Versions Compared

Old Version 9

changes.mady.by.user Zoe Baldwin

Saved on

compared with

New Version 10

changes.mady.by.user Thomas Swindells

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

Excerpt
nameInstallTimeProperties

Installation Specific Properties

These properties are required for installation to succeed and are populated in the database. After installation is complete the values are not used any further.

Property

Requires Configuration

Default Value

Explanation

install.customer_name

Always

<none>

The customer name as provided with your licence.

install.licence_key

Always

<none>

Licence key as provided with your licence.

install.user.password

Often

<autogenerated>

Initial password of the default administrator user created during installation. If no value is configured a password is autogenerated and written to the security.log file.

It is strongly recommended this is changed immediately after installation.

install.user.username

Often

admin

Username of the default administrator user created during installation.

install.user.email

Often

<none>

Email address of the default administrator user created during installation. Can be updated after installation in the User Details screen.

install.user.firstname

Often

admin

First name of the default administrator user created during installation. Can be updated after installation in the User Details screen.

install.user.lastname

Often

admin

Last name of the default administrator user created during installation. Can be updated after installation in the User Details screen.

install.data.base

Often

${install.application_loc}/data

Base location for the default data directory paths. This will commonly be configured to be “/opt/phixflow/data”

install.data.temp

Occasionally

${install.data.base}/temp

Populates an initial value in the System Configuration Temporary File Location

install.data.upload

Occasionally

${install.data.base}/upload

Populates an initial value in the System Configuration File Upload Directory

install.data.import

Occasionally

${install.data.base}/import

Populates an initial value in the System Configuration Import File Location

install.data.export

Occasionally

${install.data.base}/export

Populates an initial value in the System Configuration Export File Location

install.data.template

Occasionally

${install.data.base}/template

Populates an initial value in the System Configuration Template Location

install.data.archive

Occasionally

${install.data.base}/archive

Populates an initial value in the System Configuration Archive Directory

install.data.restore

Occasionally

${install.data.base}/restore

Populates an initial value in the System Configuration Restore Directory

install.data.driver

Occasionally

${install.data.base}/driver

Populates an initial value in the System Configuration Data Driver Directory

install.data.download

Occasionally

${install.data.base}/download

Populates an initial value in the System Configuration Download Location

install.data.plugin

Occasionally

${install.data.base}/plugin

Populates an initial value in the System Configuration Plugin Location

install.data.file

Occasionally

${install.data.base}/file

Populates an initial value in the System Configuration File Table Upload Location

install.application_loc

Rarely

<autodetected>

Base application install location, e.g.

ZB example missing here

install.pepperKey

Rarely

<none>

Externally defined value for the pepperKey. If not specified and a pepper key isn’t configured in the keystore then a value is autogenerated.

install.phixflow_api_key

Rarely

<none>

Externally defined value for the PhixFlow API credential signing key. If not specified and the API key isn’t configured in the keystore then a value is autogenerated.

...

Excerpt
nameLogin

Login Configuration

PhixFlow supports multiple modes of supporting authentication users. Users can be authenticated either with local credentials, native active directory based credentials, or using SAML to authenticate with active directory or other services, such as Okta.

Property

Requires Configuration

Default Value

Explanation

login.defaultForm=local

Often

local

Selects the form displayed when a user connects.

local - only allows local authentication.

full - allows selecting any of the enabled authentication methods.

auto - if SAML SSO is enabled allows logging in without displaying the login form if the user is already authenticated.

activedirectory - supports active directory login only.

login.default=local

Often

local

The default domain for login.

login.local.enabled=true

Rarely

true

Allows disabling support of local login. This will prevent any local administrator accounts from being used.

login.saml.enabled=false

Often

false

Configures whether SAML login is enabled

login.saml.key= <none>

Often

<none>

Configures the identity provider's entity id .

login.saml.attribute.domain= <none>

Often

<none>

Configures the domain of the saml users.

login.saml.label=Single Sign In

Rarely

Single Sign In

The label to display

login.saml.attributeMap=authenticationOnly

Often

authenticationOnly

Configures the integration method.

authenticationOnly - SAML used for authentication but PhixFlow manages user details and permissions.

okta - configured to support Okta based authentication and details.

userDetails - allows configuration of authentication and user details to be provided by saml.

login.saml.keystore.file=

Often

classpath:keystore/samlKeystore.jks

Often

Configures the location of the saml keystore

login.saml.keystore.password=<none>

Often

<none>

Configures the password to the saml keystore.

login.saml.keystore.key.password=<none>

Often

<none>

Configures the password to the secret in the saml keystore

login.saml.keystore.key.alias=samlKey

Rarely

samlKey

Configures the alias of the secret stored in the saml keystore

login.saml.url.host=localhost

Often

localhost

Configures the externally resolvable hostname of the PhixFlow server. If behind a reverse proxy this will be the proxy’s hostname.

login.saml.url.port=443

Occasionally

443

Configures the port of the PhixFlow server, or that of the reverse proxy if it is being used.

login.saml.url.includePort=false

Rarely

false

Whether the port should be included in the generated url.

login.saml.url.path=

Occasionally

/phixflowOccasionally

Path that the webapp is installed under. If behind a reverse proxy this should be the path that the proxy forwards.

login.saml.metadata.entityId=

Rarely

https://${login.saml.url.host}/${login.saml.url.path}Rarely

The value that globally identifies the PhixFlow instance.

login.saml.metadata.entityBaseUrl=

Rarely

https://${login.saml.url.host}/${login.saml.url.path}Rarely

The public facing URL of the PhixFlow instance.

login.saml.metadata.file=

Often

file:/opt/phixflow/data/saml-metadata/idp-metadata.xmlOften

Path to the Identity Provider Metadata file.

login.saml.metadata.trustCheck=true

Rarely

true

Whether to validate incoming signatures.

login.saml.attribute.username=nameid

Occasionally

nameid

Used with the authenticationOnly and userDetails attribute map to define the appropriate mapping from the incoming metadata.

login.saml.attribute.fullname=displayname

Occasionally

displayname

Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.

login.saml.attribute.firstname=givenname

Occasionally

givenname

Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.

login.saml.attribute.lastname=surname

Occasionally

surname

Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.

login.saml.attribute.phonenumber=phonenumber

Occasionally

phonenumber

Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.

login.saml.attribute.company=company

Occasionally

company

Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.

login.saml.attribute.department=department

Occasionally

department

Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.

login.saml.attribute.email=email

Occasionally

email

Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.

login.saml.attribute.groups=group

Occasionally

group

Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.

login.saml.attribute.globalLogout=false

Occasionally

false

Used with the authenticationOnly and userDetails attribute map to determine whether logging out of PhixFlow should also trigger a logout of the identity provider.

login.activeDirectory.enabled=false

Often

false

Whether Active Directory integration is enabled.

login.activeDirectory.domain=

Often

example.comOften

The domain being logged into.

login.activeDirectory.url=

Often

ldaps://ldap.example.comOften

Space separated list of domain LDAP servers.

login.activeDirectory.dn=

Often

ou=user accounts,dc=example,dc=comOften

The root distinguished name to search under.

login.activeDirectory.timeout=

Rarely

5000Rarely

Timeout for attempt to authenticate against each server.

login.activeDirectory.authenticationOnly=false

Occasionally

false

Whether only authentication is used from active directory, with user permissions and details being stored in PhixFlow.

Excerpt
nameLogging

Logging Configuration

valid level values: OFF, ERROR, WARN, INFO, DEBUG, TRACE, ALL

Property

Requires Configuration

Default Value

Explanation

logging.file.directory=logs

Occasionally

logs

The directory logs are written into, relative to the Tomcat root directory.

logging.file.phixflow.base=phixflow

Occasionally

phixflow

Base name of the standard PhixFlow log file.

logging.file.security.base=security

Occasionally

security

Base name of the security log file.

logging.stdout.level=OFF

Occasionally

OFF

Used to control the minimum log message level permitted to be output to stdout.

ZB is “stdout” a typo?

logging.root.level=INFO

Rarely

INFO

Configures the default minimum log level that can be generated.

logging.file.phixflow.main=

Rarely

${logging.file.directory}/${logging.file.phixflow.base}.log

Rarely

Defines the path and name of the standard PhixFlow log file

logging.file.phixflow.archive=

Rarely

${logging.file.directory}/${logging.file.phixflow.base}.%d{yyyy-MM-dd}.logRarely

Defines the path and name of archived standard PhixFlow log files.

logging.file.security.main=

Rarely

${logging.file.directory}/${logging.file.security.base}.logRarely

Defines the path and name of the security log file.

logging.file.security.archive=

Rarely

${logging.file.directory}/${logging.file.security.base}.%d{yyyy-MM-dd}.log

Rarely

Defines the path and name of archived security log files.

logging.file.phixflow.level=ALL

Rarely

ALL

Used to control the minimum log message level permitted to be output to standard log file.

logging.file.security.level=ALL

Rarely

ALL

Used to control the minimum log message level permitted to be output to security log file.