[Community Server] core.machinekey key

Tech support for Enterprise Version
Post Reply
dsi-lille
Posts: 200
Joined: Mon Jul 11, 2016 1:47 pm

[Community Server] core.machinekey key

Post by dsi-lille » Thu May 31, 2018 1:07 pm

Hello,

core.machinekey key in the web.appsettings.config is used to generate the authentication cookie.
It is safe to let the default value ? Or it's better to change it ?

Thanks for your answer,
Yoann

Carl
Posts: 92
Joined: Thu Apr 12, 2018 10:00 am

Re: [Community Server] core.machinekey key

Post by Carl » Tue Jun 05, 2018 11:04 am

Hello Yoann,

We wouldn't recommend changing the default core.machinekey value as it may cause some issues. For example, it may revert back to default during updates which may lead to incorrect functioning of the portal. Moreover, if you change the core.machinekey parameter in web.appsettings.config, you have to change it in configs of other services as well.

We are currently testing the possibility to change this parameter.

dsi-lille
Posts: 200
Joined: Mon Jul 11, 2016 1:47 pm

Re: [Community Server] core.machinekey key

Post by dsi-lille » Tue Jun 05, 2018 11:53 am

Hello Carl,

thanks for your answer !

Yoann.

dsi-lille
Posts: 200
Joined: Mon Jul 11, 2016 1:47 pm

Re: [Community Server] core.machinekey key

Post by dsi-lille » Thu Jun 28, 2018 2:17 pm

Hello Carl,

i succesfully manage to change the value of core.machinekey :)
And i strongly recommend to change this value !

Below, what i did on the Docker version :

1) add ONLYOFFICE_CORE_MACHINEKEY environment variable for both Community Server and Control Panel.
The value of this environment variable will be the value of core.machinekey (use a strong key).

2) Unfortunately, 2 parameter files don't use this environment variable.
You will need to replace the values, below, by yourself in the container... (or use an entrypoint script to do it)

Community Server : /var/www/onlyoffice/ApiSystem/Web.config ---> <add key="core.machinekey" value="Vskoproizvolny Salt par Chivreski" />
Control Panel : /var/www/onlyoffice/controlpanel/services/sso.auth/config/production.json: ---> "machinekey": "Vskoproizvolny Salt par Chivreski"

restart ApiSystem : docker exec onlyoffice-community-server service monoserveApiSystem restart
restart SSO service : docker exec onlyoffice-control-panel service pm2 restart sso-auth

3) If you use LDAP authentication, at this point you will not be able to authenticate anymore with an LDAP user.
To solve this : connect to OnlyOffice with the administrator account (local accounts works), go to control panel and open the LDAP page.
Fill out again the Login and Passwords fields in the LDAP Settings.
Save and press OK to start importing users.

Et voilà ! You should be able to authenticate again with an LDAP account :)

Yoann.

edit : typo

Post Reply