secure.conf
Die nachfolgenden Inhalte sind nur in englischer Sprache verfügbar.
Parameters | Possible values | Description | Available from | |
|---|---|---|---|---|
as variable name in the config file | as environment variable with |
|
|
|
|
| {planta_plain, planta_ssl} | Connect with or without TLS encryption | |
|
| {true / false} | If defaults are not enforced, a client can specify a protocol, host, and port via the route attribute. | |
|
| TLSv1.2 | Protocol for Planta backend SSL connection. | |
|
| config/keystore.jks | Keystore file in jks format. Must contain the client certificates for the servlet. Used for ssl backend connection. | |
|
| Password to access keystore | ||
|
| config/truststore.jks | Truststore file in jks format. Must contain the public keys of the trust chain up to the CA that issued the certificates in keystore.jks | |
|
| Password to access truststore | ||
|
| {false / true} | Default settings for the SSL/TLS enabled connector | |
|
| {http / https} | If set to https, an SSL connection is used. | |
|
| String | Makes entrypoint for planta secure configurable. This setting must match that of the ClientAdapter (secure_server_endpoint parameter). Default: \PlantaServerAdapter\ | S 39.5.35 |
|
| String : Integer | Combines interface and port, separated by a ':', e.g. your_interface:your_port | S 39.5.34 |
|
| {true / false} | To allow login using either LDAP or OIDC, this has to be set to true. | |
|
| plain | The format of the user header. At the moment the header is transmitted plain. | |
|
| {X-Authenticated-User / X-Forwarded-User} | X-Authenticated-User is used for LDAP method and X-Forwarded-User is used for OIDC as header attribute for the user name. | |
|
| X-Forwarded-Access-Token | Is used for OIDC as header attribute for the user token. This parameter is only required if additional claims are to be read from OIDC. | S 39.5.34 |
|
| Integer | Defines how long a polling request may wait. Longer intervals reduce overhead, shorter intervals reduce the time until connection failure will be noticed. | |
|
| Integer | A potential reverse proxy requires a read timeout >= max_wait in order to avoid 504 gateway timeout errors on the client adapter side. | |
|
| Integer | ||
|
| Integer | Should be the same value for both keepalive and the client | |
|
| Integer | Defines how long a session remains alive in the absence of web requests. | |
|
| {true / false} | Enables ldap service to synchronize user of a directory service | S 39.5.34 |
|
| {true / false} | Enables ssl usage of the ldap service | S 39.5.34 |
|
| path to LDAP configuration file | S 39.5.34 | |
|
| String | This parameter is only required if additional claims are to be read from OIDC. | S 39.5.34 |
|
| URl | This parameter is only required if additional claims are to be read from OIDC. | S 39.5.34 |
|
| URl | This parameter is only required if additional claims are to be read from OIDC. | S 39.5.34 |
| Integer 8080 | Up to S 39.5.31 | ||
| {true / false} | Enables authentication using a DirectoryService. A separate configuration is required | Up to S 39.5.31 | |
| {true / false} | Enables SSL Protocol for the DirectoryService | Up to S 39.5.31 | |
| path to LDAP configuration file | Up to S 39.5.31 | ||