Application properties
Cookie configuration properties
Property | Default | Example | Description |
---|---|---|---|
ONEGINI_IDP_CCC_COOKIE_CONFIG_SECURE | false | true or false | If true, the cookies can only be read on https. |
ONEGINI_IDP_CCC_COOKIE_CONFIG_PATH | / | The base path for the cookies. |
Proxy configuration
If Onegini UMA runs behind a proxy (Apache Httpd, Nginx) that does SSL offloading, extra configuration is needed to take care of correct redirects. Otherwise internal redirects will bring the user from https to http.
Property | Default | Example | Description |
---|---|---|---|
ONEGINI_IDP_CCC_CONTAINER_PROXY_ENABLED | false | true or false | Set true if the proxy handles SSL offloading. |
ONEGINI_IDP_CCC_CONTAINER_SCHEME | http or https | Set https if the proxy handles SSL offloading. |
|
ONEGINI_IDP_CCC_CONTAINER_PROXY_NAME | myapp.example.com | Name of the proxy server. | |
ONEGINI_IDP_CCC_CONTAINER_PROXY_PORT | 80 or 443 | Port of the proxy server. |
Search keys
Property | Default | Example | Description |
---|---|---|---|
ONEGINI_IDP_CCC_IDP_PERSON_SEARCH_KEYS_EMAIL | false | true or false | Enable or disable search by email. |
ONEGINI_IDP_CCC_IDP_PERSON_SEARCH_KEYS_PHONE | false | true or false | Enable or disable search by phone number. |
Person details custom message
Custom HTML based message can be shown in the person details view, directly below the Account
section. To add such message please define property
ONEGINI_IDP_CCC_EXTENSION_PERSON_DETAILS_CUSTOM_MESSAGE
, e.g. ONEGINI_IDP_CCC_EXTENSION_PERSON_DETAILS_CUSTOM_MESSAGE=<h2>Warning</h2>
The custom HTML message can be shown (below ONEGINI_IDP_CCC_EXTENSION_PERSON_DETAILS_CUSTOM_MESSAGE
custom message) for external users only.
To add such message please define property
ONEGINI_IDP_CCC_EXTENSION_PERSON_DETAILS_EXTERNAL_USER
, e.g. ONEGINI_IDP_CCC_EXTENSION_PERSON_DETAILS_EXTERNAL_USER=<h2>External user</h2>
If any of the variables is defined via docker-compose and the value contains double quotation marks make sure the entire key-pair is wrapped in single quotation marks
e.g. 'ONEGINI_IDP_CCC_EXTENSION_PERSON_DETAILS_CUSTOM_MESSAGE=<h2 style="color: red; border: 2px solid red; background-color: yellow; padding: 10px;">Warning</h2>'
.
Profile fields management
You can configure which fields of user's profile are editable on user's profile view. This can be configured using the following environment properties:
Property | Default | Example | Description |
---|---|---|---|
ONEGINI_IDP_CCC_PERSON_PROFILE_EDITABLE_PROFILE_FIELDS | EMAIL_ADDRESS | EMAIL_ADDRESS, PHONE_NUMBER | Comma separated list of editable profile fields. Supported values: EMAIL_ADDRESS , PHONE_NUMBER |
ONEGINI_IDP_CCC_VALIDATION_PHONE_NUMBER | ^\\+[1-9](?:[0-9]){4,14}$ |
^+31[0-9]{4,14}$ | Regular Expression that should be applied to phone number validation. |
ONEGINI_IDP_CCC_VALIDATION_EMAIL_ADDRESS | .+@.+ |
[email protected] | Regular Expression that should be applied to email address validation. |
Custom attributes management
Custom attributes management can be configured as described in custom attributes management topic guide.
Property | Default | Example | Description |
---|---|---|---|
ONEGINI_IDP_CCC_PERSON_PROFILE_EDITABLE_CUSTOM_ATTRIBUTES | attr1,attr2,attr3 | Comma separated list of custom attribute names that user is able to add, edit and delete. An empty value means that this feature is disabled. |
Person Creation
The feature to create a new user can be enabled/ disabled.
Property | Default | Example | Description |
---|---|---|---|
ONEGINI_IDP_CCC_PERSON_PROFILE_CREATE_ENABLED | false | true | If true the feature to add user via form is enabled. |
Device management
The device management can be enabled and configured using below environment variables. See the Manage devices topic guide for details.
Property | Default | Description |
---|---|---|
TOKEN_SERVER_DEVICE_MANAGEMENT_ENABLED | false | Enables management of user's devices. |
TOKEN_SERVER_DEVICE_MANAGEMENT_IGNORED_EVENT_TYPES | API_EVENTS_LISTED, API_DEVICES_LISTED, API_DEVICES_NO_DATA_FOUND | Comma separated list of events that should not be displayed in Onegini UMA. |
This feature requires access to the Onegini Token Server's End User and Event APIs. Make sure the API connection is setup properly.