Site Administration

Site Administration information

Wikipedia has a list. Comments on the popular options;

  • Apache - Tomcat (most popular)
  • Eclipse - Jetty (small and fast)
  • Eclipse - GlassFish (heavy)
  • Payara - Payara
  • Red Hat - WildFly / JBoss EAP

Micro services; fast start with native executables via GraalVM;

  • Red Hat - Quarkus
  • Micronaut - Micronauts

Specifications at jakarta.

Any user with access to system tools can reset the admin password with a web browser.

Any person with access to the SQL server can change the admin password to another users password

select object_id, username, password from users where username = 'admin' or username = '$ME';
update users set password = '$PASS' where object_id = '$ID';

For example

update users set password = 'P3b*cH.5fOBTJl5ELM)W' where username = 'admin';

BranchVersionFirst buildLatest build
Long Term Support (LTS)7.12.072023-11-022023-11-30
Release7.12.092024-02-022024-02-25
Next7.12.102024-03-02Today

Long Term Support Versions (annually)

VersionReleaseRetirement
7.12.072023-12-022025-01-02
7.11.032022-11-022024-01-02
7.08.232021-12-012023-01-02
7.08.132020-11-032022-01-02
7.08.022019-10-022021-01-02
7.05.122019-02-192020-01-02

Release Versions (monthly)

VersionReleaseRetirement
7.12.092024-03-022024-04-02
7.12.082024-02-022024-03-02
7.12.072023-12-022024-01-02
7.12.062023-11-022023-12-02
7.12.052023-10-022023-11-02
7.12.042023-09-022023-10-02
7.12.032023-08-022023-09-02
7.12.022023-07-022023-08-02
7.12.012023-06-022023-07-02
7.11.072023-05-022023-06-02
7.11.062023-04-022023-05-02
7.11.052023-03-022023-04-02
7.11.042023-02-022023-03-02
7.11.032022-11-022023-02-02
7.11.022022-10-022022-11-02
7.11.012022-09-192022-10-02
7.10.012022-08-022022-09-02
7.09.042022-07-022022-08-02
7.09.032022-06-022022-07-02
7.09.022022-05-022022-06-02
7.09.012022-04-022022-05-02
7.08.262022-03-022022-04-02
7.08.252022-02-022022-03-02
7.08.242022-01-022022-02-02
7.08.222021-11-022021-12-02
7.08.212021-10-022021-11-02
7.08.202021-07-022021-10-02
7.08.192021-06-022021-07-02
7.08.182021-05-022021-06-02
7.08.172021-04-022021-05-02
7.08.162021-03-022021-04-02
7.08.152021-02-022021-03-02
7.08.142021-01-022021-02-02
7.08.122020-10-022020-11-02
7.08.112020-09-022020-10-02
7.08.102020-08-022020-09-02
7.08.092020-07-022020-08-02
7.08.082020-06-022020-07-02
7.08.072020-05-022020-06-02
7.08.062020-04-022020-05-02
7.08.052020-03-022020-04-02
7.08.042020-02-022020-03-02
7.08.032019-12-022020-01-02
7.08.012019-09-022019-10-02
7.06.052019-08-022019-09-02
7.06.042019-07-022019-08-02
7.06.032019-06-022019-07-02
7.06.022019-05-022019-06-02
7.06.012019-04-022019-05-02
7.05.132019-03-022019-04-02
...
4.01.012001-06-082001-06-08
...

Overview

SAML allows for SSO using the Web Browser users credentials.

Noodle Prerequisites

If AD is being used, LDAP users should have already been populated within Noodle.

Quick reference

  1. Save your IdP URL and fingerprint in your SP (Noodle)
  2. Use https://yourNoodle.tld/SAML.po in your IdP settings and Web Browser.

Supported IdPs

Onelogin, Okta, and Azure
Note: Contact us for assistance integrating Other IdPs.

Noodle Configuration

In Noodle navigate to “System Tools > Settings > Single Sign-On”

Both URL & fingerprint will be supplied by your IdP vendor. Your IdP may provide an XML file which contains the URL and certificate, to convert the certificate into a SHA-1 fingerprint there are some online SAML tools:

Format Certificate

Calculate Fingerprint

IdP Configuration

Your IdP will require a location to direct SAML responses, use https://yourNoodle.tld/SAML.po.  Noodle will be compatible with the default settings of most IdPs.

OneLogin

  1. Navigate to "Administration > Applications > Add App"
  2. Search for "SAML Test Connector (IdP)"
  3. setting tabs
    • Info (all optional)
    • Configuration
      • ACS (Consumer) URL Validator = .*
      • ACS (Consumer) URL = https://yourNoodle.tld/SAML.po
      • the rest can be left blank
    • Parameters
      • Configured by admin
        • NameID (fka Email) = Email
    • Rules (all optional)
    • SSO
      • X.509 Certificate = 2048-bit
        • View details will show the fingerprint
      • SAML Signature Algorithm = SHA-1
      • SAML 2.0 Endpoint (HTTP)
        • This is the URL to save in Noodle
    • Access (all optional)
    • Users (make sure you add some)
    • Privileges (all optional)

Azure

  1. Azure Active Directory > Enterprise applications > New Application
  2. Non-gallery Application > Name can be anything > 2 Single sign on > SAML
    • set "Identifier (Entity ID)" to the domain name for the Noodle instance
    • set the "Reply URL" to https://yourNoodle.tld/SAML.po
    • copy the "Thumbprint" and "Login URL" to put in the Noodle settings

  • Average number of logins per day
  • Application usage
  • Number of Logins per user
  • Index Queue
  • Error Codes
  • User Activity
  • Page Hits
  • Item Views
  • User IPs
  • User Time
  • Storage Space Occupied
  • Shared Folders
  • Large Files
  • Home Folders

Some intermediate servers (proxy/gateway/firewall/router/etc) will answer a request from the browser on behalf of the server. If this happens frequently and you are unable to change the intermediate server to avoid this (supporting 2 minute connections is a good start) you can use

top.noodle.ajax.ignoreMasquerading=true;

use that as a last resort as it can cause further UI interference.

mailto has no defined limit on the number of characters but there are limits in practice (as of 2015)

Web Browsers:

  •  Apple Safari
    • 705000000
    • Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/601.1.56 (KHTML, like Gecko) Version/9.0 Safari/601.1.56
    • limited by 16GB RAM
  • Mozilla Firefox
    • 268435455
    • Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:41.0) Gecko/20100101 Firefox/41.0
    • limited by maximum string length
  • Google Chrome
    • 2097132
    • Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
    • limited without explanation
  • Microsoft Internet Explorer
    • 2029
    • Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; rv:11.0) like Gecko
    • limited without explanation

Email Clients:

  • Mozilla Thunderbird
    • 2097132 works in 1 second
    • 268435455 uses 100% CPU for 2 minutes but fails to render the body and is not usable
    • version 38.3.0
  • SeaMonkey
    • 2097132 works in 5 seconds
    • 268435455 uses 100% CPU for a long time (more than 5 minutes)
    • version 2.38
  • Apple Mail
    • 500000 works in 14 seconds
    • 2097132 uses 100% CPU for a long time (more than 5 minutes)
    • version 8.2
  • Microsoft Outlook
    • trims any url to 2070 in 1 second
    • version 2013

There is a Microsoft Office bug (2019105) that will attempt WebDAV windows authentication from non WebDAV links. To work around this bug the server can specify the "Content-Disposition" header as an "attachment" (requesting the browser save the file instead of opening it). Microsoft Internet Explorer will still ask if you want to open the file but will not attempt WebDAV. When making links with ShowItemData.po use the "download" in place of the "filename" parameter. For example:

/ShowItemData.po?handle=123&download=file.ext

If someone tries to brute force passwords their IP will be blacklisted.

  • The IP will be denied access then un-listed after 24 hours
  • This can be immediately cleared by restarting the Noodle service
  • The feature may be disabled or specific whitelisting entries added from the System Settings > Security section
  • The default threshold (20 failures per minute) may be adjusted  via the BlackList.PerMinuteThreshold option in noodle.properties.
  • One NATed IPv4 user can get many users blacklisted due to shared IP. IPv6 or internal monitoring are the only way to prevent that without disabling blacklisting.