Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
devel:documentation:application_configuration:dev:backend [2020/12/02 12:22] tomiskar [Authentication] |
devel:documentation:application_configuration:dev:backend [2021/02/23 10:55] kucerar CAS properties |
||
---|---|---|---|
Line 666: | Line 666: | ||
# Default main WF for approve all roles. | # Default main WF for approve all roles. | ||
idm.sec.core.processor.role-request-approval-processor.wf=approve-identity-change-permissions | idm.sec.core.processor.role-request-approval-processor.wf=approve-identity-change-permissions | ||
+ | </ | ||
+ | |||
+ | ==== Universal requests ===== | ||
+ | <code properties> | ||
+ | ## Universal requests | ||
+ | # Role | ||
+ | idm.pub.core.request.idm-role.enabled=false | ||
+ | # Defines type of guarantee. Requests will be approving only by guarantee with this type. | ||
+ | # If returns null, then all guarantees will be used for approving (no limitations). | ||
+ | idm.sec.core.request.idm-role.approval.guarantee-type= | ||
</ | </ | ||
Line 805: | Line 815: | ||
<code properties> | <code properties> | ||
- | # Secret Length | + | # Verification |
- | # Set the totp.secret.length | + | |
totp.secret.length=32 | totp.secret.length=32 | ||
- | # Time Period | + | # Time Period |
- | # Set the totp.time.period | + | |
totp.time.period=30 | totp.time.period=30 | ||
- | # Time Discrepancy | + | # Time Discrepancy |
- | # Set the totp.time.discrepancy property | + | |
totp.time.discrepancy=1 | totp.time.discrepancy=1 | ||
</ | </ | ||
+ | |||
+ | === CAS authentication filter === | ||
+ | [[..: | ||
+ | <code properties> | ||
+ | # Enable authentication via CAS. If enabled, all properties below "Other properties" | ||
+ | idm.pub.core.cas.sso.enabled=true | ||
+ | # Other properties | ||
+ | # Base URL where CAS is accessible. Syntax of this field is https:// | ||
+ | idm.pub.core.cas.url= | ||
+ | # Suffix which is, in effect, appended to idm.pub.core.cas.url. Resulting URL is used for login operation in CAS. It must start with slash (eg. /login). | ||
+ | idm.pub.core.cas.login-suffix=/ | ||
+ | # Suffix which is appended to idm.pub.core.cas.url. Resulting URL is used for single sign-out operation. It must start with slash (eg. /logout). | ||
+ | idm.pub.core.cas.logout-suffix=/ | ||
+ | # URL of CzechIdM. This URL is used for redirect back after logout and also for ticket validation. Syntax of this field is https:// | ||
+ | idm.pub.core.cas.idm-url= | ||
+ | # Header name in which CAS sends the ticket value. | ||
+ | idm.sec.core.cas.header-name=referer | ||
+ | # Path to CzechIdM for the HTTP Referer header used by CAS while redirecting back to application. This value is concatenated with CAS ticket to form Referer header. Syntax of this field is https:// | ||
+ | idm.sec.core.cas.header-prefix= | ||
+ | </ | ||
+ | |||
==== Backup ==== | ==== Backup ==== | ||
If you want to use redeploy and backup for example in agenda (notification templates, scripts), you must define default backup folder. | If you want to use redeploy and backup for example in agenda (notification templates, scripts), you must define default backup folder. | ||
Line 862: | Line 890: | ||
You can disable long polling for all types of entites with use value `false`. | You can disable long polling for all types of entites with use value `false`. | ||
+ | |||
+ | |||
==== Provisioning ==== | ==== Provisioning ==== |