Configuration
This chapter contains list of configuration properties for DUM Application.
The following properties must be defined as environment properties in DUM Application docker.
Security properties
This section describes security properties which allow you to configure DUM Application login mechanism.
SAML properties
Property |
Default |
Example |
Description |
Mandatory |
SAML_SP_IDPMETADATA_BASE64 |
|
|
Base64 encoded SAML Identity Provider metadata for the SAML Identity Provider used to authenticate users |
Y |
SAML_SP_SPENTITYID |
|
com:onegini:dum:app |
The entity ID that uniquely identifies this DUM Application. An entity ID is a globally unique name for a SAML entity |
Y |
SAML_SP_SIGNING_KEYSTOREPASSWORD |
|
exp?zworp |
A password to the keystore which will be created to store private and public keys |
Y |
SAML_SP_SIGNING_PRIVATEKEY |
|
|
Private key used for signing, must be in PEM format |
Y |
SAML_SP_SIGNING_CERTIFICATE |
|
|
Advertised within SP metadata public key part used by third parties to verify signature |
Y |
SAML Authorities configuration properties
Property |
Default |
Example |
Description |
Mandatory |
SAML_SP_FULLACCESSGRANTED |
false |
|
true gives full access for any authenticated user. When the value is false , the below authority definitions are used |
Y |
SAML_SP_ATTRIBUTENAME |
|
urn:oid:1.3.6.1.4.1.44976.1.1 |
SAML attribute name to be used for determining authorities |
N |
SAML_SP_AUTHORITIES |
|
SAML_SP_AUTHORITIES.USERS_ALL[0]=1 , or SAML_SP_AUTHORITIES.STATISTICS_READ[0]=3 |
The 'SAMLSP_AUTHORITIES' property is a map of role->array of SAML attribute values. In spring configuration ROLE prefix should be used for authority verification, ex ROLE_USERS_ALL , ROLE_AGENTS_READ |
N |
Basic authentication properties
Property |
Default |
Example |
Description |
Mandatory |
SECURITY_BASIC_ENABLE |
false |
true |
Enabled or disables BasicAuth for the DUM Application APIs and pages |
Y |
SECURITY_BASIC_NAME |
|
dum_app_username |
BasicAuth username |
Y |
SECURITY_BASIC_PASSWORD |
|
dum_app_password |
BasicAuth password |
Y |
SECURITY_BASIC_ROLE |
|
USERS_ALL |
The role assigned to the BasicAuth user |
Y |
Secure cookies
Property |
Default |
Example |
Description |
Mandatory |
DUM_APP_COOKIECONFIG_SECURE |
true |
true |
Indicates to the browser whether the cookie should only be sent using a secure protocol, such as HTTPS or SSL |
N |
DUM Application properties
Property |
Default |
Example |
Description |
Mandatory |
DUM_APP_CONFIG_ROOT_GROUP_ID |
be51f7a1-4b0d-4f80-bf03-3cabf270fd3a |
be51f7a1-4b0d-4f80-bf03-3cabf270fd3a |
Identifier of a root group that stands for a main group in the groups structure. |
N |
DUM_APP_CONFIG_AUTH_IDP_TYPE |
CIM |
CIM |
Identity provider type that is used to login to DUM-app. Value CIM and BASIC are reserved for Onegini Consumer Identity Manager as Identity Provider and Basic authentication respectively. |
N |
DUM Engine properties
Property |
Default |
Example |
Description |
Mandatory |
DUM_ENGINE_USERNAME |
|
dum_api_rest_user |
DUM Engine API Basic authentication username |
Y |
DUM_ENGINE_PASSWORD |
|
super_secure_password |
DUM Engine API Basic authentication password |
Y |
DUM_ENGINE_SERVICENAME |
dumEngine |
dumEngine |
DUM Engine service name registered within Consul |
Y |
DUM Extension properties
Property |
Default |
Example |
Description |
Mandatory |
DUM_EXTENSION_ENABLED |
false |
true |
Enables communication with extension |
N |
DUM_EXTENSION_PROTOCOL |
|
http |
The protocol to be used to communicate with the extension |
N |
DUM_EXTENSION_BASE_URL |
|
dum-extension.dev.onegini.me:8586 |
Url on which extension is started |
N |
DUM_EXTENSION_USERNAME |
|
user |
Basic authentication username used while communicating with extension API |
N |
DUM_EXTENSION_PASSWORD |
|
password |
Basic authentication passsword used while communicating with extension API |
N |
DUM_EXTENSION_RESOURCES_ENABLED |
false |
true |
Enables resolving resources from extension (eg. css files) |
N |
DUM_EXTENSION_EXTERNAL_USERS_ENABLED |
false |
true |
Enables loading users from external service via DUM-Extension app |
N |
Onegini Consumer Identity Manager properties
Property |
Default |
Example |
Description |
Mandatory |
DUM_APP_IDP_URL |
|
https://idp-core.dev.onegini.me:8081 |
Host and port used to connect to Onegini Consumer Identity Manager application. Please note that it must point to the CIM's API port |
Y |
DUM_APP_IDP_USERNAME |
|
idp_persons_api_rest_user |
Onegini Consumer Identity Manager API Basic authentication username for the Persons API |
Y |
DUM_APP_IDP_PASSWORD |
|
super_secure_password |
Onegini Consumer Identity Manager API Basic authentication password for the Persons API |
Y |
Consul properties
The DUM Application uses Consul for service discovery. In order to establish a connection with DUM Engine successfully you need to have the following properties configured:
Property |
Default |
Example |
Description |
Mandatory |
SPRING_CLOUD_CONSUL_HOST |
|
localhost |
localhost |
The Consul host that the application will try to connect to. |
N |
SPRING_CLOUD_CONSUL_PORT |
|
8500 |
8500 |
The Consul port that the application will try to connect to. |
N |
SPRING_APPLICATION_NAME |
|
dum-app |
dum-app |
The name of the application as shown in Consul |
N |