Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
devel:documentation:application_configuration:dev:backend [2021/05/05 09:08] tomiskar [Application/ Server] |
devel:documentation:application_configuration:dev:backend [2021/11/22 10:52] tomiskar [Application/ Server] |
||
---|---|---|---|
Line 65: | Line 65: | ||
# Can be defined in property file only! Overidding via ConfigurationService is not possible for application instance (~ more instanceos on the same database) | # Can be defined in property file only! Overidding via ConfigurationService is not possible for application instance (~ more instanceos on the same database) | ||
idm.pub.app.instanceId=idm-primary | idm.pub.app.instanceId=idm-primary | ||
+ | # Frontend server url. | ||
+ | # E.g. http:// | ||
+ | # Default: The first ' | ||
+ | # @since 12.0.0 | ||
+ | idm.pub.app.frontend.url= | ||
+ | # Backend server url. | ||
+ | # E.g. http:// | ||
+ | # Default: Url is resolved dynamically from current servlet request. | ||
+ | # @since 12.0.0 | ||
+ | idm.pub.app.backend.url= | ||
+ | |||
# global date format on BE. Used in notification templates, logs, etc. FE uses localization key ' | # global date format on BE. Used in notification templates, logs, etc. FE uses localization key ' | ||
idm.pub.app.format.date=dd.MM.yyyy | idm.pub.app.format.date=dd.MM.yyyy | ||
Line 77: | Line 88: | ||
# Show role baseCode in frontend application for roles (table, role detail, niceLabel, info components, role select). | # Show role baseCode in frontend application for roles (table, role detail, niceLabel, info components, role select). | ||
idm.pub.app.show.role.baseCode=true | idm.pub.app.show.role.baseCode=true | ||
+ | # Rendered column in role table agenda. Comma is used as separator. Order of rendered columns is preserved as configured. | ||
+ | # Available columns: | ||
+ | # - name - role name info card with link to detail | ||
+ | # - baseCode - role base code (without environment) | ||
+ | # - environment - role environment | ||
+ | # - disabled | ||
+ | # - description | ||
+ | idm.pub.app.show.role.table.columns=name, | ||
+ | # Show role catalogue item code in role catalogue tree | ||
+ | idm.pub.app.show.roleCatalogue.tree.code=false | ||
# Number of items (pagination) in role catalogue tree in root level. Used on role select and agenda. | # Number of items (pagination) in role catalogue tree in root level. Used on role select and agenda. | ||
idm.pub.app.show.roleCatalogue.tree.pagination.root.size=25 | idm.pub.app.show.roleCatalogue.tree.pagination.root.size=25 | ||
Line 113: | Line 134: | ||
# you can use FE configuration https:// | # you can use FE configuration https:// | ||
idm.pub.app.show.identity.table.columns=username, | idm.pub.app.show.identity.table.columns=username, | ||
+ | idm.pub.app.show.identityRole.table.columns=role, | ||
# If is true, then role-request description will be show on the detail. | # If is true, then role-request description will be show on the detail. | ||
# Description will hidden if this property will be false and role request | # Description will hidden if this property will be false and role request | ||
# doesn' | # doesn' | ||
idm.pub.app.show.roleRequest.description=true | idm.pub.app.show.roleRequest.description=true | ||
+ | # Show logout content (~ page) with message, after user is logged out. | ||
+ | # @since 12.0.0 | ||
+ | idm.pub.app.show.logout.content=false | ||
+ | # | ||
+ | # Configurable application theme | ||
+ | # @since 12.0.0 | ||
+ | idm.pub.app.show.theme={ " | ||
+ | # | ||
+ | # Configurable application logo (attachment uuid identifier) | ||
+ | # Recommended logo size is 165 x 40 px. | ||
+ | # @since 12.0.0 | ||
+ | idm.pub.app.show.logo= | ||
+ | # Footer help link url. | ||
+ | # @since 12.0.0 | ||
+ | idm.pub.app.show.footer.help.link=https:// | ||
+ | # Footer service desk link url. | ||
+ | # @since 12.0.0 | ||
+ | idm.pub.app.show.footer.servicedesk.link=https:// | ||
# | # | ||
# Private properties - used on backend only. | # Private properties - used on backend only. | ||
Line 140: | Line 180: | ||
Previous and new instance identifier is required as input parameters. All scheduled tasks and all created (~ not processed) asynchronous long running tasks and events will be moved from previous to new instance and will be processed on new instance (server). | Previous and new instance identifier is required as input parameters. All scheduled tasks and all created (~ not processed) asynchronous long running tasks and events will be moved from previous to new instance and will be processed on new instance (server). | ||
+ | |||
+ | Bulk action is available for logged user with required authorities and permissions: | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
Line 324: | Line 369: | ||
<code properties> | <code properties> | ||
# allowed origins for FE | # allowed origins for FE | ||
- | # the first value is used as frontend url to notification templates | ||
idm.pub.security.allowed-origins=http:// | idm.pub.security.allowed-origins=http:// | ||
# auth token | # auth token | ||
Line 528: | Line 572: | ||
# Needed on FE (=> public) | # Needed on FE (=> public) | ||
idm.pub.core.identity.passwordChange.public.idm.enabled=true | idm.pub.core.identity.passwordChange.public.idm.enabled=true | ||
- | # | ||
- | # create default identity' | ||
- | # skipped in synchronizations - contract synchronization should be provided. | ||
- | idm.pub.core.identity.create.defaultContract.enabled=true | ||
# | # | ||
# Skip identity dashboard content - show full detail directly (link from table or from info component) | # Skip identity dashboard content - show full detail directly (link from table or from info component) | ||
# Needed on FE (=> public) | # Needed on FE (=> public) | ||
idm.pub.core.identity.dashboard.skip= | idm.pub.core.identity.dashboard.skip= | ||
+ | # | ||
+ | # Create default identity' | ||
+ | # Skipped in synchronizations - contract synchronization should be provided. | ||
+ | idm.sec.core.identity.create.defaultContract.enabled=true | ||
+ | # Creates default identity' | ||
+ | idm.sec.core.identity.create.defaultContract.position=Default | ||
+ | # Creates default identity' | ||
+ | # EXCLUDED - Excluded from evidence - remains valid, but roles assigned for this contract are not added for logged identity. | ||
+ | # DISABLED - Invalid by user - not changed by dates. | ||
+ | idm.sec.core.identity.create.defaultContract.state= | ||
+ | # Number of days related to current date - will be used for set contract valid till date (current date + expiration in days = valid till). | ||
+ | # Contact valid till will not be set by default (~ contract expiration is not configured by default). | ||
+ | idm.sec.core.identity.create.defaultContract.expiration= | ||
+ | # | ||
+ | # Profile image max file size in readable string format (e.g. 200KB). | ||
+ | idm.sec.core.identity.profile.image.max-file-size=512KB | ||
</ | </ | ||
Line 864: | Line 920: | ||
=== CAS authentication filter === | === CAS authentication filter === | ||
- | @since | + | @since |
[[..: | [[..: | ||
<code properties> | <code properties> | ||
- | # Enable authentication via CAS. If enabled, | + | # Enable authentication via CAS. If enabled, "idm.sec.core.cas.url" become mandatory and must be set for SSO authentication via CAS to work. Default: false |
- | idm.pub.core.cas.sso.enabled=true | + | idm.pub.core.cas.enabled=false |
# Other properties | # Other properties | ||
# Base URL where CAS is accessible. Syntax of this field is https:// | # Base URL where CAS is accessible. Syntax of this field is https:// | ||
- | idm.pub.core.cas.url= | + | idm.sec.core.cas.url= |
- | # Suffix which is, in effect, appended to idm.pub.core.cas.url. Resulting URL is used for login operation in CAS. It must start with slash (eg. /login). | + | # IdM service name configured as service on CAS server. |
- | idm.pub.core.cas.login-suffix=/login?service= | + | # When service is configured, then login and logout redirect urls, should be defined directly in CAS service configuration. |
- | # Suffix which is appended to idm.pub.core.cas.url. Resulting URL is used for single sign-out operation. It must start with slash (eg. /logout). | + | # Default: service name for login / logout is created dynamically by BE server url (recommended). |
- | idm.pub.core.cas.logout-suffix=/logout?service= | + | idm.sec.core.cas.service= |
- | # URL of CzechIdM. This URL is used for redirect back after logout and also for ticket validation. Syntax of this field is https:// | + | # Suffix which is, in effect, appended to idm.sec.core.cas.url. Resulting URL is used for login operation in CAS. It must start with slash (eg. /login). |
- | idm.pub.core.cas.idm-url= | + | idm.sec.core.cas.login-path=/login |
- | # Header name in which CAS sends the ticket value. | + | # Suffix which is appended to idm.sec.core.cas.url. Resulting URL is used for single sign-out operation. It must start with slash (eg. /logout). |
- | idm.sec.core.cas.header-name=referer | + | idm.sec.core.cas.logout-path=/logout |
- | # Path to CzechIdM for the HTTP Referer header used by CAS while redirecting back to application. This value is concatenated with CAS ticket to form Referer header. Syntax of this field is https:// | + | # Ticket can be given as request parameter (recommended, |
+ | idm.sec.core.cas.parameter-name=ticket | ||
+ | # Header name in which CAS sends the ticket value. Ticket can be given as request header. Not configured by default. | ||
+ | idm.sec.core.cas.header-name= | ||
+ | # Path to CzechIdM for the HTTP Referer header used by CAS while redirecting back to application. This value is concatenated with CAS ticket to form Referer header. Syntax of this field is https:// | ||
idm.sec.core.cas.header-prefix= | idm.sec.core.cas.header-prefix= | ||
</ | </ | ||
Line 956: | Line 1016: | ||
==== Provisioning global break ==== | ==== Provisioning global break ==== | ||
- | <note tip>For enable global provisioning break you must set configurations properties defined below, otherwise global provisioning break will not be active.</ | + | <note tip>For enable global provisioning break you must set configurations properties defined below, otherwise global provisioning break will not be activated.</ |
<code properties> | <code properties> | ||
Line 1049: | Line 1109: | ||
# Show thread name configured by thread pools (task, event) in logs (generated name is shown otherwise) | # Show thread name configured by thread pools (task, event) in logs (generated name is shown otherwise) | ||
# Two appenders ' | # Two appenders ' | ||
- | logging.pattern.console=%d{yyyy-MM-dd HH: | + | logging.pattern.console=%d{yyyy-MM-dd HH: |
- | logging.pattern.file=%d{yyyy-MM-dd HH: | + | logging.pattern.file=%d{yyyy-MM-dd HH: |
</ | </ | ||
Line 1067: | Line 1127: | ||
idm.sec.core.logger.eu.bcvsolutions=DEBUG | idm.sec.core.logger.eu.bcvsolutions=DEBUG | ||
</ | </ | ||
+ | |||
+ | ==== Monitoring ==== | ||
+ | |||
+ | === Monitoring evaluator === | ||
+ | |||
+ | In the application profile ('' | ||
+ | |||
+ | <code properties> | ||
+ | # disable / enable monitoring evaluator | ||
+ | idm.sec.< | ||
+ | </ | ||
+ | Where ''< | ||
+ | |||
+ | Common configuration properties for all monitorings: | ||
+ | * '' |