Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
devel:documentation:application_configuration:dev:backend [2019/02/05 09:41] svandav [Notification from Workflow] |
devel:documentation:application_configuration:dev:backend [2020/01/30 08:39] tomiskar |
||
---|---|---|---|
Line 1: | Line 1: | ||
===== Configuration - backend ===== | ===== Configuration - backend ===== | ||
- | {{tag> configuration}} | + | {{tag> configuration |
The application uses a Spring boot configuration in the '' | The application uses a Spring boot configuration in the '' | ||
Line 38: | Line 38: | ||
* '' | * '' | ||
* '' | * '' | ||
- | * '' | + | * '' |
* '' | * '' | ||
Line 75: | Line 75: | ||
<code properties> | <code properties> | ||
# Application stage (development, | # Application stage (development, | ||
+ | # | ||
+ | # Public properties - available for frontend without authentication (show information about app, decorators etc.). | ||
+ | # | ||
+ | # Application stage - development, | ||
idm.pub.app.stage= | idm.pub.app.stage= | ||
# Application instance / server id - is used for scheduler etc. | # Application instance / server id - is used for scheduler etc. | ||
# Should be defined in property file only | # Should be defined in property file only | ||
idm.pub.app.instanceId=idm-primary | idm.pub.app.instanceId=idm-primary | ||
- | # Enable forest index for tree structures | ||
- | idm.sec.app.forest.index.enabled=true | ||
# global date format on BE. Used in notification templates, logs, etc. FE uses localization key ' | # global date format on BE. Used in notification templates, logs, etc. FE uses localization key ' | ||
idm.pub.app.format.date=dd.MM.yyyy | idm.pub.app.format.date=dd.MM.yyyy | ||
# global datetime format on BE. Used in notification templates, logs, etc. FE uses localization key ' | # global datetime format on BE. Used in notification templates, logs, etc. FE uses localization key ' | ||
idm.pub.app.format.datetime=dd.MM.yyyy HH:mm | idm.pub.app.format.datetime=dd.MM.yyyy HH:mm | ||
+ | # Show identifiers (uuid) in frontend application. Empty value by default => identifier is shown, when application ' | ||
+ | idm.pub.app.show.id= | ||
+ | # Show transaction identifiers (uuid) in frontend application | ||
+ | idm.pub.app.show.transactionId=false | ||
+ | # Show role environmnent in frontend application for roles (table, role detail, niceLabel, info components, role select) | ||
+ | idm.pub.app.show.environment=true | ||
+ | # | ||
+ | # Private properties - used on backend only. | ||
+ | # | ||
# create demo data at application start | # create demo data at application start | ||
idm.sec.core.demo.data.enabled=true | idm.sec.core.demo.data.enabled=true | ||
# demo data was created - prevent to create demo data duplicitly | # demo data was created - prevent to create demo data duplicitly | ||
idm.sec.core.demo.data.created=false | idm.sec.core.demo.data.created=false | ||
+ | # Enable forest index for tree structures | ||
+ | idm.sec.app.forest.index.enabled=true | ||
</ | </ | ||
Line 205: | Line 218: | ||
# older temporary files will be purged, default 14 days | # older temporary files will be purged, default 14 days | ||
idm.sec.core.attachment.tempTtl=1209600000 | idm.sec.core.attachment.tempTtl=1209600000 | ||
+ | </ | ||
+ | |||
+ | In the application profile (application.properties). | ||
+ | |||
+ | <code properties> | ||
+ | # | ||
+ | # Max file size of uploaded file. Values can use the suffixed " | ||
+ | multipart.max-file-size=100Mb | ||
+ | |||
</ | </ | ||
Line 389: | Line 411: | ||
# Thread priority for threads in event executor pool - 5 by default (normal). | # Thread priority for threads in event executor pool - 5 by default (normal). | ||
scheduler.task.executor.threadPriority= | scheduler.task.executor.threadPriority= | ||
- | # Event queue processing period (ms). Default | + | # Event queue processing period (ms). Period to read prepared (~created) asynchronous entity events from queue. |
- | scheduler.event.queue.process=1000 | + | # Events are processed in batch configured by property ' |
+ | # Default | ||
+ | scheduler.event.queue.process=500 | ||
# Event executor core pool size. Uses CPU count + 1 as default. | # Event executor core pool size. Uses CPU count + 1 as default. | ||
scheduler.event.executor.corePoolSize= | scheduler.event.executor.corePoolSize= | ||
Line 397: | Line 421: | ||
# When queueCapacity is full, then new threads are created from corePoolSize to maxPoolSize. | # When queueCapacity is full, then new threads are created from corePoolSize to maxPoolSize. | ||
scheduler.event.executor.maxPoolSize= | scheduler.event.executor.maxPoolSize= | ||
- | # Waiting events to be processed. Uses 1000 as default - prevent to prepare events repetitively and use additional threads till maxPoolSize. {@link LinkedBlockingQueue} is used for queue => capacity is initialized dynamically. | + | # Waiting events to be processed. Uses 50 as default - prevent to prepare events repetitively and use additional threads till maxPoolSize. {@link LinkedBlockingQueue} is used for queue => capacity is initialized dynamically. |
# {@link AbotrPolicy} is set for rejected tasks. | # {@link AbotrPolicy} is set for rejected tasks. | ||
- | scheduler.event.executor.queueCapacity=1000 | + | scheduler.event.executor.queueCapacity=50 |
# Thread priority for threads in event executor pool - 6 by default (a little higher priority than normal 5). | # Thread priority for threads in event executor pool - 6 by default (a little higher priority than normal 5). | ||
scheduler.event.executor.threadPriority=6 | scheduler.event.executor.threadPriority=6 | ||
Line 419: | Line 443: | ||
idm.pub.core.identity.passwordChange=ALL_ONLY | idm.pub.core.identity.passwordChange=ALL_ONLY | ||
# | # | ||
- | # required old password for change password. Needed on FE (=> public) | + | # required old password for change password. |
+ | # Needed on FE (=> public) | ||
idm.pub.core.identity.passwordChange.requireOldPassword=true | idm.pub.core.identity.passwordChange.requireOldPassword=true | ||
# | # | ||
Line 425: | Line 450: | ||
# true - change to IdM and all system | # true - change to IdM and all system | ||
# false - change to all system except IdM | # false - change to all system except IdM | ||
+ | # Needed on FE (=> public) | ||
idm.pub.core.identity.passwordChange.public.idm.enabled=true | idm.pub.core.identity.passwordChange.public.idm.enabled=true | ||
# | # | ||
Line 430: | Line 456: | ||
# skipped in synchronizations - contract synchronization should be provided. | # skipped in synchronizations - contract synchronization should be provided. | ||
idm.pub.core.identity.create.defaultContract.enabled=true | idm.pub.core.identity.create.defaultContract.enabled=true | ||
+ | # | ||
+ | # Skip identity dashboard content - show full detail directly (link from table or from info component) | ||
+ | # Needed on FE (=> public) | ||
+ | idm.pub.core.identity.dashboard.skip= | ||
# | # | ||
# supports authorization policies for extended form definitions and their values for identities | # supports authorization policies for extended form definitions and their values for identities | ||
Line 497: | Line 527: | ||
# Asynchronous events will be executed on server instance with id. Default is the same as {@link ConfigurationService# | # Asynchronous events will be executed on server instance with id. Default is the same as {@link ConfigurationService# | ||
idm.sec.core.event.asynchronous.instanceId= | idm.sec.core.event.asynchronous.instanceId= | ||
+ | # Asynchronous events will be executed in batch - batch will be split for event with HIGH / NORMAL priority in 70% HIGH / 30% NORMAL. | ||
+ | # If you events are processed quickly (~provisioning on your environment is quick), then batch size can be higher (in combination with higher ' | ||
+ | idm.sec.core.event.asynchronous.batchSize=15 | ||
</ | </ | ||
Line 519: | Line 552: | ||
- | ==== Workflow ===== | + | ==== Workflow |
<code properties> | <code properties> | ||
## WF | ## WF | ||
- | # Global property that allow disable or enable sending notification from WF | ||
- | idm.sec.core.wf.notification.send=false | ||
# Approve by manager | # Approve by manager | ||
idm.sec.core.wf.approval.manager.enabled=false | idm.sec.core.wf.approval.manager.enabled=false | ||
Line 547: | Line 578: | ||
# In the request to create new role is also used. | # In the request to create new role is also used. | ||
idm.sec.core.wf.approval.role-change.role= | idm.sec.core.wf.approval.role-change.role= | ||
+ | # | ||
+ | # Default main WF for approve all roles. | ||
+ | idm.sec.core.processor.role-request-approval-processor.wf=approve-identity-change-permissions | ||
</ | </ | ||
Line 643: | Line 677: | ||
idm.sec.core.authentication-filter.core-sso-authentication-filter.forbidden-uids= | idm.sec.core.authentication-filter.core-sso-authentication-filter.forbidden-uids= | ||
</ | </ | ||
+ | |||
+ | === Remote user authentication filter === | ||
+ | Login into IdM by preset request remote user by servlet container can be configured with following properties: | ||
+ | <code properties> | ||
+ | # Allow remote user authentication | ||
+ | idm.sec.core.authentication-filter.core-remote-user-authentication-filter.enabled=false | ||
+ | # The suffixes to remove from the login - usually domains | ||
+ | idm.sec.core.authentication-filter.core-remote-user-authentication-filter.uid-suffixes= | ||
+ | # The uids that can't be authenticated by SSO | ||
+ | idm.sec.core.authentication-filter.core-remote-user-authentication-filter.forbidden-uids= | ||
+ | </ | ||
+ | |||
+ | This authentication filter reuses SSO authentication filter behavior above ('' | ||
==== Backup ==== | ==== Backup ==== | ||
- | If you want to use redeploy and backup for example in agenda (notification | + | If you want to use redeploy and backup for example in agenda (notification |
+ | When redploy is used, then actual templates (or scripsts) are loaded from classpath by configuration (for templates or scripts) and deployed into application. Previous templates (or scripts) are backup too. | ||
<code properties> | <code properties> | ||
# configuration property for default backup | # configuration property for default backup | ||
Line 678: | Line 727: | ||
idm.sec.vs.role.default=< | idm.sec.vs.role.default=< | ||
</ | </ | ||
+ | |||
+ | ==== Long polling ==== | ||
+ | |||
+ | <code properties> | ||
+ | # Long polling | ||
+ | idm.pub.app.long-polling.enabled=true | ||
+ | </ | ||
+ | |||
+ | You can disable long polling for all types of entites with use value `false`. | ||
==== Provisioning ==== | ==== Provisioning ==== | ||
Line 694: | Line 752: | ||
# - Default value is ' | # - Default value is ' | ||
idm.sec.acc.provisioning.allowedAutoMappingOnExistingAccount=true | idm.sec.acc.provisioning.allowedAutoMappingOnExistingAccount=true | ||
+ | </ | ||
+ | |||
+ | ==== Provisioning global break ==== | ||
+ | <note tip>For enable global provisioning break you must set configurations properties defined below, otherwise global provisioning break will not be active.</ | ||
+ | |||
+ | <code properties> | ||
+ | # Global break for update disabled/ | ||
+ | idm.sec.acc.provisioning.break.update.disabled | ||
+ | # Global break for update checked period (integer values) | ||
+ | idm.sec.acc.provisioning.break.update.period | ||
+ | # Global break for update disable limit (integer values) | ||
+ | idm.sec.acc.provisioning.break.update.disableLimit | ||
+ | # Global break for update disabled template (ID of template, if will by null default template will be used) | ||
+ | idm.sec.acc.provisioning.break.update.templateDisable | ||
+ | # Global break for update warning limit (integer values) | ||
+ | idm.sec.acc.provisioning.break.update.warningLimit | ||
+ | # Global break for update warning template (ID of template, if will by null default template will be used) | ||
+ | idm.sec.acc.provisioning.break.update.templateWarning | ||
+ | # Global break for update. Existing identity recipients (identity username or id, split by ',' | ||
+ | idm.sec.acc.provisioning.break.update.identityRecipients | ||
+ | # Global break for update. Recipient will be solved as identities that has assigned defined role/s (role code or id, split by ',' | ||
+ | idm.sec.acc.provisioning.break.update.roleRecipients | ||
+ | # | ||
+ | # | ||
+ | # Global break for create disabled/ | ||
+ | idm.sec.acc.provisioning.break.create.disabled | ||
+ | # Global break for create checked period (integer values) | ||
+ | idm.sec.acc.provisioning.break.create.period | ||
+ | # Global break for create disable limit (integer values) | ||
+ | idm.sec.acc.provisioning.break.create.disableLimit | ||
+ | # Global break for create disabled template (ID of template, if will by null default template will be used) | ||
+ | idm.sec.acc.provisioning.break.create.templateDisable | ||
+ | # Global break for create warning limit (integer values) | ||
+ | idm.sec.acc.provisioning.break.create.warningLimit | ||
+ | # Global break for create warning template (ID of template, if will by null default template will be used) | ||
+ | idm.sec.acc.provisioning.break.create.templateWarning | ||
+ | # Global break for create. Existing identity recipients (identity username or id, split by ',' | ||
+ | idm.sec.acc.provisioning.break.create.identityRecipients | ||
+ | # Global break for create. Recipient will be solved as identities that has assigned defined role/s (role code or id, split by ',' | ||
+ | idm.sec.acc.provisioning.break.create.roleRecipients | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # Global break for delete disabled/ | ||
+ | idm.sec.acc.provisioning.break.delete.disabled | ||
+ | # Global break for delete checked period (integer values) | ||
+ | idm.sec.acc.provisioning.break.delete.period | ||
+ | # Global break for delete disable limit (integer values) | ||
+ | idm.sec.acc.provisioning.break.delete.disableLimit | ||
+ | # Global break for delete disabled template (ID of template, if will by null default template will be used) | ||
+ | idm.sec.acc.provisioning.break.delete.templateDisable | ||
+ | # Global break for delete warning limit (integer values) | ||
+ | idm.sec.acc.provisioning.break.delete.warningLimit | ||
+ | # Global break for delete warning template (ID of template, if will by null default template will be used) | ||
+ | idm.sec.acc.provisioning.break.delete.templateWarning | ||
+ | # Global break for delete. Existing identity recipients (identity username or id, split by ',' | ||
+ | idm.sec.acc.provisioning.break.delete.identityRecipients | ||
+ | # Global break for delete. Recipient will be solved as identities that has assigned defined role/s (role code or id, split by ',' | ||
+ | idm.sec.acc.provisioning.break.delete.roleRecipients | ||
</ | </ | ||
Line 723: | Line 840: | ||
Common configuration properties for all renderers: | Common configuration properties for all renderers: | ||
* '' | * '' | ||
+ | |||
+ | ==== Logger ==== | ||
+ | |||
+ | In the application profile ('' | ||
+ | |||
+ | Logger levels can be configured programmatically (override '' | ||
+ | |||
+ | <code properties> | ||
+ | idm.sec.core.logger.< | ||
+ | </ | ||
+ | |||
+ | Where ''< | ||
+ | |||
+ | Example: | ||
+ | <code properties> | ||
+ | idm.sec.core.logger.eu.bcvsolutions=DEBUG | ||
+ | </ |