Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
devel:documentation:application_configuration:dev:backend [2020/09/04 11:25]
tomiskar [Application/ Server] 		devel:documentation:application_configuration:dev:backend [2021/02/23 10:55]
kucerar CAS properties
Line 60: Line 60:
 # Public properties - available for frontend without authentication (show information about app, decorators etc.). # Public properties - available for frontend without authentication (show information about app, decorators etc.).
 # #
-# Application stage - development, test, production+# Application stage - development, test, production.
 idm.pub.app.stage= idm.pub.app.stage=
 # Application instance / server id - is used for scheduler etc. # Application instance / server id - is used for scheduler etc.
Line 71: Line 71:
 # Show identifiers (uuid) in frontend application. Empty value by default => identifier is shown, when application 'idm.pub.app.stage' is set to 'development'. # Show identifiers (uuid) in frontend application. Empty value by default => identifier is shown, when application 'idm.pub.app.stage' is set to 'development'.
 idm.pub.app.show.id= idm.pub.app.show.id=
-# Show transaction identifiers (uuid) in frontend application +# Show transaction identifiers (uuid) in frontend application.
 idm.pub.app.show.transactionId=false idm.pub.app.show.transactionId=false
-# Show role environment in frontend application for roles (table, role detail, niceLabel, info components, role select) +# Show role environment in frontend application for roles (table, role detail, niceLabel, info components, role select).
 idm.pub.app.show.environment=true idm.pub.app.show.environment=true
-# Show role baseCode in frontend application for roles (table, role detail, niceLabel, info components, role select) +# Show role baseCode in frontend application for roles (table, role detail, niceLabel, info components, role select).
 idm.pub.app.show.role.baseCode=true idm.pub.app.show.role.baseCode=true
 +# Number of items (pagination) in role catalogue tree in root level.
 +idm.pub.app.show.roleCatalogue.tree.pagination.root.size=25
 +# Number of items (pagination) in role catalogue tree in other levels.
 +idm.pub.app.show.roleCatalogue.tree.pagination.node.size=25
 +# Number of items (pagination) in tree node structure in root level.
 +idm.pub.app.show.treeNode.tree.pagination.root.size=50
 +# Number of items (pagination) in tree node structure in other levels.
 +idm.pub.app.show.treeNode.tree.pagination.node.size=50
 # Available size options for tables in frontend application # Available size options for tables in frontend application
 idm.pub.app.show.sizeOptions=10, 25, 50, 100 idm.pub.app.show.sizeOptions=10, 25, 50, 100
Line 84: Line 92:
 # Bulk action can enforce showing in quick access button (by bulk action configuration). # Bulk action can enforce showing in quick access button (by bulk action configuration).
 idm.pub.app.show.table.quickButton.count=5 idm.pub.app.show.table.quickButton.count=5
-# show default form for newly created user  +Quick button for bulk actions in tables will be included in drop down select box too (available as button + menu item with text).  
-default form can be disabled => at least one configured form projection is needed+# Number of selected record is shown in drop down select header. 
 +idm.pub.app.show.table.quickButton.menuIncluded=true 
 +# Show default form for newly created user. 
 +Default form can be disabled => at least one configured form projection is needed.
 idm.pub.app.show.identity.formProjection.default=true idm.pub.app.show.identity.formProjection.default=true
 # If is true, then role-request description will be show on the detail. # If is true, then role-request description will be show on the detail.
Line 94: Line 105:
 # Private properties - used on backend only. # Private properties - used on backend only.
 # #
-create demo data at application start+Create demo data at application start.
 idm.sec.core.demo.data.enabled=true idm.sec.core.demo.data.enabled=true
-demo data was created - prevent to create demo data duplicitly+Demo data was created - prevent to create demo data duplicitly.
 idm.sec.core.demo.data.created=false idm.sec.core.demo.data.created=false
 # Create init data at application start. Init data (product provided roles) are updated automatically with pruct updates. # Create init data at application start. Init data (product provided roles) are updated automatically with pruct updates.
Line 465: Line 476:
 <code properties> <code properties>
 # supports delete identity. Needed on FE (=> public) to render available bulk action in table  # supports delete identity. Needed on FE (=> public) to render available bulk action in table 
 +# @deprecated @since 10.6.0 - action can be disabled by bulk action configurable api - use 'idm.sec.core.bulk-action.identity-delete-bulk-action.enabled=false'.
 idm.pub.core.identity.delete=true idm.pub.core.identity.delete=true
 # #
Line 594: Line 606:
 idm.sec.<module>.processor.<name>.eventTypes=CREATE,UPDATE idm.sec.<module>.processor.<name>.eventTypes=CREATE,UPDATE
 </code> </code>
-Where ''<module>'' is processor's module ''<name>'' is processor's name (see overridable processor's methods). Filled configuration properties will be shown on [[..:..:architecture:dev:events#implemented_processors|processor's content]].+Where ''<module>'' is processor's module and ''<name>'' is processor's name (see overridable processor's methods). Filled configuration properties will be shown on [[..:..:architecture:dev:events#implemented_processors|processor's content]].
  
 Common configuration properties for all processors: Common configuration properties for all processors:
Line 602: Line 614:
  
 Exists processors configuration: [[..:..:architecture:dev:events#implemented_processors|implemented proccessors]]. Exists processors configuration: [[..:..:architecture:dev:events#implemented_processors|implemented proccessors]].
 +
 +==== Bulk actions ====
 +
 +@since 10.6.0
 +
 +In the application profile (''application.properties'') - overloadable via ''ConfigurationService''.
 +Every bulk action could have his own configuration properties under prefix: 
 +<code properties>
 +# disable / enable bulk action
 +idm.sec.<module>.bulk-action.<name>.enabled=true
 +</code>
 +Where ''<module>'' is bulk action module and ''<name>'' is bulk action name.
 +
 +Common configuration properties for all bulk actions:
 +  * ''enabled'' - **true** / false.
 +  * ''order'' - bulk action order (for FE only). Action provided default order in implementation.
 +  * ''icon'' - Icon on frontend (for FE only). Icon libraries can be used: ''component:'', ''fa:'', ''glyph:''. Icon is loaded from FE locale by default.
 +  * ''level'' - bulk action level ~ button and icon color (for FE only). Available options: ''success'' (default value), ''info'', ''warning'', ''error''.
 +  * ''deleteAction'' - true / **false** - Action deletes records (for FE only). Action will be in bottom menu section, is action is included in menu. 
 +  * ''quickButton'' - true / **false** - Render action as quick button (for FE only). The first available actions are rendered as buttons, if icon is defined. This configuration enforces rendering action as quick button (order is ignored).
  
  
Line 634: Line 666:
 # Default main WF for approve all roles. # Default main WF for approve all roles.
 idm.sec.core.processor.role-request-approval-processor.wf=approve-identity-change-permissions idm.sec.core.processor.role-request-approval-processor.wf=approve-identity-change-permissions
 +</code>
 +
 +==== Universal requests =====
 +<code properties>
 +## Universal requests
 +# Role
 +idm.pub.core.request.idm-role.enabled=false
 +# Defines type of guarantee. Requests will be approving only by guarantee with this type.
 +# If returns null, then all guarantees will be used for approving (no limitations).
 +idm.sec.core.request.idm-role.approval.guarantee-type=
 </code> </code>
  
Line 663: Line 705:
  
 <code properties> <code properties>
-# Enable / disable check filter is properly registered, when filter is used (by entity and property name). Throw exeption, when unrecognised filter is used.+# Enable / disable check filter is properly registered, when filter is used (by entity and property name).  
 +# Throws exception, when unrecognized filter is used.
 idm.sec.core.filter.check.supported.enabled=true idm.sec.core.filter.check.supported.enabled=true
 +# Check count of values exceeded given maximum. 
 +# Related to database count of query parameters (e.g. Oracle = {@code 1000}, MSSql = {@code 2100}).
 +# Throws exception, when size is exceeded. Set to {@code -1} to disable this check.
 +idm.sec.core.filter.check.size.maximum=500
 </code> </code>
  
Line 762: Line 809:
  
 This authentication filter reuses SSO authentication filter behavior above (''uid-suffixes'', ''forbidden-uids''), but application administrator can be logged by this filter (identity with ''APP_ADMIN'' authority). This authentication filter reuses SSO authentication filter behavior above (''uid-suffixes'', ''forbidden-uids''), but application administrator can be logged by this filter (identity with ''APP_ADMIN'' authority).
 +
 +=== Two-factor authentication ===
 +
 +[[..:..:security:dev:security#two-factor_authentication|Two-factor authentication]] can be configured in the application profile (application.properties) with following properties:
 +
 +<code properties>
 +# Verification secret length
 +totp.secret.length=32
 +# Time Period ~ period to generate new authentication code
 +totp.time.period=30
 +# Time Discrepancy - number of past (but still valid) authentication codes (e.g. when code is sent by notification, then user could need more time to fill it into CzechIdM)
 +totp.time.discrepancy=1
 +
 +</code>
 +
 +=== CAS authentication filter ===
 +[[..:..:security:dev:security#cas_authentication|CAS authentication]] can be configured with following properties:
 +<code properties>
 +# Enable authentication via CAS. If enabled, all properties below "Other properties" become mandatory and must be set for SSO authentication via CAS to work. Default: false
 +idm.pub.core.cas.sso.enabled=true
 +# Other properties
 +# Base URL where CAS is accessible. Syntax of this field is https://hostname-of-CAS/URI.
 +idm.pub.core.cas.url=
 +# Suffix which is, in effect, appended to idm.pub.core.cas.url. Resulting URL is used for login operation in CAS. It must start with slash (eg. /login).
 +idm.pub.core.cas.login-suffix=/login?service=
 +# Suffix which is appended to idm.pub.core.cas.url. Resulting URL is used for single sign-out operation. It must start with slash (eg. /logout).
 +idm.pub.core.cas.logout-suffix=/logout?service=
 +# URL of CzechIdM. This URL is used for redirect back after logout and also for ticket validation. Syntax of this field is https://hostname-of-CzechIdM/URI.
 +idm.pub.core.cas.idm-url=
 +# Header name in which CAS sends the ticket value.
 +idm.sec.core.cas.header-name=referer
 +# Path to CzechIdM for the HTTP Referer header used by CAS while redirecting back to application. This value is concatenated with CAS ticket to form Referer header. Syntax of this field is https://hostname-of-CzechIdM/URI/?ticket=.
 +idm.sec.core.cas.header-prefix=
 +</code>
  
 ==== Backup ==== ==== Backup ====
Line 768: Line 849:
  
 <code properties> <code properties>
-configuration property for default backup +Configuration property for backup files. 
 +# Configured attachment storage patrh ( see 'idm.sec.core.attachment.storagePath') is used as default.
 idm.sec.core.backups.default.folder.path=/tmp/backup idm.sec.core.backups.default.folder.path=/tmp/backup
 </code> </code>
Line 808: Line 890:
  
 You can disable long polling for all types of entites with use value `false`. You can disable long polling for all types of entites with use value `false`.
 +
 +
  
 ==== Provisioning ==== ==== Provisioning ====
  • by chalupat