All configuration items which are used solely for IdM begin with idm. prefix. The configuration items from the file can be overloaded through a setting agenda in the gui ⇒ a server restart isn't needed for changing the configuration with idm. prefix. The configuration is saved in the database. Use ConfigurationService for reading and saving configuration items.

Naming conventions of the configuration items in IdM:

  • idm. - configuration items for the needs of IdM
  • idm.pub. - public configuration items - published on a public rest endpoint (e.g. version)
  • idm.sec. - system configuration items - published on a secure rest endpoint and available for configuration by the application administrator. They are used for backend configuration. If configuration item is confidential, then value is stored in confidential storage and value is not send to frontend, application logs etc. Items with key password, token, secret are automatically set as confidential - use it for configuration items defined in property file only.
  • idm.sec.<module>. or idm.pub.<module>. - configuration items of the given module. Use ModuleDescriptor#getId() as <module>.
  • if the name of a configuration item contains thepassword or token chain, the value of the configuration item is hidden in the rest interface listing (or rather replaced with substitute characters).
  • It is better to use constants for keys, e.g. ConfigurationService.IDM\_PUBLIC\_PROPERTY\_PREFIX + "core.identity.delete" - using seperator constant in key name suffix is not preferred - constant can be simply found by key suffix ("ctrl-f" + "core.identity.delete").
  • cache - cache configuiration items - type of cache and other cache parameters are configured here

Frontend configuration is stored in czechidm-app module under czechidm-app/config folder and is separated by profile (by client) and stage (development / test / production) read more.

  • by sourek