개요
An organization is the basic unit of Casdoor that manages users and applications. When a user signs in to an organization, they can access all applications belonging to that organization without needing to sign in again.
In the configuration of applications and providers, selecting an organization is important, as it determines whether users can access the application using specific providers.
You can also set up LDAP in Casdoor. 자세한 내용은 LDAP 문서를 참조하십시오.
Casdoor는 조직 편집 페이지에서 선택할 수 있는 여러 비밀번호 저장 알고리즘을 제공합니다.
| 이름 | 알고리즘 | 설명 | 시나리오 |
|---|---|---|---|
| plain | - | The password will be stored in cleartext (default). | - |
| salt | SHA-256 | SHA-256은 256비트 길이의 값을 출력하는 특허받은 암호화 해시 함수입니다. | - |
| md5-salt | MD5 | MD5 메시지 다이제스트 알고리즘은 암호학적으로 깨진 상태지만 여전히 널리 사용되는 128비트 해시 값을 생성하는 해시 함수입니다. | Discuz! |
| bcrypt | bcrypt | bcrypt is a password-hashing function used to hash and salt passwords securely. | Spring Boot, WordPress |
| pbkdf2-salt | SHA-256 and PBKDF2 | PBKDF2는 사전 공격과 무지개 테이블 공격에 저항하는 간단한 암호화 키 파생 함수입니다. 이것은 원래 Keycloak syncer를 위해 Casdoor에 구현되었습니다. Keycloak syncer를 사용하여 사용자를 가져오는 경우 이 옵션을 선택하십시오. | Keycloak |
Password Salt Configuration
For algorithms that use salts (salt, md5-salt, pbkdf2-salt), Casdoor provides flexible salt configuration. On the organization edit page, you can set the Password salt field to define how passwords are salted:
- Organization-level salt: When the
Password saltfield is set, all users in the organization share the same salt value. This ensures consistency across the organization. - Per-user random salt: When the
Password saltfield is left empty, Casdoor automatically generates a unique random salt for each user. This provides better security by preventing attackers from using precomputed hash tables across multiple users.
The per-user salt approach is recommended for new deployments as it provides stronger security against rainbow table attacks. Each user's salt is stored alongside their password hash and is automatically managed by Casdoor.
Use Email as Username
Organizations can enable the "Use email as username" option, which automatically uses the user's email address as their username during signup when the username field is not visible. This simplifies the registration process by eliminating the need for users to choose a separate username.
When this option is enabled:
- During signup, if the username field is hidden, the email address becomes the username automatically
- When users reset their email address, their username is updated to match the new email
- The system maintains consistency between the email and username fields
To enable this feature, check the "Use email as username" option on the organization edit page.
In addition to logging into Casdoor via an application (which redirects to Casdoor for SSO), Casdoor users can also choose to log in directly via the organization's login page: /login/<organization_name>, e.g., https://door.casdoor.com/login/casbin on the demo site.