Configuration - CzechIdM configuration in GUI and files

The CzechIdm configuration is to be found in the file This configuration is read at the application start. If changed, new options will be applied after application restart.

All keys in configuration file can be overridden via GUI in menu Settings → Configuration. If the configuration property is set, the change takes place instantly.

If you want to do so, click on the green "Add" button in the right upper corner. Copy the desired key from the configuration file and then fill in your own value for the key. You can also store the value in the confidential storage, it means that the value is not visible in GUI (only stars represent the value) and the application keeps the reference into encrypted storage. If the value is to be used, the application use the reference and get the value for temporary usage.

Then there is a checkbox public. If turned on, then the configuration can be read via REST for all users even those not authenticated. It is advisable not to use it if not necessary.

Of course, you can also define keys that are not present in the configuration file.

The menu Settings → Configuration list both:

  • Configurable items - table with configuration properties defined in application itself. It is kept in DB and can be managed in GUI.
  • Static environment configuration items - read-only list of configuration properties from the file.

If the key is present in both tables, then only the value of the Configurable items is applied. Filtering by the key name is available for Configurable items.

You can activate/deactivate CzechIdM modules via menu Settings → Modules. There are currently 3 cards

  • Modules(backend) - list of all installed backend modules, administrator can Activate/Deactivate backend modules
  • Modules(frontend) - ddto
  • Processors - list of all application processors. Processors are responsible for event handling at the application backend.

If you want to activate/deactivate module. Use Modules (backend) or Modules (frontend) card, find the module you want to activate and click the button at the end of the line. It does not matter if you choose BE or FE part of the module, the complement will be activated/deactivated automatically.

Processors in Setting → Modules → Processors are read only list. If you want to activate the processor use the following approach:

  1. In the menu Settings → Modules → Processors find the processor you want to disable. Copy the configuration property key e.g. identity-monitored-fields-processor and check the name of the module that the processor is in (first row). In our example it is core module.
  2. In the menu Settings → Configuration add new configuration property with the following format: [idm.sec|].<modulename>.processor.<processorname>.enabled. idm.sec means that the configuration is not public - see previous sections. modulename and processorname we got in previous step. In our example the key is idm.sec.core.processor.identity-monitored-fields-processor.enabled.
  3. Add the value true and save.

If you want to deactivate processor, use false in the step 3.