Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
devel:documentation:application_configuration:dev:backend [2020/09/08 11:31] tomiskar [Application/ Server] |
devel:documentation:application_configuration:dev:backend [2021/10/22 08:30] tomiskar [Application/ Server] |
||
---|---|---|---|
Line 60: | Line 60: | ||
# Public properties - available for frontend without authentication (show information about app, decorators etc.). | # Public properties - available for frontend without authentication (show information about app, decorators etc.). | ||
# | # | ||
- | # Application stage - development, | + | # Application stage - development, |
idm.pub.app.stage= | idm.pub.app.stage= | ||
# Application instance / server id - is used for scheduler etc. | # Application instance / server id - is used for scheduler etc. | ||
- | # Should | + | # Can be defined in property file only! Overidding via ConfigurationService is not possible for application instance (~ more instanceos on the same database) |
idm.pub.app.instanceId=idm-primary | idm.pub.app.instanceId=idm-primary | ||
+ | # Frontend server url. | ||
+ | # E.g. http:// | ||
+ | # Default: The first ' | ||
+ | # @since 12.0.0 | ||
+ | idm.pub.app.frontend.url= | ||
+ | # Backend server url. | ||
+ | # E.g. http:// | ||
+ | # Default: Url is resolved dynamically from current servlet request. | ||
+ | # @since 12.0.0 | ||
+ | idm.pub.app.backend.url= | ||
+ | |||
# global date format on BE. Used in notification templates, logs, etc. FE uses localization key ' | # global date format on BE. Used in notification templates, logs, etc. FE uses localization key ' | ||
idm.pub.app.format.date=dd.MM.yyyy | idm.pub.app.format.date=dd.MM.yyyy | ||
Line 71: | Line 82: | ||
# Show identifiers (uuid) in frontend application. Empty value by default => identifier is shown, when application ' | # Show identifiers (uuid) in frontend application. Empty value by default => identifier is shown, when application ' | ||
idm.pub.app.show.id= | idm.pub.app.show.id= | ||
- | # Show transaction identifiers (uuid) in frontend application | + | # Show transaction identifiers (uuid) in frontend application. |
idm.pub.app.show.transactionId=false | idm.pub.app.show.transactionId=false | ||
- | # Show role environment in frontend application for roles (table, role detail, niceLabel, info components, role select) | + | # Show role environment in frontend application for roles (table, role detail, niceLabel, info components, role select). |
idm.pub.app.show.environment=true | idm.pub.app.show.environment=true | ||
- | # Show role baseCode in frontend application for roles (table, role detail, niceLabel, info components, role select) | + | # Show role baseCode in frontend application for roles (table, role detail, niceLabel, info components, role select). |
idm.pub.app.show.role.baseCode=true | idm.pub.app.show.role.baseCode=true | ||
+ | # Rendered column in role table agenda. Comma is used as separator. Order of rendered columns is preserved as configured. | ||
+ | # Available columns: | ||
+ | # - name - role name info card with link to detail | ||
+ | # - baseCode - role base code (without environment) | ||
+ | # - environment - role environment | ||
+ | # - disabled | ||
+ | # - description | ||
+ | idm.pub.app.show.role.table.columns=name, | ||
+ | # Show role catalogue item code in role catalogue tree | ||
+ | idm.pub.app.show.roleCatalogue.tree.code=false | ||
+ | # Number of items (pagination) in role catalogue tree in root level. Used on role select and agenda. | ||
+ | idm.pub.app.show.roleCatalogue.tree.pagination.root.size=25 | ||
+ | # Number of items (pagination) in role catalogue tree in other levels. Used on role select and agenda. | ||
+ | idm.pub.app.show.roleCatalogue.tree.pagination.node.size=25 | ||
+ | # Number of items (pagination) in tree node structure in root level. | ||
+ | idm.pub.app.show.treeNode.tree.pagination.root.size=50 | ||
+ | # Number of items (pagination) in tree node structure in other levels. | ||
+ | idm.pub.app.show.treeNode.tree.pagination.node.size=50 | ||
# Available size options for tables in frontend application | # Available size options for tables in frontend application | ||
idm.pub.app.show.sizeOptions=10, | idm.pub.app.show.sizeOptions=10, | ||
Line 87: | Line 116: | ||
# Number of selected record is shown in drop down select header. | # Number of selected record is shown in drop down select header. | ||
idm.pub.app.show.table.quickButton.menuIncluded=true | idm.pub.app.show.table.quickButton.menuIncluded=true | ||
- | # show default form for newly created user | + | # Show default form for newly created user. |
- | # default | + | # Default |
idm.pub.app.show.identity.formProjection.default=true | idm.pub.app.show.identity.formProjection.default=true | ||
+ | # Rendered column in identity table agenda. Comma is used as separator. Order of rendered columns is preserved as configured. | ||
+ | # Available columns: | ||
+ | # - username - username with link to detail | ||
+ | # - entityinfo - identity info card | ||
+ | # - lastName | ||
+ | # - firstName | ||
+ | # - externalCode - personal number | ||
+ | |||
+ | # - state | ||
+ | # - passwordexpiration - information about identity password epiration | ||
+ | # - description | ||
+ | # Note: Table in identity agenda can be configured with this property (common identity table with columns is not specified on FE). | ||
+ | # If you want to configure rendered columns for all tables generalized from identity table (e.g. on role or tree node detail), | ||
+ | # you can use FE configuration https:// | ||
+ | idm.pub.app.show.identity.table.columns=username, | ||
+ | idm.pub.app.show.identityRole.table.columns=role, | ||
# If is true, then role-request description will be show on the detail. | # If is true, then role-request description will be show on the detail. | ||
# Description will hidden if this property will be false and role request | # Description will hidden if this property will be false and role request | ||
# doesn' | # doesn' | ||
idm.pub.app.show.roleRequest.description=true | idm.pub.app.show.roleRequest.description=true | ||
+ | # Show logout content (~ page) with message, after user is logged out. | ||
+ | idm.pub.app.show.logout.content=false | ||
# | # | ||
# Private properties - used on backend only. | # Private properties - used on backend only. | ||
# | # | ||
- | # create | + | # Create |
idm.sec.core.demo.data.enabled=true | idm.sec.core.demo.data.enabled=true | ||
- | # demo data was created - prevent to create demo data duplicitly | + | # Demo data was created - prevent to create demo data duplicitly. |
idm.sec.core.demo.data.created=false | idm.sec.core.demo.data.created=false | ||
# Create init data at application start. Init data (product provided roles) are updated automatically with pruct updates. | # Create init data at application start. Init data (product provided roles) are updated automatically with pruct updates. | ||
Line 105: | Line 152: | ||
idm.sec.core.init.data.enabled=true | idm.sec.core.init.data.enabled=true | ||
</ | </ | ||
+ | |||
+ | === Change server for asynchronous processing (switch application instance) == | ||
+ | |||
+ | @since 11.1.0 | ||
+ | |||
+ | Application instance (server) is used for asynchronus processing - for scheduled tasks, asynchronous long running tasks and events. | ||
+ | Instance identifier can be defined in the application profile (application.properties) by property '' | ||
+ | When we want to schedule and process asynchronous tasks and event on other instace (or when one instance shutdown), then we can switch processing by provided bulk action '' | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | Previous and new instance identifier is required as input parameters. All scheduled tasks and all created (~ not processed) asynchronous long running tasks and events will be moved from previous to new instance and will be processed on new instance (server). | ||
+ | |||
+ | Bulk action is available for logged user with required authorities and permissions: | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | |||
==== Jpa === | ==== Jpa === | ||
Line 173: | Line 238: | ||
< | < | ||
| | ||
- | < | + | < |
< | < | ||
<!-- please note the " | <!-- please note the " | ||
Line 288: | Line 353: | ||
<code properties> | <code properties> | ||
# allowed origins for FE | # allowed origins for FE | ||
- | # the first value is used as frontend url to notification templates | ||
idm.pub.security.allowed-origins=http:// | idm.pub.security.allowed-origins=http:// | ||
# auth token | # auth token | ||
Line 445: | Line 509: | ||
# Thread priority for threads in event executor pool - 5 by default (normal). | # Thread priority for threads in event executor pool - 5 by default (normal). | ||
scheduler.task.executor.threadPriority= | scheduler.task.executor.threadPriority= | ||
+ | # Asynchronous task processing is stopped. | ||
+ | # Asynchronous task processing is stopped, when instance for processing is switched => prevent to process asynchronous task in the meantime. | ||
+ | # Asynchronous task processing can be stopped for testing or debugging purposes. | ||
+ | # Asynchronous task are still created in queue, but they are not processed automatically - task can be executed manually from ui. | ||
+ | idm.sec.core.scheduler.task.asynchronous.stopProcessing=false | ||
# Event queue processing period (ms). Period to read prepared (~created) asynchronous entity events from queue. | # Event queue processing period (ms). Period to read prepared (~created) asynchronous entity events from queue. | ||
# Events are processed in batch configured by property ' | # Events are processed in batch configured by property ' | ||
Line 487: | Line 556: | ||
# Needed on FE (=> public) | # Needed on FE (=> public) | ||
idm.pub.core.identity.passwordChange.public.idm.enabled=true | idm.pub.core.identity.passwordChange.public.idm.enabled=true | ||
- | # | ||
- | # create default identity' | ||
- | # skipped in synchronizations - contract synchronization should be provided. | ||
- | idm.pub.core.identity.create.defaultContract.enabled=true | ||
# | # | ||
# Skip identity dashboard content - show full detail directly (link from table or from info component) | # Skip identity dashboard content - show full detail directly (link from table or from info component) | ||
# Needed on FE (=> public) | # Needed on FE (=> public) | ||
idm.pub.core.identity.dashboard.skip= | idm.pub.core.identity.dashboard.skip= | ||
+ | # | ||
+ | # Create default identity' | ||
+ | # Skipped in synchronizations - contract synchronization should be provided. | ||
+ | idm.sec.core.identity.create.defaultContract.enabled=true | ||
+ | # Creates default identity' | ||
+ | idm.sec.core.identity.create.defaultContract.position=Default | ||
+ | # Creates default identity' | ||
+ | # EXCLUDED - Excluded from evidence - remains valid, but roles assigned for this contract are not added for logged identity. | ||
+ | # DISABLED - Invalid by user - not changed by dates. | ||
+ | idm.sec.core.identity.create.defaultContract.state= | ||
+ | # Number of days related to current date - will be used for set contract valid till date (current date + expiration in days = valid till). | ||
+ | # Contact valid till will not be set by default (~ contract expiration is not configured by default). | ||
+ | idm.sec.core.identity.create.defaultContract.expiration= | ||
+ | # | ||
+ | # Profile image max file size in readable string format (e.g. 200KB). | ||
+ | idm.sec.core.identity.profile.image.max-file-size=512KB | ||
</ | </ | ||
Line 582: | Line 663: | ||
# disable / enable asynchronous event processing. Events will be executed synchronously, | # disable / enable asynchronous event processing. Events will be executed synchronously, | ||
idm.sec.core.event.asynchronous.enabled=true | idm.sec.core.event.asynchronous.enabled=true | ||
+ | # Asynchronous event processing is stopped. | ||
+ | # Event processing is stopped, when instance for processing is switched => prevent to process instances in the meantime. | ||
+ | # Asynchronous event processing can be disabled for testing or debugging purposes. | ||
+ | # Events are still created in queue, but they are not processed. | ||
+ | idm.sec.core.event.asynchronous.stopProcessing=false | ||
# Asynchronous events will be executed on server instance with id. Default is the same as {@link ConfigurationService# | # Asynchronous events will be executed on server instance with id. Default is the same as {@link ConfigurationService# | ||
idm.sec.core.event.asynchronous.instanceId= | idm.sec.core.event.asynchronous.instanceId= | ||
Line 598: | Line 684: | ||
idm.sec.< | idm.sec.< | ||
</ | </ | ||
- | Where ''< | + | Where ''< |
Common configuration properties for all processors: | Common configuration properties for all processors: | ||
Line 606: | Line 692: | ||
Exists processors configuration: | Exists processors configuration: | ||
+ | |||
+ | ==== Bulk actions ==== | ||
+ | |||
+ | @since 10.6.0 | ||
+ | |||
+ | In the application profile ('' | ||
+ | Every bulk action could have his own configuration properties under prefix: | ||
+ | <code properties> | ||
+ | # disable / enable bulk action | ||
+ | idm.sec.< | ||
+ | </ | ||
+ | Where ''< | ||
+ | |||
+ | Common configuration properties for all bulk actions: | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
Line 638: | Line 745: | ||
# Default main WF for approve all roles. | # Default main WF for approve all roles. | ||
idm.sec.core.processor.role-request-approval-processor.wf=approve-identity-change-permissions | idm.sec.core.processor.role-request-approval-processor.wf=approve-identity-change-permissions | ||
+ | </ | ||
+ | |||
+ | ==== Universal requests ===== | ||
+ | <code properties> | ||
+ | ## Universal requests | ||
+ | # Role | ||
+ | idm.pub.core.request.idm-role.enabled=false | ||
+ | # Defines type of guarantee. Requests will be approving only by guarantee with this type. | ||
+ | # If returns null, then all guarantees will be used for approving (no limitations). | ||
+ | idm.sec.core.request.idm-role.approval.guarantee-type= | ||
</ | </ | ||
Line 667: | Line 784: | ||
<code properties> | <code properties> | ||
- | # Enable / disable check filter is properly registered, when filter is used (by entity and property name). | + | # Enable / disable check filter is properly registered, when filter is used (by entity and property name). |
+ | # Throws exception, when unrecognized | ||
idm.sec.core.filter.check.supported.enabled=true | idm.sec.core.filter.check.supported.enabled=true | ||
+ | # Check count of values exceeded given maximum. | ||
+ | # Related to database count of query parameters (e.g. Oracle = {@code 1000}, MSSql = {@code 2100}). | ||
+ | # Throws exception, when size is exceeded. Set to {@code -1} to disable this check. | ||
+ | idm.sec.core.filter.check.size.maximum=500 | ||
</ | </ | ||
Line 766: | Line 888: | ||
This authentication filter reuses SSO authentication filter behavior above ('' | This authentication filter reuses SSO authentication filter behavior above ('' | ||
+ | |||
+ | === Two-factor authentication === | ||
+ | |||
+ | [[..: | ||
+ | |||
+ | <code properties> | ||
+ | # Verification secret length | ||
+ | totp.secret.length=32 | ||
+ | # Time Period ~ period to generate new authentication code | ||
+ | totp.time.period=30 | ||
+ | # Time Discrepancy - number of past (but still valid) authentication codes (e.g. when code is sent by notification, | ||
+ | totp.time.discrepancy=1 | ||
+ | |||
+ | </ | ||
+ | |||
+ | === CAS authentication filter === | ||
+ | @since 12.0.0 | ||
+ | [[..: | ||
+ | <code properties> | ||
+ | # Enable authentication via CAS. If enabled, " | ||
+ | idm.pub.core.cas.enabled=false | ||
+ | # Other properties | ||
+ | # Base URL where CAS is accessible. Syntax of this field is https:// | ||
+ | idm.sec.core.cas.url= | ||
+ | # IdM service name configured as service on CAS server. | ||
+ | # When service is configured, then login and logout redirect urls, should be defined directly in CAS service configuration. | ||
+ | # Default: service name for login / logout is created dynamically by BE server url (recommended). | ||
+ | idm.sec.core.cas.service= | ||
+ | # Suffix which is, in effect, appended to idm.sec.core.cas.url. Resulting URL is used for login operation in CAS. It must start with slash (eg. /login). | ||
+ | idm.sec.core.cas.login-path=/ | ||
+ | # Suffix which is appended to idm.sec.core.cas.url. Resulting URL is used for single sign-out operation. It must start with slash (eg. /logout). | ||
+ | idm.sec.core.cas.logout-path=/ | ||
+ | # Ticket can be given as request parameter (recommended, | ||
+ | idm.sec.core.cas.parameter-name=ticket | ||
+ | # Header name in which CAS sends the ticket value. Ticket can be given as request header. Not configured by default. | ||
+ | idm.sec.core.cas.header-name= | ||
+ | # Path to CzechIdM for the HTTP Referer header used by CAS while redirecting back to application. This value is concatenated with CAS ticket to form Referer header. Syntax of this field is https:// | ||
+ | idm.sec.core.cas.header-prefix= | ||
+ | </ | ||
==== Backup ==== | ==== Backup ==== | ||
Line 772: | Line 933: | ||
<code properties> | <code properties> | ||
- | # configuration | + | # Configuration |
+ | # Configured attachment storage patrh ( see ' | ||
idm.sec.core.backups.default.folder.path=/ | idm.sec.core.backups.default.folder.path=/ | ||
</ | </ | ||
Line 812: | Line 974: | ||
You can disable long polling for all types of entites with use value `false`. | You can disable long polling for all types of entites with use value `false`. | ||
+ | |||
+ | |||
==== Provisioning ==== | ==== Provisioning ==== | ||
Line 836: | Line 1000: | ||
==== Provisioning global break ==== | ==== Provisioning global break ==== | ||
- | <note tip>For enable global provisioning break you must set configurations properties defined below, otherwise global provisioning break will not be active.</ | + | <note tip>For enable global provisioning break you must set configurations properties defined below, otherwise global provisioning break will not be activated.</ |
<code properties> | <code properties> | ||
Line 929: | Line 1093: | ||
# Show thread name configured by thread pools (task, event) in logs (generated name is shown otherwise) | # Show thread name configured by thread pools (task, event) in logs (generated name is shown otherwise) | ||
# Two appenders ' | # Two appenders ' | ||
- | logging.pattern.console=%d{yyyy-MM-dd HH: | + | logging.pattern.console=%d{yyyy-MM-dd HH: |
- | logging.pattern.file=%d{yyyy-MM-dd HH: | + | logging.pattern.file=%d{yyyy-MM-dd HH: |
</ | </ | ||
Line 947: | Line 1111: | ||
idm.sec.core.logger.eu.bcvsolutions=DEBUG | idm.sec.core.logger.eu.bcvsolutions=DEBUG | ||
</ | </ | ||
+ | |||
+ | ==== Monitoring ==== | ||
+ | |||
+ | === Monitoring evaluator === | ||
+ | |||
+ | In the application profile ('' | ||
+ | |||
+ | <code properties> | ||
+ | # disable / enable monitoring evaluator | ||
+ | idm.sec.< | ||
+ | </ | ||
+ | Where ''< | ||
+ | |||
+ | Common configuration properties for all monitorings: | ||
+ | * '' |