List of Identity Manager system properties
This article includes updates for Identity Manager 5.0.1.
The table below contains properties that can be set for the Identity Manager components (Admin and/or Operator).
For more information, see Set properties for Identity Manager Admin and Set properties for Identity Manager Operator.
Property | Default value if not set | IDM component | Description |
---|---|---|---|
jobExecutorStarter.startOnSystemStartup | true | Operator | Enable or disable the activiti engine on system startup. |
deleteConfigurationVisibility.deleteConfigurationVisible | false | Admin | Shows or hides the Delete Configuration button. Do not use this property in production systems. |
uploadPopup.enableUploadButtonStrategyName | enableUploadButtonStrategyAllowUnsigned | Admin, Operator | Sets the behavior of the Upload button. Configure the tolerance for configuration/zip signing and verification. This configuration should be set to reflect how "zipPacker.signZip" and "zipUnpacker.verifyZip" are configured. Accepted values:
|
zipPacker.signZip | true | Admin, Operator | Enable or disable signing of ZIP archives and configuration. |
zipUnpacker.verifyZip | true | Admin, Operator | Enable or disable verification of ZIP archives and configuration. |
zipUnpacker.maxCompressionRatio | 12 | Admin, Operator | Define how much entries in a config.zip can be compressed. Examples: maxCompressionRatio Compression 12 92% 33 97% |
uploadContext.serverSideMaxFileUploadSizeMB | 5 | Admin, Operator | Sets the maximum size in MB of files that can be uploaded to Identity Manager. This is an additional limit on top of maxPostSize in bytes from the Tomcat server configuration (see also https://tomcat.apache.org/tomcat-9.0-doc/config/http.html). Whichever is the smallest value wins. Increase this value if you need to upload large configuration files. |
historyServiceSigner.descriptorName | ObjectHistorySigner | Operator | Activate the chained signature feature in object history. |
cardSDKConnectorBaseConfig.cardSDKUrl | Operator | The URL to CardSDK. Used for image capture. | |
commonHistoryService.historyCutOffDuration | 12 | Operator | This value is number of month. If no historyCutOffDuration is set, then history verification and cleanup will behave as follows:
You can set historyCutOffDuration to N >= 12, then it will behave as follows:
If historyCutOffDuration is set to N < 12 then the minimum value as 12 will be used instead. In order for verification of a chain to succeed, the oldest entry within the interval still requires a valid predecessor (if a predecessorId is set). |
cronUsername | admin | Operator | The system user for scheduled tasks. Executes tasks relevant to all tenants. |
cronPassword | admin | Operator | The system user password for scheduled tasks. Executes tasks relevant to all tenants. |
cronTenantId | 1 | Operator | The tenant id of the system user for scheduled tasks. Executes tasks relevant to all tenants, not only for this specific tenant, such as sending out notifications to admins. If the background jobs need to send emails (for example, alert when history verification failed), the cron tenant must have a valid SMTP configuration. Otherwise no emails will be sent out. |
historyVerificationTrigger.cronExpression | 0 30 0 ? * SUN * | Operator | A cron expression that defines at which frequency the History verification task will run. |
historyCleaningTrigger.cronExpression | 0 30 0 ? * FRI * | Operator | A cron expression that defines at which frequency the History Cleaning task will run. |
schedulingReporter.cc | Operator | Email address (CC) of users to be notified by the history verification task. | |
schedulingReporter.to | Operator | Email address (TO) of users to be notified by the history verification task. | |
activitiHistoryCleaner.daysAfterEndTime | 30 | Operator | Parameter for the Activiti process history cleanup task. Defines the number of days to wait, after a process is completed, until it will be removed. |
activitiHistoryCleaner.daysOfInactivity | 180 | Operator | Parameter for the Activiti process history cleanup task. Defines the number of days a running process can stay inactive until it will be removed. |
activitiHistoryCleanerJobTrigger.cronExpression | 0 0 23 ? * FRI * | Operator | Parameter for the Activiti process history cleanup task. A cron expression that defines at which frequency the cleanup task is run. |
objectHistoryRemovalStrategy.removeWhenDeletingCoreObject | false | Operator | If set to true, history entries are deleted when a core object is deleted. |
quartzScheduler.enable | true | Operator | Enable or disable the quartz scheduler. By disabling, all the scheduled tasks are disabled. |
caasCommunicationService.clientId | Admin, Operator | ||
caasCommunicationService.clientSecret | Admin, Operator | ||
caasCommunicationService.organisationId | Admin, Operator | ||
caasCommunicationService.hostname | Admin, Operator | ||
webappUrlInfo.httpsOverridePort | Operator | Disabled by default (see info "HTTPS Override Ports" below the table), for JPKIEncoder download. | |
webServer.httpsOverridePort | Operator | Disabled by default (see info "HTTPS Override Ports" below the table), for CA connector calls. | |
scheduledJob.monitorInterval | 0 0/1 * * * ? | Operator | This cron expression determines the scan interval of the ScheduledJobMonitor. |
scheduledJob.permissionRole | BaseRoleBatchSync | Operator | The scheduled jobs are executed with this role. |
batchSyncItemReader.pageSize | 1000 | Operator | The number of entries read at once while executing batch synchronization. |
processtracker.enabled | true | Operator | Enable or disable the Process Tracker. Note: Debug logging for de.nexus.projectutils.processtracker has to be enabled. (It is disabled by default.) You can enable it here and change it on/off without restarting tomcat by changing the log4j2 config. Note: The performance might slightly decrease due to this. |
idmInstanceId | Operator | In a multi-node environment, the instance ID is the value that uniquely identifies each Tomcat. | |
MLTextTranslationProvider.defaultLanguage | en | Admin, Operator | |
multilanguageHelper.localeString | de,en,fr,sv | Admin, Operator | |
licenseRestController.permittedRole | Administrator | Admin, Operator | The role which is allowed to upload product licenses, either on first login or through the REST API. |
hermodEncodingService.pollWaitSec | 1 | Operator | Long time polling can be less efficient than operating with several short polls if the Smart ID Messaging server is clustered. Value 1 means waiting 1 second. Value 0 waits until time out configured in the messaging connection. |
commonHistoryService.signatureVerifyThreads | 30 | Operator | The history verification is done in multiple concurrent threads. This is the thread pool size. |
jksKeyStoreProvider.keyStorePath | ${catalina.base}/conf/prime.truststore | Operator | Path to the truststore to use for certificate validation. |
jksKeyStoreProvider.keyStorePassword | Operator | The password for the truststore. | |
jksKeyStoreProvider.keyStoreType | Operator | The type of the truststore. Valid values include "JKS" for the keystore used with Tomcat and "PKCS12" for PKCS#12 keystore. |
HTTPS override ports
If you use client-auth to log into Identity Manager Operator or Self Service, you need to configure overrides to non-client-auth HTTPS ports here, otherwise the CardSDK trying to download the JPKIEncoder or the JPKIEncoder calling an integrated CA connector will not be able to connect.