracker field to check for required filling in The permname of field that is checked to see if user has completed the form. If field is empty, user has not completed it. None
Fields that are asked for in the modal for force-filling Comma-separated permanent names of fields that are requested in the modal for required filling in. If empty, all fields are requested None
Use tracker to collect more group information Go to the "Admin Groups" page to select which tracker and fields to display Disabled
Re-validate user email after The number of days after which an email will be sent to the user with a link to revalidate the account. The user will not be able to login (that is, the account will be invalid), until the user clicks the link. Use this feature to verify that a user’s email is still valid.
Use "-1" for never
-1 days
Re-validate user by email after After a certain number of consecutive unsuccessful log-in attempts, the user will receive an email with instruction to validate his or her account. However, the user can still log in with the old password.
Use "-1" for never
20 unsuccessful login attempts
Suspend account after After a certain number of consecutive unsuccessful login attempts, the account is suspended. An admin must revalidate the account before the user can use it again.
Use "-1" for never
50 unsuccessful login attempts
Create a new group for each user Automatically create a group for each user in order to, for example, assign permissions on the individual-user level.
The group name will be the same as the user's username
Disabled
Disable browser's autocomplete feature for username and password fields Use to deactivate the autocomplete in the log-in box. The autocomplete features can be optionally set in the user’s browser to remember the form input and proposes the remember the password. If enabled, the user log-in name and password cannot be remembered. You should enable this feature for highly secure sites. Disabled
Prevent multiple log-ins by the same user Users (other than admin) cannot log in simultaneously with multiple browsers. Disabled
Grab session if already logged in If users are blocked from logging in simultaneously, grab the session. This will cause the user to be logged out Disabled
Protect all sessions with HTTPS Always redirect to HTTPS to prevent a session hijack through network sniffing.
Warning: activate only if SSL is already configured; otherwise, all users including admin will be locked out of the site
Disabled
Use HTTPS login Increase security by allowing to transmit authentication credentials over SSL. Certificates must be configured on the server.
Do not require HTTPS until the connection has been set up and tested; otherwise, the website will be inaccessible
Disabled | Allow secure (HTTPS) login | Encourage secure (HTTPS) login | Consider we are always in HTTPS, but do not check | Require secure (HTTPS) login
Allow secure (HTTPS) login
HTTP Basic Authentication Check credentials from HTTP Basic Authentication, which is useful to allow webservices to use credentials.
Disable | SSL Only (Recommended) | Always
Disable
Users can choose to stay in SSL mode after an HTTPS login Enabled
Users can switch between secured or standard mode at login Disabled
HTTP port The port used to access this server; if not specified, port 80 will be used
If not specified, port 80 will be used
None
HTTPS port the HTTPS port for this server. 443
HTTPS for user-specific links When building notification emails, RSS feeds, the canonical URL or other externally available links, use HTTPS when the content applies to a specific user. HTTPS must be configured on the server. Disabled
Remember me After logging in, users will automatically be logged in again when they leave and return to the site.
Disabled | User's choice | Always
Disabled
Duration The length of time before the user will need to log in again.
5 minutes | 15 minutes | 30 minutes | 1 hour | 2 hours | 10 hours | 20 hours | 1 day | 1 week | 1 month | 1 year
2 hours
Refresh the remember-me cookie expiration Each time a user is logged in with a cookie set in a previous session, the cookie expiration date is updated. Disabled
Cookie name Name of the cookie to remember the user's login
Changing the cookie name forces an instant logout for all user sessions. Including yours.
Tikiwiki
Domain The domain that the cookie is available to. None
Path The path on the server in which the cookie will be available on. Tiki will detect if it is installed in a subdirectory and will use that automatically.
N.B. Needs to start with a / character to work properly in Safari
/
Cookie Consent Ask permission of the user before setting any cookies, and comply with the response.
Complies with EU Privacy and Electronic Communications Regulations.
Disabled
Cookie consent name Name of the cookie to record the user's consent if the user agrees. Tiki_cookies_accepted
Cookie consent expiration Expiration date of the cookie to record consent (in days). 365 days
Cookie consent text Description for the dialog.
Wiki-parsed
This website would like to ...
Cookie consent question Specific question next to the checkbox for agreement. Leave empty to not display a checkbox.
Wiki-parsed
I accept cookies from this ...
Cookie consent alert Alert displayed when user tries to access or use a feature requiring cookies. Sorry, cookie consent required
Cookie consent button Label on the agreement button. Continue
Cookie consent mode Appearance of consent dialog
Dialog style requires feature_jquery_ui
Plain | Banner | Dialog
None
Cookie consent dialog ID DOM id for the dialog container div. Cookie_consent_div
Cookie consent disabled Do not give the option to refuse cookies but still inform the user about cookie usage. Disabled
Banning system Deny access to specific users based on username, IP, and date/time range. Disabled
Use email as username Instead of creating new usernames, use the user's email address for authentication. On the registration form, there will be no Username field. Disabled
Obscure email when using email as username As much as possible, attempt to not display the email address, showing the real name or the truncated email address instead.
Coverage will not be complete
Disabled
User emails must be unique The email address of each user must be unique. Disabled
User can login via username or email. Allow users to log in using their email address (as well as their username). Disabled
Minimum length The least possible number of characters for a valid username. 1 characters
Maximum length The greatest number of characters for a valid username. 50 characters
Force lowercase Automatically convert all alphabetic characters in the username to lowercase letters. For example JohnDoe becomes johndoe. Disabled
Username pattern This regex pattern requires or forbids the use of certain characters for username. For example to add Hebrew use: /
'\-_a-zA-Z0-9@\.א-ת*$/ or for Chinese use: /
'\-_a-zA-Z0-9@\.\x00-\xff*$/
/^[ '\-_a-zA-Z0-9@\.]*$/
Auto-generate 6-digit username on registration This will auto-generate a 6-digit username for users who sign up (they will normally log in with emails only). Disabled
Forgot password Users can request a password reset. They will receive a link by email.
Since passwords are encrypted, it's not possible to tell the user what the password is. It's only possible to change it.
Enabled
Users can change their password Registered users can change their password from their User Preferences page. If not, passwords can be changed only by the admin. Enabled
Require characters and numerals For improved security, require users to include a mix of alphabetical characters and numerals in passwords. Disabled
Require alphabetical characters in lower and upper case Password must contain at least one lowercase alphabetical character like "a" and one uppercase character like "A". Use this option to require users to select stronger passwords. Disabled
Require special characters Password must contain at least one special character in lower case like " / $ % ? & * ( ) _ + . Use this option to require users to select stronger passwords. Disabled
Require no consecutive repetition of the same character Password must not contain a consecutive repetition of the same character such as "111" or "aab". Disabled
Prevent common passwords For improved security, prevent passwords in your password blacklist from being used. Disabled
The password must be different from the user's log-in name Enabled
Minimum length The least possible number of characters for a valid password. 5 characters
Password expires after The number of days after which a password will expire. Days are counted starting with the user’s first login. When the password expires, users will be forced to select a new password when logging in.
Use "-1" for never
-1 days
Option Description Default
Authentication method Tiki supports several authentication methods. The default method is to use the internal user database.
Tiki | Tiki and OpenID | Tiki and PAM | Tiki and LDAP | CAS (Central Authentication Service) | SAML | Shibboleth | Web Server | phpBB
Tiki
Intertiki Allows several Tiki sites (slaves) to get authentication from a master Tiki site Disabled
Users can register This will allow users to register, using the webform. The Login module will include a Register link. If disabled, the admin will have to create new users manually on the Admin Users page. Disabled
Validate new user registrations by email Tiki will send an email message to the user. The message contains a link that must be clicked to validate the registration. After clicking the link, the user will be validated. You can use this option to limit false registrations or fake email addresses. Enabled
Validate user’s email server Tiki will attempt to validate the user’s email address by examining the syntax of the email address. It must be a string of letters, or digits or _ or . or - follows by a @ follows by a string of letters, or digits or _ or . or -. Tiki will perform a DNS lookup and attempt to open a SMTP session to validate the email server.
No | Yes | Yes, with “deep MX” search
No
Require validation by Admin The administrator will receive an email for each new user registration, and must validate the user before the user can log in. Disabled
Validator emails (separated by comma) if different than the sender email None
Require passcode to register Users must enter an alphanumeric code to register. The site administrator must inform users of this code. This is to restrict registration to invited users. Disabled
Passcode Alphanumeric code required to complete the registration None
Show passcode on registration form Displays the required passcode on the registration form. This is helpful for legitimate users who want to register while making it difficult for automated robots because the passcode is unique for each site and because it is displayed in JavaScript. Disabled
Registration page key for example, to register, users need to go to: tiki-register.php?key=yourregistrationkeyvalue
Key required to be on included the URL to access the registration page (if not empty).
None
Generate password Tiki will include a button on the registration form that will automatically generate a very secure password for the user.
The generated password may not include any restrictions (such as minimum/maximum length.
Disabled
Registration referrer check Use the HTTP referrer to check registration POST is sent from same host. (May not work on some setups.) Enabled
Anonymous editors must enter anti-bot code (CAPTCHA) Use CAPTCHA to ensure that anonymous input is from a person. Enabled
CAPTCHA image word length Number of characters the CAPTCHA will display. 6 characters
CAPTCHA image width Width of the CAPTCHA image in pixels. 180 pixels
CAPTCHA image noise Level of noise of the CAPTCHA image.
Choose a smaller number for less noise and easier reading.
100
Use ReCaptcha Use ReCaptcha, a specialized captcha service, instead of default CAPTCHA
You will need to register at http://www.google.com/recaptcha
Disabled
Site key ReCaptcha public key obtained after registering. None
Secret key ReCaptcha private key obtained after registering. None
ReCaptcha theme Choose a theme for the ReCaptcha widget.
Clean | Black Glass | Red | White
Clean
Version ReCaptcha version.
1.0 | 2.0
2.0
CAPTCHA questions Requires anonymous visitors to enter the answer to a question. Disabled
CAPTCHA questions and answers Add some simple questions that only humans should be able to answer, in the format: “Question?: Answer” with one per line
One question per line with a colon separating the question and answer
None
Users must choose a group at registration Users cannot register without choosing one of the groups indicated above. Disabled
URL the user is redirected to after account validation The default page a Registered user sees after account validation is tiki-information.php?msg=Account validated successfully.
Default: tiki-information.php?msg=Account validated successfully.
None
Use a tracker to collect more user information Display a tracker (form) for the user to complete as part of the registration process. This tracker will be used to store additional information about each user.
Go to the “Admin Groups” page to select which tracker and fields to display
Disabled
Present different input fields in the User Wizard than are in the Registration form Ask a different set of fields for the User Details section in the User Wizard than the ones shown in the Registration form Disabled
Tracker fields presented in the User Wizard as User Details User’s information tracker fields presented in the User Wizard as User Details (separate fieldIds with colons) None
Use pretty trackers for registration form Use pretty trackers for registration form Disabled
Registration pretty tracker template Use wiki page name or template file with .tpl extension None
Hide Mandatory Hide mandatory fields indication with an asterisk (shown by default). Disabled
Output the registration results Use a wiki page as template to output the registration results to Disabled
Output registration pretty tracker template Wiki page only None
Page name field ID User tracker’s field ID whose value is used as output page name None
User tracker IDs to sync prefs from Enter the IDs separated by commas of trackers to sync user prefs from None
Tracker field IDs to sync the “real name” pref from Enter the IDs separated by commas in priority of being chosen, each item can concatenate multiple fields using +, e.g. 2+3,4 None
Tracker field IDs to sync user groups Enter the IDs separated by commas of all fields that contain group names to sync user groups to None
Synchronize long/lat/zoom to location field Synchronize user geolocation prefs to main location field Disabled
Change user system language when changing user tracker item language Disabled
Assign a user tracker item when registering if email equals this field None
Force users to upload an avatar. Forces a user to upload an avatar if they haven’t already by prompting them with a modal Disabled
Force users to fill tracker information. Forces a user to fill in a tracker form if they haven’t already by prompting them with a module Disabled
Tracker ID of tracker for force-filling The tracker that is for articles must contain an “Articles” field None
Mandatory tracker field to check for force-filling The permname of field that is checked to see if user has completed the form. If field is empty, user has not completed it. None
Fields that are asked for in the modal for force-filling Comma-separated permnames of fields that are asked for in the modal for force-filling. If empty, all fields are asked for None
Use tracker to collect more group information Go to the “Admin Groups” page to select which tracker and fields to display Disabled
Re-validate user email after The number of days after which an email will be sent to the user with a link to revalidate the account. The user will not be able to login (that is, the account will be invalid), until the user clicks the link. Use this feature to verify that a user’s email is still valid.
Use “-1” for never
-1 days
Re-validate user by email after After a certain number of consecutive unsuccessful log-in attempts, the user will receive an email with instruction to validate his or her account. However, the user can still log in with the old password.
Use “-1” for never
20 unsuccessful login attempts
Suspend account after After a certain number of consecutive unsuccessful login attempts, the account is suspended. An admin must revalidate the account before the user can use it again.
Use “-1” for never
50 unsuccessful login attempts
Create a new group for each user Tiki will automatically create a group for the user.
The group name will be the same as the user’s username
Disabled
Disable browser’s autocomplete feature for username and password fields Use to deactivate the autocomplete in the login box. The autocomplete features can be optionally set in the user’s browser to remember the form input and proposes the remember the password. If enabled, the user login and password can not be remembered. You should enable this feature for highly secure sites. Disabled
Prevent multiple log-ins by the same user Users (other than admin) cannot log in simultaneously with multiple browsers. Disabled
Grab session if already logged in If users are blocked from logging in simultaneously, grab the session. Will force existing user to be logged out Disabled
Protect all sessions with HTTPS Always redirect to HTTPS to prevent a session hijack through network sniffing.
Warning: activate only if SSL is already configured; otherwise, all users including admin will be locked out of the site
Disabled
Use HTTPS login Increase security by allowing to transmit authentication credentials over SSL. Certificates must be configured on the server.
Do not require HTTPS until the connection has been set up and tested; otherwise, the website will be inaccessible
Disabled | Allow secure (HTTPS) login | Encourage secure (HTTPS) login | Consider we are always in HTTPS, but do not check | Require secure (HTTPS) login
Allow secure (HTTPS) login
HTTP Basic Authentication Check credentials from HTTP Basic Authentication, which is useful to allow webservices to use credentials.
Disable | SSL Only (Recommended) | Always
Disable
Users can choose to stay in SSL mode after an HTTPS login Enabled
Users can switch between secured or standard mode at login Disabled
HTTP port The port used to access this server; if not specified, port 80 will be used
If not specified, port 80 will be used
None
HTTPS port the HTTPS port for this server. 443
Use HTTPS when building user-specific links When building notification emails, RSS feeds or other externally available links, use HTTPS when the content applies to a specific user. HTTPS must be configured on the server. Disabled
Remember me Use this option to have Tiki remember users. They will automatically be logged in if they leave, then return to the site.
Disabled | User’s choice | Always
Disabled
Duration You can define the length of time that Tiki will “remember” the user.
5 minutes | 15 minutes | 30 minutes | 1 hour | 2 hours | 10 hours | 20 hours | 1 day | 1 week | 1 month | 1 year
2 hours
Refresh the remember-me cookie expiration Each time a user is logged in with a cookie set in a previous session, the cookie expiration date is updated. Disabled
Cookie name Name of the cookie to remember the user’s login
Changing the cookie name forces an instant logout for all user sessions. Including yours.
Tikiwiki
Domain The domain that the cookie is available to. None
Path The path on the server in which the cookie will be available on. Tiki will detect if it is installed in a subdirectory and will use that automatically.
N.B. Needs to start with a / character to work properly in Safari
/
Cookie Consent Ask permission of the user before setting any cookies, and comply with the response.
Complies with EU Privacy and Electronic Communications Regulations.
Disabled
Cookie consent name Name of the cookie to record the user’s consent if the user agrees. Tiki_cookies_accepted
Cookie consent expiration Expiration date of the cookie to record consent (in days). 365 days
Cookie consent text Description for the dialog.
Wiki-parsed
This website would like to ...
Cookie consent question Specific question next to the checkbox for agreement. Leave empty to not display a checkbox.
Wiki-parsed
I accept cookies from this ...
Cookie consent alert Alert displayed when user tries to access or use a feature requiring cookies. Sorry, cookie consent required
Cookie consent button Label on the agreement button. Continue
Cookie consent mode Appearance of consent dialog
Dialog style requires feature_jquery_ui
Plain | Banner | Dialog
None
Cookie consent dialog ID DOM id for the dialog container div. Cookie_consent_div
Cookie consent disabled Do not give the option to refuse cookies but still inform the user about cookie usage. Disabled
Banning system Deny access to specific users based on username, IP, and date/time range. Disabled
Use email as username Instead of creating new usernames, use the user’s email address for authentication. On the registration form, there will be no Username field. Disabled
Obscure email when using email as username This will attempt as much as possible to hide the email address, showing the real name or the truncated email address instead.
Coverage will not be complete
Disabled
User emails must be unique User e-mails must be unique Disabled
User can login via username or email. This will allow users to login using their email (as well as their username). Disabled
Minimum length The least possible number of characters for a valid username. 1 characters
Maximum length The greatest number of characters for a valid username. 50 characters
Force lowercase Tiki will automatically convert all alphabetic characters in the username to all lowercase letters. For example JohnDoe becomes johndoe. Disabled
Username pattern This regex pattern force and forbid the use fo certain characters for username. For example to add Hebrew use: /
‘-_a-zA-Z0-9@.א-ת*$/ or for Chinese use: /
‘-_a-zA-Z0-9@.\x00-\xff*$/
/^[ '\-_a-zA-Z0-9@\.]*$/
Auto-generate 6-digit username on registration This will auto-generate a 6-digit username for users who sign up (they will normally login with emails only). Disabled
Forgot password Users can request a password reset. They will receive a link by email.
Since passwords are encrypted, it’s not possible to tell the user what the password is. It’s only possible to change it.
Enabled
Users can change their password Registered users can change their password from their User Preferences page. If not, passwords can be changed only by the admin. Enabled
Require characters and numerals For improved security, require users to include a mix of alphabetical characters and numerals in passwords. Disabled
Require alphabetical characters in lower and upper case Password must contain at least one lowercase alphabetical character like “a” and one uppercase character like “A”. Use this option to force users to select stronger passwords. Disabled
Require special characters Password must contain at least one special character in lower case like ” / $ % ? & * ( ) _ + . Use this option to force users to select stronger passwords. Disabled
Require no consecutive repetition of the same character Password must not contain a consecutive repetition of the same character such as “111” or “aab”. Disabled
Prevent common passwords For improved security, prevent passwords in your password blacklist from being used. Disabled
The password must be different from the user’s log-in name Enabled
Minimum length The least possible number of characters for a valid password. 5 characters
Password expires after The number of days after which a password will expire. Days are counted starting with the user’s first login. When the password expires, users will be forced to select a new password when logging in.
Use “-1” for never
-1 days
Option Description Default
Authentication method Tiki supports several authentication methods. The default method is to use the internal user database.
Tiki | Tiki and OpenID | Tiki and PAM | Tiki and LDAP | CAS (Central Authentication Service) | Shibboleth | Web Server | phpBB
Tiki
Intertiki Allows several Tiki sites (slaves) to get authentication from a master Tiki site Disabled
Users can register Permit user registration Disabled
Validate new user registrations by email Upon registration, the new user will receive an email containing a new-account validation link. Enabled
Validate user's email server Tiki will perform a DNS lookup and attempt to open a SMTP session to validate the email server. Disabled
Require validation by Admin The administrator will receive an email for each new user registration, and must validate the user before the user can log in. Disabled
Validator emails (separated by comma) if different than the sender email None
Require passcode to register Users must enter an alphanumeric code to register. The site administrator must inform users of this code. This is to restrict registration to invited users. Disabled
Passcode Alphanumeric code required to complete the registration None
Show passcode on registration form Displays the required passcode on the registration form. This is helpful for legitimate users who want to register while making it difficult for automated robots because the passcode is unique for each site and because it is displayed in JavaScript. Disabled
Registration page key for example, to register, users need to go to: tiki-register.php?key=yourregistrationkeyvalue
Key required to be on included the URL to access the registration page (if not empty).
None
Generate password Include "Generate password" option in registration form
The generated password may not include any restrictions (such as minimum/maximum length.
Disabled
Registration referrer check Use the HTTP referrer to check registration POST is sent from same host. (May not work on some setups.) Enabled
Anonymous editors must enter anti-bot code (CAPTCHA) Use CAPTCHA to ensure that anonymous input is from a person Enabled
Word length of the CAPTCHA image Word length of the CAPTCHA image. Default:6 6
Width of the CAPTCHA image in pixels Width of the CAPTCHA image in pixels. Default:180 180
Level of noise of the CAPTCHA image Level of noise of the CAPTCHA image. Choose a smaller number for less noise and easier reading. Default:100
Choose a smaller number for less noise and easier reading.
100
Use ReCaptcha Use ReCaptcha, a specialized captcha service, instead of default CAPTCHA
You will need to register at http://www.google.com/recaptcha
Disabled
Site key ReCaptcha public key obtained after registering. None
Secret key ReCaptcha private key obtained after registering. None
ReCaptcha theme Choose a theme for the ReCaptcha widget.
Clean | Black Glass | Red | White
Clean
Version ReCaptcha version.
1.0 | 2.0
2.0
CAPTCHA Questions Requires anonymous visitors to enter the answer to a question . Disabled
CAPTCHA Questions and answers Add some simple questions that only humans should be able to answer, in the format: "Question?: Answer" with one per line
One question per line with a colon separating the question and answer
None
Users must choose a group at registration Users cannot register without choosing one of the groups indicated above. Disabled
URL the user is redirected to after account validation The default page a Registered user sees after account validation is tiki-information.php?msg=Account validated successfully.
Default: tiki-information.php?msg=Account validated successfully.
None
Use a tracker to collect more user information Display a tracker (form) for the user to complete as part of the registration process. This tracker will be used to store additional information about each user.
Go to the "Admin Groups" page to select which tracker and fields to display
Disabled
Present different input fields in the User Wizard than are in the Registration form Ask a different set of fields for the User Details section in the User Wizard than the ones shown in the Registration form Disabled
Tracker fields presented in the User Wizard as User Details User's information tracker fields presented in the User Wizard as User Details (separate fieldIds with colons) None
Use pretty trackers for registration form Use pretty trackers for registration form Disabled
Registration pretty tracker template Use wiki page name or template file with .tpl extension None
Hide Mandatory Hide mandatory fields indication with an asterisk (shown by default). Disabled
Output the registration results Use a wiki page as template to output the registration results to Disabled
Output registration pretty tracker template Wiki page only None
Page name field ID User tracker's field ID whose value is used as output page name None
User tracker IDs to sync prefs from Enter the IDs separated by commas of trackers to sync user prefs from None
Tracker field IDs to sync the "real name" pref from Enter the IDs separated by commas in priority of being chosen, each item can concatenate multiple fields using +, e.g. 2+3,4 None
Tracker field IDs to sync user groups Enter the IDs separated by commas of all fields that contain group names to sync user groups to None
Synchronize long/lat/zoom to location field Synchronize user geolocation prefs to main location field Disabled
Change user system language when changing user tracker item language Disabled
Assign a user tracker item when registering if email equals this field None
Force users to upload an avatar. Forces a user to upload an avatar if they haven't already by prompting them with a modal Disabled
Force users to fill tracker information. Forces a user to fill in a tracker form if they haven't already by prompting them with a module Disabled
Tracker ID of tracker for force-filling The tracker that is for articles must contain an "Articles" field None
Mandatory tracker field to check for force-filling The permname of field that is checked to see if user has completed the form. If field is empty, user has not completed it. None
Fields that are asked for in the modal for force-filling Comma-separated permnames of fields that are asked for in the modal for force-filling. If empty, all fields are asked for None
Use tracker to collect more group information Go to the "Admin Groups" page to select which tracker and fields to display Disabled
Re-validate user by email after Number of days to wait before re-validating the user's email address
Use "-1" for never
days
-1
Re-validate user by email after After a certain number of consecutive unsuccessful log-in attempts, the user will receive an email with instruction to validate his or her account. However, the user can still log in with the old password.
Use "-1" for never
unsuccessful login attempts
20
Suspend account after After a certain number of consecutive unsuccessful login attempts, the account is suspended. An admin must revalidate the account before the user can use it again.
Use "-1" for never
unsuccessful login attempts
50
Create a new group for each user Tiki will automatically create a group for the user.
The group name will be the same as the user's username
Disabled
Disable browser's autocomplete feature for username and password fields Use to deactivate the autocomplete in the login box. The autocomplete features can be optionally set in the user’s browser to remember the form input and proposes the remember the password. If enabled, the user login and password can not be remembered. You should enable this feature for highly secure sites. Disabled
Prevent multiple log-ins by the same user Users (other than admin) cannot log in simultaneously with multiple browsers. Disabled
Grab session if already logged in If users are blocked from logging in simultaneously, grab the session. Will force existing user to be logged out Disabled
Protect all sessions with HTTPS Always redirect to HTTPS to prevent a session hijack through network sniffing.
Warning: activate only if SSL is already configured; otherwise, all users including admin will be locked out of the site
Disabled
Use HTTPS login Increase security by allowing to transmit authentication credentials over SSL. Certificates must be configured on the server.
Do not require HTTPS until the connection has been set up and tested; otherwise, the website will be inaccessible
Disabled | Allow secure (HTTPS) login | Encourage secure (HTTPS) login | Consider we are always in HTTPS, but do not check | Require secure (HTTPS) login
Allow secure (HTTPS) login
HTTP Basic Authentication Check credentials from HTTP Basic Authentication, which is useful to allow webservices to use credentials.
Disable | SSL Only (Recommended) | Always
Disable
Users can choose to stay in SSL mode after an HTTPS login Enabled
Users can switch between secured or standard mode at login Disabled
HTTP port The port used to access this server; if not specified, port 80 will be used
If not specified, port 80 will be used
None
HTTPS port the HTTPS port for this server, default=443
If left empty, port 443 will be used
None
Use HTTPS when building user-specific links When building notification emails, RSS feeds or other externally available links, use HTTPS when the content applies to a specific user. HTTPS must be configured on the server. Disabled
Remember me Use this option to have Tiki remember users. They will automatically be logged in if they leave, then return to the site.
Disabled | User's choice | Always
Disabled
Duration You can define the length of time that Tiki will “remember” the user.
5 minutes | 15 minutes | 30 minutes | 1 hour | 2 hours | 10 hours | 20 hours | 1 day | 1 week | 1 month | 1 year
2 hours
Refresh the remember-me cookie expiration Each time a user is logged in with a cookie set in a previous session, the cookie expiration date is updated. Disabled
Cookie name Name of the cookie to remember the user's login
Changing the cookie name forces an instant logout for all user sessions. Including yours.
Tikiwiki
Domain The domain that the cookie is available to. None
Path The path on the server in which the cookie will be available on. Tiki will detect if it is installed in a subdirectory and will use that automatically.
N.B. Needs to start with a / character to work properly in Safari
/tiki16/
Cookie Consent Ask permission of the user before setting any cookies, and comply with the response.
Complies with EU Privacy and Electronic Communications Regulations.
Disabled
Cookie consent name Name of the cookie to record the user's consent if the user agrees. Tiki_cookies_accepted
Cookie consent expiration Expiration date of the cookie to record consent (in days). 365
Cookie consent text Description for the dialog.
Wiki-parsed
This website would like to ...
Cookie consent question Specific question next to the checkbox for agreement. Leave empty to not display a checkbox.
Wiki-parsed
I accept cookies from this ...
Cookie consent alert Alert displayed when user tries to access or use a feature requiring cookies. Sorry, cookie consent required
Cookie consent button Label on the agreement button. Continue
Cookie consent mode Appearance of consent dialog
Dialog style requires feature_jquery_ui
Plain | Banner | Dialog
None
Cookie consent dialog ID DOM id for the dialog container div. Cookie_consent_div
Cookie consent disabled Do not give the option to refuse cookies but still inform the user about cookie usage. Disabled
Banning system Deny access to specific users based on username, IP, and date/time range. Disabled
Use email as username Instead of creating new usernames, use the user's email address for authentication. Disabled
Obscure the email address when using the email address as username if possible (coverage will not be complete) This will attempt as much as possible to hide the email address, showing the real name or the truncated email address instead.
Coverage will not be complete
Disabled
User e-mails must be unique User e-mails must be unique Disabled
User can login via username or e-mail. This will allow users to login using their email (as well as their username). Disabled
Minimum length The least possible number of characters for a valid username. 1
Maximum length The greatest number of characters for a valid username. 50
Force lowercase Tiki will automatically convert all alphabetic characters in the username to all lowercase letters. For example JohnDoe becomes johndoe. Disabled
Username pattern This regex pattern force and forbid the use fo certain characters for username. For example to add Hebrew use: /
‘-_a-zA-Z0-9@.א-ת*$/ or for Chinese use: /
‘-_a-zA-Z0-9@.\x00-\xff*$/
/^[ '\-_a-zA-Z0-9@\.]*$/
Auto-generate 6-digit username on registration This will auto-generate a 6-digit username for users who sign up (they will normally login with emails only). Disabled
Forgot password Users can request a password reset. They will receive a link by email.
Since passwords are encrypted, it's not possible to tell the user what the password is. It's only possible to change it.
Enabled
Users can change their password Allow users to change their own login password Enabled
Require characters and numerals For improved security, require users to include a mix of alphabetical characters and numerals in passwords. Disabled
Require alphabetical characters in lower and upper case Password must contain at least one lowercase alphabetical character like "a" and one uppercase character like "A". Disabled
Require special characters Password must contain at least one special character in lower case like " / $ % ? & * ( ) _ + ... Disabled
Require no consecutive repetition of the same character Password must not contain a consecutive repetition of the same character such as "111" or "aab". Disabled
The password must be different from the user's log-in name The password must be different from the user's log-in name. Enabled
Minimum length The least possible number of characters for a valid password. 5
Password expires after password expiry period (in days)
Use "-1" for never
days
-1
Option Description Default
Authentication method Tiki supports several authentication methods. The default method is to use the internal user database.
Tiki | Tiki and OpenID | Tiki and PAM | Tiki and LDAP | CAS (Central Authentication Service) | Shibboleth | Web Server | phpBB
Tiki
Intertiki Allows several Tiki sites (slaves) to get authentication from a master Tiki site Disabled
Users can register Permit user registration Disabled
Validate new user registrations by email Upon registration, the new user will receive an email containing a new-account validation link. Enabled
Validate user's email server Tiki will perform a DNS lookup and attempt to open a SMTP session to validate the email server. Disabled
Require validation by Admin The administrator will receive an email for each new user registration, and must validate the user before the user can log in. Disabled
Validator emails (separated by comma) if different than the sender email None
Require passcode to register Users must enter an alphanumeric code to register. The site administrator must inform users of this code. This is to restrict registration to invited users. Disabled
Passcode Alphanumeric code required to complete the registration None
Show passcode on registration form Displays the required passcode on the registration form. This is helpful for legitimate users who want to register while making it difficult for automated robots because the passcode is unique for each site and because it is displayed in JavaScript. Disabled
Registration page key for example, to register, users need to go to: tiki-register.php?key=yourregistrationkeyvalue
Key required to be on included the URL to access the registration page (if not empty).
None
Generate password Include "Generate password" option in registration form
The generated password may not include any restrictions (such as minimum/maximum length.
Disabled
Registration referrer check Use the HTTP referrer to check registration POST is sent from same host. (May not work on some setups.) Enabled
Anonymous editors must enter anti-bot code (CAPTCHA) Use CAPTCHA to ensure that anonymous input is from a person Enabled
Word length of the CAPTCHA image Word length of the CAPTCHA image. Default:6 6
Width of the CAPTCHA image in pixels Width of the CAPTCHA image in pixels. Default:180 180
Level of noise of the CAPTCHA image Level of noise of the CAPTCHA image. Choose a smaller number for less noise and easier reading. Default:100
Choose a smaller number for less noise and easier reading.
100
Use ReCaptcha Use ReCaptcha, a specialized captcha service, instead of default CAPTCHA
You will need to register at http://www.google.com/recaptcha
Disabled
Public Key ReCaptcha public key obtained after registering. None
Private Key ReCaptcha private key obtained after registering. None
ReCaptcha theme Choose a theme for the ReCaptcha widget.
Clean | Black Glass | Red | White
Clean
Version ReCaptcha version.
1.0 | 2.0
2.0
CAPTCHA Questions Requires anonymous visitors to enter the answer to a question . Disabled
CAPTCHA Questions and answers Add some simple questions that only humans should be able to answer, in the format: "Question?: Answer" with one per line
One question per line with a colon separating the question and answer
None
Users must choose a group at registration Users cannot register without choosing one of the groups indicated above. Disabled
URL the user is redirected to after account validation The default page a Registered user sees after account validation is tiki-information.php?msg=Account validated successfully.
Default: tiki-information.php?msg=Account validated successfully.
None
Use a tracker to collect more user information Display a tracker (form) for the user to complete as part of the registration process. This tracker will be used to store additional information about each user.
Go to the "Admin Groups" page to select which tracker and fields to display
Disabled
Present different input fields in the User Wizard than are in the Registration form Ask a different set of fields for the User Details section in the User Wizard than the ones shown in the Registration form Disabled
Tracker fields presented in the User Wizard as User Details User's information tracker fields presented in the User Wizard as User Details (separate fieldIds with colons) None
Use pretty trackers for registration form Use pretty trackers for registration form Disabled
Registration pretty tracker template Use wiki page name or template file with .tpl extension None
Hide Mandatory Hide mandatory fields indication with an asterisk (shown by default). Disabled
Output the registration results Use a wiki page as template to output the registration results to Disabled
Output registration pretty tracker template Wiki page only None
Page name field ID User tracker's field ID whose value is used as output page name None
User tracker IDs to sync prefs from Enter the IDs separated by commas of trackers to sync user prefs from None
Tracker field IDs to sync the "real name" pref from Enter the IDs separated by commas in priority of being chosen, each item can concatenate multiple fields using +, e.g. 2+3,4 None
Synchronize long/lat/zoom to location field Synchronize user geolocation prefs to main location field Disabled
Change user system language when changing user tracker item language Disabled
Assign a user tracker item when registering if email equals this field None
Use tracker to collect more group information Go to the "Admin Groups" page to select which tracker and fields to display Disabled
Re-validate user by email after Number of days to wait before re-validating the user's email address
Use "-1" for never
days
-1
Re-validate user by email after After a certain number of consecutive unsuccessful log-in attempts, the user will receive an email with instruction to validate his or her account. However, the user can still log in with the old password.
Use "-1" for never
unsuccessful login attempts
20
Suspend account after After a certain number of consecutive unsuccessful login attempts, the account is suspended. An admin must revalidate the account before the user can use it again.
Use "-1" for never
unsuccessful login attempts
50
Create a new group for each user Tiki will automatically create a group for the user.
The group name will be the same as the user's username
Disabled
Disable browser's autocomplete feature for username and password fields Use to deactivate the autocomplete in the login box. The autocomplete features can be optionally set in the user’s browser to remember the form input and proposes the remember the password. If enabled, the user login and password can not be remembered. You should enable this feature for highly secure sites. Disabled
Use challenge/response authentication Confirm that the Admin account has a valid email address or you will not be able to log in
Deprecated: This feature is unmaintained and may not be reliable
Disabled
Prevent multiple log-ins by the same user Users (other than admin) cannot log in simultaneously with multiple browsers. Disabled
Grab session if already logged in If users are blocked from logging in simultaneously, grab the session. Will force existing user to be logged out Disabled
Protect all sessions with HTTPS Always redirect to HTTPS to prevent a session hijack through network sniffing.
Warning: activate only if SSL is already configured; otherwise, all users including admin will be locked out of the site
Disabled
Use HTTPS login Increase security by allowing to transmit authentication credentials over SSL. Certificates must be configured on the server.
Do not require HTTPS until the connection has been set up and tested; otherwise, the website will be inaccessible
Disabled | Allow secure (HTTPS) login | Encourage secure (HTTPS) login | Consider we are always in HTTPS, but do not check | Require secure (HTTPS) login
Allow secure (HTTPS) login
HTTP Basic Authentication Check credentials from HTTP Basic Authentication, which is useful to allow webservices to use credentials.
Disable | SSL Only (Recommended) | Always
Disable
Users can choose to stay in SSL mode after an HTTPS login Enabled
Users can switch between secured or standard mode at login Disabled
HTTP port The port used to access this server; if not specified, port 80 will be used
If not specified, port 80 will be used
None
HTTPS port the HTTPS port for this server, default=443
If left empty, port 443 will be used
None
Use HTTPS when building user-specific links When building notification emails, RSS feeds or other externally available links, use HTTPS when the content applies to a specific user. HTTPS must be configured on the server. Disabled
Remember me Use this option to have Tiki remember users. They will automatically be logged in if they leave, then return to the site.
Disabled | User's choice | Always
Disabled
Duration You can define the length of time that Tiki will “remember” the user.
5 minutes | 15 minutes | 30 minutes | 1 hour | 2 hours | 10 hours | 20 hours | 1 day | 1 week | 1 month | 1 year
2 hours
Refresh the remember-me cookie expiration Each time a user is logged in with a cookie set in a previous session, the cookie expiration date is updated. Disabled
Cookie name Name of the cookie to remember the user's login
Changing the cookie name forces an instant logout for all user sessions. Including yours.
Tikiwiki
Domain The domain that the cookie is available to. None
Path The path on the server in which the cookie will be available on. Tiki will detect if it is installed in a subdirectory and will use that automatically.
N.B. Needs to start with a / character to work properly in Safari
/tiki15/
Cookie Consent Ask permission of the user before setting any cookies, and comply with the response.
Complies with EU Privacy and Electronic Communications Regulations.
Disabled
Cookie consent name Name of the cookie to record the user's consent if the user agrees. Tiki_cookies_accepted
Cookie consent expiration Expiration date of the cookie to record consent (in days). 365
Cookie consent text Description for the dialog.
Wiki-parsed
This website would like to ...
Cookie consent question Specific question next to the checkbox for agreement. Leave empty to not display a checkbox.
Wiki-parsed
I accept cookies from this ...
Cookie consent alert Alert displayed when user tries to access or use a feature requiring cookies. Sorry, cookie consent required
Cookie consent button Label on the agreement button. Continue
Cookie consent mode Appearance of consent dialog
Dialog style requires feature_jquery_ui
Plain | Banner | Dialog
None
Cookie consent dialog ID DOM id for the dialog container div. Cookie_consent_div
Cookie consent disabled Do not give the option to refuse cookies but still inform the user about cookie usage. Disabled
Banning system Deny access to specific users based on username, IP, and date/time range. Disabled
Use email as username Instead of creating new usernames, use the user's email address for authentication. Disabled
Obscure the email address when using the email address as username if possible (coverage will not be complete) This will attempt as much as possible to hide the email address, showing the real name or the truncated email address instead.
Coverage will not be complete
Disabled
User e-mails must be unique User e-mails must be unique Disabled
User can login via username or e-mail. This will allow users to login using their email (as well as their username). Disabled
Minimum length The least possible number of characters for a valid username. 1
Maximum length The greatest number of characters for a valid username. 50
Force lowercase Tiki will automatically convert all alphabetic characters in the username to all lowercase letters. For example JohnDoe becomes johndoe. Disabled
Username pattern This regex pattern force and forbid the use fo certain characters for username. For example to add Hebrew use: /
‘-_a-zA-Z0-9@.א-ת*$/ or for Chinese use: /
‘-_a-zA-Z0-9@.\x00-\xff*$/
/^[ '\-_a-zA-Z0-9@\.]*$/
Auto-generate 6-digit username on registration This will auto-generate a 6-digit username for users who sign up (they will normally login with emails only). Disabled
Store password as plain text Disabled
Forgot password Users can request a password reset. They will receive a link by email.
Since passwords are encrypted, it's not possible to tell the user what the password is. It's only possible to change it.
Enabled
Encryption method crypt-md5 | crypt-des | tikihash (old) crypt-md5
Users can change their password Allow users to change their own login password Enabled
Require characters and numerals For improved security, require users to include a mix of alphabetical characters and numerals in passwords. Disabled
Require alphabetical characters in lower and upper case Password must contain at least one lowercase alphabetical character like "a" and one uppercase character like "A". Disabled
Require special characters Password must contain at least one special character in lower case like " / $ % ? & * ( ) _ + ... Disabled
Require no consecutive repetition of the same character Password must not contain a consecutive repetition of the same character such as "111" or "aab". Disabled
The password must be different from the user's log-in name The password must be different from the user's log-in name. Enabled
Minimum length The least possible number of characters for a valid password. 5
Password expires after password expiry period (in days)
Use "-1" for never
days
-1
Option Description Default
Authentication method Tiki supports several authentication methods. The default value is to use the internal user database.
Tiki | Tiki and OpenID | Tiki and PAM | Tiki and LDAP | CAS (Central Authentication Service) | Shibboleth | Web Server | phpBB
Tiki
Intertiki Allows several Tiki sites (slaves) to get authentication from a master Tiki site Disabled
Users can register permit User registration Disabled
Validate new user registrations by email Upon registration, the new user will receive an email containing a link to confirm validity. Enabled
Validate user's email server Tiki will perform a DNS lookup and attempt to open a SMTP session to validate the email server. Disabled
Require validation by Admin The administrator will receive an email for each new user registration, and must validate the user before the user can login. Disabled
Validator emails (separated by comma) if different than the sender email None
Require passcode to register Users must enter a code to register. You must inform users of this code. Use to restrict registration to invited users only. Disabled
Passcode Alphanumeric code required to complete the registration None
Show passcode on registration form Displays the required passcode on the registration form. This is helpful for legitimate users who want to register while making it difficult for automated robots because the passcode is unique for each site and because it is displayed in JavaScript. Disabled
Registration Page Key e.g. To register users need to go to: tiki-register.php?key=yourregistrationkeyvalue
Key required to be on included the URL to access the registration page (if not empty).
None
Generate Password Include "Generate Password" option on registration form
The generated password may not include any restrictions (such as minimum/maximum length.
Disabled
Registration referrer check Use the HTTP referrer to check registration POST is sent from same host. (May not work on some setups.) Enabled
Users must choose a group at registration Users cannot register without choosing one of the groups defined above. Disabled
URL a user is redirected to after account validation The default page a Registered user sees after account validation is tiki-information.php?msg=Account validated successfully.
Default: tiki-information.php?msg=Account validated successfully.
None
Use tracker to collect more user information Display a tracker (form) for the user to complete, as part of the registration process. Use this tracker to store additional information about each user.
Use the "Admin Groups" page to select which tracker and fields to display
Disabled
Ask different fields in the User Wizard than the ones in Registration Ask a different set of fields for the User Details section in the User Wizard than the ones shown in the Registration form Enabled
Tracker Fields Asked in the User Wizard as User Details Users Information Tracker Fields Asked in the User Wizard as User Details (fieldIds separated with colon) None
Use pretty trackers for registration form Use pretty trackers for registration form Disabled
Registration pretty tracker template Use wiki page name or template file with .tpl extension None
Output the registration results Use a wiki page as template to output the registration results to Disabled
Output registration pretty tracker template Wiki page only None
Page name fieldId User trackers field id whose value is used as output page name None
User tracker IDs to sync prefs from Enter the IDs separated by commas of trackers to sync user prefs from None
Tracker field IDs to sync Real Name pref from Enter the IDs separated by commas in priority of being chosen, each item can concatenate multiple fields using +, e.g. 2+3,4 None
Synchronize long/lat/zoom to location field Synchronize user geolocation prefs to main location field Disabled
Synchronize categories of user tracker item to user groups Will add the user tracker item to the category of the same name as the user groups and vice versa Disabled
Put user in group only if categorized within None None
Change user system language when changing user tracker item language Disabled
Assign a user tracker item when registering if email equals this field None
Use tracker to collect more group information Use the "Admin Groups" page to select which tracker and fields to display Disabled
Re-validate user by email after number of days to wait before re-validating the User's email
Use "-1" for never
days
-1
Re-validate user by email after After a certain number of consecutive unsuccessfull login attempts, the user will receive a mail with instruction to validate his account. However the user can still log-in with his old password.
Use "-1" for never
unsuccessful login attempts
20
Suspend account after After a certain number of consecutive unsuccessfull login attempts, the account is suspended . An admin must revalidate the account before the user can use it again.
Use "-1" for never
unsuccessful login attempts
-1
Create a new group for each user Tiki will automatically create a group for the user.
The group will be named identical to the user's username
Disabled
Disable browser's autocomplete feature for username and password fields Use to deactivate the autocomplete in the login box. The autocomplete features can be optionally set in the user’s browser to remember the form input and proposes the remember the password. If enabled, the user login and password can not be remembered. You should enable this feature for highly secure sites. Disabled
Use challenge/response authentication Confirm that the Admin account has a valid email address or you will not be permitted to login
Deprecated: This feature is unmaintained and may not be reliable
Disabled
Prevent multiple logins from same user User can not login simultaneously from multiple browsers. Admin account is still allowed. Disabled
Protect all sessions with HTTPS Always redirect to HTTPS to prevent session hijack through network sniffing.
Only activate if you have already configured SSL, otherwise, your will lock yourself out of Tiki
Disabled
Use HTTPS login Increase security by allowing to transmit authentication credentials over SSL. Certificates must be configured on the server.
Do not require HTTPS until you have setup and tested the connection, otherwise, you will make your whole site unaccessible
Disabled | Allow secure (https) login | Encourage secure (https) login | Consider we are always in HTTPS, but do not check | Require secure (https) login
Allow secure (https) login
HTTP Basic Authentication Check credentials from HTTP Basic Authentication, useful to allow webservices to use credentials.
Disable | SSL Only (Recommended) | Always
Disable
Users can choose to stay in SSL mode after an HTTPS login Enabled
Users can switch between secured or standard mode at login Disabled
HTTP port the port used to access this server, if left empty will use port 80
If left empty, port 80 will be used
None
HTTPS port the HTTPS port for this server, default=443
If left empty, port 443 will be used
None
Use HTTPS when building user-specific links When building notification emails, RSS feeds or other externally available links, use HTTPS when the content applies to a specific user. HTTPS must be configured on the server. Disabled
Remember me Use this option to have Tiki remember users. They will automatically be logged in if they leave, then return to the site.
Disabled | User's choice | Always
Disabled
Duration You can define the length of time that Tiki will “remember” the user.
5 minutes | 15 minutes | 30 minutes | 1 hour | 2 hours | 10 hours | 20 hours | 1 day | 1 week | 1 month | 1 year
2 hours
Cookie name Name of the cookie to remember the user's login
Changing the cookie name forces an instant logout for all user sessions. Including yours.
Tikiwiki
Domain The domain that the cookie is available to. None
Path The path on the server in which the cookie will be available on. Tiki will detect if it is installed in a subdirectory and will use that automatically.
N.B. Needs to start with a / character to work properly in Safari
/12/
Cookie Consent Ask users permission before setting any cookies, and obey their decision.
Complies with EU Privacy and Electronic Communications Regulations.
Disabled
Cookie Consent Name Name of the cookie to record consent if they agree. Tiki_cookies_accepted
Cookie Consent Expiry Expiry date for the cookie to record consent (in days). 365
Cookie Consent Text Description for the dialog.
Wiki parsed
This site would like to pla...
Cookie Consent Question Specific question next to the checkbox for agreement. Leave empty to not display a checkbox.
Wiki parsed
I accept cookies from this ...
Cookie Consent Alert Alert displayed when user tries to access a feature requiring cooies. Sorry, cookie consent required
Cookie Consent Button Label on the agreement button. Continue
Cookie Consent Mode Appearance of consent dialog
Dialog style requires feature_jquery_ui
Plain | Banner | Dialog
None
Cookie Consent Dialog Id DOM id for the dialog container div. Cookie_consent_div
Banning system Deny access to specific users based on username, IP, and date/time range. Disabled
Use email as username Instead of creating new usernames, use the user's email address for authentication. Disabled
Obscure email when using email as username if possible (coverage will not be complete) This will attempt as much as possible to hide the email, showing the realname or the truncated email instead.
Coverage will not be complete
Disabled
Minimum length The least possible number of characters for a valid username. 1
Maximum length The greatest number of characters for a valid username. 50
Force lowercase Tiki will automatically convert all alphabetic characters in the username to all lowercase letters. For example JohnDoe becomes johndoe. Disabled
Username pattern This regex pattern force and forbid the use fo certain characters for username. For example to add Hebrew use: /
‘-_a-zA-Z0-9@.א-ת*$/ or for Chinese use: /
‘-_a-zA-Z0-9@.\x00-\xff*$/
/^[ '\-_a-zA-Z0-9@\.]*$/
Store password as plain text Disabled
Forgot password Users can request to reset password. They will receive a link by email.
Since passwords are encrypted, it's not possible to tell the user what the password is. It's only possible to change it.
Enabled
Encryption method crypt-md5 | crypt-des | tikihash (old) crypt-md5
Users can change their password Allow users to change their own login password Enabled
Require characters and numerals For improved security, require users to include a mix of characters and numerals in passwords. Disabled
Require alphabetical characters in lower and upper case Password must contain at least one alphabetical character in lower case like a and one in upper case like A. Disabled
Require special characters Password must contain at least one special character in lower case like " / $ % ? & * ( ) _ + ... Disabled
Require no consecutive repetition of the same character Password must contain no consecutive repetition of the same character as 111 or aab. Disabled
Password must be different from the user login Password must be different from the user login. Enabled
Minimum length The least possible number of characters for a valid password. 5
Password expires after password expiry period (in days)
Use "-1" for never
days
-1
Option Description Default
Authentication method Tiki supports several authentication methods. The default value is to use the internal user database.
Tiki | Tiki and OpenID | Tiki and PAM | Tiki and LDAP | CAS (Central Authentication Service) | Shibboleth | Web Server | phpBB
Tiki
Intertiki Allows several Tiki sites (slaves) to get authentication from a master Tiki site Disabled
Users can register permit User registration Disabled
Validate new user registrations by email Upon registration, the new user will receive an email containing a link to confirm validity. Enabled
Validate user's email server Tiki will perform a DNS lookup and attempt to open a SMTP session to validate the email server. Disabled
Require validation by Admin The administrator will receive an email for each new user registration, and must validate the user before the user can login. Disabled
Validator emails (separated by comma) if different than the sender email None
Require passcode to register Users must enter a code to register. You must inform users of this code. Use to restrict registration to invited users only. Disabled
Passcode Alphanumeric code required to complete the registration None
Show passcode on registration form Displays the required passcode on the registration form. This is helpful for legitimate users who want to register while making it difficult for automated robots because the passcode is unique for each site and because it is displayed in JavaScript. Disabled
Registration Page Key e.g. To register users need to go to: tiki-register.php?key=yourregistrationkeyvalue
Key required to be on included the URL to access the registration page (if not empty).
None
Generate Password Include "Generate Password" option on registration form
The generated password may not include any restrictions (such as minimum/maximum length.
Disabled
Registration referrer check Use the HTTP referrer to check registration POST is sent from same host. (May not work on some setups.) Enabled
Users must choose a group at registration Users cannot register without choosing one of the groups defined above. Disabled
URL a user is redirected to after account validation The default page a Registered user sees after account validation is tiki-information.php?msg=Account validated successfully.
Default: tiki-information.php?msg=Account validated successfully.
None
Use tracker to collect more user information Display a tracker (form) for the user to complete, as part of the registration process. Use this tracker to store additional information about each user.
Use the "Admin Groups" page to select which tracker and fields to display
Disabled
Ask different fields in the User Wizard than the ones in Registration Ask a different set of fields for the User Details section in the User Wizard than the ones shown in the Registration form Enabled
Tracker Fields Asked in the User Wizard as User Details Users Information Tracker Fields Asked in the User Wizard as User Details (fieldIds separated with colon) None
Use pretty trackers for registration form Use pretty trackers for registration form Disabled
Registration pretty tracker template Use wiki page name or template file with .tpl extension None
Output the registration results Use a wiki page as template to output the registration results to Disabled
Output registration pretty tracker template Wiki page only None
Page name fieldId User trackers field id whose value is used as output page name None
User tracker IDs to sync prefs from Enter the IDs separated by commas of trackers to sync user prefs from None
Tracker field IDs to sync Real Name pref from Enter the IDs separated by commas in priority of being chosen, each item can concatenate multiple fields using +, e.g. 2+3,4 None
Synchronize long/lat/zoom to location field Synchronize user geolocation prefs to main location field Disabled
Synchronize categories of user tracker item to user groups Will add the user tracker item to the category of the same name as the user groups and vice versa Disabled
Put user in group only if categorized within None None
Change user system language when changing user tracker item language Disabled
Assign a user tracker item when registering if email equals this field None
Use tracker to collect more group information Use the "Admin Groups" page to select which tracker and fields to display Disabled
Re-validate user by email after number of days to wait before re-validating the User's email
Use "-1" for never
days
-1
Re-validate user by email after After a certain number of consecutive unsuccessfull login attempts, the user will receive a mail with instruction to validate his account. However the user can still log-in with his old password.
Use "-1" for never
unsuccessful login attempts
20
Suspend account after After a certain number of consecutive unsuccessfull login attempts, the account is suspended . An admin must revalidate the account before the user can use it again.
Use "-1" for never
unsuccessful login attempts
-1
Create a new group for each user Tiki will automatically create a group for the user.
The group will be named identical to the user's username
Disabled
Disable browser's autocomplete feature for username and password fields Use to deactivate the autocomplete in the login box. The autocomplete features can be optionally set in the user’s browser to remember the form input and proposes the remember the password. If enabled, the user login and password can not be remembered. You should enable this feature for highly secure sites. Disabled
Use challenge/response authentication Confirm that the Admin account has a valid email address or you will not be permitted to login
Deprecated: This feature is unmaintained and may not be reliable
Disabled
Prevent multiple logins from same user User can not login simultaneously from multiple browsers. Admin account is still allowed. Disabled
Protect all sessions with HTTPS Always redirect to HTTPS to prevent session hijack through network sniffing.
Only activate if you have already configured SSL, otherwise, your will lock yourself out of Tiki
Disabled
Use HTTPS login Increase security by allowing to transmit authentication credentials over SSL. Certificates must be configured on the server.
Do not require HTTPS until you have setup and tested the connection, otherwise, you will make your whole site unaccessible
Disabled | Allow secure (https) login | Encourage secure (https) login | Consider we are always in HTTPS, but do not check | Require secure (https) login
Allow secure (https) login
HTTP Basic Authentication Check credentials from HTTP Basic Authentication, useful to allow webservices to use credentials.
Disable | SSL Only (Recommended) | Always
Disable
Users can choose to stay in SSL mode after an HTTPS login Enabled
Users can switch between secured or standard mode at login Disabled
HTTP port the port used to access this server, if left empty will use port 80
If left empty, port 80 will be used
None
HTTPS port the HTTPS port for this server, default=443
If left empty, port 443 will be used
None
Use HTTPS when building user-specific links When building notification emails, RSS feeds or other externally available links, use HTTPS when the content applies to a specific user. HTTPS must be configured on the server. Disabled
Remember me Use this option to have Tiki remember users. They will automatically be logged in if they leave, then return to the site.
Disabled | User's choice | Always
Disabled
Duration You can define the length of time that Tiki will “remember” the user.
5 minutes | 15 minutes | 30 minutes | 1 hour | 2 hours | 10 hours | 20 hours | 1 day | 1 week | 1 month | 1 year
2 hours
Cookie name Name of the cookie to remember the user's login
Changing the cookie name forces an instant logout for all user sessions. Including yours.
Tikiwiki
Domain The domain that the cookie is available to. None
Path The path on the server in which the cookie will be available on. Tiki will detect if it is installed in a subdirectory and will use that automatically.
N.B. Needs to start with a / character to work properly in Safari
/12/
Cookie Consent Ask users permission before setting any cookies, and obey their decision.
Complies with EU Privacy and Electronic Communications Regulations.
Disabled
Cookie Consent Name Name of the cookie to record consent if they agree. Tiki_cookies_accepted
Cookie Consent Expiry Expiry date for the cookie to record consent (in days). 365
Cookie Consent Text Description for the dialog.
Wiki parsed
This site would like to pla...
Cookie Consent Question Specific question next to the checkbox for agreement. Leave empty to not display a checkbox.
Wiki parsed
I accept cookies from this ...
Cookie Consent Alert Alert displayed when user tries to access a feature requiring cooies. Sorry, cookie consent required
Cookie Consent Button Label on the agreement button. Continue
Cookie Consent Mode Appearance of consent dialog
Dialog style requires feature_jquery_ui
Plain | Banner | Dialog
None
Cookie Consent Dialog Id DOM id for the dialog container div. Cookie_consent_div
Banning system Deny access to specific users based on username, IP, and date/time range. Disabled
Use email as username Instead of creating new usernames, use the user's email address for authentication. Disabled
Obscure email when using email as username if possible (coverage will not be complete) This will attempt as much as possible to hide the email, showing the realname or the truncated email instead.
Coverage will not be complete
Disabled
Minimum length The least possible number of characters for a valid username. 1
Maximum length The greatest number of characters for a valid username. 50
Force lowercase Tiki will automatically convert all alphabetic characters in the username to all lowercase letters. For example JohnDoe becomes johndoe. Disabled
Username pattern This regex pattern force and forbid the use fo certain characters for username. For example to add Hebrew use: /
‘-_a-zA-Z0-9@.א-ת*$/ or for Chinese use: /
‘-_a-zA-Z0-9@.\x00-\xff*$/
/^[ '\-_a-zA-Z0-9@\.]*$/
Store password as plain text Disabled
Forgot password Users can request to reset password. They will receive a link by email.
Since passwords are encrypted, it's not possible to tell the user what the password is. It's only possible to change it.
Enabled
Encryption method crypt-md5 | crypt-des | tikihash (old) crypt-md5
Users can change their password Allow users to change their own login password Enabled
Require characters and numerals For improved security, require users to include a mix of characters and numerals in passwords. Disabled
Require alphabetical characters in lower and upper case Password must contain at least one alphabetical character in lower case like a and one in upper case like A. Disabled
Require special characters Password must contain at least one special character in lower case like " / $ % ? & * ( ) _ + ... Disabled
Require no consecutive repetition of the same character Password must contain no consecutive repetition of the same character as 111 or aab. Disabled
Password must be different from the user login Password must be different from the user login. Enabled
Minimum length The least possible number of characters for a valid password. 5
Password expires after password expiry period (in days)
Use "-1" for never
days
-1
Option Description Default
Authentication method Tiki supports several authentication methods. The default value is to use the internal user database.
Tiki | Tiki and OpenID | Tiki and PAM | Tiki and LDAP | CAS (Central Authentication Service) | Shibboleth | Web Server | phpBB
Tiki
Intertiki Allows several Tiki sites (slaves) to get authentication from a master Tiki site Disabled
Users can register permit User registration Disabled
Validate new user registrations by email Upon registration, the new user will receive an email containing a link to confirm validity. Enabled
Validate user's email server Tiki will perform a DNS lookup and attempt to open a SMTP session to validate the email server. Disabled
Require validation by Admin The administrator will receive an email for each new user registration, and must validate the user before the user can login. Disabled
Validator emails (separated by comma) if different than the sender email None
Require passcode to register Users must enter a code to register. You must inform users of this code. Use to restrict registration to invited users only. Disabled
Passcode Alphanumeric code required to complete the registration None
Show passcode on registration form Displays the required passcode on the registration form. This is helpful for legitimate users who want to register while making it difficult for automated robots because the passcode is unique for each site and because it is displayed in JavaScript. Disabled
Registration Page Key e.g. To register users need to go to: tiki-register.php?key=yourregistrationkeyvalue
Key required to be on included the URL to access the registration page (if not empty).
None
Generate Password Include "Generate Password" option on registration form
The generated password may not include any restrictions (such as minimum/maximum length.
Disabled
Registration referrer check Use the HTTP referrer to check registration POST is sent from same host. (May not work on some setups.) Enabled
Users must choose a group at registration Users cannot register without choosing one of the groups defined above. Disabled
URL a user is redirected to after account validation The default page a Registered user sees after account validation is tiki-information.php?msg=Account validated successfully.
Default: tiki-information.php?msg=Account validated successfully.
None
Use tracker to collect more user information Display a tracker (form) for the user to complete, as part of the registration process. Use this tracker to store additional information about each user.
Use the "Admin Groups" page to select which tracker and fields to display
Disabled
Ask different fields in the User Wizard than the ones in Registration Ask a different set of fields for the User Details section in the User Wizard than the ones shown in the Registration form Enabled
Tracker Fields Asked in the User Wizard as User Details Users Information Tracker Fields Asked in the User Wizard as User Details (fieldIds separated with colon) None
Use pretty trackers for registration form Use pretty trackers for registration form Disabled
Registration pretty tracker template Use wiki page name or template file with .tpl extension None
Output the registration results Use a wiki page as template to output the registration results to Disabled
Output registration pretty tracker template Wiki page only None
Page name fieldId User trackers field id whose value is used as output page name None
User tracker IDs to sync prefs from Enter the IDs separated by commas of trackers to sync user prefs from None
Tracker field IDs to sync Real Name pref from Enter the IDs separated by commas in priority of being chosen, each item can concatenate multiple fields using +, e.g. 2+3,4 None
Synchronize long/lat/zoom to location field Synchronize user geolocation prefs to main location field Disabled
Synchronize categories of user tracker item to user groups Will add the user tracker item to the category of the same name as the user groups and vice versa Disabled
Put user in group only if categorized within None None
Change user system language when changing user tracker item language Disabled
Assign a user tracker item when registering if email equals this field None
Use tracker to collect more group information Use the "Admin Groups" page to select which tracker and fields to display Disabled
Re-validate user by email after number of days to wait before re-validating the User's email
Use "-1" for never
days
-1
Re-validate user by email after After a certain number of consecutive unsuccessfull login attempts, the user will receive a mail with instruction to validate his account. However the user can still log-in with his old password.
Use "-1" for never
unsuccessful login attempts
20
Suspend account after After a certain number of consecutive unsuccessfull login attempts, the account is suspended . An admin must revalidate the account before the user can use it again.
Use "-1" for never
unsuccessful login attempts
-1
Create a new group for each user Tiki will automatically create a group for the user.
The group will be named identical to the user's username
Disabled
Disable browser's autocomplete feature for username and password fields Use to deactivate the autocomplete in the login box. The autocomplete features can be optionally set in the user’s browser to remember the form input and proposes the remember the password. If enabled, the user login and password can not be remembered. You should enable this feature for highly secure sites. Disabled
Use challenge/response authentication Confirm that the Admin account has a valid email address or you will not be permitted to login
Deprecated: This feature is unmaintained and may not be reliable
Disabled
Prevent multiple logins from same user User can not login simultaneously from multiple browsers. Admin account is still allowed. Disabled
Protect all sessions with HTTPS Always redirect to HTTPS to prevent session hijack through network sniffing.
Only activate if you have already configured SSL, otherwise, your will lock yourself out of Tiki
Disabled
Use HTTPS login Increase security by allowing to transmit authentication credentials over SSL. Certificates must be configured on the server.
Do not require HTTPS until you have setup and tested the connection, otherwise, you will make your whole site unaccessible
Disabled | Allow secure (https) login | Encourage secure (https) login | Consider we are always in HTTPS, but do not check | Require secure (https) login
Allow secure (https) login
HTTP Basic Authentication Check credentials from HTTP Basic Authentication, useful to allow webservices to use credentials.
Disable | SSL Only (Recommended) | Always
Disable
Users can choose to stay in SSL mode after an HTTPS login Enabled
Users can switch between secured or standard mode at login Disabled
HTTP port the port used to access this server, if left empty will use port 80
If left empty, port 80 will be used
None
HTTPS port the HTTPS port for this server, default=443
If left empty, port 443 will be used
None
Use HTTPS when building user-specific links When building notification emails, RSS feeds or other externally available links, use HTTPS when the content applies to a specific user. HTTPS must be configured on the server. Disabled
Remember me Use this option to have Tiki remember users. They will automatically be logged in if they leave, then return to the site.
Disabled | User's choice | Always
Disabled
Duration You can define the length of time that Tiki will “remember” the user.
5 minutes | 15 minutes | 30 minutes | 1 hour | 2 hours | 10 hours | 20 hours | 1 day | 1 week | 1 month | 1 year
2 hours
Cookie name Name of the cookie to remember the user's login
Changing the cookie name forces an instant logout for all user sessions. Including yours.
Tikiwiki
Domain The domain that the cookie is available to. None
Path The path on the server in which the cookie will be available on. Tiki will detect if it is installed in a subdirectory and will use that automatically.
N.B. Needs to start with a / character to work properly in Safari
/12/
Cookie Consent Ask users permission before setting any cookies, and obey their decision.
Complies with EU Privacy and Electronic Communications Regulations.
Disabled
Cookie Consent Name Name of the cookie to record consent if they agree. Tiki_cookies_accepted
Cookie Consent Expiry Expiry date for the cookie to record consent (in days). 365
Cookie Consent Text Description for the dialog.
Wiki parsed
This site would like to pla...
Cookie Consent Question Specific question next to the checkbox for agreement. Leave empty to not display a checkbox.
Wiki parsed
I accept cookies from this ...
Cookie Consent Alert Alert displayed when user tries to access a feature requiring cooies. Sorry, cookie consent required
Cookie Consent Button Label on the agreement button. Continue
Cookie Consent Mode Appearance of consent dialog
Dialog style requires feature_jquery_ui
Plain | Banner | Dialog
None
Cookie Consent Dialog Id DOM id for the dialog container div. Cookie_consent_div
Banning system Deny access to specific users based on username, IP, and date/time range. Disabled
Use email as username Instead of creating new usernames, use the user's email address for authentication. Disabled
Obscure email when using email as username if possible (coverage will not be complete) This will attempt as much as possible to hide the email, showing the realname or the truncated email instead.
Coverage will not be complete
Disabled
Minimum length The least possible number of characters for a valid username. 1
Maximum length The greatest number of characters for a valid username. 50
Force lowercase Tiki will automatically convert all alphabetic characters in the username to all lowercase letters. For example JohnDoe becomes johndoe. Disabled
Username pattern This regex pattern force and forbid the use fo certain characters for username. For example to add Hebrew use: /
‘-_a-zA-Z0-9@.א-ת*$/ or for Chinese use: /
‘-_a-zA-Z0-9@.\x00-\xff*$/
/^[ '\-_a-zA-Z0-9@\.]*$/
Store password as plain text Disabled
Forgot password Users can request to reset password. They will receive a link by email.
Since passwords are encrypted, it's not possible to tell the user what the password is. It's only possible to change it.
Enabled
Encryption method crypt-md5 | crypt-des | tikihash (old) crypt-md5
Users can change their password Allow users to change their own login password Enabled
Require characters and numerals For improved security, require users to include a mix of characters and numerals in passwords. Disabled
Require alphabetical characters in lower and upper case Password must contain at least one alphabetical character in lower case like a and one in upper case like A. Disabled
Require special characters Password must contain at least one special character in lower case like " / $ % ? & * ( ) _ + ... Disabled
Require no consecutive repetition of the same character Password must contain no consecutive repetition of the same character as 111 or aab. Disabled
Password must be different from the user login Password must be different from the user login. Enabled
Minimum length The least possible number of characters for a valid password. 5
Password expires after password expiry period (in days)
Use "-1" for never
days
-1


Log-in - CAS

Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Try automatically to connect SSO Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Show alternate log-in method in header Enabled
Force CAS log-out when the user logs out from Tiki. Disabled
CAS server version none | Version 1.0 | Version 2.0 Version 1.0
Hostname Hostname of the CAS server. None
Port Port of the CAS server. 443
Path Path for the CAS server. None
CAS Extra Parameter Extra Parameter to pass to the CAS Server. None
CAS Authentication Verification Timeout Verify authentication with the CAS server every N seconds. Null value means never reverify.
Never | 1 minute | 2 minutes | 5 minutes | 10 minutes | 15 minutes | 30 minutes | 1 hour
Never
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Try automatically to connect SSO Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Show alternate log-in method in header Enabled
Force CAS log-out when the user logs out from Tiki. Disabled
CAS server version none | Version 1.0 | Version 2.0 Version 1.0
Hostname Hostname of the CAS server. None
Port Port of the CAS server. 443
Path Path for the CAS server. None
CAS Extra Parameter Extra Parameter to pass to the CAS Server. None
CAS Authentication Verification Timeout Verify authentication with the CAS server every N seconds. Null value means never reverify.
Never | 1 minute | 2 minutes | 5 minutes | 10 minutes | 15 minutes | 30 minutes | 1 hour
Never
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Try automatically to connect SSO Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Show alternate log-in method in header Enabled
Force CAS log-out when the user logs out from Tiki. Disabled
CAS server version none | Version 1.0 | Version 2.0 Version 1.0
Hostname Hostname of the CAS server. None
Port Port of the CAS server. 443
Path Path for the CAS server. None
CAS Extra Parameter Extra Parameter to pass to the CAS Server. None
CAS Authentication Verification Timeout Verify authentication with the CAS server every N seconds. Null value means never reverify.
Never | 1 minute | 2 minutes | 5 minutes | 10 minutes | 15 minutes | 30 minutes | 1 hour
Never
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Try automatically to connect SSO Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Show alternate log-in method in header Enabled
Force CAS log-out when the user logs out from Tiki. Disabled
CAS server version none | Version 1.0 | Version 2.0 Version 1.0
Hostname Hostname of the CAS server. None
Port Port of the CAS server. 443
Path Path for the CAS server. None
CAS Extra Parameter Extra Parameter to pass to the CAS Server. None
CAS Authentication Verification Timeout Verify authentication with the CAS server every N seconds. Null value means never reverify.
Never | 1 minute | 2 minutes | 5 minutes | 10 minutes | 15 minutes | 30 minutes | 1 hour
Never
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Try automatically to connect SSO Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Show alternate log-in method in header Enabled
Force CAS log-out when the user logs out from Tiki. Disabled
CAS server version none | Version 1.0 | Version 2.0 Version 1.0
Hostname Hostname of the CAS server. None
Port Port of the CAS server. 443
Path Path for the CAS server. None
CAS Extra Parameter Extra Parameter to pass to the CAS Server. None
CAS Authentication Verification Timeout Verify authentication with the CAS server every N seconds. Null value means never reverify.
Never | 1 minute | 2 minutes | 5 minutes | 10 minutes | 15 minutes | 30 minutes | 1 hour
Never
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Try automatically to connect SSO Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Show alternate log-in method in header Enabled
Force CAS log-out when the user logs out from Tiki. Disabled
CAS server version none | Version 1.0 | Version 2.0 Version 1.0
Hostname Hostname of the CAS server. None
Port Port of the CAS server. 443
Path Path for the CAS server. None
CAS Extra Parameter Extra Parameter to pass to the CAS Server. None
CAS Authentication Verification Timeout Verify authentication with the CAS server every N seconds. Null value means never reverify.
Never | 1 minute | 2 minutes | 5 minutes | 10 minutes | 15 minutes | 30 minutes | 1 hour
Never
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Try automatically to connect SSO Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Show alternate log-in method in header Enabled
Force CAS log-out when the user logs out from Tiki. Disabled
CAS server version none | Version 1.0 | Version 2.0 Version 1.0
Hostname Hostname of the CAS server. None
Port Port of the CAS server. 443
Path Path for the CAS server. None
CAS Extra Parameter Extra Parameter to pass to the CAS Server. None
CAS Authentication Verification Timeout Verify authentication with the CAS server every N seconds. Null value means never reverify.
Never | 1 minute | 2 minutes | 5 minutes | 10 minutes | 15 minutes | 30 minutes | 1 hour
Never
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Try automatically to connect SSO Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Show alternate log-in method in header Enabled
Force CAS log-out when the user logs out from Tiki. Disabled
CAS server version none | Version 1.0 | Version 2.0 Version 1.0
Hostname Hostname of the CAS server. None
Port Port of the CAS server. 443
Path Path for the CAS server. None
CAS Extra Parameter Extra Parameter to pass to the CAS Server. None
CAS Authentication Verification Timeout Verify authentication with the CAS server every N seconds. Null value means never reverify.
Never | 1 minute | 2 minutes | 5 minutes | 10 minutes | 15 minutes | 30 minutes | 1 hour
Never
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Try automatically to connect SSO Disabled
Use Tiki authentication for Admin login The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Show alternate log-in method in header Enabled
Force CAS log-out when the user logs out from Tiki. Disabled
CAS server version none | Version 1.0 | Version 2.0 Version 1.0
Hostname Hostname of the CAS server. None
Port Port of the CAS server. 443
Path Path for the CAS server. None
CAS Extra Parameter Extra Parameter to pass to the CAS Server. None
CAS Authentication Verification Timeout Verify authentication with the CAS server every N seconds. Null value means never reverify.
Never | 1 minute | 2 minutes | 5 minutes | 10 minutes | 15 minutes | 30 minutes | 1 hour
Never
Option Description Default
Create user if not already a registered user If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Try automatically to connect SSO Disabled
Use Tiki authentication for Admin login The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Show alternate log-in method in header Enabled
Force CAS log-out when the user logs out from Tiki. Disabled
CAS server version none | Version 1.0 | Version 2.0 Version 1.0
Hostname Hostname of the CAS server. None
Port Port of the CAS server. 443
Path Path for the CAS server. None
CAS Extra Parameter Extra Parameter to pass to the CAS Server. None
CAS Authentication Verification Timeout Verify authentication with the CAS server every N seconds. Null value means never reverify.
Never | 1 minute | 2 minutes | 5 minutes | 10 minutes | 15 minutes | 30 minutes | 1 hour
Never
Option Description Default
Create user if not already a registered user If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Try automatically to connect SSO Disabled
Use Tiki authentication for Admin login The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Show alternate log-in method in header Enabled
Force CAS log-out when the user logs out from Tiki. Disabled
CAS server version none | Version 1.0 | Version 2.0 Version 1.0
Hostname Hostname of the CAS server. None
Port Port of the CAS server. 443
Path Path for the CAS server. None
CAS Extra Parameter Extra Parameter to pass to the CAS Server. None
CAS Authentication Verification Timeout Verify authentication with the CAS server every N seconds. Null value means never reverify.
Never | 1 minute | 2 minutes | 5 minutes | 10 minutes | 15 minutes | 30 minutes | 1 hour
Never
Option Description Default
Create user if not in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Try automatically to connect SSO Disabled
Use Tiki authentication for Admin login The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Show Alternate Login Method in Header Enabled
Force CAS log-out when the user logs out from Tiki. Disabled
CAS server version none | Version 1.0 | Version 2.0 Version 1.0
Hostname Hostname of the CAS server. None
Port Port of the CAS server. 443
Path Path for the CAS server. None
CAS Extra Parameter Extra Parameter to pass to the CAS Server. None
CAS Authentication Verification Timeout Verify authentication with the CAS server every N seconds. Null value means never reverify.
Never | 1 minute | 2 minutes | 5 minutes | 10 minutes | 15 minutes | 30 minutes | 1 hour
Never
Option Description Default
Create user if not in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Try automatically to connect SSO Disabled
Use Tiki authentication for Admin login The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Show Alternate Login Method in Header Enabled
Force CAS log-out when the user logs out from Tiki. Disabled
CAS server version none | Version 1.0 | Version 2.0 Version 1.0
Hostname Hostname of the CAS server. None
Port Port of the CAS server. 443
Path Path for the CAS server. None
CAS Extra Parameter Extra Parameter to pass to the CAS Server. None
CAS Authentication Verification Timeout Verify authentication with the CAS server every N seconds. Null value means never reverify.
Never | 1 minute | 2 minutes | 5 minutes | 10 minutes | 15 minutes | 30 minutes | 1 hour
Never
Option Description Default
Create user if not in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Try automatically to connect SSO Disabled
Use Tiki authentication for Admin login The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Show Alternate Login Method in Header Enabled
Force CAS log-out when the user logs out from Tiki. Disabled
CAS server version none | Version 1.0 | Version 2.0 Version 1.0
Hostname Hostname of the CAS server. None
Port Port of the CAS server. 443
Path Path for the CAS server. None
CAS Extra Parameter Extra Parameter to pass to the CAS Server. None
CAS Authentication Verification Timeout Verify authentication with the CAS server every N seconds. Null value means never reverify.
Never | 1 minute | 2 minutes | 5 minutes | 10 minutes | 15 minutes | 30 minutes | 1 hour
Never


Log-in - LDAP

Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database.
If this option is disabled, this user wouldn’t be able to log in.
Create the user | Deny access
Create the user
Create user if not in LDAP If a user was authenticated by Tiki’s user database, but not found on the LDAP server, Tiki will create an LDAP entry for this user.
As of this writing, this is not yet implemented, and this option will probably not be offered in future.
Disabled
Use Tiki authentication for Admin log-in If this option is set, the user “admin” will be authenticated by only using Tiki’s user database and not via LDAP. This option has no effect on users other than “admin”. Enabled
Use Tiki authentication for users created in Tiki If this option is set, users that are created using Tiki are not authenticated via LDAP. This can be useful to let external users (ex.: partners or consultants) access Tiki, without being in your main user list in LDAP. Disabled
Host The hostnames, ip addresses or URIs of your LDAP servers. Separate multiple entries with Whitespace or ‘,’. If you use URIs, then the settings for Port number and SSL are ignored. Example: “localhost ldaps://master.ldap.example.org:63636” will try to connect to localhost unencrypted and if if fails it will try the master LDAP server at a special port with SSL. None
Port The port number your LDAP server uses (389 is the default, 636 if you check SSL). None
Write LDAP debug Information in Tiki Logs Write debug information to Tiki logs (Admin -> Tiki Logs, Tiki Logs have to be enabled).
Do not enable this option for production sites.
Disabled
Use SSL (ldaps) Disabled
Use TLS Disabled
LDAP Bind Type
  • Active Directory bind will build a RDN like username at example.com where your basedn is (dc=example, dc=com) and username is your username
  • Plain bind will build a RDN username
  • Full bind will build a RDN like userattr=username, userdn, basedn where userattr is replaced with the value you put in ‘User attribute’, userdn with the value you put in ‘User DN’, basedn with the value with the value you put in ‘base DN’
  • OpenLDAP bind will build a RDN like cn=username, basedn
  • Anonymous bind will build an empty RDN

Default: Anonymous Bind | Full: userattr=username,UserDN,BaseDN | OpenLDAP: cn=username,BaseDN | Active Directory (username@domain) | Plain Username
Default: Anonymous Bind
Search scope Used after authentication for getting user and group information.
Subtree | One level | Base object
Subtree
Base DN None
User DN None
User attribute Uid
User OC InetOrgPerson
Realname attribute Synchronize Tiki user attributes with the LDAP values. DisplayName
Country attribute Synchronize Tiki user attributes with the LDAP values. None
Email attribute Synchronize Tiki user attributes with the LDAP values. None
Admin user None
Admin password None
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database.
If this option is disabled, this user wouldn’t be able to log in.
Create the user | Deny access
Create the user
Create user if not in LDAP If a user was authenticated by Tiki’s user database, but not found on the LDAP server, Tiki will create an LDAP entry for this user.
As of this writing, this is not yet implemented, and this option will probably not be offered in future.
Disabled
Use Tiki authentication for Admin log-in If this option is set, the user “admin” will be authenticated by only using Tiki’s user database and not via LDAP. This option has no effect on users other than “admin”. Enabled
Use Tiki authentication for users created in Tiki If this option is set, users that are created using Tiki are not authenticated via LDAP. This can be useful to let external users (ex.: partners or consultants) access Tiki, without being in your main user list in LDAP. Disabled
Host The hostnames, ip addresses or URIs of your LDAP servers. Separate multiple entries with Whitespace or ‘,’. If you use URIs, then the settings for Port number and SSL are ignored. Example: “localhost ldaps://master.ldap.example.org:63636” will try to connect to localhost unencrypted and if if fails it will try the master LDAP server at a special port with SSL. None
Port The port number your LDAP server uses (389 is the default, 636 if you check SSL). None
Write LDAP debug Information in Tiki Logs Write debug information to Tiki logs (Admin -> Tiki Logs, Tiki Logs have to be enabled).
Do not enable this option for production sites.
Disabled
Use SSL (ldaps) Disabled
Use TLS Disabled
LDAP Bind Type
  • Active Directory bind will build a RDN like username at example.com where your basedn is (dc=example, dc=com) and username is your username
  • Plain bind will build a RDN username
  • Full bind will build a RDN like userattr=username, userdn, basedn where userattr is replaced with the value you put in ‘User attribute’, userdn with the value you put in ‘User DN’, basedn with the value with the value you put in ‘base DN’
  • OpenLDAP bind will build a RDN like cn=username, basedn
  • Anonymous bind will build an empty RDN

Default: Anonymous Bind | Full: userattr=username,UserDN,BaseDN | OpenLDAP: cn=username,BaseDN | Active Directory (username@domain) | Plain Username
Default: Anonymous Bind
Search scope Used after authentication for getting user and group information.
Subtree | One level | Base object
Subtree
Base DN None
User DN None
User attribute Uid
User OC InetOrgPerson
Realname attribute Synchronize Tiki user attributes with the LDAP values. DisplayName
Country attribute Synchronize Tiki user attributes with the LDAP values. None
Email attribute Synchronize Tiki user attributes with the LDAP values. None
Admin user None
Admin password None
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database.
If this option is disabled, this user wouldn’t be able to log in.
Create the user | Deny access
Create the user
Create user if not in LDAP If a user was authenticated by Tiki’s user database, but not found on the LDAP server, Tiki will create an LDAP entry for this user.
As of this writing, this is not yet implemented, and this option will probably not be offered in future.
Disabled
Use Tiki authentication for Admin log-in If this option is set, the user “admin” will be authenticated by only using Tiki’s user database and not via LDAP. This option has no effect on users other than “admin”. Enabled
Use Tiki authentication for users created in Tiki If this option is set, users that are created using Tiki are not authenticated via LDAP. This can be useful to let external users (ex.: partners or consultants) access Tiki, without being in your main user list in LDAP. Disabled
Host The hostnames, ip addresses or URIs of your LDAP servers. Separate multiple entries with Whitespace or ‘,’. If you use URIs, then the settings for Port number and SSL are ignored. Example: “localhost ldaps://master.ldap.example.org:63636” will try to connect to localhost unencrypted and if if fails it will try the master LDAP server at a special port with SSL. None
Port The port number your LDAP server uses (389 is the default, 636 if you check SSL). None
Write LDAP debug Information in Tiki Logs Write debug information to Tiki logs (Admin -> Tiki Logs, Tiki Logs have to be enabled).
Do not enable this option for production sites.
Disabled
Use SSL (ldaps) Disabled
Use TLS Disabled
LDAP Bind Type
  • Active Directory bind will build a RDN like username at example.com where your basedn is (dc=example, dc=com) and username is your username
  • Plain bind will build a RDN username
  • Full bind will build a RDN like userattr=username, userdn, basedn where userattr is replaced with the value you put in ‘User attribute’, userdn with the value you put in ‘User DN’, basedn with the value with the value you put in ‘base DN’
  • OpenLDAP bind will build a RDN like cn=username, basedn
  • Anonymous bind will build an empty RDN

Default: Anonymous Bind | Full: userattr=username,UserDN,BaseDN | OpenLDAP: cn=username,BaseDN | Active Directory (username@domain) | Plain Username
Default: Anonymous Bind
Search scope Used after authentication for getting user and group information.
Subtree | One level | Base object
Subtree
Base DN None
User DN None
User attribute Uid
User OC InetOrgPerson
Realname attribute Synchronize Tiki user attributes with the LDAP values. DisplayName
Country attribute Synchronize Tiki user attributes with the LDAP values. None
Email attribute Synchronize Tiki user attributes with the LDAP values. None
Admin user None
Admin password None
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database.
If this option is disabled, this user wouldn’t be able to log in.
Create the user | Deny access
Create the user
Create user if not in LDAP If a user was authenticated by Tiki’s user database, but not found on the LDAP server, Tiki will create an LDAP entry for this user.
As of this writing, this is not yet implemented, and this option will probably not be offered in future.
Disabled
Use Tiki authentication for Admin log-in If this option is set, the user “admin” will be authenticated by only using Tiki’s user database and not via LDAP. This option has no effect on users other than “admin”. Enabled
Use Tiki authentication for users created in Tiki If this option is set, users that are created using Tiki are not authenticated via LDAP. This can be useful to let external users (ex.: partners or consultants) access Tiki, without being in your main user list in LDAP. Disabled
Host The hostnames, ip addresses or URIs of your LDAP servers. Separate multiple entries with Whitespace or ‘,’. If you use URIs, then the settings for Port number and SSL are ignored. Example: “localhost ldaps://master.ldap.example.org:63636” will try to connect to localhost unencrypted and if if fails it will try the master LDAP server at a special port with SSL. None
Port The port number your LDAP server uses (389 is the default, 636 if you check SSL). None
Write LDAP debug Information in Tiki Logs Write debug information to Tiki logs (Admin -> Tiki Logs, Tiki Logs have to be enabled).
Do not enable this option for production sites.
Disabled
Use SSL (ldaps) Disabled
Use TLS Disabled
LDAP Bind Type
  • Active Directory bind will build a RDN like username at example.com where your basedn is (dc=example, dc=com) and username is your username
  • Plain bind will build a RDN username
  • Full bind will build a RDN like userattr=username, userdn, basedn where userattr is replaced with the value you put in ‘User attribute’, userdn with the value you put in ‘User DN’, basedn with the value with the value you put in ‘base DN’
  • OpenLDAP bind will build a RDN like cn=username, basedn
  • Anonymous bind will build an empty RDN

Default: Anonymous Bind | Full: userattr=username,UserDN,BaseDN | OpenLDAP: cn=username,BaseDN | Active Directory (username@domain) | Plain Username
Default: Anonymous Bind
Search scope Used after authentication for getting user and group information.
Subtree | One level | Base object
Subtree
Base DN None
User DN None
User attribute Uid
User OC InetOrgPerson
Realname attribute Synchronize Tiki user attributes with the LDAP values. DisplayName
Country attribute Synchronize Tiki user attributes with the LDAP values. None
Email attribute Synchronize Tiki user attributes with the LDAP values. None
Admin user None
Admin password None
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database.
If this option is disabled, this user wouldn’t be able to log in.
Create the user | Deny access
Create the user
Create user if not in LDAP If a user was authenticated by Tiki’s user database, but not found on the LDAP server, Tiki will create an LDAP entry for this user.
As of this writing, this is not yet implemented, and this option will probably not be offered in future.
Disabled
Use Tiki authentication for Admin log-in If this option is set, the user “admin” will be authenticated by only using Tiki’s user database and not via LDAP. This option has no effect on users other than “admin”. Enabled
Use Tiki authentication for users created in Tiki If this option is set, users that are created using Tiki are not authenticated via LDAP. This can be useful to let external users (ex.: partners or consultants) access Tiki, without being in your main user list in LDAP. Disabled
Host The hostnames, ip addresses or URIs of your LDAP servers. Separate multiple entries with Whitespace or ‘,’. If you use URIs, then the settings for Port number and SSL are ignored. Example: “localhost ldaps://master.ldap.example.org:63636” will try to connect to localhost unencrypted and if if fails it will try the master LDAP server at a special port with SSL. None
Port The port number your LDAP server uses (389 is the default, 636 if you check SSL). None
Write LDAP debug Information in Tiki Logs Write debug information to Tiki logs (Admin -> Tiki Logs, Tiki Logs have to be enabled).
Do not enable this option for production sites.
Disabled
Use SSL (ldaps) Disabled
Use TLS Disabled
LDAP Bind Type
  • Active Directory bind will build a RDN like username at example.com where your basedn is (dc=example, dc=com) and username is your username
  • Plain bind will build a RDN username
  • Full bind will build a RDN like userattr=username, userdn, basedn where userattr is replaced with the value you put in ‘User attribute’, userdn with the value you put in ‘User DN’, basedn with the value with the value you put in ‘base DN’
  • OpenLDAP bind will build a RDN like cn=username, basedn
  • Anonymous bind will build an empty RDN

Default: Anonymous Bind | Full: userattr=username,UserDN,BaseDN | OpenLDAP: cn=username,BaseDN | Active Directory (username@domain) | Plain Username
Default: Anonymous Bind
Search scope Used after authentication for getting user and group information.
Subtree | One level | Base object
Subtree
Base DN None
User DN None
User attribute Uid
User OC InetOrgPerson
Realname attribute Synchronize Tiki user attributes with the LDAP values. DisplayName
Country attribute Synchronize Tiki user attributes with the LDAP values. None
Email attribute Synchronize Tiki user attributes with the LDAP values. None
Admin user None
Admin password None
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database.
If this option is disabled, this user wouldn’t be able to log in.
Create the user | Deny access
Create the user
Create user if not in LDAP If a user was authenticated by Tiki’s user database, but not found on the LDAP server, Tiki will create an LDAP entry for this user.
As of this writing, this is not yet implemented, and this option will probably not be offered in future.
Disabled
Use Tiki authentication for Admin log-in If this option is set, the user “admin” will be authenticated by only using Tiki’s user database and not via LDAP. This option has no effect on users other than “admin”. Enabled
Use Tiki authentication for users created in Tiki If this option is set, users that are created using Tiki are not authenticated via LDAP. This can be useful to let external users (ex.: partners or consultants) access Tiki, without being in your main user list in LDAP. Disabled
Host The hostnames, ip addresses or URIs of your LDAP servers. Separate multiple entries with Whitespace or ‘,’. If you use URIs, then the settings for Port number and SSL are ignored. Example: “localhost ldaps://master.ldap.example.org:63636” will try to connect to localhost unencrypted and if if fails it will try the master LDAP server at a special port with SSL. None
Port The port number your LDAP server uses (389 is the default, 636 if you check SSL). None
Write LDAP debug Information in Tiki Logs Write debug information to Tiki logs (Admin -> Tiki Logs, Tiki Logs have to be enabled).
Do not enable this option for production sites.
Disabled
Use SSL (ldaps) Disabled
Use TLS Disabled
LDAP Bind Type
  • Active Directory bind will build a RDN like username at example.com where your basedn is (dc=example, dc=com) and username is your username
  • Plain bind will build a RDN username
  • Full bind will build a RDN like userattr=username, userdn, basedn where userattr is replaced with the value you put in ‘User attribute’, userdn with the value you put in ‘User DN’, basedn with the value with the value you put in ‘base DN’
  • OpenLDAP bind will build a RDN like cn=username, basedn
  • Anonymous bind will build an empty RDN

Default: Anonymous Bind | Full: userattr=username,UserDN,BaseDN | OpenLDAP: cn=username,BaseDN | Active Directory (username@domain) | Plain Username
Default: Anonymous Bind
Search scope Used after authentication for getting user and group information.
Subtree | One level | Base object
Subtree
Base DN None
User DN None
User attribute Uid
User OC InetOrgPerson
Realname attribute Synchronize Tiki user attributes with the LDAP values. DisplayName
Country attribute Synchronize Tiki user attributes with the LDAP values. None
Email attribute Synchronize Tiki user attributes with the LDAP values. None
Admin user None
Admin password None
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database.
If this option is disabled, this user wouldn’t be able to log in.
Create the user | Deny access
Create the user
Create user if not in LDAP If a user was authenticated by Tiki’s user database, but not found on the LDAP server, Tiki will create an LDAP entry for this user.
As of this writing, this is not yet implemented, and this option will probably not be offered in future.
Disabled
Use Tiki authentication for Admin log-in If this option is set, the user “admin” will be authenticated by only using Tiki’s user database and not via LDAP. This option has no effect on users other than “admin”. Enabled
Use Tiki authentication for users created in Tiki If this option is set, users that are created using Tiki are not authenticated via LDAP. This can be useful to let external users (ex.: partners or consultants) access Tiki, without being in your main user list in LDAP. Disabled
Host The hostnames, ip addresses or URIs of your LDAP servers. Separate multiple entries with Whitespace or ‘,’. If you use URIs, then the settings for Port number and SSL are ignored. Example: “localhost ldaps://master.ldap.example.org:63636” will try to connect to localhost unencrypted and if if fails it will try the master LDAP server at a special port with SSL. None
Port The port number your LDAP server uses (389 is the default, 636 if you check SSL). None
Write LDAP debug Information in Tiki Logs Write debug information to Tiki logs (Admin -> Tiki Logs, Tiki Logs have to be enabled).
Do not enable this option for production sites.
Disabled
Use SSL (ldaps) Disabled
Use TLS Disabled
LDAP Bind Type
  • Active Directory bind will build a RDN like username at example.com where your basedn is (dc=example, dc=com) and username is your username
  • Plain bind will build a RDN username
  • Full bind will build a RDN like userattr=username, userdn, basedn where userattr is replaced with the value you put in ‘User attribute’, userdn with the value you put in ‘User DN’, basedn with the value with the value you put in ‘base DN’
  • OpenLDAP bind will build a RDN like cn=username, basedn
  • Anonymous bind will build an empty RDN

Default: Anonymous Bind | Full: userattr=username,UserDN,BaseDN | OpenLDAP: cn=username,BaseDN | Active Directory (username@domain) | Plain Username
Default: Anonymous Bind
Search scope Used after authentication for getting user and group information.
Subtree | One level | Base object
Subtree
Base DN None
User DN None
User attribute Uid
User OC InetOrgPerson
Realname attribute Synchronize Tiki user attributes with the LDAP values. DisplayName
Country attribute Synchronize Tiki user attributes with the LDAP values. None
Email attribute Synchronize Tiki user attributes with the LDAP values. None
Admin user None
Admin password None
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database.
If this option is disabled, this user wouldn’t be able to log in.
Create the user | Deny access
Create the user
Create user if not in LDAP If a user was authenticated by Tiki’s user database, but not found on the LDAP server, Tiki will create an LDAP entry for this user.
As of this writing, this is not yet implemented, and this option will probably not be offered in future.
Disabled
Use Tiki authentication for Admin log-in If this option is set, the user “admin” will be authenticated by only using Tiki’s user database and not via LDAP. This option has no effect on users other than “admin”. Enabled
Use Tiki authentication for users created in Tiki If this option is set, users that are created using Tiki are not authenticated via LDAP. This can be useful to let external users (ex.: partners or consultants) access Tiki, without being in your main user list in LDAP. Disabled
Host The hostnames, ip addresses or URIs of your LDAP servers. Separate multiple entries with Whitespace or ‘,’. If you use URIs, then the settings for Port number and SSL are ignored. Example: “localhost ldaps://master.ldap.example.org:63636” will try to connect to localhost unencrypted and if if fails it will try the master LDAP server at a special port with SSL. None
Port The port number your LDAP server uses (389 is the default, 636 if you check SSL). None
Write LDAP debug Information in Tiki Logs Write debug information to Tiki logs (Admin -> Tiki Logs, Tiki Logs have to be enabled).
Do not enable this option for production sites.
Disabled
Use SSL (ldaps) Disabled
Use TLS Disabled
LDAP Bind Type
  • Active Directory bind will build a RDN like username at example.com where your basedn is (dc=example, dc=com) and username is your username
  • Plain bind will build a RDN username
  • Full bind will build a RDN like userattr=username, userdn, basedn where userattr is replaced with the value you put in ‘User attribute’, userdn with the value you put in ‘User DN’, basedn with the value with the value you put in ‘base DN’
  • OpenLDAP bind will build a RDN like cn=username, basedn
  • Anonymous bind will build an empty RDN

Default: Anonymous Bind | Full: userattr=username,UserDN,BaseDN | OpenLDAP: cn=username,BaseDN | Active Directory (username@domain) | Plain Username
Default: Anonymous Bind
Search scope Used after authentication for getting user and group information.
Subtree | One level | Base object
Subtree
LDAP version 3
Base DN None
User DN None
User attribute Uid
User OC InetOrgPerson
Realname attribute Synchronize Tiki user attributes with the LDAP values. DisplayName
Country attribute Synchronize Tiki user attributes with the LDAP values. None
Email attribute Synchronize Tiki user attributes with the LDAP values. None
Admin user None
Admin password None
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database.
If this option is disabled, this user wouldn’t be able to log in.
Create the user | Deny access
Create the user
Create user if not in LDAP If a user was authenticated by Tiki’s user database, but not found on the LDAP server, Tiki will create an LDAP entry for this user.
As of this writing, this is not yet implemented, and this option will probably not be offered in future.
Disabled
Use Tiki authentication for Admin login If this option is set, the user “admin” will be authenticated by only using Tiki’s user database and not via LDAP. This option has no effect on users other than “admin”. Enabled
Use Tiki authentication for users created in Tiki If this option is set, users that are created using Tiki are not authenticated via LDAP. This can be useful to let external users (ex.: partners or consultants) access Tiki, without being in your main user list in LDAP. Disabled
Host The hostnames, ip addresses or URIs of your LDAP servers. Separate multiple entries with Whitespace or ‘,’. If you use URIs, then the settings for Port number and SSL are ignored. Example: “localhost ldaps://master.ldap.example.org:63636” will try to connect to localhost unencrypted and if if fails it will try the master LDAP server at a special port with SSL. None
Port The port number your LDAP server uses (389 is the default, 636 if you check SSL). None
Write LDAP debug Information in Tiki Logs Write debug information to Tiki logs (Admin -> Tiki Logs, Tiki Logs have to be enable).
Do not enable this option for production sites.
Disabled
Use SSL (ldaps) Disabled
Use TLS Disabled
LDAP Bind Type
  • Active Directory bind will build a RDN like username at example.com where your basedn is (dc=example, dc=com) and username is your username
  • Plain bind will build a RDN username
  • Full bind will build a RDN like userattr=username, userdn, basedn where userattr is replaced with the value you put in ‘User attribute’, userdn with the value you put in ‘User DN’, basedn with the value with the value you put in ‘base DN’
  • OpenLDAP bind will build a RDN like cn=username, basedn
  • Anonymous bind will build an empty RDN

Default: Anonymous Bind | Full: userattr=username,UserDN,BaseDN | OpenLDAP: cn=username,BaseDN | Active Directory (username@domain) | Plain Username
Default: Anonymous Bind
Search scope Used after authentication for getting user and group information.
Subtree | One level | Base object
Subtree
LDAP version 3
Base DN None
User DN None
User attribute Uid
User OC InetOrgPerson
Realname attribute Synchronize Tiki user attributes with the LDAP values. DisplayName
Country attribute Synchronize Tiki user attributes with the LDAP values. None
Email attribute Synchronize Tiki user attributes with the LDAP values. None
Admin user None
Admin password None
Option Description Default
If user does not exist in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database.
If this option is disabled, this user wouldn’t be able to log in.
Create the user | Deny access
Create the user
Create user if not in LDAP If a user was authenticated by Tiki’s user database, but not found on the LDAP server, Tiki will create an LDAP entry for this user.
As of this writing, this is not yet implemented, and this option will probably not be offered in future.
Disabled
Use Tiki authentication for Admin login If this option is set, the user “admin” will be authenticated by only using Tiki’s user database and not via LDAP. This option has no effect on users other than “admin”. Enabled
Use Tiki authentication for users created in Tiki If this option is set, users that are created using Tiki are not authenticated via LDAP. This can be useful to let external users (ex.: partners or consultants) access Tiki, without being in your main user list in LDAP. Disabled
Host The hostnames, ip addresses or URIs of your LDAP servers. Separate multiple entries with Whitespace or ‘,’. If you use URIs, then the settings for Port number and SSL are ignored. Example: “localhost ldaps://master.ldap.example.org:63636” will try to connect to localhost unencrypted and if if fails it will try the master LDAP server at a special port with SSL. None
Port The port number your LDAP server uses (389 is the default, 636 if you check SSL). None
Write LDAP debug Information in Tiki Logs Write debug information to Tiki logs (Admin -> Tiki Logs, Tiki Logs have to be enable).
Do not enable this option for production sites.
Disabled
Use SSL (ldaps) Disabled
Use TLS Disabled
LDAP Bind Type
  • Active Directory bind will build a RDN like username at example.com where your basedn is (dc=example, dc=com) and username is your username
  • Plain bind will build a RDN username
  • Full bind will build a RDN like userattr=username, userdn, basedn where userattr is replaced with the value you put in ‘User attribute’, userdn with the value you put in ‘User DN’, basedn with the value with the value you put in ‘base DN’
  • OpenLDAP bind will build a RDN like cn=username, basedn
  • Anonymous bind will build an empty RDN

Default: Anonymous Bind | Full: userattr=username,UserDN,BaseDN | OpenLDAP: cn=username,BaseDN | Active Directory (username@domain) | Plain Username
Default: Anonymous Bind
Search scope Used after authentication for getting user and group information.
Subtree | One level | Base object
Subtree
LDAP version 3
Base DN None
User DN None
User attribute Uid
User OC InetOrgPerson
Realname attribute Synchronize Tiki user attributes with the LDAP values. DisplayName
Country attribute Synchronize Tiki user attributes with the LDAP values. None
Email attribute Synchronize Tiki user attributes with the LDAP values. None
Admin user None
Admin password None
Option Description Default
If user does not exist in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database.
If this option is disabled, this user wouldn’t be able to log in.
Create the user | Deny access
Create the user
Create user if not in LDAP If a user was authenticated by Tiki’s user database, but not found on the LDAP server, Tiki will create an LDAP entry for this user.
As of this writing, this is not yet implemented, and this option will probably not be offered in future.
Disabled
Use Tiki authentication for Admin login If this option is set, the user “admin” will be authenticated by only using Tiki’s user database and not via LDAP. This option has no effect on users other than “admin”. Enabled
Use Tiki authentication for users created in Tiki If this option is set, users that are created using Tiki are not authenticated via LDAP. This can be useful to let external users (ex.: partners or consultants) access Tiki, without being in your main user list in LDAP. Disabled
Host The hostnames, ip addresses or URIs of your LDAP servers. Separate multiple entries with Whitespace or ‘,’. If you use URIs, then the settings for Port number and SSL are ignored. Example: “localhost ldaps://master.ldap.example.org:63636” will try to connect to localhost unencrypted and if if fails it will try the master LDAP server at a special port with SSL. None
Port The port number your LDAP server uses (389 is the default, 636 if you check SSL). None
Write LDAP debug Information in Tiki Logs Write debug information to Tiki logs (Admin -> Tiki Logs, Tiki Logs have to be enable).
Do not enable this option for production sites.
Disabled
Use SSL (ldaps) Disabled
Use TLS Disabled
LDAP Bind Type
  • Active Directory bind will build a RDN like username at example.com where your basedn is (dc=example, dc=com) and username is your username
  • Plain bind will build a RDN username
  • Full bind will build a RDN like userattr=username, userdn, basedn where userattr is replaced with the value you put in ‘User attribute’, userdn with the value you put in ‘User DN’, basedn with the value with the value you put in ‘base DN’
  • OpenLDAP bind will build a RDN like cn=username, basedn
  • Anonymous bind will build an empty RDN

Default: Anonymous Bind | Full: userattr=username,UserDN,BaseDN | OpenLDAP: cn=username,BaseDN | Active Directory (username@domain) | Plain Username
Default: Anonymous Bind
Search scope Used after authentication for getting user and group information.
Subtree | One level | Base object
Subtree
LDAP version 3
Base DN None
User DN None
User attribute Uid
User OC InetOrgPerson
Realname attribute Synchronize Tiki user attributes with the LDAP values. DisplayName
Country attribute Synchronize Tiki user attributes with the LDAP values. None
Email attribute Synchronize Tiki user attributes with the LDAP values. None
Admin user None
Admin password None
Option Description Default
If user does not exist in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database.
If this option is disabled, this user wouldn’t be able to log in.
Create the user | Deny access
Create the user
Create user if not in LDAP If a user was authenticated by Tiki’s user database, but not found on the LDAP server, Tiki will create an LDAP entry for this user.
As of this writing, this is not yet implemented, and this option will probably not be offered in future.
Disabled
Use Tiki authentication for Admin login If this option is set, the user “admin” will be authenticated by only using Tiki’s user database and not via LDAP. This option has no effect on users other than “admin”. Enabled
Use Tiki authentication for users created in Tiki If this option is set, users that are created using Tiki are not authenticated via LDAP. This can be useful to let external users (ex.: partners or consultants) access Tiki, without being in your main user list in LDAP. Disabled
Host The hostnames, ip addresses or URIs of your LDAP servers. Separate multiple entries with Whitespace or ‘,’. If you use URIs, then the settings for Port number and SSL are ignored. Example: “localhost ldaps://master.ldap.example.org:63636” will try to connect to localhost unencrypted and if if fails it will try the master LDAP server at a special port with SSL. None
Port The port number your LDAP server uses (389 is the default, 636 if you check SSL). None
Write LDAP debug Information in Tiki Logs Write debug information to Tiki logs (Admin -> Tiki Logs, Tiki Logs have to be enable).
Do not enable this option for production sites.
Disabled
Use SSL (ldaps) Disabled
Use TLS Disabled
LDAP Bind Type
  • Active Directory bind will build a RDN like username at example.com where your basedn is (dc=example, dc=com) and username is your username
  • Plain bind will build a RDN username
  • Full bind will build a RDN like userattr=username, userdn, basedn where userattr is replaced with the value you put in ‘User attribute’, userdn with the value you put in ‘User DN’, basedn with the value with the value you put in ‘base DN’
  • OpenLDAP bind will build a RDN like cn=username, basedn
  • Anonymous bind will build an empty RDN

Default: Anonymous Bind | Full: userattr=username,UserDN,BaseDN | OpenLDAP: cn=username,BaseDN | Active Directory (username@domain) | Plain Username
Default: Anonymous Bind
Search scope Used after authentication for getting user and group information.
Subtree | One level | Base object
Subtree
LDAP version 3
Base DN None
User DN None
User attribute Uid
User OC InetOrgPerson
Realname attribute Synchronize Tiki user attributes with the LDAP values. DisplayName
Country attribute Synchronize Tiki user attributes with the LDAP values. None
Email attribute Synchronize Tiki user attributes with the LDAP values. None
Admin user None
Admin password None
Option Description Default
If user does not exist in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database.
If this option is disabled, this user wouldn’t be able to log in.
Create the user | Deny access
Create the user
Create user if not in LDAP If a user was authenticated by Tiki’s user database, but not found on the LDAP server, Tiki will create an LDAP entry for this user.
As of this writing, this is not yet implemented, and this option will probably not be offered in future.
Disabled
Use Tiki authentication for Admin login If this option is set, the user “admin” will be authenticated by only using Tiki’s user database and not via LDAP. This option has no effect on users other than “admin”. Enabled
Use Tiki authentication for users created in Tiki If this option is set, users that are created using Tiki are not authenticated via LDAP. This can be useful to let external users (ex.: partners or consultants) access Tiki, without being in your main user list in LDAP. Disabled
Host The hostnames, ip addresses or URIs of your LDAP servers. Separate multiple entries with Whitespace or ‘,’. If you use URIs, then the settings for Port number and SSL are ignored. Example: “localhost ldaps://master.ldap.example.org:63636” will try to connect to localhost unencrypted and if if fails it will try the master LDAP server at a special port with SSL. None
Port The port number your LDAP server uses (389 is the default, 636 if you check SSL). None
Write LDAP debug Information in Tiki Logs Write debug information to Tiki logs (Admin -> Tiki Logs, Tiki Logs have to be enable).
Do not enable this option for production sites.
Disabled
Use SSL (ldaps) Disabled
Use TLS Disabled
LDAP Bind Type
  • Active Directory bind will build a RDN like username at example.com where your basedn is (dc=example, dc=com) and username is your username
  • Plain bind will build a RDN username
  • Full bind will build a RDN like userattr=username, userdn, basedn where userattr is replaced with the value you put in ‘User attribute’, userdn with the value you put in ‘User DN’, basedn with the value with the value you put in ‘base DN’
  • OpenLDAP bind will build a RDN like cn=username, basedn
  • Anonymous bind will build an empty RDN

Default: Anonymous Bind | Full: userattr=username,UserDN,BaseDN | OpenLDAP: cn=username,BaseDN | Active Directory (username@domain) | Plain Username
Default: Anonymous Bind
Search scope Used after authentication for getting user and group information.
Subtree | One level | Base object
Subtree
LDAP version 3
Base DN None
User DN None
User attribute Uid
User OC InetOrgPerson
Realname attribute Synchronize Tiki user attributes with the LDAP values. DisplayName
Country attribute Synchronize Tiki user attributes with the LDAP values. None
Email attribute Synchronize Tiki user attributes with the LDAP values. None
Admin user None
Admin password None
Option Description Default
If user does not exist in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database.
If this option is disabled, this user wouldn’t be able to log in.
Create the user | Deny access
Create the user
Create user if not in LDAP If a user was authenticated by Tiki’s user database, but not found on the LDAP server, Tiki will create an LDAP entry for this user.
As of this writing, this is not yet implemented, and this option will probably not be offered in future.
Disabled
Use Tiki authentication for Admin login If this option is set, the user “admin” will be authenticated by only using Tiki’s user database and not via LDAP. This option has no effect on users other than “admin”. Enabled
Use Tiki authentication for users created in Tiki If this option is set, users that are created using Tiki are not authenticated via LDAP. This can be useful to let external users (ex.: partners or consultants) access Tiki, without being in your main user list in LDAP. Disabled
Host The hostnames, ip addresses or URIs of your LDAP servers. Separate multiple entries with Whitespace or ‘,’. If you use URIs, then the settings for Port number and SSL are ignored. Example: “localhost ldaps://master.ldap.example.org:63636” will try to connect to localhost unencrypted and if if fails it will try the master LDAP server at a special port with SSL. None
Port The port number your LDAP server uses (389 is the default, 636 if you check SSL). None
Write LDAP debug Information in Tiki Logs Write debug information to Tiki logs (Admin -> Tiki Logs, Tiki Logs have to be enable).
Do not enable this option for production sites.
Disabled
Use SSL (ldaps) Disabled
Use TLS Disabled
LDAP Bind Type
  • Active Directory bind will build a RDN like username at example.com where your basedn is (dc=example, dc=com) and username is your username
  • Plain bind will build a RDN username
  • Full bind will build a RDN like userattr=username, userdn, basedn where userattr is replaced with the value you put in ‘User attribute’, userdn with the value you put in ‘User DN’, basedn with the value with the value you put in ‘base DN’
  • OpenLDAP bind will build a RDN like cn=username, basedn
  • Anonymous bind will build an empty RDN

Default: Anonymous Bind | Full: userattr=username,UserDN,BaseDN | OpenLDAP: cn=username,BaseDN | Active Directory (username@domain) | Plain Username
Default: Anonymous Bind
Search scope Used after authentication for getting user and group information.
Subtree | One level | Base object
Subtree
LDAP version 3
Base DN None
User DN None
User attribute Uid
User OC InetOrgPerson
Realname attribute Synchronize Tiki user attributes with the LDAP values. DisplayName
Country attribute Synchronize Tiki user attributes with the LDAP values. None
Email attribute Synchronize Tiki user attributes with the LDAP values. None
Admin user None
Admin password None


Log-in - LDAP external groups

Option Description Default
Use an external LDAP server for groups Disabled
Host Localhost
Port 389
Write LDAP debug Information in Tiki Logs Write debug information to Tiki logs (Admin -> Tiki Logs, Tiki Logs have to be enabled).
Do not enable this option for production sites.
Disabled
Use SSL (ldaps) Disabled
Use TLS Disabled
LDAP Bind Type
  • Active Directory bind will build a RDN like username at example.com where your basedn is (dc=example, dc=com) and username is your username
  • Plain bind will build a RDN username
  • Full bind will build a RDN like userattr=username, userdn, basedn where userattr is replaced with the value you put in ‘User attribute’, userdn with the value you put in ‘User DN’, basedn with the value with the value you put in ‘base DN’
  • OpenLDAP bind will build a RDN like cn=username, basedn
  • Anonymous bind will build an empty RDN

Anonymous Bind | Full: userattr=username,UserDN,BaseDN | OpenLDAP: cn=username,BaseDN | Active Directory (username@domain) | Plain Username
Anonymous Bind
Search scope Subtree | One level | Base object Subtree
Base DN None
User DN None
User attribute Uid
Corresponding user attribute in 1st directory Uid
User OC InetOrgPerson
Synchronize Tiki groups with a directory Define the directory within the "LDAP" tab Disabled
Group DN None
Group name attribute Cn
Group description attribute None
Group OC GroupOfUniqueNames
Synchronize Tiki users with a directory Define the directory within the "LDAP" tab Disabled
Member attribute UniqueMember
Member is DN Enabled
Group attribute None
Group attribute in group entry (Leave this empty if the group name is already given in the user attribute) None
Admin user None
Admin password None
Option Description Default
Use an external LDAP server for groups Disabled
Host Localhost
Port 389
Write LDAP debug Information in Tiki Logs Write debug information to Tiki logs (Admin -> Tiki Logs, Tiki Logs have to be enabled).
Do not enable this option for production sites.
Disabled
Use SSL (ldaps) Disabled
Use TLS Disabled
LDAP Bind Type
  • Active Directory bind will build a RDN like username at example.com where your basedn is (dc=example, dc=com) and username is your username
  • Plain bind will build a RDN username
  • Full bind will build a RDN like userattr=username, userdn, basedn where userattr is replaced with the value you put in ‘User attribute’, userdn with the value you put in ‘User DN’, basedn with the value with the value you put in ‘base DN’
  • OpenLDAP bind will build a RDN like cn=username, basedn
  • Anonymous bind will build an empty RDN

Anonymous Bind | Full: userattr=username,UserDN,BaseDN | OpenLDAP: cn=username,BaseDN | Active Directory (username@domain) | Plain Username
Anonymous Bind
Search scope Subtree | One level | Base object Subtree
Base DN None
User DN None
User attribute Uid
Corresponding user attribute in 1st directory Uid
User OC InetOrgPerson
Synchronize Tiki groups with a directory Define the directory within the "LDAP" tab Disabled
Group DN None
Group name attribute Cn
Group description attribute None
Group OC GroupOfUniqueNames
Synchronize Tiki users with a directory Define the directory within the "LDAP" tab Disabled
Member attribute UniqueMember
Member is DN Enabled
Group attribute None
Group attribute in group entry (Leave this empty if the group name is already given in the user attribute) None
Admin user None
Admin password None
Option Description Default
Use an external LDAP server for groups Disabled
Host Localhost
Port 389
Write LDAP debug Information in Tiki Logs Write debug information to Tiki logs (Admin -> Tiki Logs, Tiki Logs have to be enabled).
Do not enable this option for production sites.
Disabled
Use SSL (ldaps) Disabled
Use TLS Disabled
LDAP Bind Type
  • Active Directory bind will build a RDN like username at example.com where your basedn is (dc=example, dc=com) and username is your username
  • Plain bind will build a RDN username
  • Full bind will build a RDN like userattr=username, userdn, basedn where userattr is replaced with the value you put in ‘User attribute’, userdn with the value you put in ‘User DN’, basedn with the value with the value you put in ‘base DN’
  • OpenLDAP bind will build a RDN like cn=username, basedn
  • Anonymous bind will build an empty RDN

Anonymous Bind | Full: userattr=username,UserDN,BaseDN | OpenLDAP: cn=username,BaseDN | Active Directory (username@domain) | Plain Username
Anonymous Bind
Search scope Subtree | One level | Base object Subtree
Base DN None
User DN None
User attribute Uid
Corresponding user attribute in 1st directory Uid
User OC InetOrgPerson
Synchronize Tiki groups with a directory Define the directory within the "LDAP" tab Disabled
Group DN None
Group name attribute Cn
Group description attribute None
Group OC GroupOfUniqueNames
Synchronize Tiki users with a directory Define the directory within the "LDAP" tab Disabled
Member attribute UniqueMember
Member is DN Enabled
Group attribute None
Group attribute in group entry (Leave this empty if the group name is already given in the user attribute) None
Admin user None
Admin password None
Option Description Default
Use an external LDAP server for groups Disabled
Host Localhost
Port 389
Write LDAP debug Information in Tiki Logs Write debug information to Tiki logs (Admin -> Tiki Logs, Tiki Logs have to be enabled).
Do not enable this option for production sites.
Disabled
Use SSL (ldaps) Disabled
Use TLS Disabled
LDAP Bind Type
  • Active Directory bind will build a RDN like username at example.com where your basedn is (dc=example, dc=com) and username is your username
  • Plain bind will build a RDN username
  • Full bind will build a RDN like userattr=username, userdn, basedn where userattr is replaced with the value you put in ‘User attribute’, userdn with the value you put in ‘User DN’, basedn with the value with the value you put in ‘base DN’
  • OpenLDAP bind will build a RDN like cn=username, basedn
  • Anonymous bind will build an empty RDN

Anonymous Bind | Full: userattr=username,UserDN,BaseDN | OpenLDAP: cn=username,BaseDN | Active Directory (username@domain) | Plain Username
Anonymous Bind
Search scope Subtree | One level | Base object Subtree
Base DN None
User DN None
User attribute Uid
Corresponding user attribute in 1st directory Uid
User OC InetOrgPerson
Synchronize Tiki groups with a directory Define the directory within the "LDAP" tab Disabled
Group DN None
Group name attribute Cn
Group description attribute None
Group OC GroupOfUniqueNames
Synchronize Tiki users with a directory Define the directory within the "LDAP" tab Disabled
Member attribute UniqueMember
Member is DN Enabled
Group attribute None
Group attribute in group entry (Leave this empty if the group name is already given in the user attribute) None
Admin user None
Admin password None
Option Description Default
Use an external LDAP server for groups Disabled
Host Localhost
Port 389
Write LDAP debug Information in Tiki Logs Write debug information to Tiki logs (Admin -> Tiki Logs, Tiki Logs have to be enabled).
Do not enable this option for production sites.
Disabled
Use SSL (ldaps) Disabled
Use TLS Disabled
LDAP Bind Type
  • Active Directory bind will build a RDN like username at example.com where your basedn is (dc=example, dc=com) and username is your username
  • Plain bind will build a RDN username
  • Full bind will build a RDN like userattr=username, userdn, basedn where userattr is replaced with the value you put in ‘User attribute’, userdn with the value you put in ‘User DN’, basedn with the value with the value you put in ‘base DN’
  • OpenLDAP bind will build a RDN like cn=username, basedn
  • Anonymous bind will build an empty RDN

Anonymous Bind | Full: userattr=username,UserDN,BaseDN | OpenLDAP: cn=username,BaseDN | Active Directory (username@domain) | Plain Username
Anonymous Bind
Search scope Subtree | One level | Base object Subtree
Base DN None
User DN None
User attribute Uid
Corresponding user attribute in 1st directory Uid
User OC InetOrgPerson
Synchronize Tiki groups with a directory Define the directory within the "LDAP" tab Disabled
Group DN None
Group name attribute Cn
Group description attribute None
Group OC GroupOfUniqueNames
Synchronize Tiki users with a directory Define the directory within the "LDAP" tab Disabled
Member attribute UniqueMember
Member is DN Enabled
Group attribute None
Group attribute in group entry (Leave this empty if the group name is already given in the user attribute) None
Admin user None
Admin password None
Option Description Default
Use an external LDAP server for groups Disabled
Host Localhost
Port 389
Write LDAP debug Information in Tiki Logs Write debug information to Tiki logs (Admin -> Tiki Logs, Tiki Logs have to be enabled).
Do not enable this option for production sites.
Disabled
Use SSL (ldaps) Disabled
Use TLS Disabled
LDAP Bind Type
  • Active Directory bind will build a RDN like username at example.com where your basedn is (dc=example, dc=com) and username is your username
  • Plain bind will build a RDN username
  • Full bind will build a RDN like userattr=username, userdn, basedn where userattr is replaced with the value you put in ‘User attribute’, userdn with the value you put in ‘User DN’, basedn with the value with the value you put in ‘base DN’
  • OpenLDAP bind will build a RDN like cn=username, basedn
  • Anonymous bind will build an empty RDN

Anonymous Bind | Full: userattr=username,UserDN,BaseDN | OpenLDAP: cn=username,BaseDN | Active Directory (username@domain) | Plain Username
Anonymous Bind
Search scope Subtree | One level | Base object Subtree
Base DN None
User DN None
User attribute Uid
Corresponding user attribute in 1st directory Uid
User OC InetOrgPerson
Synchronize Tiki groups with a directory Define the directory within the "LDAP" tab Disabled
Group DN None
Group name attribute Cn
Group description attribute None
Group OC GroupOfUniqueNames
Synchronize Tiki users with a directory Define the directory within the "LDAP" tab Disabled
Member attribute UniqueMember
Member is DN Enabled
Group attribute None
Group attribute in group entry (Leave this empty if the group name is already given in the user attribute) None
Admin user None
Admin password None
Option Description Default
Use an external LDAP server for groups Disabled
Host Localhost
Port 389
Write LDAP debug Information in Tiki Logs Write debug information to Tiki logs (Admin -> Tiki Logs, Tiki Logs have to be enabled).
Do not enable this option for production sites.
Disabled
Use SSL (ldaps) Disabled
Use TLS Disabled
LDAP Bind Type
  • Active Directory bind will build a RDN like username at example.com where your basedn is (dc=example, dc=com) and username is your username
  • Plain bind will build a RDN username
  • Full bind will build a RDN like userattr=username, userdn, basedn where userattr is replaced with the value you put in ‘User attribute’, userdn with the value you put in ‘User DN’, basedn with the value with the value you put in ‘base DN’
  • OpenLDAP bind will build a RDN like cn=username, basedn
  • Anonymous bind will build an empty RDN

Anonymous Bind | Full: userattr=username,UserDN,BaseDN | OpenLDAP: cn=username,BaseDN | Active Directory (username@domain) | Plain Username
Anonymous Bind
Search scope Subtree | One level | Base object Subtree
Base DN None
User DN None
User attribute Uid
Corresponding user attribute in 1st directory Uid
User OC InetOrgPerson
Synchronize Tiki groups with a directory Define the directory within the "LDAP" tab Disabled
Group DN None
Group name attribute Cn
Group description attribute None
Group OC GroupOfUniqueNames
Synchronize Tiki users with a directory Define the directory within the "LDAP" tab Disabled
Member attribute UniqueMember
Member is DN Enabled
Group attribute None
Group attribute in group entry (Leave this empty if the group name is already given in the user attribute) None
Admin user None
Admin password None
Option Description Default
Use an external LDAP server for groups Disabled
Host Localhost
Port 389
Write LDAP debug Information in Tiki Logs Write debug information to Tiki logs (Admin -> Tiki Logs, Tiki Logs have to be enabled).
Do not enable this option for production sites.
Disabled
Use SSL (ldaps) Disabled
Use TLS Disabled
LDAP Bind Type
  • Active Directory bind will build a RDN like username at example.com where your basedn is (dc=example, dc=com) and username is your username
  • Plain bind will build a RDN username
  • Full bind will build a RDN like userattr=username, userdn, basedn where userattr is replaced with the value you put in ‘User attribute’, userdn with the value you put in ‘User DN’, basedn with the value with the value you put in ‘base DN’
  • OpenLDAP bind will build a RDN like cn=username, basedn
  • Anonymous bind will build an empty RDN

Anonymous Bind | Full: userattr=username,UserDN,BaseDN | OpenLDAP: cn=username,BaseDN | Active Directory (username@domain) | Plain Username
Anonymous Bind
Search scope Subtree | One level | Base object Subtree
LDAP version 3
Base DN None
User DN None
User attribute Uid
Corresponding user attribute in 1st directory Uid
User OC InetOrgPerson
Synchronize Tiki groups with a directory Define the directory within the "LDAP" tab Disabled
Group DN None
Group name attribute Cn
Group description attribute None
Group OC GroupOfUniqueNames
Synchronize Tiki users with a directory Define the directory within the "LDAP" tab Disabled
Member attribute UniqueMember
Member is DN Enabled
Group attribute None
Group attribute in group entry (Leave this empty if the group name is already given in the user attribute) None
Admin user None
Admin password None
Option Description Default
Use an external LDAP server for groups Disabled
Host Localhost
Port 389
Write LDAP debug Information in Tiki Logs Write debug information to Tiki logs (Admin -> Tiki Logs, Tiki Logs have to be enable).
Do not enable this option for production sites.
Disabled
Use SSL (ldaps) Disabled
Use TLS Disabled
LDAP Bind Type
  • Active Directory bind will build a RDN like username at example.com where your basedn is (dc=example, dc=com) and username is your username
  • Plain bind will build a RDN username
  • Full bind will build a RDN like userattr=username, userdn, basedn where userattr is replaced with the value you put in ‘User attribute’, userdn with the value you put in ‘User DN’, basedn with the value with the value you put in ‘base DN’
  • OpenLDAP bind will build a RDN like cn=username, basedn
  • Anonymous bind will build an empty RDN

Anonymous Bind | Full: userattr=username,UserDN,BaseDN | OpenLDAP: cn=username,BaseDN | Active Directory (username@domain) | Plain Username
Anonymous Bind
Search scope Subtree | One level | Base object Subtree
LDAP version 3
Base DN None
User DN None
User attribute Uid
Corresponding user attribute in 1st directory Uid
User OC InetOrgPerson
Synchronize Tiki groups with a directory Define the directory within the “LDAP” tab Disabled
Group DN None
Group name attribute Cn
Group description attribute None
Group OC GroupOfUniqueNames
Synchronize Tiki users with a directory Define the directory within the “LDAP” tab Disabled
Member attribute UniqueMember
Member is DN Enabled
Group attribute None
Group attribute in group entry (Leave this empty if the group name is already given in the user attribute) None
Admin user None
Admin password None
Option Description Default
Use an external LDAP server for groups Disabled
Host Localhost
Port 389
Write LDAP debug Information in Tiki Logs Write debug information to Tiki logs (Admin -> Tiki Logs, Tiki Logs have to be enable).
Do not enable this option for production sites.
Disabled
Use SSL (ldaps) Disabled
Use TLS Disabled
LDAP Bind Type
  • Active Directory bind will build a RDN like username at example.com where your basedn is (dc=example, dc=com) and username is your username
  • Plain bind will build a RDN username
  • Full bind will build a RDN like userattr=username, userdn, basedn where userattr is replaced with the value you put in ‘User attribute’, userdn with the value you put in ‘User DN’, basedn with the value with the value you put in ‘base DN’
  • OpenLDAP bind will build a RDN like cn=username, basedn
  • Anonymous bind will build an empty RDN

Default: Anonymous Bind | Full: userattr=username,UserDN,BaseDN | OpenLDAP: cn=username,BaseDN | Active Directory (username@domain) | Plain Username
Default: Anonymous Bind
Search scope Subtree | One level | Base object Subtree
LDAP version 3
Base DN None
User DN None
User attribute Uid
Corresponding user attribute in 1st directory Uid
User OC InetOrgPerson
Synchronize Tiki groups with a directory Define the directory within the "LDAP" tab Disabled
Group DN None
Group name attribute Cn
Group description attribute None
Group OC GroupOfUniqueNames
Synchronize Tiki users with a directory Define the directory within the "LDAP" tab Disabled
Member attribute UniqueMember
Member is DN Enabled
Group attribute None
Group attribute in group entry (Leave this empty if the group name is already given in the user attribute) None
Admin user None
Admin password None
Option Description Default
Use an external LDAP server for groups Disabled
Host Localhost
Port 389
Write LDAP debug Information in Tiki Logs Write debug information to Tiki logs (Admin -> Tiki Logs, Tiki Logs have to be enable).
Do not enable this option for production sites.
Disabled
Use SSL (ldaps) Disabled
Use TLS Disabled
LDAP Bind Type
  • Active Directory bind will build a RDN like username at example.com where your basedn is (dc=example, dc=com) and username is your username
  • Plain bind will build a RDN username
  • Full bind will build a RDN like userattr=username, userdn, basedn where userattr is replaced with the value you put in ‘User attribute’, userdn with the value you put in ‘User DN’, basedn with the value with the value you put in ‘base DN’
  • OpenLDAP bind will build a RDN like cn=username, basedn
  • Anonymous bind will build an empty RDN

Default: Anonymous Bind | Full: userattr=username,UserDN,BaseDN | OpenLDAP: cn=username,BaseDN | Active Directory (username@domain) | Plain Username
Default: Anonymous Bind
Search scope Subtree | One level | Base object Subtree
LDAP version 3
Base DN None
User DN None
User attribute Uid
Corresponding user attribute in 1st directory Uid
User OC InetOrgPerson
Synchronize Tiki groups with a directory Define the directory within the "LDAP" tab Disabled
Group DN None
Group name attribute Cn
Group description attribute None
Group OC GroupOfUniqueNames
Synchronize Tiki users with a directory Define the directory within the "LDAP" tab Disabled
Member attribute UniqueMember
Member is DN Enabled
Group attribute None
Group attribute in group entry (Leave this empty if the group name is already given in the user attribute) None
Admin user None
Admin password None
Option Description Default
Use an external LDAP server for groups Disabled
Host Localhost
Port 389
Write LDAP debug Information in Tiki Logs Write debug information to Tiki logs (Admin -> Tiki Logs, Tiki Logs have to be enable).
Do not enable this option for production sites.
Disabled
Use SSL (ldaps) Disabled
Use TLS Disabled
LDAP Bind Type
  • Active Directory bind will build a RDN like username at example.com where your basedn is (dc=example, dc=com) and username is your username
  • Plain bind will build a RDN username
  • Full bind will build a RDN like userattr=username, userdn, basedn where userattr is replaced with the value you put in ‘User attribute’, userdn with the value you put in ‘User DN’, basedn with the value with the value you put in ‘base DN’
  • OpenLDAP bind will build a RDN like cn=username, basedn
  • Anonymous bind will build an empty RDN

Default: Anonymous Bind | Full: userattr=username,UserDN,BaseDN | OpenLDAP: cn=username,BaseDN | Active Directory (username@domain) | Plain Username
Default: Anonymous Bind
Search scope Subtree | One level | Base object Subtree
LDAP version 3
Base DN None
User DN None
User attribute Uid
Corresponding user attribute in 1st directory Uid
User OC InetOrgPerson
Synchronize Tiki groups with a directory Define the directory within the "LDAP" tab Disabled
Group DN None
Group name attribute Cn
Group description attribute None
Group OC GroupOfUniqueNames
Synchronize Tiki users with a directory Define the directory within the "LDAP" tab Disabled
Member attribute UniqueMember
Member is DN Enabled
Group attribute None
Group attribute in group entry (Leave this empty if the group name is already given in the user attribute) None
Admin user None
Admin password None
Option Description Default
Use an external LDAP server for groups Disabled
Host Localhost
Port 389
Write LDAP debug Information in Tiki Logs Write debug information to Tiki logs (Admin -> Tiki Logs, Tiki Logs have to be enable).
Do not enable this option for production sites.
Disabled
Use SSL (ldaps) Disabled
Use TLS Disabled
LDAP Bind Type
  • Active Directory bind will build a RDN like username at example.com where your basedn is (dc=example, dc=com) and username is your username
  • Plain bind will build a RDN username
  • Full bind will build a RDN like userattr=username, userdn, basedn where userattr is replaced with the value you put in ‘User attribute’, userdn with the value you put in ‘User DN’, basedn with the value with the value you put in ‘base DN’
  • OpenLDAP bind will build a RDN like cn=username, basedn
  • Anonymous bind will build an empty RDN

Default: Anonymous Bind | Full: userattr=username,UserDN,BaseDN | OpenLDAP: cn=username,BaseDN | Active Directory (username@domain) | Plain Username
Default: Anonymous Bind
Search scope Subtree | One level | Base object Subtree
LDAP version 3
Base DN None
User DN None
User attribute Uid
Corresponding user attribute in 1st directory Uid
User OC InetOrgPerson
Synchronize Tiki groups with a directory Define the directory within the "LDAP" tab Disabled
Group DN None
Group name attribute Cn
Group description attribute None
Group OC GroupOfUniqueNames
Synchronize Tiki users with a directory Define the directory within the "LDAP" tab Disabled
Member attribute UniqueMember
Member is DN Enabled
Group attribute None
Group attribute in group entry (Leave this empty if the group name is already given in the user attribute) None
Admin user None
Admin password None
Option Description Default
Use an external LDAP server for groups Disabled
Host Localhost
Port 389
Write LDAP debug Information in Tiki Logs Write debug information to Tiki logs (Admin -> Tiki Logs, Tiki Logs have to be enable).
Do not enable this option for production sites.
Disabled
Use SSL (ldaps) Disabled
Use TLS Disabled
LDAP Bind Type
  • Active Directory bind will build a RDN like username at example.com where your basedn is (dc=example, dc=com) and username is your username
  • Plain bind will build a RDN username
  • Full bind will build a RDN like userattr=username, userdn, basedn where userattr is replaced with the value you put in ‘User attribute’, userdn with the value you put in ‘User DN’, basedn with the value with the value you put in ‘base DN’
  • OpenLDAP bind will build a RDN like cn=username, basedn
  • Anonymous bind will build an empty RDN

Default: Anonymous Bind | Full: userattr=username,UserDN,BaseDN | OpenLDAP: cn=username,BaseDN | Active Directory (username@domain) | Plain Username
Default: Anonymous Bind
Search scope Subtree | One level | Base object Subtree
LDAP version 3
Base DN None
User DN None
User attribute Uid
Corresponding user attribute in 1st directory Uid
User OC InetOrgPerson
Synchronize Tiki groups with a directory Define the directory within the "LDAP" tab Disabled
Group DN None
Group name attribute Cn
Group description attribute None
Group OC GroupOfUniqueNames
Synchronize Tiki users with a directory Define the directory within the "LDAP" tab Disabled
Member attribute UniqueMember
Member is DN Enabled
Group attribute None
Group attribute in group entry (Leave this empty if the group name is already given in the user attribute) None
Admin user None
Admin password None


Log-in - PAM

Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin login The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
PAM service Currently unused None
Option Description Default
Create user if not already a registered user If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin login The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
PAM service Currently unused None
Option Description Default
Create user if not already a registered user If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin login The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
PAM service Currently unused None
Option Description Default
Create user if not in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin login The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
PAM service Currently unused None
Option Description Default
Create user if not in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin login The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
PAM service Currently unused None
Option Description Default
Create user if not in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin login The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
PAM service Currently unused None


Log-in - Password Blacklist

Option Description Default
Password file used The automatically selected file is recommended unless you generate your own blacklist file.
Automatically select blacklist | Num & Let: 0, Special: 0, Min Len: 1, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 0, Min Len: 5, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 0, Min Len: 7, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 0, Min Len: 9, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 1, Min Len: 1, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 1...
Automatically select blacklist
Option Description Default
Password file used The automatically selected file is recommended unless you generate your own blacklist file.
Automatically select blacklist | Num & Let: 0, Special: 0, Min Len: 1, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 0, Min Len: 5, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 0, Min Len: 7, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 0, Min Len: 9, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 1, Min Len: 1, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 1...
Automatically select blacklist
Option Description Default
Password file used The automatically selected file is recommended unless you generate your own blacklist file.
Automatically select blacklist | Num & Let: 0, Special: 0, Min Len: 1, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 0, Min Len: 5, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 0, Min Len: 7, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 0, Min Len: 9, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 1, Min Len: 1, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 1...
Automatically select blacklist
Option Description Default
Password file used The automatically selected file is recommended unless you generate your own blacklist file.
Automatically select blacklist | Num & Let: 0, Special: 0, Min Len: 1, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 0, Min Len: 5, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 0, Min Len: 7, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 0, Min Len: 9, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 1, Min Len: 1, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 1...
Automatically select blacklist
Option Description Default
Password file used The automatically selected file is recommended unless you generate your own blacklist file.
Automatically select blacklist | Num & Let: 0, Special: 0, Min Len: 1, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 0, Min Len: 5, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 0, Min Len: 7, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 0, Min Len: 9, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 1, Min Len: 1, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 1...
Automatically select blacklist
Option Description Default
Password file used The automatically selected file is recommended unless you generate your own blacklist file.
Automatically select blacklist | Num & Let: 0, Special: 0, Min Len: 1, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 0, Min Len: 5, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 0, Min Len: 7, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 0, Min Len: 9, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 1, Min Len: 1, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 1...
Automatically select blacklist
Option Description Default
Password file used The automatically selected file is recommended unless you generate your own blacklist file.
Automatically select blacklist | Num & Let: 0, Special: 0, Min Len: 1, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 0, Min Len: 5, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 0, Min Len: 7, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 0, Min Len: 9, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 1, Min Len: 1, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 1...
Automatically select blacklist
Option Description Default
Password file used The automatically selected file is recommended unless you generate your own blacklist file.
Automatically select blacklist | Num & Let: 0, Special: 0, Min Len: 1, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 0, Min Len: 5, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 0, Min Len: 7, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 0, Min Len: 9, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 1, Min Len: 1, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 1...
Automatically select blacklist
Option Description Default
Password file used The automatically selected file is recommended unless you generate your own blacklist file.
Automatically select blacklist | Num & Let: 0, Special: 0, Min Len: 1, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 0, Min Len: 5, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 0, Min Len: 7, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 0, Min Len: 9, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 1, Min Len: 1, Custom: 0, Word Count: 1000 | Num & Let: 0, Special: 1...
Automatically select blacklist


Log-in - PHPBB

Option Description Default
Create user if not registered in Tiki Automatically create a new Tiki user for the PHPbb login Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”.
Recommended
Enabled
Disable Tiki users with no phpBB login Disable Tiki users who don’t have a phpBB login as they could have been deleted.
Recommended
Disabled
phpBB Version 3 3
phpBB Database Hostname None
phpBB Database Username None
phpBB Database Password None
phpBB Database Name None
phpBB Table Prefix Phpbb_
Option Description Default
Create user if not registered in Tiki Automatically create a new Tiki user for the PHPbb login Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”.
Recommended
Enabled
Disable Tiki users with no phpBB login Disable Tiki users who don’t have a phpBB login as they could have been deleted.
Recommended
Disabled
phpBB Version 3 3
phpBB Database Hostname None
phpBB Database Username None
phpBB Database Password None
phpBB Database Name None
phpBB Table Prefix Phpbb_
Option Description Default
Create user if not registered in Tiki Automatically create a new Tiki user for the PHPbb login Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”.
Recommended
Enabled
Disable Tiki users with no phpBB login Disable Tiki users who don’t have a phpBB login as they could have been deleted.
Recommended
Disabled
phpBB Version 3 3
phpBB Database Hostname None
phpBB Database Username None
phpBB Database Password None
phpBB Database Name None
phpBB Table Prefix Phpbb_
Option Description Default
Create user if not registered in Tiki Automatically create a new Tiki user for the PHPbb login Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”.
Recommended
Enabled
Disable Tiki users with no phpBB login Disable Tiki users who don’t have a phpBB login as they could have been deleted.
Recommended
Disabled
phpBB Version 3 3
phpBB Database Hostname None
phpBB Database Username None
phpBB Database Password None
phpBB Database Name None
phpBB Table Prefix Phpbb_
Option Description Default
Create user if not registered in Tiki Automatically create a new Tiki user for the PHPbb login Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”.
Recommended
Enabled
Disable Tiki users with no phpBB login Disable Tiki users who don’t have a phpBB login as they could have been deleted.
Recommended
Disabled
phpBB Version 3 3
phpBB Database Hostname None
phpBB Database Username None
phpBB Database Password None
phpBB Database Name None
phpBB Table Prefix Phpbb_
Option Description Default
Create user if not registered in Tiki Automatically create a new Tiki user for the PHPbb login Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”.
Recommended
Enabled
Disable Tiki users with no phpBB login Disable Tiki users who don’t have a phpBB login as they could have been deleted.
Recommended
Disabled
phpBB Version 3 3
phpBB Database Hostname None
phpBB Database Username None
phpBB Database Password None
phpBB Database Name None
phpBB Table Prefix Phpbb_
Option Description Default
Create user if not registered in Tiki Automatically create a new Tiki user for the PHPbb login Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”.
Recommended
Enabled
Disable Tiki users with no phpBB login Disable Tiki users who don’t have a phpBB login as they could have been deleted.
Recommended
Disabled
phpBB Version 3 3
phpBB Database Hostname None
phpBB Database Username None
phpBB Database Password None
phpBB Database Name None
phpBB Table Prefix Phpbb_
Option Description Default
Create user if not registered in Tiki Automatically create a new Tiki user for the PHPbb login Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”.
Recommended
Enabled
Disable Tiki users with no phpBB login Disable Tiki users who don’t have a phpBB login as they could have been deleted.
Recommended
Disabled
phpBB Version 3 3
phpBB Database Hostname None
phpBB Database Username None
phpBB Database Password None
phpBB Database Name None
phpBB Table Prefix Phpbb_
Option Description Default
Create user if not registered in Tiki Automatically create a new Tiki user for the PHPbb login Disabled
Use Tiki authentication for Admin login The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”.
Recommended
Enabled
Disable Tiki users with no phpBB login Disable Tiki users who don’t have a phpBB login as they could have been deleted.
Recommended
Disabled
phpBB Version 3 3
phpBB Database Hostname None
phpBB Database Username None
phpBB Database Password None
phpBB Database Name None
phpBB Table Prefix Phpbb_
Option Description Default
Create user if not already a registered user Automatically create a new Tiki user for the PHPbb login Disabled
Use Tiki authentication for Admin login The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”.
Recommended
Enabled
Disable Tiki users who don't have a phpBB login. (They could have been deleted). Disable Tiki users who don’t have a phpBB login as they could have been deleted.
Recommended
Disabled
phpBB Version 3 3
phpBB Database Hostname None
phpBB Database Username None
phpBB Database Password None
phpBB Database Name None
phpBB Table Prefix Phpbb_
Option Description Default
Create user if not already a registered user Automatically create a new Tiki user for the PHPbb login Disabled
Use Tiki authentication for Admin login The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”.
Recommended
Enabled
Disable Tiki users who don't have a phpBB login. (They could have been deleted). Disable Tiki users who don’t have a phpBB login as they could have been deleted.
Recommended
Disabled
phpBB Version 3 3
phpBB Database Hostname None
phpBB Database Username None
phpBB Database Password None
phpBB Database Name None
phpBB Table Prefix Phpbb_
Option Description Default
Create user if not in Tiki Automatically create a new Tiki User for the PHPbb login Disabled
Use Tiki authentication for Admin login The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”.
Recommended
Enabled
Disable Tiki users who don't have a phpBB login. (They could have been deleted). Disable Tiki users who don’t have a phpBB login as they could have been deleted.
Recommended
Disabled
phpBB Version 3 3
phpBB Database Hostname None
phpBB Database Username None
phpBB Database Password None
phpBB Database Name None
phpBB Table Prefix Phpbb_
Option Description Default
Create user if not in Tiki Automatically create a new Tiki User for the PHPbb login Disabled
Use Tiki authentication for Admin login The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”.
Recommended
Enabled
Disable Tiki users who don't have a phpBB login. (They could have been deleted). Disable Tiki users who don’t have a phpBB login as they could have been deleted.
Recommended
Disabled
phpBB Version 3 3
phpBB Database Hostname None
phpBB Database Username None
phpBB Database Password None
phpBB Database Name None
phpBB Table Prefix Phpbb_
Option Description Default
Create user if not in Tiki Automatically create a new Tiki User for the PHPbb login Disabled
Use Tiki authentication for Admin login The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”.
Recommended
Enabled
Disable Tiki users who don't have a phpBB login. (They could have been deleted). Disable Tiki users who don’t have a phpBB login as they could have been deleted.
Recommended
Disabled
phpBB Version 3 3
phpBB Database Hostname None
phpBB Database Username None
phpBB Database Password None
phpBB Database Name None
phpBB Table Prefix Phpbb_


Log-in - Remote Tiki auto-login

Option Description Default
Enable autologin from remote Tiki Used with autologin_remotetiki in the redirect plugin Disabled
System username to use to initiate autologin from remote Tiki Specified user must exist and be configured in Settings...Tools...DSN/Content Authentication on remote Tiki. Used with autologin_remotetiki in the redirect plugin. None
System groupname to use for auto login token For security, please create a group that has no users and no permissions and specify its name here. None
Create user if not registered in Tiki Create a new user account if the user that is trying to autologin does not exist on this Tiki. Enabled
Allowed groups from remote Tiki to autologin. Comma-separated list of groups to allow autologin from remote Tiki. If empty, will allow everyone. None
Sync these groups from remote Tiki on autologin. Comma-separated list of groups to sync from remote Tiki on autologin. Group membership will be added or removed accordingly. None
Automatically logout remote Tiki after logout. When the user logs out of this Tiki, redirect the user to logout of the other Tiki as well. Enabled
Redirect direct logins to this site to remote Tiki Redirect direct logins to this site to remote Tiki Disabled
URL of autologin page on remote Tiki to redirect user to login URL of autologin page on remote Tiki to redirect user to login, e.g. https://www.remotetiki.com/PageWithRedirectPlugin None
Option Description Default
Enable autologin from remote Tiki Used with autologin_remotetiki in the redirect plugin Disabled
System username to use to initiate autologin from remote Tiki Specified user must exist and be configured in Settings...Tools...DSN/Content Authentication on remote Tiki. Used with autologin_remotetiki in the redirect plugin. None
System groupname to use for auto login token For security, please create a group that has no users and no permissions and specify its name here. None
Create user if not registered in Tiki Create a new user account if the user that is trying to autologin does not exist on this Tiki. Enabled
Allowed groups from remote Tiki to autologin. Comma-separated list of groups to allow autologin from remote Tiki. If empty, will allow everyone. None
Sync these groups from remote Tiki on autologin. Comma-separated list of groups to sync from remote Tiki on autologin. Group membership will be added or removed accordingly. None
Automatically logout remote Tiki after logout. When the user logs out of this Tiki, redirect the user to logout of the other Tiki as well. Enabled
Redirect direct logins to this site to remote Tiki Redirect direct logins to this site to remote Tiki Disabled
URL of autologin page on remote Tiki to redirect user to login URL of autologin page on remote Tiki to redirect user to login, e.g. https://www.remotetiki.com/PageWithRedirectPlugin None
Option Description Default
Enable autologin from remote Tiki Used with autologin_remotetiki in the redirect plugin Disabled
System username to use to initiate autologin from remote Tiki Specified user must exist and be configured in Settings...Tools...DSN/Content Authentication on remote Tiki. Used with autologin_remotetiki in the redirect plugin. None
System groupname to use for auto login token For security, please create a group that has no users and no permissions and specify its name here. None
Create user if not registered in Tiki Create a new user account if the user that is trying to autologin does not exist on this Tiki. Enabled
Allowed groups from remote Tiki to autologin. Comma-separated list of groups to allow autologin from remote Tiki. If empty, will allow everyone. None
Sync these groups from remote Tiki on autologin. Comma-separated list of groups to sync from remote Tiki on autologin. Group membership will be added or removed accordingly. None
Automatically logout remote Tiki after logout. When the user logs out of this Tiki, redirect the user to logout of the other Tiki as well. Enabled
Redirect direct logins to this site to remote Tiki Redirect direct logins to this site to remote Tiki Disabled
URL of autologin page on remote Tiki to redirect user to login URL of autologin page on remote Tiki to redirect user to login, e.g. https://www.remotetiki.com/PageWithRedirectPlugin None
Option Description Default
Enable autologin from remote Tiki Used with autologin_remotetiki in the redirect plugin Disabled
System username to use to initiate autologin from remote Tiki Specified user must exist and be configured in Settings...Tools...DSN/Content Authentication on remote Tiki. Used with autologin_remotetiki in the redirect plugin. None
System groupname to use for auto login token For security, please create a group that has no users and no permissions and specify its name here. None
Create user if not registered in Tiki Create a new user account if the user that is trying to autologin does not exist on this Tiki. Enabled
Allowed groups from remote Tiki to autologin. Comma-separated list of groups to allow autologin from remote Tiki. If empty, will allow everyone. None
Sync these groups from remote Tiki on autologin. Comma-separated list of groups to sync from remote Tiki on autologin. Group membership will be added or removed accordingly. None
Automatically logout remote Tiki after logout. When the user logs out of this Tiki, redirect the user to logout of the other Tiki as well. Enabled
Redirect direct logins to this site to remote Tiki Redirect direct logins to this site to remote Tiki Disabled
URL of autologin page on remote Tiki to redirect user to login URL of autologin page on remote Tiki to redirect user to login, e.g. https://www.remotetiki.com/PageWithRedirectPlugin None
Option Description Default
Enable autologin from remote Tiki Used with autologin_remotetiki in the redirect plugin Disabled
System username to use to initiate autologin from remote Tiki Specified user must exist and be configured in Settings...Tools...DSN/Content Authentication on remote Tiki. Used with autologin_remotetiki in the redirect plugin. None
System groupname to use for auto login token For security, please create a group that has no users and no permissions and specify its name here. None
Create user if not registered in Tiki Create a new user account if the user that is trying to autologin does not exist on this Tiki. Enabled
Allowed groups from remote Tiki to autologin. Comma-separated list of groups to allow autologin from remote Tiki. If empty, will allow everyone. None
Sync these groups from remote Tiki on autologin. Comma-separated list of groups to sync from remote Tiki on autologin. Group membership will be added or removed accordingly. None
Automatically logout remote Tiki after logout. When the user logs out of this Tiki, redirect the user to logout of the other Tiki as well. Enabled
Redirect direct logins to this site to remote Tiki Redirect direct logins to this site to remote Tiki Disabled
URL of autologin page on remote Tiki to redirect user to login URL of autologin page on remote Tiki to redirect user to login, e.g. https://www.remotetiki.com/PageWithRedirectPlugin None
Option Description Default
Enable autologin from remote Tiki Used with autologin_remotetiki in the redirect plugin Disabled
System username to use to initiate autologin from remote Tiki Specified user must exist and be configured in Settings...Tools...DSN/Content Authentication on remote Tiki. Used with autologin_remotetiki in the redirect plugin. None
System groupname to use for auto login token For security, please create a group that has no users and no permissions and specify its name here. None
Create user if not registered in Tiki Create a new user account if the user that is trying to autologin does not exist on this Tiki. Enabled
Allowed groups from remote Tiki to autologin. Comma-separated list of groups to allow autologin from remote Tiki. If empty, will allow everyone. None
Sync these groups from remote Tiki on autologin. Comma-separated list of groups to sync from remote Tiki on autologin. Group membership will be added or removed accordingly. None
Automatically logout remote Tiki after logout. When the user logs out of this Tiki, redirect the user to logout of the other Tiki as well. Enabled
Redirect direct logins to this site to remote Tiki Redirect direct logins to this site to remote Tiki Disabled
URL of autologin page on remote Tiki to redirect user to login URL of autologin page on remote Tiki to redirect user to login, e.g. https://www.remotetiki.com/PageWithRedirectPlugin None
Option Description Default
Enable autologin from remote Tiki Used with autologin_remotetiki in the redirect plugin Disabled
System username to use to initiate autologin from remote Tiki Specified user must exist and be configured in Settings...Tools...DSN/Content Authentication on remote Tiki. Used with autologin_remotetiki in the redirect plugin. None
System groupname to use for auto login token For security, please create a group that has no users and no permissions and specify its name here. None
Create user if not registered in Tiki Create a new user account if the user that is trying to autologin does not exist on this Tiki. Enabled
Allowed groups from remote Tiki to autologin. Comma-separated list of groups to allow autologin from remote Tiki. If empty, will allow everyone. None
Sync these groups from remote Tiki on autologin. Comma-separated list of groups to sync from remote Tiki on autologin. Group membership will be added or removed accordingly. None
Automatically logout remote Tiki after logout. When the user logs out of this Tiki, redirect the user to logout of the other Tiki as well. Enabled
Redirect direct logins to this site to remote Tiki Redirect direct logins to this site to remote Tiki Disabled
URL of autologin page on remote Tiki to redirect user to login URL of autologin page on remote Tiki to redirect user to login, e.g. https://www.remotetiki.com/PageWithRedirectPlugin None
Option Description Default
Enable autologin from remote Tiki Used with autologin_remotetiki in the redirect plugin Disabled
System username to use to initiate autologin from remote Tiki Specified user must exist and be configured in Settings...Tools...DSN/Content Authentication on remote Tiki. Used with autologin_remotetiki in the redirect plugin. None
System groupname to use for auto login token For security, please create a group that has no users and no permissions and specify its name here. None
Create user if not registered in Tiki Create a new user account if the user that is trying to autologin does not exist on this Tiki. Enabled
Allowed groups from remote Tiki to autologin. Comma-separated list of groups to allow autologin from remote Tiki. If empty, will allow everyone. None
Sync these groups from remote Tiki on autologin. Comma-separated list of groups to sync from remote Tiki on autologin. Group membership will be added or removed accordingly. None
Automatically logout remote Tiki after logout. When the user logs out of this Tiki, redirect the user to log out of the other Tiki as well. Enabled
Redirect direct logins to this site to remote Tiki Redirect direct logins to this site to remote Tiki Disabled
URL of autologin page on remote Tiki to redirect user to log in URL of autologin page on remote Tiki to redirect user to log in, e.g. https://www.remotetiki.com/PageWithRedirectPlugin None
Option Description Default
Enable autologin from remote Tiki Used with autologin_remotetiki in the redirect plugin Disabled
System username to use to initiate autologin from remote Tiki Specified user must exist and be configured in Settings...Tools...DSN/Content Authentication on remote Tiki. Used with autologin_remotetiki in the redirect plugin. None
System groupname to use for auto login token For security, please create a group that has no users and no permissions and specify its name here. None
Create user if not registered in Tiki Create a new user account if the user that is trying to autologin does not exist on this Tiki. Enabled
Allowed groups from remote Tiki to autologin. Comma separated list of groups to allow autologin from remote Tiki. If empty, will allow everyone. None
Sync these groups from remote Tiki on autologin. Comma separated list of groups to sync from remote Tiki on autologin. Group membership will be added or removed accordingly. None
Automatically logout remote Tiki after logout. When the user logs out of this Tiki, redirect the user to logout of the other Tiki as well. Enabled
Redirect direct logins to this site to remote Tiki Redirect direct logins to this site to remote Tiki Disabled
URL of autologin page on remote Tiki to redirect user to login URL of autologin page on remote Tiki to redirect user to login, e.g. https://www.remotetiki.com/PageWithRedirectPlugin None
Option Description Default
Enable autologin from remote Tiki Used with autologin_remotetiki in the redirect plugin Disabled
System username to use to initiate autologin from remote Tiki Specified user must exist and be configured in Settings...Tools...DSN/Content Authentication on remote Tiki. Used with autologin_remotetiki in the redirect plugin. None
System groupname to use for auto login token For security, please create a group that has no users and no permissions and specify its name here. None
Create user account if autologin user does not exist Create a new user account if the user that is trying to autologin does not exist on this Tiki. Enabled
Allowed groups from remote Tiki to autologin. Comma separated list of groups to allow autologin from remote Tiki. If empty, will allow everyone. None
Sync these groups from remote Tiki on autologin. Comma separated list of groups to sync from remote Tiki on autologin. Group membership will be added or removed accordingly. None
Automatically logout remote Tiki after logout. When the user logs out of this Tiki, redirect the user to logout of the other Tiki as well. Enabled
Redirect direct logins to this site to remote Tiki Redirect direct logins to this site to remote Tiki Disabled
URL of autologin page on remote Tiki to redirect user to login URL of autologin page on remote Tiki to redirect user to login, e.g. https://www.remotetiki.com/PageWithRedirectPlugin None
Option Description Default
Enable autologin from remote Tiki Used with autologin_remotetiki in the redirect plugin Disabled
System username to use to initiate autologin from remote Tiki Specified user must exist and be configured in Settings...Tools...DSN/Content Authentication on remote Tiki. Used with autologin_remotetiki in the redirect plugin. None
System groupname to use for auto login token For security, please create a group that has no users and no permissions and specify its name here. None
Create user account if autologin user does not exist Create a new user account if the user that is trying to autologin does not exist on this Tiki. Enabled
Allowed groups from remote Tiki to autologin. Comma separated list of groups to allow autologin from remote Tiki. If empty, will allow everyone. None
Sync these groups from remote Tiki on autologin. Comma separated list of groups to sync from remote Tiki on autologin. Group membership will be added or removed accordingly. None
Automatically logout remote Tiki after logout. When the user logs out of this Tiki, redirect the user to logout of the other Tiki as well. Enabled
Redirect direct logins to this site to remote Tiki Redirect direct logins to this site to remote Tiki Disabled
URL of autologin page on remote Tiki to redirect user to login URL of autologin page on remote Tiki to redirect user to login, e.g. https://www.remotetiki.com/PageWithRedirectPlugin None


Log-in - SAML2

Option Description Default
Enable SAML Auth Disabled
IdP Entity Id Identifier of the IdP entity ("Issuer") None
Single sign-on service URL SSO endpoint info of the IdP, the URL target of the IdP where the SP will send the Authentication Request ("SAML 2.0 Endpoint (HTTP)") None
Single log-out service URL SLO endpoint info of the IdP, the URL target of the IdP where the SP will send the SLO Request ("SLO Endpoint (HTTP)") None
X.509 certificate Public x509 certificate of the IdP. ("X.509 certificate") None
Create user if not registered in Tiki Auto-provisioning - if the user doesn't exist, Tiki will create a new user with the data provided by the IdP.
Review the Mapping section.
None
Sync user group with IdP data This should be enabled to sync groups with the IdP. None
Enable Single Logout Service The "logout" function logs out the user from the Tiki site, the identity provider and all connected service providers None
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Enabled
Account matcher Select the field to be used to find the user account. If the "email" field is selected, keep in mind that if users change their email address, then the link with the IdP account will be lost.
Username | Email
Email
Default group When provisioning a new user and not group found, assign that group Registered
Log-in link text The text that appears on the log-in page Log in through SAML2 IdP
SAML attribute that will be mapped to the Tiki username The SAML attribute that will be mapped to the Tiki username. None
SAML attribute that will be mapped to the Tiki email The SAML attribute that will be mapped to the Tiki email. None
SAML attribute that will be mapped to the Tiki group The SAML attribute that will be mapped to the Tiki email. For example the eduPersonAffiliation None
Admins Set here the values of the IdP related to the user group info that will be matched with the Admins group. None
Registered Set here the values of the IdP related to the user group info that will be matched with the Registered group. None
Debug Mode Enable debug mode when your are debugging the SAML workflow. Errors and warnings will be showed.. None
Strict Mode Always enable strict mode on production websites. When strict mode is enabled, then Tiki will reject unsigned or unencrypted messages if it expects them to be signed or encrypted. Also Tiki will reject messages that do not strictly follow the SAML standard: Destination, NameId, Conditions . . . are also validated. None
Service Provider Entity ID Set the Entity ID for the service provider. It is recommended to set as the SP Entity ID the URL where the metadata of the service provider is published. If not provided, the toolkit will use "php-saml" as the SP entityID. None
Requested NameIDFormat Specifies constraints on the name identifier to be used to represent the requested subject.
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress | urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName | urn:oasis:names:tc:SAML:2.0:nameid-format:entity | urn:oasis:names:tc:SAML:2.0:nameid-format:transient | urn:oasis:names:tc:SAML:2.0:nameid-format:persistent | urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted | urn:oasis:...
urn:oasis:names:tc:SAML:1.1...
Requested AuthnContext Authentication context: unselect all to accept any type, otherwise select the valid contexts.
urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified | urn:oasis:names:tc:SAML:2.0:ac:classes:Password | urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport | urn:oasis:names:tc:SAML:2.0:ac:classes:X509 | urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard | urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos | urn:federation:authentication:windows
urn:oasis:names:tc:SAML:2.0...
Encrypt nameID None
Sign AuthnRequest The samlp:AuthnRequest messages sent by this SP will be signed None
Sign LogoutRequest The samlp:logoutRequest messages sent by this SP will be signed None
Sign LogoutResponse The samlp:logoutResponse messages sent by this SP will be signed None
Sign Metadata The Metadata published by this SP will be signed None
Reject Unsigned Messages Reject unsigned samlp:Response, samlp:LogoutRequest and samlp:LogoutResponse received None
Reject Unsigned Assertions Reject unsigned saml:Assertion received None
Reject Unencrypted Assertions Reject unencrypted saml:Assertion received None
Retrieve Parameters From Server Sometimes when the app is behind a firewall or proxy, the query parameters can be modified an this affects the signature validation process on HTTP-Redirect binding. Active this when you noticed signature validation failures, the plugin will try to extract the original query parameters. None
Service Provider X.509 certificate Public x509 certificate of the SP None
Service Provider Private Key Private key of the SP None
Signature Algorithm Algorithm that the toolkit will use on the signing process
http://www.w3.org/2000/09/xmldsig#rsa-sha1 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 | http://www.w3.org/2000/09/xmldsig#dsa-sha1
http://www.w3.org/2000/09/x...
Enable Lowercase URL encoding Some IdPs such as ADFS can use lowercase URL encoding, but the plugin expects uppercase URL encoding, so enable it to fix incompatibility issues.. None
Option Description Default
Enable SAML Auth Disabled
IdP Entity Id Identifier of the IdP entity ("Issuer") None
Single sign-on service URL SSO endpoint info of the IdP, the URL target of the IdP where the SP will send the Authentication Request ("SAML 2.0 Endpoint (HTTP)") None
Single log-out service URL SLO endpoint info of the IdP, the URL target of the IdP where the SP will send the SLO Request ("SLO Endpoint (HTTP)") None
X.509 certificate Public x509 certificate of the IdP. ("X.509 certificate") None
Create user if not registered in Tiki Auto-provisioning - if the user doesn't exist, Tiki will create a new user with the data provided by the IdP.
Review the Mapping section.
None
Sync user group with IdP data This should be enabled to sync groups with the IdP. None
Enable Single Logout Service The "logout" function logs out the user from the Tiki site, the identity provider and all connected service providers None
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Enabled
Account matcher Select the field to be used to find the user account. If the "email" field is selected, keep in mind that if users change their email address, then the link with the IdP account will be lost.
Username | Email
Email
Default group When provisioning a new user and not group found, assign that group Registered
Log-in link text The text that appears on the log-in page Log in through SAML2 IdP
SAML attribute that will be mapped to the Tiki username The SAML attribute that will be mapped to the Tiki username. None
SAML attribute that will be mapped to the Tiki email The SAML attribute that will be mapped to the Tiki email. None
SAML attribute that will be mapped to the Tiki group The SAML attribute that will be mapped to the Tiki email. For example the eduPersonAffiliation None
Admins Set here the values of the IdP related to the user group info that will be matched with the Admins group. None
Registered Set here the values of the IdP related to the user group info that will be matched with the Registered group. None
Debug Mode Enable debug mode when your are debugging the SAML workflow. Errors and warnings will be showed.. None
Strict Mode Always enable strict mode on production websites. When strict mode is enabled, then Tiki will reject unsigned or unencrypted messages if it expects them to be signed or encrypted. Also Tiki will reject messages that do not strictly follow the SAML standard: Destination, NameId, Conditions . . . are also validated. None
Service Provider Entity ID Set the Entity ID for the service provider. It is recommended to set as the SP Entity ID the URL where the metadata of the service provider is published. If not provided, the toolkit will use "php-saml" as the SP entityID. None
Requested NameIDFormat Specifies constraints on the name identifier to be used to represent the requested subject.
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress | urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName | urn:oasis:names:tc:SAML:2.0:nameid-format:entity | urn:oasis:names:tc:SAML:2.0:nameid-format:transient | urn:oasis:names:tc:SAML:2.0:nameid-format:persistent | urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted | urn:oasis:...
urn:oasis:names:tc:SAML:1.1...
Requested AuthnContext Authentication context: unselect all to accept any type, otherwise select the valid contexts.
urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified | urn:oasis:names:tc:SAML:2.0:ac:classes:Password | urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport | urn:oasis:names:tc:SAML:2.0:ac:classes:X509 | urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard | urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos | urn:federation:authentication:windows
urn:oasis:names:tc:SAML:2.0...
Encrypt nameID None
Sign AuthnRequest The samlp:AuthnRequest messages sent by this SP will be signed None
Sign LogoutRequest The samlp:logoutRequest messages sent by this SP will be signed None
Sign LogoutResponse The samlp:logoutResponse messages sent by this SP will be signed None
Sign Metadata The Metadata published by this SP will be signed None
Reject Unsigned Messages Reject unsigned samlp:Response, samlp:LogoutRequest and samlp:LogoutResponse received None
Reject Unsigned Assertions Reject unsigned saml:Assertion received None
Reject Unencrypted Assertions Reject unencrypted saml:Assertion received None
Retrieve Parameters From Server Sometimes when the app is behind a firewall or proxy, the query parameters can be modified an this affects the signature validation process on HTTP-Redirect binding. Active this when you noticed signature validation failures, the plugin will try to extract the original query parameters. None
Service Provider X.509 certificate Public x509 certificate of the SP None
Service Provider Private Key Private key of the SP None
Signature Algorithm Algorithm that the toolkit will use on the signing process
http://www.w3.org/2000/09/xmldsig#rsa-sha1 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 | http://www.w3.org/2000/09/xmldsig#dsa-sha1
http://www.w3.org/2000/09/x...
Enable Lowercase URL encoding Some IdPs such as ADFS can use lowercase URL encoding, but the plugin expects uppercase URL encoding, so enable it to fix incompatibility issues.. None
Option Description Default
Enable SAML Auth Disabled
IdP Entity Id Identifier of the IdP entity ("Issuer") None
Single sign-on service URL SSO endpoint info of the IdP, the URL target of the IdP where the SP will send the Authentication Request ("SAML 2.0 Endpoint (HTTP)") None
Single log-out service URL SLO endpoint info of the IdP, the URL target of the IdP where the SP will send the SLO Request ("SLO Endpoint (HTTP)") None
X.509 certificate Public x509 certificate of the IdP. ("X.509 certificate") None
Create user if not registered in Tiki Auto-provisioning - if the user doesn't exist, Tiki will create a new user with the data provided by the IdP.
Review the Mapping section.
None
Sync user group with IdP data This should be enabled to sync groups with the IdP. None
Enable Single Logout Service The "logout" function logs out the user from the Tiki site, the identity provider and all connected service providers None
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Enabled
Account matcher Select the field to be used to find the user account. If the "email" field is selected, keep in mind that if users change their email address, then the link with the IdP account will be lost.
Username | Email
Email
Default group When provisioning a new user and not group found, assign that group Registered
Log-in link text The text that appears on the log-in page Log in through SAML2 IdP
SAML attribute that will be mapped to the Tiki username The SAML attribute that will be mapped to the Tiki username. None
SAML attribute that will be mapped to the Tiki email The SAML attribute that will be mapped to the Tiki email. None
SAML attribute that will be mapped to the Tiki group The SAML attribute that will be mapped to the Tiki email. For example the eduPersonAffiliation None
Admins Set here the values of the IdP related to the user group info that will be matched with the Admins group. None
Registered Set here the values of the IdP related to the user group info that will be matched with the Registered group. None
Debug Mode Enable debug mode when your are debugging the SAML workflow. Errors and warnings will be showed.. None
Strict Mode Always enable strict mode on production websites. When strict mode is enabled, then Tiki will reject unsigned or unencrypted messages if it expects them to be signed or encrypted. Also Tiki will reject messages that do not strictly follow the SAML standard: Destination, NameId, Conditions . . . are also validated. None
Service Provider Entity ID Set the Entity ID for the service provider. It is recommended to set as the SP Entity ID the URL where the metadata of the service provider is published. If not provided, the toolkit will use "php-saml" as the SP entityID. None
Requested NameIDFormat Specifies constraints on the name identifier to be used to represent the requested subject.
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress | urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName | urn:oasis:names:tc:SAML:2.0:nameid-format:entity | urn:oasis:names:tc:SAML:2.0:nameid-format:transient | urn:oasis:names:tc:SAML:2.0:nameid-format:persistent | urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted | urn:oasis:...
urn:oasis:names:tc:SAML:1.1...
Requested AuthnContext Authentication context: unselect all to accept any type, otherwise select the valid contexts.
urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified | urn:oasis:names:tc:SAML:2.0:ac:classes:Password | urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport | urn:oasis:names:tc:SAML:2.0:ac:classes:X509 | urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard | urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos | urn:federation:authentication:windows
urn:oasis:names:tc:SAML:2.0...
Encrypt nameID None
Sign AuthnRequest The samlp:AuthnRequest messages sent by this SP will be signed None
Sign LogoutRequest The samlp:logoutRequest messages sent by this SP will be signed None
Sign LogoutResponse The samlp:logoutResponse messages sent by this SP will be signed None
Sign Metadata The Metadata published by this SP will be signed None
Reject Unsigned Messages Reject unsigned samlp:Response, samlp:LogoutRequest and samlp:LogoutResponse received None
Reject Unsigned Assertions Reject unsigned saml:Assertion received None
Reject Unencrypted Assertions Reject unencrypted saml:Assertion received None
Retrieve Parameters From Server Sometimes when the app is behind a firewall or proxy, the query parameters can be modified an this affects the signature validation process on HTTP-Redirect binding. Active this when you noticed signature validation failures, the plugin will try to extract the original query parameters. None
Service Provider X.509 certificate Public x509 certificate of the SP None
Service Provider Private Key Private key of the SP None
Signature Algorithm Algorithm that the toolkit will use on the signing process
http://www.w3.org/2000/09/xmldsig#rsa-sha1 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 | http://www.w3.org/2000/09/xmldsig#dsa-sha1
http://www.w3.org/2000/09/x...
Enable Lowercase URL encoding Some IdPs such as ADFS can use lowercase URL encoding, but the plugin expects uppercase URL encoding, so enable it to fix incompatibility issues.. None
Option Description Default
Enable SAML Auth Disabled
IdP Entity Id Identifier of the IdP entity ("Issuer") None
Single sign-on service URL SSO endpoint info of the IdP, the URL target of the IdP where the SP will send the Authentication Request ("SAML 2.0 Endpoint (HTTP)") None
Single log-out service URL SLO endpoint info of the IdP, the URL target of the IdP where the SP will send the SLO Request ("SLO Endpoint (HTTP)") None
X.509 certificate Public x509 certificate of the IdP. ("X.509 certificate") None
Create user if not registered in Tiki Auto-provisioning - if the user doesn't exist, Tiki will create a new user with the data provided by the IdP.
Review the Mapping section.
None
Sync user group with IdP data This should be enabled to sync groups with the IdP. None
Enable Single Logout Service The "logout" function logs out the user from the Tiki site, the identity provider and all connected service providers None
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Enabled
Account matcher Select the field to be used to find the user account. If the "email" field is selected, keep in mind that if users change their email address, then the link with the IdP account will be lost.
Username | Email
Email
Default group When provisioning a new user and not group found, assign that group Registered
Log-in link text The text that appears on the log-in page Log in through SAML2 IdP
SAML attribute that will be mapped to the Tiki username The SAML attribute that will be mapped to the Tiki username. None
SAML attribute that will be mapped to the Tiki email The SAML attribute that will be mapped to the Tiki email. None
SAML attribute that will be mapped to the Tiki group The SAML attribute that will be mapped to the Tiki email. For example the eduPersonAffiliation None
Admins Set here the values of the IdP related to the user group info that will be matched with the Admins group. None
Registered Set here the values of the IdP related to the user group info that will be matched with the Registered group. None
Debug Mode Enable debug mode when your are debugging the SAML workflow. Errors and warnings will be showed.. None
Strict Mode Always enable strict mode on production websites. When strict mode is enabled, then Tiki will reject unsigned or unencrypted messages if it expects them to be signed or encrypted. Also Tiki will reject messages that do not strictly follow the SAML standard: Destination, NameId, Conditions . . . are also validated. None
Service Provider Entity ID Set the Entity ID for the service provider. It is recommended to set as the SP Entity ID the URL where the metadata of the service provider is published. If not provided, the toolkit will use "php-saml" as the SP entityID. None
Requested NameIDFormat Specifies constraints on the name identifier to be used to represent the requested subject.
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress | urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName | urn:oasis:names:tc:SAML:2.0:nameid-format:entity | urn:oasis:names:tc:SAML:2.0:nameid-format:transient | urn:oasis:names:tc:SAML:2.0:nameid-format:persistent | urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted | urn:oasis:...
urn:oasis:names:tc:SAML:1.1...
Requested AuthnContext Authentication context: unselect all to accept any type, otherwise select the valid contexts.
urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified | urn:oasis:names:tc:SAML:2.0:ac:classes:Password | urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport | urn:oasis:names:tc:SAML:2.0:ac:classes:X509 | urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard | urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos | urn:federation:authentication:windows
urn:oasis:names:tc:SAML:2.0...
Encrypt nameID None
Sign AuthnRequest The samlp:AuthnRequest messages sent by this SP will be signed None
Sign LogoutRequest The samlp:logoutRequest messages sent by this SP will be signed None
Sign LogoutResponse The samlp:logoutResponse messages sent by this SP will be signed None
Sign Metadata The Metadata published by this SP will be signed None
Reject Unsigned Messages Reject unsigned samlp:Response, samlp:LogoutRequest and samlp:LogoutResponse received None
Reject Unsigned Assertions Reject unsigned saml:Assertion received None
Reject Unencrypted Assertions Reject unencrypted saml:Assertion received None
Retrieve Parameters From Server Sometimes when the app is behind a firewall or proxy, the query parameters can be modified an this affects the signature validation process on HTTP-Redirect binding. Active this when you noticed signature validation failures, the plugin will try to extract the original query parameters. None
Service Provider X.509 certificate Public x509 certificate of the SP None
Service Provider Private Key Private key of the SP None
Signature Algorithm Algorithm that the toolkit will use on the signing process
http://www.w3.org/2000/09/xmldsig#rsa-sha1 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 | http://www.w3.org/2000/09/xmldsig#dsa-sha1
http://www.w3.org/2000/09/x...
Enable Lowercase URL encoding Some IdPs such as ADFS can use lowercase URL encoding, but the plugin expects uppercase URL encoding, so enable it to fix incompatibility issues.. None
Option Description Default
Enable SAML Auth Disabled
IdP Entity Id Identifier of the IdP entity ("Issuer") None
Single sign-on service URL SSO endpoint info of the IdP, the URL target of the IdP where the SP will send the Authentication Request ("SAML 2.0 Endpoint (HTTP)") None
Single log-out service URL SLO endpoint info of the IdP, the URL target of the IdP where the SP will send the SLO Request ("SLO Endpoint (HTTP)") None
X.509 certificate Public x509 certificate of the IdP. ("X.509 certificate") None
Create user if not registered in Tiki Auto-provisioning - if the user doesn't exist, Tiki will create a new user with the data provided by the IdP.
Review the Mapping section.
None
Sync user group with IdP data This should be enabled to sync groups with the IdP. None
Enable Single Logout Service The "logout" function logs out the user from the Tiki site, the identity provider and all connected service providers None
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Enabled
Account matcher Select the field to be used to find the user account. If the "email" field is selected, keep in mind that if users change their email address, then the link with the IdP account will be lost.
Username | Email
Email
Default group When provisioning a new user and not group found, assign that group Registered
Log-in link text The text that appears on the log-in page Log in through SAML2 IdP
SAML attribute that will be mapped to the Tiki username The SAML attribute that will be mapped to the Tiki username. None
SAML attribute that will be mapped to the Tiki email The SAML attribute that will be mapped to the Tiki email. None
SAML attribute that will be mapped to the Tiki group The SAML attribute that will be mapped to the Tiki email. For example the eduPersonAffiliation None
Admins Set here the values of the IdP related to the user group info that will be matched with the Admins group. None
Registered Set here the values of the IdP related to the user group info that will be matched with the Registered group. None
Debug Mode Enable debug mode when your are debugging the SAML workflow. Errors and warnings will be showed.. None
Strict Mode Always enable strict mode on production websites. When strict mode is enabled, then Tiki will reject unsigned or unencrypted messages if it expects them to be signed or encrypted. Also Tiki will reject messages that do not strictly follow the SAML standard: Destination, NameId, Conditions . . . are also validated. None
Service Provider Entity ID Set the Entity ID for the service provider. It is recommended to set as the SP Entity ID the URL where the metadata of the service provider is published. If not provided, the toolkit will use "php-saml" as the SP entityID. None
Requested NameIDFormat Specifies constraints on the name identifier to be used to represent the requested subject.
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress | urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName | urn:oasis:names:tc:SAML:2.0:nameid-format:entity | urn:oasis:names:tc:SAML:2.0:nameid-format:transient | urn:oasis:names:tc:SAML:2.0:nameid-format:persistent | urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted | urn:oasis:...
urn:oasis:names:tc:SAML:1.1...
Requested AuthnContext Authentication context: unselect all to accept any type, otherwise select the valid contexts.
urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified | urn:oasis:names:tc:SAML:2.0:ac:classes:Password | urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport | urn:oasis:names:tc:SAML:2.0:ac:classes:X509 | urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard | urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos | urn:federation:authentication:windows
urn:oasis:names:tc:SAML:2.0...
Encrypt nameID None
Sign AuthnRequest The samlp:AuthnRequest messages sent by this SP will be signed None
Sign LogoutRequest The samlp:logoutRequest messages sent by this SP will be signed None
Sign LogoutResponse The samlp:logoutResponse messages sent by this SP will be signed None
Sign Metadata The Metadata published by this SP will be signed None
Reject Unsigned Messages Reject unsigned samlp:Response, samlp:LogoutRequest and samlp:LogoutResponse received None
Reject Unsigned Assertions Reject unsigned saml:Assertion received None
Reject Unencrypted Assertions Reject unencrypted saml:Assertion received None
Retrieve Parameters From Server Sometimes when the app is behind a firewall or proxy, the query parameters can be modified an this affects the signature validation process on HTTP-Redirect binding. Active this when you noticed signature validation failures, the plugin will try to extract the original query parameters. None
Service Provider X.509 certificate Public x509 certificate of the SP None
Service Provider Private Key Private key of the SP None
Signature Algorithm Algorithm that the toolkit will use on the signing process
http://www.w3.org/2000/09/xmldsig#rsa-sha1 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 | http://www.w3.org/2000/09/xmldsig#dsa-sha1
http://www.w3.org/2000/09/x...
Enable Lowercase URL encoding Some IdPs such as ADFS can use lowercase URL encoding, but the plugin expects uppercase URL encoding, so enable it to fix incompatibility issues.. None
Option Description Default
Enable SAML Auth Disabled
IdP Entity Id Identifier of the IdP entity ("Issuer") None
Single sign-on service URL SSO endpoint info of the IdP, the URL target of the IdP where the SP will send the Authentication Request ("SAML 2.0 Endpoint (HTTP)") None
Single log-out service URL SLO endpoint info of the IdP, the URL target of the IdP where the SP will send the SLO Request ("SLO Endpoint (HTTP)") None
X.509 certificate Public x509 certificate of the IdP. ("X.509 certificate") None
Create user if not registered in Tiki Auto-provisioning - if the user doesn't exist, Tiki will create a new user with the data provided by the IdP.
Review the Mapping section.
None
Sync user group with IdP data This should be enabled to sync groups with the IdP. None
Enable Single Logout Service The "logout" function logs out the user from the Tiki site, the identity provider and all connected service providers None
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Enabled
Account matcher Select the field to be used to find the user account. If the "email" field is selected, keep in mind that if users change their email address, then the link with the IdP account will be lost.
Username | Email
Email
Default group When provisioning a new user and not group found, assign that group Registered
Log-in link text The text that appears on the log-in page Log in through SAML2 IdP
SAML attribute that will be mapped to the Tiki username The SAML attribute that will be mapped to the Tiki username. None
SAML attribute that will be mapped to the Tiki email The SAML attribute that will be mapped to the Tiki email. None
SAML attribute that will be mapped to the Tiki group The SAML attribute that will be mapped to the Tiki email. For example the eduPersonAffiliation None
Admins Set here the values of the IdP related to the user group info that will be matched with the Admins group. None
Registered Set here the values of the IdP related to the user group info that will be matched with the Registered group. None
Debug Mode Enable debug mode when your are debugging the SAML workflow. Errors and warnings will be showed.. None
Strict Mode Always enable strict mode on production websites. When strict mode is enabled, then Tiki will reject unsigned or unencrypted messages if it expects them to be signed or encrypted. Also Tiki will reject messages that do not strictly follow the SAML standard: Destination, NameId, Conditions . . . are also validated. None
Service Provider Entity ID Set the Entity ID for the service provider. It is recommended to set as the SP Entity ID the URL where the metadata of the service provider is published. If not provided, the toolkit will use "php-saml" as the SP entityID. None
Requested NameIDFormat Specifies constraints on the name identifier to be used to represent the requested subject.
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress | urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName | urn:oasis:names:tc:SAML:2.0:nameid-format:entity | urn:oasis:names:tc:SAML:2.0:nameid-format:transient | urn:oasis:names:tc:SAML:2.0:nameid-format:persistent | urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted | urn:oasis:...
urn:oasis:names:tc:SAML:1.1...
Requested AuthnContext Authentication context: unselect all to accept any type, otherwise select the valid contexts.
urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified | urn:oasis:names:tc:SAML:2.0:ac:classes:Password | urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport | urn:oasis:names:tc:SAML:2.0:ac:classes:X509 | urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard | urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos | urn:federation:authentication:windows
urn:oasis:names:tc:SAML:2.0...
Encrypt nameID None
Sign AuthnRequest The samlp:AuthnRequest messages sent by this SP will be signed None
Sign LogoutRequest The samlp:logoutRequest messages sent by this SP will be signed None
Sign LogoutResponse The samlp:logoutResponse messages sent by this SP will be signed None
Sign Metadata The Metadata published by this SP will be signed None
Reject Unsigned Messages Reject unsigned samlp:Response, samlp:LogoutRequest and samlp:LogoutResponse received None
Reject Unsigned Assertions Reject unsigned saml:Assertion received None
Reject Unencrypted Assertions Reject unencrypted saml:Assertion received None
Retrieve Parameters From Server Sometimes when the app is behind a firewall or proxy, the query parameters can be modified an this affects the signature validation process on HTTP-Redirect binding. Active this when you noticed signature validation failures, the plugin will try to extract the original query parameters. None
Service Provider X.509 certificate Public x509 certificate of the SP None
Service Provider Private Key Private key of the SP None
Signature Algorithm Algorithm that the toolkit will use on the signing process
http://www.w3.org/2000/09/xmldsig#rsa-sha1 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 | http://www.w3.org/2000/09/xmldsig#dsa-sha1
http://www.w3.org/2000/09/x...
Enable Lowercase URL encoding Some IdPs such as ADFS can use lowercase URL encoding, but the plugin expects uppercase URL encoding, so enable it to fix incompatibility issues.. None
Option Description Default
Enable SAML Auth Disabled
IdP Entity Id Identifier of the IdP entity ("Issuer") None
Single sign-on service URL SSO endpoint info of the IdP, the URL target of the IdP where the SP will send the Authentication Request ("SAML 2.0 Endpoint (HTTP)") None
Single log-out service URL SLO endpoint info of the IdP, the URL target of the IdP where the SP will send the SLO Request ("SLO Endpoint (HTTP)") None
X.509 certificate Public x509 certificate of the IdP. ("X.509 certificate") None
Create user if not registered in Tiki Auto-provisioning - if the user doesn't exist, Tiki will create a new user with the data provided by the IdP.
Review the Mapping section.
None
Sync user group with IdP data This should be enabled to sync groups with the IdP. None
Enable Single Logout Service The "logout" function logs out the user from the Tiki site, the identity provider and all connected service providers None
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Enabled
Account matcher Select the field to be used to find the user account. If the "email" field is selected, keep in mind that if users change their email address, then the link with the IdP account will be lost.
Username | Email
Email
Default group When provisioning a new user and not group found, assign that group Registered
Log-in link text The text that appears on the log-in page Log in through SAML2 IdP
SAML attribute that will be mapped to the Tiki username The SAML attribute that will be mapped to the Tiki username. None
SAML attribute that will be mapped to the Tiki email The SAML attribute that will be mapped to the Tiki email. None
SAML attribute that will be mapped to the Tiki group The SAML attribute that will be mapped to the Tiki email. For example the eduPersonAffiliation None
Admins Set here the values of the IdP related to the user group info that will be matched with the Admins group. None
Registered Set here the values of the IdP related to the user group info that will be matched with the Registered group. None
Debug Mode Enable debug mode when your are debugging the SAML workflow. Errors and warnings will be showed.. None
Strict Mode Always enable strict mode on production websites. When strict mode is enabled, then Tiki will reject unsigned or unencrypted messages if it expects them to be signed or encrypted. Also Tiki will reject messages that do not strictly follow the SAML standard: Destination, NameId, Conditions . . . are also validated. None
Service Provider Entity ID Set the Entity ID for the service provider. It is recommended to set as the SP Entity ID the URL where the metadata of the service provider is published. If not provided, the toolkit will use "php-saml" as the SP entityID. None
Requested NameIDFormat Specifies constraints on the name identifier to be used to represent the requested subject.
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress | urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName | urn:oasis:names:tc:SAML:2.0:nameid-format:entity | urn:oasis:names:tc:SAML:2.0:nameid-format:transient | urn:oasis:names:tc:SAML:2.0:nameid-format:persistent | urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted | urn:oasis:...
urn:oasis:names:tc:SAML:1.1...
Requested AuthnContext Authentication context: unselect all to accept any type, otherwise select the valid contexts.
urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified | urn:oasis:names:tc:SAML:2.0:ac:classes:Password | urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport | urn:oasis:names:tc:SAML:2.0:ac:classes:X509 | urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard | urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos | urn:federation:authentication:windows
urn:oasis:names:tc:SAML:2.0...
Encrypt nameID None
Sign AuthnRequest The samlp:AuthnRequest messages sent by this SP will be signed None
Sign LogoutRequest The samlp:logoutRequest messages sent by this SP will be signed None
Sign LogoutResponse The samlp:logoutResponse messages sent by this SP will be signed None
Sign Metadata The Metadata published by this SP will be signed None
Reject Unsigned Messages Reject unsigned samlp:Response, samlp:LogoutRequest and samlp:LogoutResponse received None
Reject Unsigned Assertions Reject unsigned saml:Assertion received None
Reject Unencrypted Assertions Reject unencrypted saml:Assertion received None
Retrieve Parameters From Server Sometimes when the app is behind a firewall or proxy, the query parameters can be modified an this affects the signature validation process on HTTP-Redirect binding. Active this when you noticed signature validation failures, the plugin will try to extract the original query parameters. None
Service Provider X.509 certificate Public x509 certificate of the SP None
Service Provider Private Key Private key of the SP None
Signature Algorithm Algorithm that the toolkit will use on the signing process
http://www.w3.org/2000/09/xmldsig#rsa-sha1 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 | http://www.w3.org/2000/09/xmldsig#dsa-sha1
http://www.w3.org/2000/09/x...
Option Description Default
Enable SAML Auth Disabled
IdP Entity Id Identifier of the IdP entity ("Issuer") None
Single sign-on service URL SSO endpoint info of the IdP, the URL target of the IdP where the SP will send the Authentication Request ("SAML 2.0 Endpoint (HTTP)") None
Single log-out service URL SLO endpoint info of the IdP, the URL target of the IdP where the SP will send the SLO Request ("SLO Endpoint (HTTP)") None
X.509 certificate Public x509 certificate of the IdP ("X.509 certificate") None
Create user if not registered in Tiki Auto-provisioning - if the user doesn't exist, Tiki will create a new user with the data provided by the IdP.
Review the Mapping section.
None
Sync user group with IdP data This should be enabled to sync groups with the IdP. None
Enable Single Logout Service The "logout" function logs out the user from the Tiki site, the identity provider and all connected service providers None
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Enabled
Account matcher Select the field to be used to find the user account. If the "email" field is selected, keep in mind that if users change their email address, then the link with the IdP account will be lost.
Username | Email
Email
Default group When provisioning a new user and not group found, assign that group Registered
Log-in link text The text that appears on the log-in page Log in through SAML2 IdP
SAML attribute that will be mapped to the Tiki username The SAML attribute that will be mapped to the Tiki username. None
SAML attribute that will be mapped to the Tiki email The SAML attribute that will be mapped to the Tiki email. None
SAML attribute that will be mapped to the Tiki group The SAML attribute that will be mapped to the Tiki email. For example the eduPersonAffiliation None
Admins Set here the values of the IdP related to the user group info that will be matched with the Admins group. None
Registered Set here the values of the IdP related to the user group info that will be matched with the Registered group. None
Debug Mode Enable debug mode when your are debugging the SAML workflow. Errors and warnings will be showed.. None
Strict Mode Always enable strict mode on production websites. When strict mode is enabled, then Tiki will reject unsigned or unencrypted messages if it expects them to be signed or encrypted. Also Tiki will reject messages that do not strictly follow the SAML standard: Destination, NameId, Conditions . . . are also validated. None
Service Provider Entity ID Set the Entity ID for the service provider. It is recommended to set as the SP Entity ID the URL where the metadata of the service provider is published. If not provided, the toolkit will use "php-saml" as the SP entityID. None
Requested NameIDFormat Specifies constraints on the name identifier to be used to represent the requested subject.
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress | urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName | urn:oasis:names:tc:SAML:2.0:nameid-format:entity | urn:oasis:names:tc:SAML:2.0:nameid-format:transient | urn:oasis:names:tc:SAML:2.0:nameid-format:persistent | urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted | urn:oasis:...
urn:oasis:names:tc:SAML:1.1...
Requested AuthnContext Authentication context: unselect all to accept any type, otherwise select the valid contexts.
urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified | urn:oasis:names:tc:SAML:2.0:ac:classes:Password | urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport | urn:oasis:names:tc:SAML:2.0:ac:classes:X509 | urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard | urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos | urn:federation:authentication:windows
urn:oasis:names:tc:SAML:2.0...
Encrypt nameID None
Sign AuthnRequest The samlp:AuthnRequest messages sent by this SP will be signed None
Sign LogoutRequest The samlp:logoutRequest messages sent by this SP will be signed None
Sign LogoutResponse The samlp:logoutResponse messages sent by this SP will be signed None
Sign Metadata The Metadata published by this SP will be signed None
Reject Unsigned Messages Reject unsigned samlp:Response, samlp:LogoutRequest and samlp:LogoutResponse received None
Reject Unsigned Assertions Reject unsigned saml:Assertion received None
Reject Unencrypted Assertions Reject unencrypted saml:Assertion received None
Retrieve Parameters From Server Sometimes when the app is behind a firewall or proxy, the query parameters can be modified an this affects the signature validation process on HTTP-Redirect binding. Active this when you noticed signature validation failures, the plugin will try to extract the original query parameters. None
Service Provider X.509 certificate Public x509 certificate of the SP None
Service Provider Private Key Private key of the SP None
Signature Algorithm Algorithm that the toolkit will use on the signing process
http://www.w3.org/2000/09/xmldsig#rsa-sha1 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 | http://www.w3.org/2000/09/xmldsig#dsa-sha1
http://www.w3.org/2000/09/x...
Option Description Default
IdP Entity Id Identifier of the IdP entity. (“Issuer”) None
Single Sign On Service Url SSO endpoint info of the IdP. URL target of the IdP where the SP will send the Authentication Request. (“SAML 2.0 Endpoint (HTTP)”) None
Single Log Out Service Url SLO endpoint info of the IdP. URL target of the IdP where the SP will send the SLO Request. (“SLO Endpoint (HTTP)”) None
X.509 Certificate Public x509 certificate of the IdP. (“X.509 certificate”) None
Create user if not registered in Tiki Auto-provisioning. If user not exists, Tiki will create a new user with the data provided by the IdP.
Review the Mapping section.
None
Sync user group with IdP data Enable it in order to sync groups with the IdP. None
Enable Single Logout Service When enable, the “logout” function will log out you from Tiki Wiki, identity provider and all conected service providers None
Use Tiki authentication for Admin login The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Enabled
Account matcher Select what field will be used in order to find the user account. If you select the “email” fieldname take in mind that you should prevent that user changes its mail otherwise it will lose the link with the IdP account.
Username | Email
Email
Default group When provisioning a new user and not group found, assign that group Registered
Login link text The text that appears at the login page Log in through SAML2 IdP
SAML attribute that will be mapped to the Tiki username The SAML attribute that will be mapped to the Tiki username. None
SAML attribute that will be mapped to the Tiki email The SAML attribute that will be mapped to the Tiki email. None
SAML attribute that will be mapped to the Tiki group The SAML attribute that will be mapped to the Tiki email. For example the eduPersonAffiliation None
Admins Set here the values of the IdP related to the user group info that will be matched with the Admins group None
Registered Set here the values of the IdP related to the user group info that will be matched with the Registered group None
Debug Mode Enable it when your are debugging the SAML workflow. Errors and Warnigs will be showed. None
Strict Mode Enable it always on production environments!. If Strict mode is Enabled, then Tiki will reject unsigned or unencrypted messages if it expects them signed or encrypted. Also will reject the messages if not strictly follow the SAML standard: Destination, NameId, Conditions ... are validated too. None
Service Provider Entity Id Set the Entity ID for the Service Provider. We recommend to set as SP EntityID the URL where its metadata is published, If not provided, toolkit will use “php-saml” as SP entityID None
Requested NameIDFormat Specifies constraints on the name identifier to be used to represent the requested subject.
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress | urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName | urn:oasis:names:tc:SAML:2.0:nameid-format:entity | urn:oasis:names:tc:SAML:2.0:nameid-format:transient | urn:oasis:names:tc:SAML:2.0:nameid-format:persistent | urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted | urn:oasis:...
urn:oasis:names:tc:SAML:1.1...
Requested AuthnContext Authentication context. Unselect all to accept any type, otherwise select the valid contexts
urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified | urn:oasis:names:tc:SAML:2.0:ac:classes:Password | urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport | urn:oasis:names:tc:SAML:2.0:ac:classes:X509 | urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard | urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos | urn:federation:authentication:windows
urn:oasis:names:tc:SAML:2.0...
Encrypt nameID None
Sign AuthnRequest The samlp:AuthnRequest messages sent by this SP will be signed None
Sign LogoutRequest The samlp:logoutRequest messages sent by this SP will be signed None
Sign LogoutResponse The samlp:logoutResponse messages sent by this SP will be signed None
Sign Metadata The Metadata published by this SP will be signed None
Reject Unsigned Messages Reject unsigned samlp:Response, samlp:LogoutRequest and samlp:LogoutResponse received None
Reject Unsigned Assertions Reject unsigned saml:Assertion received None
Reject Unencrypted Assertions Reject unencrypted saml:Assertion received None
Retrieve Parameters From Server Sometimes when the app is behind a firewall or proxy, the query parameters can be modified an this affects the signature validation process on HTTP-Redirect binding. Active this when you noticed signature validation failures, the plugin will try to extract the original query parameters. None
Service Provider X.509 Certificate Public x509 certificate of the SP. None
Service Provider Private Key Private Key of the SP. None
Signature Algorithm Algorithm that the toolkit will use on signing process.
http://www.w3.org/2000/09/xmldsig#rsa-sha1 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 | http://www.w3.org/2000/09/xmldsig#dsa-sha1
http://www.w3.org/2000/09/x...


Log-in - Shibboleth

Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Valid affiliations A list of affiliations which will allow users to log in to this wiki
Separate multiple affiliations with commas
None
Create with default group Disabled
Default group The name of the default group Shibboleth
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Valid affiliations A list of affiliations which will allow users to log in to this wiki
Separate multiple affiliations with commas
None
Create with default group Disabled
Default group The name of the default group Shibboleth
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Valid affiliations A list of affiliations which will allow users to log in to this wiki
Separate multiple affiliations with commas
None
Create with default group Disabled
Default group The name of the default group Shibboleth
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Valid affiliations A list of affiliations which will allow users to log in to this wiki
Separate multiple affiliations with commas
None
Create with default group Disabled
Default group The name of the default group Shibboleth
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Valid affiliations A list of affiliations which will allow users to log in to this wiki
Separate multiple affiliations with commas
None
Create with default group Disabled
Default group The name of the default group Shibboleth
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Valid affiliations A list of affiliations which will allow users to log in to this wiki
Separate multiple affiliations with commas
None
Create with default group Disabled
Default group The name of the default group Shibboleth
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Valid affiliations A list of affiliations which will allow users to log in to this wiki
Separate multiple affiliations with commas
None
Create with default group Disabled
Default group The name of the default group Shibboleth
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Valid affiliations A list of affiliations which will allow users to log in to this wiki
Separate multiple affiliations with commas
None
Create with default group Disabled
Default group The name of the default group Shibboleth
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin login The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Valid affiliations A list of affiliations which will allow users to log into this Wiki.
Separate multiple affiliations with commas
None
Create with default group Disabled
Default group The name of the default group. Shibboleth
Option Description Default
Create user if not already a registered user If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin login The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Valid affiliations A list of affiliations which will allow users to log into this Wiki.
Separate multiple affiliations with commas
None
Create with default group Disabled
Default group The name of the default group. Shibboleth
Option Description Default
Create user if not already a registered user If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin login The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Valid affiliations A list of affiliations which will allow users to log into this Wiki.
Separate multiple affiliations with commas
None
Create with default group Disabled
Default group The name of the default group. Shibboleth
Option Description Default
Create user if not in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin login The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Valid affiliations A list of affiliations which will allow users to log into this Wiki.
Separate multiple affiliations with commas
None
Create with default group Disabled
Default group The name of the default group. Shibboleth
Option Description Default
Create user if not in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin login The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Valid affiliations A list of affiliations which will allow users to log into this Wiki.
Separate multiple affiliations with commas
None
Create with default group Disabled
Default group The name of the default group. Shibboleth
Option Description Default
Create user if not in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin login The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Valid affiliations A list of affiliations which will allow users to log into this Wiki.
Separate multiple affiliations with commas
None
Create with default group Disabled
Default group The name of the default group. Shibboleth


Log-in - Webserver

Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Option Description Default
Create user if not already a registered user If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Option Description Default
Create user if not already a registered user If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Option Description Default
Create user if not in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Option Description Default
Create user if not in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Option Description Default
Create user if not in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled



Created by admin. Last Modification: Thursday 28 February, 2019 12:09:04 GMT-0000 by Gary Cunningham-Lee.

doc.tiki.org

Get Started

Admin Guide User Guide Bootstrap in Tiki

Keywords

Keywords serve as "hubs" for navigation within the Tiki documentation. They correspond to development keywords (bug reports and feature requests):

Accessibility (WAI and 508)
Accounting
Articles and Submissions
Backlinks
Banners
Batch
BigBlueButton audio/video/chat/screensharing
Blog
Bookmark
Browser Compatibility
Link Cache
Calendar
Category
Chat
Clean URLs
Comments
Communication Center
Compression (gzip)
Contacts (Address Book)
Contact us
Content Templates
Contribution
Cookie
Copyright
Credit
Custom Home and Group Home Page
Date and Time
Debugger Console
Directory of hyperlinks
Documentation link from Tiki to doc.tiki.org (Help System)
Docs
Draw
Dynamic Content
Dynamic Variable
External Authentication
FAQ
Featured links
File Gallery
Forum
Friendship Network (Community)
Gmap Google maps
Groups
Hotword
HTML Page
i18n (Multilingual, l10n, Babelfish)
Image Gallery
Import-Export
Install
Integrator
Interoperability
Inter-User Messages
InterTiki
Kaltura video management
Karma
Live Support
Login
Logs (system & action)
Look and Feel
Mail-in
Map with Mapserver
Menu
Meta Elements
Mobile Tiki and Voice Tiki
Mods
Module
MultiTiki
MyTiki
Newsletter
Notepad
Payment
Performance Speed / Load
Permissions
Platform independence (Linux-Apache, Windows/IIS, Mac, BSD)
Polls
Profiles
Profile Manager
Report
Toolbar
Quiz
Rating
Feeds
Score
Search engine optimization
Search
Search and Replace
Security
Semantic links
Shadowbox
Shadow Layers
Share
Shopping cart
Shoutbox
Slideshow
Smiley
Social Networks
Spam