Two-Factor authentication (MFA) for Bonita users


Is it possible to implement two-factor authentication for users using Bonita based on Community version? Has anyone already done something like this, if so, could you share any experiences and a hint on how to approach this ? I would be very grateful for all the tips.

How to Enforce Password Policy Community Edition

Hi, I noticed in the documentation that there is a way to enforce password policies. Is this truly locked under the enterprise edition? Is there a way to do this for the community edition?

Thank you.

BBPMC-554 Do these vulnerabilities still exist for Bonita 7.11?

How to fix vulnerability CWE–307 Improper Restriction of Excessive Authentication Attempts in Bonita version 7.10.1?


The security team has performed tests with the methodologies OWASP and Penetration Testing. Black-box and white-box tests were performed.

It has detected the following vulnerability with Bonita version 7.10.1 bundle with Tomcat version 8.5.47.

Information system security policy of the ISO 27002 standard

good morning
how to add the information system security policy of the ISO 27002 standard in bonitasoft community 7.8.0 for the application?

security API REST

Bonita 7.5.4, Community
I have a project with some process that accesses to API REST from forms. In the studio, there is no problem but in production, only the profile 'administrator' can access to the API REST.

I have resolved the problem by editing the parameter "" to false [..\setup\platform_conf\current\tenants\1\tenant_portal\security-config.propierties]

Is it safe to use REST API Login with password in the URL

Hi guys,

The title is pretty clear : we have a doubt concerning security when we see that the Login REST API sends the user's password in the URL.

How can we check user permissions ?

Hi guys,

I'm trying to understand how REST API's permissions work with Bonita 7.4, if someone can provide any info it would be nice :)

So here's what I understood :

Why does the tasks not load when CSRF is enabled in the configuration file.


I have enabled CSRF from false to true in the security config file.
The path is /bonita/client/platform/conf .

Once I set the value as true ( referred Bonita documentation), then in my portal i can see all the tasks. But when I click on a task and select do it, the page just reloads (task list page).
If I make it as false. then the tasks work fine . But setting it true does not open the tasks.

Need To implement some security Measures in BonitaSoft Portal and subsequent Apps


I need to implement some Security Features in my Portal . below are the list of issues that were identified .
Please point me to the correct documentation or Steps that I need in order to implement the security measures.

1) I observed that AutoComplete was enabled in potentially sensitive form fields. - Disable AutoComplete .