Skip to main content
Skip table of contents

secure.conf

Die nachfolgenden Inhalte sind nur in englischer Sprache verfügbar.

Parameters

Possible valuesDescriptionAvailable from
as variable name in the config fileas  environment variable with 
namespace "planta__server__" as prefix
   
bosh.stream.default_protocolsecure__stream__default_protocol{planta_plain, planta_ssl}Connect with or without TLS encryption
bosh.stream.defaults_enforcedsecure__stream__defaults_enforced{true / false}If defaults are not enforced, a client can specify a protocol, host, and port via the route attribute.
ssl.protocolsecure__ssl__protocolTLSv1.2Protocol for Planta backend SSL connection.
ssl.keystore.filesecure__ssl__keystore__fileconfig/keystore.jksKeystore file in jks format. Must contain the client certificates for the servlet. Used for ssl backend connection.
ssl.keystore.passwordsecure__ssl__keystore__password
Password to access keystore
ssl.truststore.filesecure__ssl__truststore__fileconfig/truststore.jksTruststore file in jks format. Must contain the public keys of the trust chain up to the CA that issued the certificates in keystore.jks
ssl.truststore.passwordsecure__ssl__truststore__password
Password to access truststore
servlet.enforce_request_vectorsecure__servlet__enforce_request_vector{false / true}Default settings for the SSL/TLS enabled connector
servlet.transport_schemesecure__servlet__transport_scheme{http / https}If set to https, an SSL connection is used.
servlet.entrypointsecure__servlet__entrypoint

String

Makes entrypoint for planta secure configurable. 

This setting must match that of the ClientAdapter (secure_server_endpoint parameter).

Default: \PlantaServerAdapter\

S 39.5.35
servlet.connectionsecure__servlet__connectionString : IntegerCombines interface and port, separated by a ':', e.g. your_interface:your_portS 39.5.34
reverse_proxy.authsecure__reverse_proxy__auth{true / false}To allow login using either LDAP or OIDC, this has to be set to true.
reverse_proxy.user_formatsecure__reverse_proxy__user_formatplainThe format of the user header. At the moment the header is transmitted plain.
reverse_proxy.user_headersecure__reverse_proxy__user_header{X-Authenticated-User / X-Forwarded-User}X-Authenticated-User is used for LDAP method and X-Forwarded-User is used for OIDC as header attribute for the user name.
If it is left blank, neither LDAP nor OIDC is activated as login method.

reverse_proxy.user_tokensecure__reverse_proxy__user_token

X-Forwarded-Access-Token

Is used for OIDC as header attribute for the user token.

This parameter is only required if additional claims are to be read from OIDC.

S 39.5.34
bosh.session.min_waitsecure__session__min_waitIntegerDefines how long a polling request may wait. Longer intervals reduce overhead, shorter intervals reduce the time until connection failure will be noticed.
bosh.session.max_waitsecure__session__max_waitIntegerA potential reverse proxy requires a read timeout >= max_wait in order to avoid 504 gateway timeout errors on the client adapter side.
bosh.session.default_waitsecure__session__default_waitInteger

planta.session.keepalivesecure__a__session__keepaliveIntegerShould be the same value for both keepalive and the client
bosh.session.max_inactivitysecure__session__max_inactivityIntegerDefines how long a session remains alive in the absence of web requests.
service.ldap_enabledservice__ldap_enabled{true / false}Enables ldap service to synchronize user of a directory serviceS 39.5.34
service.ldap_useSSLservice__ldap_useSSL{true / false}Enables ssl usage of the ldap service S 39.5.34
ldap_configurationconfig__ldappath to LDAP configuration file
S 39.5.34
oidc.clientIdsecure__oidc__clientIdString

This parameter is only required if additional claims are to be read from OIDC.

S 39.5.34
oidc.url_issuersecure__oidc__url_issuerURl

This parameter is only required if additional claims are to be read from OIDC.

S 39.5.34
oidc.url_jwksetsecure__oidc__url_jwksetURl

This parameter is only required if additional claims are to be read from OIDC.

S 39.5.34
servlet.local_port
Integer 8080

Up to

S 39.5.31

auth_method.ldap
{true / false}Enables authentication using a DirectoryService. A separate configuration is required

Up to

S 39.5.31

auth_method.ldap_useSSL
{true / false}Enables SSL Protocol for the DirectoryService

Up to

S 39.5.31

auth_method.ldap_configuration
path to LDAP configuration file

Up to

S 39.5.31

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.