Table of Contents

Configuration - CzechIdM configuration in GUI and config files

CzechIdM can be configured by many configuration properties, see the list of configuration items.

You can set the properties in two ways:

Configuration file

There are two locations of the configuration files for CzechIdM. This configuration is read at the application start. If changed, new options will be applied after application restart.

You can see the values from the configuration files (both external and bundled) in the CzechIdM application: Settings → Configuration → Static environment configuration items.

Application settings in GUI

All keys in configuration file can be overridden via GUI in menu Settings → Configuration. If the configuration property is set, the change takes place instantly.

If you want to do so, click on the green "Add" button in the right upper corner. Copy the desired key from the configuration file and then fill in your own value for the key. You can also store the value in the confidential storage, it means that the value is not visible in GUI (only stars represent the value) and the application keeps the reference into encrypted storage. If the value is to be used, the application use the reference and get the value for temporary usage.

Then there is a checkbox public. If turned on, then the configuration can be read via REST for all users even those not authenticated. It is advisable not to use it if not necessary.

Of course, you can also define keys that are not present in the configuration file.

The menu Settings → Configuration list both:

If the key is present in both tables, then only the value of the Configurable items is applied. Filtering by the key name is available for Configurable items.

Module activation

You can activate/deactivate CzechIdM modules via menu Settings → Modules. There are currently 3 cards

If you want to activate/deactivate module. Use Modules (backend) or Modules (frontend) card, find the module you want to activate and click the button at the end of the line. It does not matter if you choose BE or FE part of the module, the complement will be activated/deactivated automatically.

Processor activation

Processors in Setting → Modules → Processors are read only list. If you want to activate the processor use the following approach:

  1. In the menu Settings → Modules → Processors find the processor you want to disable. Copy the configuration property key e.g. identity-monitored-fields-processor and check the name of the module that the processor is in (first row). In our example it is core module.
  2. In the menu Settings → Configuration add new configuration property with the following format: [idm.sec|idm.pub].<module_name>.processor.<processor_name>.enabled. idm.sec means that the configuration is not public - see previous sections. module_name and processor_name we got in previous step. In our example the key is idm.sec.core.processor.identity-monitored-fields-processor.enabled.
  3. Add the value true and save.

If you want to deactivate processor, use false in the step 3.