Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:czechidm_installation [2021/08/25 08:14] husniko |
tutorial:adm:czechidm_installation [2021/10/07 13:11] fiserp [5. Create CzechIdM configuration] |
||
---|---|---|---|
Line 84: | Line 84: | ||
==== 5. Create CzechIdM configuration ==== | ==== 5. Create CzechIdM configuration ==== | ||
- | Now we will create configuration files the CzechIdM will use. | + | |
- | < | + | Now we will create configuration files the CzechIdM will use. < |
- | * The **/ | + | |
- | cat / | + | * The **/ |
+ | |||
+ | < | ||
+ | cat / | ||
</ | </ | ||
- | | + | |
+ | | ||
+ | |||
+ | <file properties quartz-production.properties> | ||
org.quartz.scheduler.instanceName=idm-scheduler-instance | org.quartz.scheduler.instanceName=idm-scheduler-instance | ||
org.quartz.scheduler.instanceId=AUTO | org.quartz.scheduler.instanceId=AUTO | ||
Line 101: | Line 108: | ||
org.quartz.jobStore.misfireThreshold=60000 | org.quartz.jobStore.misfireThreshold=60000 | ||
org.quartz.jobStore.tablePrefix=qrtz_ | org.quartz.jobStore.tablePrefix=qrtz_ | ||
+ | |||
</ | </ | ||
- | | + | |
+ | | ||
<file xml logback-spring.xml> | <file xml logback-spring.xml> | ||
Line 109: | Line 118: | ||
<!-- http:// | <!-- http:// | ||
< | < | ||
- | <!-- !!!BEWARE!!! The specification of the LOG PATTERNS overrides the default configuration and increases the maximum length of the %logger{< | + | <!-- !!!BEWARE!!! The specification of the LOG PATTERNS overrides the default configuration and increases the maximum length of the %logger{< |
- | It is neccessary for correct function of the AUDIT logging feature (redmine ticket #2717). If AUDIT logger key is longer then the set limit it gets shortened | + | It is neccessary for correct function of the AUDIT logging feature (redmine ticket #2717). If AUDIT logger key is longer then the set limit it gets shortened |
and SIEM software is not able to parse logs properly. --> | and SIEM software is not able to parse logs properly. --> | ||
< | < | ||
Line 123: | Line 132: | ||
<logger name=" | <logger name=" | ||
<logger name=" | <logger name=" | ||
- | <logger name=" | + | <logger name=" |
</ | </ | ||
Line 153: | Line 162: | ||
<logger name=" | <logger name=" | ||
<logger name=" | <logger name=" | ||
- | <logger name=" | + | <logger name=" |
</ | </ | ||
</ | </ | ||
+ | |||
</ | </ | ||
- | | + | |
+ | | ||
+ | |||
+ | <file properties application-production.properties> | ||
# Doc: https:// | # Doc: https:// | ||
- | + | ||
idm.pub.app.instanceId=idm-primary | idm.pub.app.instanceId=idm-primary | ||
idm.pub.app.stage=production | idm.pub.app.stage=production | ||
- | + | ||
spring.datasource.url=jdbc: | spring.datasource.url=jdbc: | ||
spring.datasource.username=czechidm | spring.datasource.username=czechidm | ||
Line 174: | Line 187: | ||
spring.jpa.hibernate.ddl-auto=none | spring.jpa.hibernate.ddl-auto=none | ||
flyway.enabled=true | flyway.enabled=true | ||
- | |||
scheduler.properties.location=quartz-production.properties | scheduler.properties.location=quartz-production.properties | ||
Line 186: | Line 198: | ||
# System.getProperty(" | # System.getProperty(" | ||
idm.sec.core.attachment.storagePath=/ | idm.sec.core.attachment.storagePath=/ | ||
- | # configuration property for default backup | + | # configuration property for default backup |
idm.sec.core.backups.default.folder.path=/ | idm.sec.core.backups.default.folder.path=/ | ||
- | |||
idm.pub.security.allowed-origins=http:// | idm.pub.security.allowed-origins=http:// | ||
# Generate JWT token security string as "cat / | # Generate JWT token security string as "cat / | ||
Line 211: | Line 222: | ||
# idm.sec.core.emailer.password=password | # idm.sec.core.emailer.password=password | ||
idm.sec.core.emailer.from=czechidm@localhost | idm.sec.core.emailer.from=czechidm@localhost | ||
- | + | ||
# Default user role will be added automatically, | # Default user role will be added automatically, | ||
# could contains default authorities and authority policies configuration | # could contains default authorities and authority policies configuration | ||
Line 222: | Line 233: | ||
spring.servlet.multipart.max-file-size=100MB | spring.servlet.multipart.max-file-size=100MB | ||
spring.servlet.multipart.max-request-size=100MB | spring.servlet.multipart.max-request-size=100MB | ||
+ | |||
</ | </ | ||
=== Adjust database configuration === | === Adjust database configuration === | ||
- | If you followed this howto, the only thing you should need to adjust is a **spring.datasource.password** propetry. Set it to the password for czechidm user in PostgreSQL. | + | |
- | If necessary, adjust other database connection properties... <code properties> | + | If you followed this howto, the only thing you should need to adjust is a **spring.datasource.password** |
+ | |||
+ | <code properties> | ||
spring.datasource.url=jdbc: | spring.datasource.url=jdbc: | ||
spring.datasource.username=czechidm | spring.datasource.username=czechidm | ||
Line 233: | Line 247: | ||
spring.datasource.validationQuery=SELECT 1 | spring.datasource.validationQuery=SELECT 1 | ||
spring.datasource.test-on-borrow=true | spring.datasource.test-on-borrow=true | ||
+ | |||
</ | </ | ||
=== Generate JWT token === | === Generate JWT token === | ||
- | Set value of the **idm.sec.security.jwt.secret.token** property as is described in the template file:< | + | |
+ | Set value of the **idm.sec.security.jwt.secret.token** | ||
+ | |||
+ | <code properties> | ||
# Generate JWT token security string as "cat / | # Generate JWT token security string as "cat / | ||
# We recommend the VALUE to be at least 25. | # We recommend the VALUE to be at least 25. | ||
idm.sec.security.jwt.secret.token=********** TODO ********* | idm.sec.security.jwt.secret.token=********** TODO ********* | ||
+ | |||
</ | </ | ||
=== Local confidential storage === | === Local confidential storage === | ||
- | Local confidential storage is encrypted by AES algoritm. [[https:// | + | Local confidential storage is encrypted by AES algoritm. [[https:// |
- | Confidential storage is encrypted by a key found in **secret.key** file you already created. | + | |
There are two properties in application-production.properties that influence the confidential storage: | There are two properties in application-production.properties that influence the confidential storage: | ||
- | | + | |
- | * or (better) you can create separate file '' | + | |
+ | * or (better) you can create separate file '' | ||
<note warning> | <note warning> | ||
- | Confidential storage uses AES/ | + | Confidential storage uses AES/ |
- | < | + | |
- | Length of the key determines the cipher which will be used. If you use 128b (16byte) key, CzechIdM will use AES-128. If you use 256b (32byte) key, CzechIdM will use AES-256. | + | |
* OpenJDK/JDK 1.8u161 and all higher versions support AES-256 by default. | * OpenJDK/JDK 1.8u161 and all higher versions support AES-256 by default. | ||
Line 263: | Line 280: | ||
=== Attachment store === | === Attachment store === | ||
- | In CzechIdM, users can sometimes add attachments (say, attach *.jpeg photo to their employee card request). Those files are stored in the attachment store. | + | |
- | With the following property, you can configure, where the store is. If you used sample property file, the store is by-default located under / | + | In CzechIdM, users can sometimes add attachments (say, attach *.jpeg photo to their employee card request). Those files are stored in the attachment store. With the following property, you can configure, where the store is. If you used sample property file, the store is by-default located under / |
<code properties> | <code properties> | ||
Line 271: | Line 288: | ||
# System.getProperty(" | # System.getProperty(" | ||
idm.sec.core.attachment.storagePath=/ | idm.sec.core.attachment.storagePath=/ | ||
+ | |||
</ | </ | ||
=== Environment === | === Environment === | ||
- | If you install CzechIdM in multiple environments (typically test and production), | + | If you install CzechIdM in multiple environments (typically test and production), |
<code properties> | <code properties> | ||
# Application stage (development, | # Application stage (development, | ||
idm.pub.app.stage=production | idm.pub.app.stage=production | ||
- | </ | ||
+ | </ | ||