oxTrust JSON Configuration#
Overview#
This page explains the oxTrust JSON Configuration which can by found by navigating to Configuration > JSON Configuration.
oxtrust.properties#
The following fields are available for edit in the menu.
| Fields/Attributes | Description |
|---|---|
| baseDN | The base distinguished name of oxTrust. The default is o=gluu |
| orgSupportEmail | The support email address of the Gluu Server installation |
| applianceUrl | The URI of the appliance |
| baseEndpoint |
personObjectClassTypes#
This class holds the relationship between the person entry and its relative object class.
| Fields/Attributes | Description |
|---|---|
| item 1 | inetOrgPerson |
| item 2 | gluuPerson |
| item 3 | eduPerson |
| personCustomObjectClass | gluuCustomPerson |
personObjectClassDisplayNames#
This class holds the relationship between the display name of the person and the relative object class.
| Fields/Attributes | Description |
|---|---|
| item 1 | gluuCustomPerson |
| item 2 | gluuPerson |
| item 3 | eduPerson |
contactObjectClassTypes#
Items can be added under this class by clicking on the + item button.
contactObjectClassDisplayNames#
Items can be added under this class by clicking on the + item button.
| Fields/Attributes | Description |
|---|---|
| photoRepositoryRootDir | Path to the root directory of photographs |
| photoRepositoryThumbWidth | thumb width of a photo |
| photoRepositoryThumbHeight | sets the thumb height of a photo |
| photoRepositoryCountLevels | count level per photo repository |
| photoRepositoryCountFoldersPerLevel | number of folders per level |
| authMode | set this tag to basic to use basic authentication or leave it blank to use oxAuth |
| ldifStore | Path to the LDIF store |
| shibboleth2IdpRootDir | root directory for the shibboleth plugin |
| shibboleth2SpConfDir | Configuration directory for the shibboleth plugin |
| pokenApplicationSecret | |
| updateStatus | update appliance state for the site. Use true to allow, and false to forbid |
| svnConfigurationStoreRoot | Root of the SVN configuration store |
| svnConfigurationStorePassword | Password of the SVN configuration store |
| keystorePath | Path to the keystore |
| keystorePassword | Password to the keystore |
| allowPersonModification | Enables or disables the allowance to modify a person entry. Use true to allow (default value), and false otherwise |
| idpUrl | uri of the OpenID provider that is in use |
| velocityLog | Velocity log filename with path |
| spMetadataPath | Path to the Gluu Server metadata |
| logoLocation | Directory name for the images and logos that are used |
| idpSecurityKey | Security key of the OpenID provider |
| idpSecurityKeyPassowrd | Security password of the OpenID provider |
| idpSecurityCert | Security certificate of the machine |
gluuSpAttributes#
Items can be added here by clicking on the + item button.
| Fields/Attributes | Description |
|---|---|
| configGeneration | This entry controls the automatic generation of the configuration files. Use enable to allow and disable otherwise |
| idpLdapProtocol | Protocol used by the [LDAP][ldap] server |
| idpLdapServer | Hostname of the [LDAP][ldap] server with port |
| idpBindDn | Domain name of the OpenID provider |
| idpBindPassowrd | Password for the OpenID provider |
| idpUserFields | |
| gluuSpCert | Certificate name and location of the Gluu Server |
| shibboleth3FederationRootDir | Root directory for the Shobboleth federation plugin |
| cacheRefreshEnabled | Value of the cache refresh mechanism. Use true to enable and false otherwise |
| cacheRefreshIntervalMinutes | Time in minutes counting down to next cache-refresh event |
| caCertsLocation | Keystore to use for downloaded SSL certificates |
| caCertsPassphrase | Password for the caCerts keystore |
| tempCertDir | Temporary location for certificates while certificate update procedure |
| certDir | Locaiton of certificates used in configuration files |
| servicesRestartTrigger | Location of the file which will restart the applicance server if deleted |
| persistSVN | State of persistence in SVN. Use true to enable or false otherwise |
| oxAuthSectorIdentifierUrl | URI for oxAuth sector identifier |
| oxAuthClientId | Identification number for oxAuth client |
| oxAuthClientPassword | Password for oxAuth client |
| oxAuthClientScope | Scope of the oxAuth client |
| loginRedirectUrl | Redirect URI for oxAuth |
| logoutRedirectUrl | Logout redirect URI for oxAuth |
clusteredInums#
Items can be added here by clicking on the + item button.
| Fields/Attributes | Description |
|---|---|
| clientAssociationAttribute | Attribute which identifies the OpenID client |
| oxAuthIssuers | URI of the issuer authorization server |
| ignoreValidation | Control to check/ignore token validation. Use true to validate or false otherwise |
| umaIssuer | URI of the issuer authorization server |
| scimUmaClientId | Identification of the UMA client |
| scimUmaClientKeyId | |
| scimUmaResourceId | |
| scimUmaScope | Scopes available for this resource |
| scimUmaClientKeyStoreFile | |
| scimUmaClientKeyStorePassword | |
| apiUmaClientID | |
| apiUmaClientKeyId | |
| apiUmaResourceId |
apiUmaScopes#
Items can be added here by clicking on the + item button
| Fields/Attributes | Description |
|---|---|
| apiUmaClientKeyStoreFile | |
| apiUmaClientKeyStorePassword | |
| passportUmaClientId | |
| passportUmaClientKeyId | |
| passportUmaResourceId | |
| passportUmaScope | |
| passportUmaClientKeyStoreFile | |
| passportUmaClientKeyStorePassword | |
| recaptchaSiteKey | |
| recaptchaSecretKey | |
| cssLocation | Path to the CSS files |
| jsLocation | Path to the JS files |
| metricReporterInterval | The interval for metric reporter in seconds |
| metricReporterKeepDataDays | The number of days to keep metric reported data |
| metricReporterEnabled | Boolean value specifying whether to enable Metric Reporter |
| rptConnectionPoolUseConnectionPooling | |
| rptConnectionPoolMaxTotal | |
| rptConnectionPoolDefaultMaxPerRoute | |
| rptConnectionPoolValidateAfterInactivity | |
| rptConnectionPoolCustomKeepAliveTimeout | |
| scimTestMode | |
| shibbolethVersion | |
| shibboleth3ldpRootDir | |
| shibboleth3SpConfDir | |
| organizationName | |
| idp3SigningCert | |
| idp3EncryptionCert | |
| oxIncommonFlag | |
| loggingLevel | Logging level for oxTrust loggers |
clientWhiteList#
This list details the whitelisted client redirection URIs
clientBlackList#
This list details the blacklisted client redirection URIs
Scim Properties#
| Fields/Attributes | Description |
|---|---|
| MAX COUNT | Maximum value "count" query parameter can take (also used as default value when not specified) |
| disableJdkLogger | Boolean value specifying whether to enable JDK Loggers |
| passwordResetRequestExpirationTime | Expiration time in seconds for password reset requests |
| cleanServiceInterval | Time interval for the Clean Service in seconds |
| authenticationRecaptchaEnabled | Boolean value specifying whether to enable Recaptcha on authentication |
| enforceEmailUniqueness | Boolean value specifying whether to enforce email uniqueness on oxTrust side |
Description of oxTrust properties#
Descriptions for oxTrust properties can be viewed here and the oxTrust import JSON description is here