CzechIdM can be configured by many configuration properties, see the list of configuration items.

You can set the properties in two ways:

  • settings in GUI - these properties are persisted to the CzechIdM database and they are preferred over the properties in configuration files. This is most handy place to put your configuration that differs from product defaults, but note that it's not accessible when CzechIdM is down.
  • configuration files located on the server where CzechIdM is deployed.

There are two locations of the configuration files for CzechIdM. This configuration is read at the application start. If changed, new options will be applied after application restart.

  • external configuration files - typically the files and are created during CzechIdM installation in the folder /opt/czechidm/etc/ on the server (the paths and names may differ in specific installations). These files are most suitable for environment-specific properties (differences between the test and production environment) or properties, that you want to be able to change even if CzechIdM is down (e.g. turning Single-Sign-On on and off).
  • configuration files bundled with CzechIdM product - of core and other CzechIdM modules ( The product or project developers change the default values in these files during development. It's not recommended to do any changes in the files inside the already built IdM package (idm.war); if you want to change the values, use external configuration files or settings in GUI.

You can see the values from the configuration files (both external and bundled) in the CzechIdM application: Settings → Configuration → Static environment configuration items.

All keys in configuration file can be overridden via GUI in menu Settings → Configuration. If the configuration property is set, the change takes place instantly.

If you want to do so, click on the green "Add" button in the right upper corner. Copy the desired key from the configuration file and then fill in your own value for the key. You can also store the value in the confidential storage, it means that the value is not visible in GUI (only stars represent the value) and the application keeps the reference into encrypted storage. If the value is to be used, the application use the reference and get the value for temporary usage.

Then there is a checkbox public. If turned on, then the configuration can be read via REST for all users even those not authenticated. It is advisable not to use it if not necessary.

Of course, you can also define keys that are not present in the configuration file.

The menu Settings → Configuration list both:

  • Configurable items - table with configuration properties defined in application itself. It is kept in DB and can be managed in GUI.
  • Static environment configuration items - read-only list of configuration properties from the file.

If the key is present in both tables, then only the value of the Configurable items is applied. Filtering by the key name is available for Configurable items.

You can activate/deactivate CzechIdM modules via menu Settings → Modules. There are currently 3 cards

  • Modules(backend) - list of all installed backend modules, administrator can Activate/Deactivate backend modules
  • Modules(frontend) - ddto
  • Processors - list of all application processors. Processors are responsible for event handling at the application backend.

If you want to activate/deactivate module. Use Modules (backend) or Modules (frontend) card, find the module you want to activate and click the button at the end of the line. It does not matter if you choose BE or FE part of the module, the complement will be activated/deactivated automatically.

Processors in Setting → Modules → Processors are read only list. If you want to activate the processor use the following approach:

  1. In the menu Settings → Modules → Processors find the processor you want to disable. Copy the configuration property key e.g. identity-monitored-fields-processor and check the name of the module that the processor is in (first row). In our example it is core module.
  2. In the menu Settings → Configuration add new configuration property with the following format: [idm.sec|].<module_name>.processor.<processor_name>.enabled. idm.sec means that the configuration is not public - see previous sections. module_name and processor_name we got in previous step. In our example the key is idm.sec.core.processor.identity-monitored-fields-processor.enabled.
  3. Add the value true and save.

If you want to deactivate processor, use false in the step 3.

  • by apeterova