Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
devel:documentation:application_configuration:dev:backend [2020/11/23 08:40]
tomiskar [Application/ Server] 		devel:documentation:application_configuration:dev:backend [2021/02/23 13:55]
kucerar cas since information
Line 77: Line 77:
 # Show role baseCode in frontend application for roles (table, role detail, niceLabel, info components, role select). # Show role baseCode in frontend application for roles (table, role detail, niceLabel, info components, role select).
 idm.pub.app.show.role.baseCode=true idm.pub.app.show.role.baseCode=true
-# Number of items (pagination) in role catalogue tree in one level. +# Number of items (pagination) in role catalogue tree in root level. 
-idm.pub.app.show.roleCatalogue.tree.pagination.size=25+idm.pub.app.show.roleCatalogue.tree.pagination.root.size=25 
 +# Number of items (pagination) in role catalogue tree in other levels. 
 +idm.pub.app.show.roleCatalogue.tree.pagination.node.size=25 
 +# Number of items (pagination) in tree node structure in root level. 
 +idm.pub.app.show.treeNode.tree.pagination.root.size=50 
 +# Number of items (pagination) in tree node structure in other levels. 
 +idm.pub.app.show.treeNode.tree.pagination.node.size=50
 # Available size options for tables in frontend application # Available size options for tables in frontend application
 idm.pub.app.show.sizeOptions=10, 25, 50, 100 idm.pub.app.show.sizeOptions=10, 25, 50, 100
Line 660: Line 666:
 # Default main WF for approve all roles. # Default main WF for approve all roles.
 idm.sec.core.processor.role-request-approval-processor.wf=approve-identity-change-permissions idm.sec.core.processor.role-request-approval-processor.wf=approve-identity-change-permissions
 +</code>
 +
 +==== Universal requests =====
 +<code properties>
 +## Universal requests
 +# Role
 +idm.pub.core.request.idm-role.enabled=false
 +# Defines type of guarantee. Requests will be approving only by guarantee with this type.
 +# If returns null, then all guarantees will be used for approving (no limitations).
 +idm.sec.core.request.idm-role.approval.guarantee-type=
 </code> </code>
  
Line 793: Line 809:
  
 This authentication filter reuses SSO authentication filter behavior above (''uid-suffixes'', ''forbidden-uids''), but application administrator can be logged by this filter (identity with ''APP_ADMIN'' authority). This authentication filter reuses SSO authentication filter behavior above (''uid-suffixes'', ''forbidden-uids''), but application administrator can be logged by this filter (identity with ''APP_ADMIN'' authority).
 +
 +=== Two-factor authentication ===
 +
 +[[..:..:security:dev:security#two-factor_authentication|Two-factor authentication]] can be configured in the application profile (application.properties) with following properties:
 +
 +<code properties>
 +# Verification secret length
 +totp.secret.length=32
 +# Time Period ~ period to generate new authentication code
 +totp.time.period=30
 +# Time Discrepancy - number of past (but still valid) authentication codes (e.g. when code is sent by notification, then user could need more time to fill it into CzechIdM)
 +totp.time.discrepancy=1
 +
 +</code>
 +
 +=== CAS authentication filter ===
 +@since 10.9.0
 +[[..:..:security:dev:security#cas_authentication|CAS authentication]] can be configured with following properties:
 +<code properties>
 +# Enable authentication via CAS. If enabled, all properties below "Other properties" become mandatory and must be set for SSO authentication via CAS to work. Default: false
 +idm.pub.core.cas.sso.enabled=true
 +# Other properties
 +# Base URL where CAS is accessible. Syntax of this field is https://hostname-of-CAS/URI.
 +idm.pub.core.cas.url=
 +# Suffix which is, in effect, appended to idm.pub.core.cas.url. Resulting URL is used for login operation in CAS. It must start with slash (eg. /login).
 +idm.pub.core.cas.login-suffix=/login?service=
 +# Suffix which is appended to idm.pub.core.cas.url. Resulting URL is used for single sign-out operation. It must start with slash (eg. /logout).
 +idm.pub.core.cas.logout-suffix=/logout?service=
 +# URL of CzechIdM. This URL is used for redirect back after logout and also for ticket validation. Syntax of this field is https://hostname-of-CzechIdM/URI.
 +idm.pub.core.cas.idm-url=
 +# Header name in which CAS sends the ticket value.
 +idm.sec.core.cas.header-name=referer
 +# Path to CzechIdM for the HTTP Referer header used by CAS while redirecting back to application. This value is concatenated with CAS ticket to form Referer header. Syntax of this field is https://hostname-of-CzechIdM/URI/?ticket=.
 +idm.sec.core.cas.header-prefix=
 +</code>
  
 ==== Backup ==== ==== Backup ====
Line 840: Line 891:
  
 You can disable long polling for all types of entites with use value `false`. You can disable long polling for all types of entites with use value `false`.
 +
 +
  
 ==== Provisioning ==== ==== Provisioning ====
  • by chalupat