secure.conf
Die nachfolgenden Inhalte sind nur in englischer Sprache verfügbar.
| Parameters | Possible values | Description | Available from | |
|---|---|---|---|---|
| as variable name in the config file | as environment variable with namespace "planta.server." as prefix | |||
bosh.stream.default_protocol | secure.stream.default_protocol | {planta_plain, planta_ssl} | Connect with or without TLS encryption | |
bosh.stream.defaults_enforced | secure.stream.defaults_enforced | {true / false} | If defaults are not enforced, a client can specify a protocol, host, and port via the route attribute. | |
ssl.protocol | secure.ssl.protocol | TLSv1.2 | Protocol for Planta backend SSL connection. | |
ssl.keystore.file | secure.ssl.keystore.file | config/keystore.jks | Keystore file in jks format. Must contain the client certificates for the servlet. Used for ssl backend connection. | |
ssl.keystore.password | secure.ssl.keystore.password | Password to access keystore | ||
ssl.truststore.file | secure.ssl.truststore.file | config/truststore.jks | Truststore file in jks format. Must contain the public keys of the trust chain up to the CA that issued the certificates in keystore.jks | |
ssl.truststore.password | secure.ssl.truststore.password | Password to access truststore | ||
servlet.enforce_request_vector | secure.servlet.enforce_request_vector | {false / true} | Default settings for the SSL/TLS enabled connector | |
servlet.transport_scheme | secure.servlet.transport_scheme | {http / https} | If set to https, an SSL connection is used. | |
servlet.entrypoint | secure.servlet.entrypoint | String | Makes entrypoint for planta secure configurable. This setting must match that of the ClientAdapter ( Default: \PlantaServerAdapter\ | S 39.5.35 |
servlet.connection | secure.servlet.connection | String : Integer | Combines interface and port, separated by a ':', e.g. your_interface:your_port | S 39.5.34 |
reverse_proxy.auth | secure.reverse_proxy.auth | {true / false} | To allow login using either LDAP or OIDC, this has to be set to true. | |
reverse_proxy.user_format | secure.reverse_proxy.user_format | plain | The format of the user header. At the moment the header is transmitted plain. | |
reverse_proxy.user_header | secure.reverse_proxy.user_header | {X-Authenticated-User / X-Forwarded-User} | X-Authenticated-User is used for LDAP method and X-Forwarded-User is used for OIDC as header attribute for the user name. If it is left blank, neither LDAP nor OIDC is activated as login method. | |
reverse_proxy.user_token | secure.reverse_proxy.user_token | X-Forwarded-Access-Token | Is used for OIDC as header attribute for the user token. | S 39.5.34 |
bosh.session.min_wait | secure.session.min_wait | Integer | Defines how long a polling request may wait. Longer intervals reduce overhead, shorter intervals reduce the time until connection failure will be noticed. | |
bosh.session.max_wait | secure.session.max_wait | Integer | A potential reverse proxy requires a read timeout >= max_wait in order to avoid 504 gateway timeout errors on the client adapter side. | |
bosh.session.default_wait | secure.session.default_wait | Integer | ||
planta.session.keepalive | secure.a.session.keepalive | Integer | Should be the same value for both keepalive and the client | |
bosh.session.max_inactivity | secure.session.max_inactivity | Integer | Defines how long a session remains alive in the absence of web requests. | |
service.ldap_enabled | service.ldap_enabled | {true / false} | Enables ldap service to synchronize user of a directory service | S 39.5.34 |
service.ldap_useSSL | service.ldap_useSSL | {true / false} | Enables ssl usage of the ldap service | S 39.5.34 |
ldap_configuration | config.ldap | path to LDAP configuration file | S 39.5.34 | |
oidc.clientId | secure.oidc.clientId | String | S 39.5.34 | |
oidc.url_issuer | secure.oidc.url_issuer | URl | S 39.5.34 | |
oidc.url_jwkset | secure.oidc.url_jwkset | URl | S 39.5.34 | |
servlet.local_port | Integer 8080 | Up to S 39.5.31 | ||
auth_method.ldap | {true / false} | Enables authentication using a DirectoryService. A separate configuration is required | Up to S 39.5.31 | |
auth_method.ldap_useSSL | {true / false} | Enables SSL Protocol for the DirectoryService | Up to S 39.5.31 | |
auth_method.ldap_configuration | path to LDAP configuration file | Up to S 39.5.31 | ||