Settings

There are different items where you can configure settings in MOLGENIS:

Application settings

There are a three main sections in the application settings.

ReCaptcha settings

ReCaptcha is a service currently only provided by Google. It basically works on determining a BOT-score. The value of this score is based on the request send to the server. The request is validated based on host-key comparison and other variables which are part of the inner workings of reCaptcha. To set it up you need to configure an account on ReCaptcha (Check Adding a domain at reCaptcha). Secondly you need to define properties in MOLGENIS (please check: Configure reCaptcha in MOLGENIS).

Adding domain at reCaptcha

You have to configure a domain at ReCaptcha. If you follow the this documentation you can register your domain to use reCaptcha.

Configure reCaptcha in MOLGENIS

Filling out the settings in the Application settings in MOLGENIS.

You have to configure 6 properties:

  • ReCaptcha secret: Can be obtained by configuring your domain in ReCaptcha from Google

  • ReCaptcha site: Can be obtained by configuring your domain in ReCaptcha from Google

  • Enable reCaptcha: If set to true then the reCaptcha is enabled in MOLGENIS

  • Verification URI: Fires a request for verification if the user is a BOT or not

  • BOT threshold: A number between 0.0 and 1.0. 1.0 is most likely a human and 0.0 is most likely a BOT. The threshold is compare to the score that reCaptcha calculates.

note: Make sure you have your Mail settings configured as well.

Mail settings

You should configure an email server to interact with your users for things like lost password recovery. You can find the mail settings in the Admin menu, under Settings. At the top of the page, type "Mail settings" into the selection box.

For backwards compatibility, the default settings are filled with the values provided in molgenis-server.properties under the keys mail.username and mail.password, but the values provided here will override those settings.

For basic configuration, you only need to provide the username and password fields with a valid Gmail username and password. But you may also specify a different (non-Gmail) SMTP server.

If you've filled in a username and password, the settings will be validated when you save them, by making a connection with the mail server. If you do not want the settings to be tested at all, you can set testConnection to false.

JavaMail properties

By default, the following low-level JavaMail properties, needed to interact with the Gmail SMTP server, are set:

mail.smtp.starttls.enable=true
mail.smtp.quitwait=false

You may override these properties or add additional properties and override these defaults by adding entities to the JavaMailProperty repository in the Data Explorer. Each key may be provided at most once. For a list of valid keys, check https://javamail.java.net/nonav/docs/api/ and per protocol:

E.g. Add an entity with key mail.debug and value true if you'd like to debug the mail dialog with the server.

Mail server without authentication

When you want to setup a mail server without authentication you need to add the following properties:

mail.smtp.auth=false
mail.from=noreply@domain.ext

You can add them by entering them in the mail property table. Or override them in the environment or molgenis-server.properties.

Environment:

#!/bin/bash

export mail.smtp.auth=false
export mail.from=noreply@domain.ext

molgenis-server.properties:

mail.smtp.auth=false
mail.from=noreply@domain.ext

You need to add the mail.from property otherwise the server resolves to root@localhost.

note When you start the server clean it will populate the database with the environment variables. After that the database is your configuration truth.

Authentication settings

When you are a superuser in MOLGENIS, you can configure three authentication methods:

  • Username/password signin (default)

  • Google-sigin

  • Token-authentication

Username/password signin (default) In the App Settings:

  • Set user-moderation to user can sign up

  • Set two factor authentication:

    • Disabled: users CAN NOT use two-factor-authentication

    • Enforced: users MUST use two-factor-authentication

    • Enabled: users CAN use two-factor-authentication

prompted: The default setting for tow-factor-authentication for a fresh installation "Disabled". When two-factor-authentication is "Enabled" it is default disabled for the users.

Google-signin The Google-signin setting is used to enable the possibility for users to login with their Google-account.

Token-authentication No specific superuser settings are necessary for the implementation of token-authentication.

Last updated