Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
devel:documentation:application_configuration:dev:backend [2021/06/07 18:09] 127.0.0.1 external edit |
devel:documentation:application_configuration:dev:backend [2021/10/19 19:04] tomiskar [Authentication] |
||
---|---|---|---|
Line 123: | Line 123: | ||
# you can use FE configuration https:// | # you can use FE configuration https:// | ||
idm.pub.app.show.identity.table.columns=username, | idm.pub.app.show.identity.table.columns=username, | ||
+ | idm.pub.app.show.identityRole.table.columns=role, | ||
# If is true, then role-request description will be show on the detail. | # If is true, then role-request description will be show on the detail. | ||
# Description will hidden if this property will be false and role request | # Description will hidden if this property will be false and role request | ||
Line 152: | Line 153: | ||
Bulk action is available for logged user with required authorities and permissions: | Bulk action is available for logged user with required authorities and permissions: | ||
- | * '' | + | * '' |
* '' | * '' | ||
* '' | * '' | ||
Line 543: | Line 544: | ||
# Needed on FE (=> public) | # Needed on FE (=> public) | ||
idm.pub.core.identity.passwordChange.public.idm.enabled=true | idm.pub.core.identity.passwordChange.public.idm.enabled=true | ||
- | # | ||
- | # create default identity' | ||
- | # skipped in synchronizations - contract synchronization should be provided. | ||
- | idm.pub.core.identity.create.defaultContract.enabled=true | ||
# | # | ||
# Skip identity dashboard content - show full detail directly (link from table or from info component) | # Skip identity dashboard content - show full detail directly (link from table or from info component) | ||
# Needed on FE (=> public) | # Needed on FE (=> public) | ||
idm.pub.core.identity.dashboard.skip= | idm.pub.core.identity.dashboard.skip= | ||
+ | # | ||
+ | # Create default identity' | ||
+ | # Skipped in synchronizations - contract synchronization should be provided. | ||
+ | idm.sec.core.identity.create.defaultContract.enabled=true | ||
+ | # Creates default identity' | ||
+ | idm.sec.core.identity.create.defaultContract.position=Default | ||
+ | # Creates default identity' | ||
+ | # EXCLUDED - Excluded from evidence - remains valid, but roles assigned for this contract are not added for logged identity. | ||
+ | # DISABLED - Invalid by user - not changed by dates. | ||
+ | idm.sec.core.identity.create.defaultContract.state= | ||
+ | # Number of days related to current date - will be used for set contract valid till date (current date + expiration in days = valid till). | ||
+ | # Contact valid till will not be set by default (~ contract expiration is not configured by default). | ||
+ | idm.sec.core.identity.create.defaultContract.expiration= | ||
+ | # | ||
+ | # Profile image max file size in readable string format (e.g. 200KB). | ||
+ | idm.sec.core.identity.profile.image.max-file-size=512KB | ||
</ | </ | ||
Line 879: | Line 892: | ||
=== CAS authentication filter === | === CAS authentication filter === | ||
- | @since | + | @since |
[[..: | [[..: | ||
<code properties> | <code properties> | ||
- | # Enable authentication via CAS. If enabled, | + | # Enable authentication via CAS. If enabled, "idm.sec.core.cas.url" become mandatory and must be set for SSO authentication via CAS to work. Default: false |
- | idm.pub.core.cas.sso.enabled=true | + | idm.pub.core.cas.enabled=true |
# Other properties | # Other properties | ||
# Base URL where CAS is accessible. Syntax of this field is https:// | # Base URL where CAS is accessible. Syntax of this field is https:// | ||
- | idm.pub.core.cas.url= | + | idm.sec.core.cas.url= |
- | # Suffix which is, in effect, appended to idm.pub.core.cas.url. Resulting URL is used for login operation in CAS. It must start with slash (eg. /login). | + | # IdM service name configured as service on CAS server. |
- | idm.pub.core.cas.login-suffix=/login?service= | + | # When service is configured, then login and logout redirect urls, should be defined directly in CAS service configuration. |
- | # Suffix which is appended to idm.pub.core.cas.url. Resulting URL is used for single sign-out operation. It must start with slash (eg. /logout). | + | # Default: service name for login / logout is created dynamically by BE server url (recommended). |
- | idm.pub.core.cas.logout-suffix=/logout?service= | + | idm.sec.core.cas.service= |
- | # URL of CzechIdM. This URL is used for redirect back after logout and also for ticket validation. Syntax of this field is https:// | + | # Suffix which is, in effect, appended to idm.sec.core.cas.url. Resulting URL is used for login operation in CAS. It must start with slash (eg. /login). |
- | idm.pub.core.cas.idm-url= | + | idm.sec.core.cas.login-path=/login |
- | # Header name in which CAS sends the ticket value. | + | # Suffix which is appended to idm.sec.core.cas.url. Resulting URL is used for single sign-out operation. It must start with slash (eg. /logout). |
+ | idm.sec.core.cas.logout-path=/logout | ||
+ | # Ticket can be given as request parameter (recommended, | ||
+ | idm.sec.core.cas.parameter-name=ticket | ||
+ | # Header name in which CAS sends the ticket value. Ticket can be given as request header. Not configured by default. | ||
idm.sec.core.cas.header-name=referer | idm.sec.core.cas.header-name=referer | ||
- | # Path to CzechIdM for the HTTP Referer header used by CAS while redirecting back to application. This value is concatenated with CAS ticket to form Referer header. Syntax of this field is https:// | + | # Path to CzechIdM for the HTTP Referer header used by CAS while redirecting back to application. This value is concatenated with CAS ticket to form Referer header. Syntax of this field is https:// |
idm.sec.core.cas.header-prefix= | idm.sec.core.cas.header-prefix= | ||
</ | </ | ||
Line 1064: | Line 1081: | ||
# Show thread name configured by thread pools (task, event) in logs (generated name is shown otherwise) | # Show thread name configured by thread pools (task, event) in logs (generated name is shown otherwise) | ||
# Two appenders ' | # Two appenders ' | ||
- | logging.pattern.console=%d{yyyy-MM-dd HH: | + | logging.pattern.console=%d{yyyy-MM-dd HH: |
- | logging.pattern.file=%d{yyyy-MM-dd HH: | + | logging.pattern.file=%d{yyyy-MM-dd HH: |
</ | </ | ||
Line 1082: | Line 1099: | ||
idm.sec.core.logger.eu.bcvsolutions=DEBUG | idm.sec.core.logger.eu.bcvsolutions=DEBUG | ||
</ | </ | ||
+ | |||
+ | ==== Monitoring ==== | ||
+ | |||
+ | === Monitoring evaluator === | ||
+ | |||
+ | In the application profile ('' | ||
+ | |||
+ | <code properties> | ||
+ | # disable / enable monitoring evaluator | ||
+ | idm.sec.< | ||
+ | </ | ||
+ | Where ''< | ||
+ | |||
+ | Common configuration properties for all monitorings: | ||
+ | * '' |