secure.conf

bosh.stream.default_protocol

secure__stream__default_protocol

{planta_plain, planta_ssl}

Connect with or without TLS encryption

bosh.stream.defaults_enforced

secure__stream__defaults_enforced

{true / false}

If defaults are not enforced, a client can specify a protocol, host, and port via the route attribute.

ssl.protocol

secure__ssl__protocol

TLSv1.2

Protocol for Planta backend SSL connection.

ssl.keystore.file

secure__ssl__keystore__file

config/keystore.jks

Keystore file in jks format. Must contain the client certificates for the servlet. Used for ssl backend connection.

ssl.keystore.password

secure__ssl__keystore__password

Password to access keystore

ssl.truststore.file

secure__ssl__truststore__file

config/truststore.jks

Truststore file in jks format. Must contain the public keys of the trust chain up to the CA that issued the certificates in keystore.jks

ssl.truststore.password

secure__ssl__truststore__password

Password to access truststore

servlet.enforce_request_vector

secure__servlet__enforce_request_vector

{false / true}

Default settings for the SSL/TLS enabled connector

servlet.transport_scheme

secure__servlet__transport_scheme

{http / https}

If set to https, an SSL connection is used.

servlet.entrypoint

secure__servlet__entrypoint

String

Makes entrypoint for planta secure configurable. 

This setting must match that of the ClientAdapter (secure_server_endpoint parameter).

Default: \PlantaServerAdapter\

S 39.5.35

servlet.connection

secure__servlet__connection

String : Integer

Combines interface and port, separated by a ':', e.g. your_interface:your_port

S 39.5.34

reverse_proxy.auth

secure__reverse_proxy__auth

{true / false}

To allow login using either LDAP or OIDC, this has to be set to true.

reverse_proxy.user_format

secure__reverse_proxy__user_format

plain

The format of the user header. At the moment the header is transmitted plain.

reverse_proxy.user_header

secure__reverse_proxy__user_header

{X-Authenticated-User / X-Forwarded-User}

X-Authenticated-User is used for LDAP method and X-Forwarded-User is used for OIDC as header attribute for the user name.
If it is left blank, neither LDAP nor OIDC is activated as login method.

reverse_proxy.user_token

secure__reverse_proxy__user_token

X-Forwarded-Access-Token

Is used for OIDC as header attribute for the user token.

S 39.5.34

bosh.session.min_wait

secure__session__min_wait

Integer

Defines how long a polling request may wait. Longer intervals reduce overhead, shorter intervals reduce the time until connection failure will be noticed.

bosh.session.max_wait

secure__session__max_wait

Integer

A potential reverse proxy requires a read timeout >= max_wait in order to avoid 504 gateway timeout errors on the client adapter side.

bosh.session.default_wait

secure__session__default_wait

Integer

planta.session.keepalive

secure__a__session__keepalive

Integer

Should be the same value for both keepalive and the client

bosh.session.max_inactivity

secure__session__max_inactivity

Integer

Defines how long a session remains alive in the absence of web requests.

service.ldap_enabled

service__ldap_enabled

{true / false}

Enables ldap service to synchronize user of a directory service

S 39.5.34

service.ldap_useSSL

service__ldap_useSSL

{true / false}

Enables ssl usage of the ldap service 

S 39.5.34

ldap_configuration

config__ldap

path to LDAP configuration file

S 39.5.34

oidc.clientId

secure__oidc__clientId

String

S 39.5.34

oidc.url_issuer

secure__oidc__url_issuer

URl

S 39.5.34

oidc.url_jwkset

secure__oidc__url_jwkset

URl

S 39.5.34

servlet.local_port

Integer 8080

Up to

S 39.5.31

auth_method.ldap

{true / false}

Enables authentication using a DirectoryService. A separate configuration is required

Up to

S 39.5.31

auth_method.ldap_useSSL

{true / false}

Enables SSL Protocol for the DirectoryService

Up to

S 39.5.31

auth_method.ldap_configuration

path to LDAP configuration file

Up to

S 39.5.31