Page Comparison

Database Connection Configuration

These are the basic settings to enable connection to the Phixflow database.

Login Configuration

Phixflow supports multiple modes of supporting authentication users. Users can be authenticated either with local credentials, native active directory based credentials, or using SAML to authenticate with active directory or other services such as Okta.

login.defaultForm=local Often Selects the form displayed when a user connects. #local - only allows local authentication, full - allows selecting any of the enabled authentication methods, auto - if SAML SSO is enabled allows logging in without displaying the login form if the user is already authenticated, activedirectory - supports active directory login only.

login.local.enabled=true rarely Allows disabling support of local login. This will prevent any local administrator accounts from being used.

login.saml.enabled=false Often Configures whether SAML login is enabled

login.saml.key= <none> Often Configures the identity provider's entity id .

login.saml.attribute.domain= <none> Often configures the domain of the saml users.

login.saml.label=Single Sign In Rarely The label to display

login.saml.attributeMap=authenticationOnly Often Configures the integration method, authenticationOnly - SAML used for authentication but Phixflow manages user details and permissions. okta - configured to support Okta based authentication and details. userDetails - allows configuration of authentication and user details to be provided by saml

login.saml.keystore.file=classpath:keystore/samlKeystore.jks Often Configures the location of the saml keystore

login.saml.keystore.password=<none> Often Configures the password to the saml keystore.

login.saml.keystore.key.password=<none> Often Configures the password to the secret in the saml keystore

login.saml.keystore.key.alias=samlKey Rarely Configures the alias of the secret stored in the saml keystore

login.saml.url.host=localhost Often Configures the externally resolvable hostname of the Phixflow server. If behind a reverse proxy this will be the proxies hostname.

login.saml.url.port=443 Occasionally Configures the port of the Phixflow server, or that of the reverse proxy if it is being used.

login.saml.url.includePort=false Rarely Whether the port should be included in the generated url

login.saml.url.path=/phixflow Occasionally Path that the webapp is installed under. If behind a reverse proxy this should be the path that the proxy forwards.

login.saml.metadata.entityId=https://${login.saml.url.host}/${login.saml.url.path} Rarely The value that globally identifies the Phixflow instance .

login.saml.metadata.entityBaseUrl=https://${login.saml.url.host}/${login.saml.url.path} Rarely The public facing URL of the Phixflow instance

login.saml.metadata.file=file:/opt/phixflow/data/saml-metadata/idp-metadata.xml Often Path to the Identity Provider Metadata file

login.saml.metadata.trustCheck=true Rarely Whether to validate incoming siguatures.

login.saml.attribute.username=nameid Occasionally Used with the authenticationOnly and userDetails attribute map to define the appropriate mapping from the incoming metadata.

login.saml.attribute.fullname=displayname Occasionally Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.

login.saml.attribute.firstname=givenname Occasionally Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.

login.saml.attribute.lastname=surname Occasionally Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.

login.saml.attribute.phonenumber=phonenumber Occasionally Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.

login.saml.attribute.company=company Occasionally Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.

login.saml.attribute.department=department Occasionally Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.

login.saml.attribute.email=email Occasionally Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.

login.saml.attribute.groups=group Occasionally Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.

login.saml.attribute.globalLogout=false Occasionally Used with the authenticationOnly and userDetails attribute map to determine whether logging out of Phixflow should also trigger a logout of the identity provider.

login.activeDirectory.enabled=false Often Whether Active Directory integration is enabled

login.activeDirectory.domain=example.com Often The domain being logged into

login.activeDirectory.url=ldaps://ldap.example.com Often Space seperated list of domain LDAP servers.

login.activeDirectory.dn=ou=user accounts,dc=example,dc=com Often The root distinguished name to search under

login.activeDirectory.timeout=5000 Rarely Timeout for attempt to authenticate against each server.

login.activeDirectory.authenticationOnly=false Occasionally Whether only authentication is used from active directory, with user permissions and details being stored in Phixflow.