secure.conf
Die nachfolgenden Inhalte sind nur in englischer Sprache verfĂĽgbar.
| Parameters | Possible values | Description | Available from | |
|---|---|---|---|---|
| as variable name in the config file | as environment variable with namespace "planta__server__" as prefix | |||
bosh.stream.default_protocol | secure__stream__default_protocol | {planta_plain, planta_ssl} | Connect with or without TLS encryption | |
bosh.stream.defaults_enforced | secure__stream__defaults_enforced | {true / false} | If defaults are not enforced, a client can specify a protocol, host, and port via the route attribute. | |
ssl.protocol | secure__ssl__protocol | TLSv1.2 | Protocol for Planta backend SSL connection. | |
ssl.keystore.file | secure__ssl__keystore__file | config/keystore.jks | Keystore file in jks format. Must contain the client certificates for the servlet. Used for ssl backend connection. | |
ssl.keystore.password | secure__ssl__keystore__password | Password to access keystore | ||
ssl.truststore.file | secure__ssl__truststore__file | config/truststore.jks | Truststore file in jks format. Must contain the public keys of the trust chain up to the CA that issued the certificates in keystore.jks | |
ssl.truststore.password | secure__ssl__truststore__password | Password to access truststore | ||
servlet.enforce_request_vector | secure__servlet__enforce_request_vector | {false / true} | Default settings for the SSL/TLS enabled connector | |
servlet.transport_scheme | secure__servlet__transport_scheme | {http / https} | If set to https, an SSL connection is used. | |
servlet.entrypoint | secure__servlet__entrypoint | String | Makes entrypoint for planta secure configurable. This setting must match that of the ClientAdapter ( Default: \PlantaServerAdapter\ | S 39.5.35 |
servlet.connection | secure__servlet__connection | String : Integer | Combines interface and port, separated by a ':', e.g. your_interface:your_port | S 39.5.34 |
reverse_proxy.auth | secure__reverse_proxy__auth | {true / false} | To allow login using either LDAP or OIDC, this has to be set to true. | |
reverse_proxy.user_format | secure__reverse_proxy__user_format | plain | The format of the user header. At the moment the header is transmitted plain. | |
reverse_proxy.user_header | secure__reverse_proxy__user_header | {X-Authenticated-User / X-Forwarded-User} | X-Authenticated-User is used for LDAP method and X-Forwarded-User is used for OIDC as header attribute for the user name. If it is left blank, neither LDAP nor OIDC is activated as login method. | |
reverse_proxy.user_token | secure__reverse_proxy__user_token | X-Forwarded-Access-Token | Is used for OIDC as header attribute for the user token. This parameter is only required if additional claims are to be read from OIDC. | S 39.5.34 |
bosh.session.min_wait | secure__session__min_wait | Integer | Defines how long a polling request may wait. Longer intervals reduce overhead, shorter intervals reduce the time until connection failure will be noticed. | |
bosh.session.max_wait | secure__session__max_wait | Integer | A potential reverse proxy requires a read timeout >= max_wait in order to avoid 504 gateway timeout errors on the client adapter side. | |
bosh.session.default_wait | secure__session__default_wait | Integer | ||
planta.session.keepalive | secure__a__session__keepalive | Integer | Should be the same value for both keepalive and the client | |
bosh.session.max_inactivity | secure__session__max_inactivity | Integer | Defines how long a session remains alive in the absence of web requests. | |
service.ldap_enabled | service__ldap_enabled | {true / false} | Enables ldap service to synchronize user of a directory service | S 39.5.34 |
service.ldap_useSSL | service__ldap_useSSL | {true / false} | Enables ssl usage of the ldap service | S 39.5.34 |
ldap_configuration | config__ldap | path to LDAP configuration file | S 39.5.34 | |
oidc.clientId | secure__oidc__clientId | String | This parameter is only required if additional claims are to be read from OIDC. | S 39.5.34 |
oidc.url_issuer | secure__oidc__url_issuer | URl | This parameter is only required if additional claims are to be read from OIDC. | S 39.5.34 |
oidc.url_jwkset | secure__oidc__url_jwkset | URl | This parameter is only required if additional claims are to be read from OIDC. | S 39.5.34 |
servlet.local_port | Integer 8080 | Up to S 39.5.31 | ||
auth_method.ldap | {true / false} | Enables authentication using a DirectoryService. A separate configuration is required | Up to S 39.5.31 | |
auth_method.ldap_useSSL | {true / false} | Enables SSL Protocol for the DirectoryService | Up to S 39.5.31 | |
auth_method.ldap_configuration | path to LDAP configuration file | Up to S 39.5.31 | ||