Skip to main content
Skip table of contents

List of Identity Manager system properties

This article includes updates for Identity Manager 5.0.1.

The table below contains properties that can be set for the Identity Manager components (Admin and/or Operator).

For more information, see Set properties for Identity Manager Admin and Set properties for Identity Manager Operator.

Property

Default value if not set

IDM component

Description

jobExecutorStarter.startOnSystemStartup

true

Operator

Enable or disable the activiti engine on system startup.

deleteConfigurationVisibility.deleteConfigurationVisible

false

Admin

Shows or hides the Delete Configuration button.

Do not use this property in production systems.

uploadPopup.enableUploadButtonStrategyName

enableUploadButtonStrategyAllowUnsigned

Admin, Operator

Sets the behavior of the Upload button. Configure the tolerance for configuration/zip signing and verification.

This configuration should be set to reflect how "zipPacker.signZip" and "zipUnpacker.verifyZip" are configured.

Accepted values:

  • enableUploadButtonStrategyStrict

  • enableUploadButtonStrategyAllowUnsigned

  • enableUploadButtonStrategyIgnoreSigning

zipPacker.signZip

true

Admin, Operator

Enable or disable signing of ZIP archives and configuration.

zipUnpacker.verifyZip

true

Admin, Operator

Enable or disable verification of ZIP archives and configuration.

zipUnpacker.maxCompressionRatio

12

Admin, Operator

Define how much entries in a config.zip can be compressed.

Examples:

maxCompressionRatio Compression

12 92%

33 97%

uploadContext.serverSideMaxFileUploadSizeMB

5

Admin, Operator

Sets the maximum size in MB of files that can be uploaded to Identity Manager. This is an additional limit on top of maxPostSize in bytes from the Tomcat server configuration (see also https://tomcat.apache.org/tomcat-9.0-doc/config/http.html). Whichever is the smallest value wins.

Increase this value if you need to upload large configuration files.

historyServiceSigner.descriptorName

ObjectHistorySigner

Operator

Activate the chained signature feature in object history.

cardSDKConnectorBaseConfig.cardSDKUrl

https://localhost:54881

Operator

The URL to CardSDK. Used for image capture.

commonHistoryService.historyCutOffDuration

12

Operator

This value is number of month.

If no historyCutOffDuration is set, then history verification and cleanup will behave as follows:

    •  verification (via REST or scheduled task) checks the entire history.

    • no cleaning (via scheduled task) will be done.

You can set historyCutOffDuration to N >= 12, then it will behave as follows:

    • verification (via REST or scheduled task) checks the most recent N months.

    • cleaning (via scheduled task) deletes entries older than N months.

If historyCutOffDuration is set to N < 12 then the minimum value as 12 will be used instead.

In order for verification of a chain to succeed, the oldest entry within the interval still requires a valid predecessor (if a predecessorId is set).

cronUsername

admin

Operator

The system user for scheduled tasks. Executes tasks relevant to all tenants.

cronPassword

admin

Operator

The system user password for scheduled tasks. Executes tasks relevant to all tenants.

cronTenantId

1

Operator

The tenant id of the system user for scheduled tasks. Executes tasks relevant to all tenants, not only for this specific tenant, such as sending out notifications to admins.

If the background jobs need to send emails (for example, alert when history verification failed), the cron tenant must have a valid SMTP configuration. Otherwise no emails will be sent out.

historyVerificationTrigger.cronExpression

0 30 0 ? * SUN *

Operator

A cron expression that defines at which frequency the History verification task will run.

historyCleaningTrigger.cronExpression

0 30 0 ? * FRI *

Operator

A cron expression that defines at which frequency the History Cleaning task will run.

schedulingReporter.cc

Operator

Email address (CC) of users to be notified by the history verification task.

schedulingReporter.to

Operator

Email address (TO) of users to be notified by the history verification task.

activitiHistoryCleaner.daysAfterEndTime

30

Operator

Parameter for the Activiti process history cleanup task.

Defines the number of days to wait, after a process is completed, until it will be removed.

activitiHistoryCleaner.daysOfInactivity

180

Operator

Parameter for the Activiti process history cleanup task.

Defines the number of days a running process can stay inactive until it will be removed.

activitiHistoryCleanerJobTrigger.cronExpression

0 0 23 ? * FRI *

Operator

Parameter for the Activiti process history cleanup task.

A cron expression that defines at which frequency the cleanup task is run.

objectHistoryRemovalStrategy.removeWhenDeletingCoreObject

false

Operator

If set to true, history entries are deleted when a core object is deleted.

quartzScheduler.enable

true

Operator

Enable or disable the quartz scheduler. By disabling, all the scheduled tasks are disabled.

caasCommunicationService.clientId

Admin, Operator

See Integrate Nexus GO Cards to Identity Manager 

caasCommunicationService.clientSecret

Admin, Operator

See Integrate Nexus GO Cards to Identity Manager 

caasCommunicationService.organisationId

Admin, Operator

See Integrate Nexus GO Cards to Identity Manager 

caasCommunicationService.hostname

cards.nxsas.com

Admin, Operator

See Integrate Nexus GO Cards to Identity Manager 

webappUrlInfo.httpsOverridePort

Operator

Disabled by default (see info "HTTPS Override Ports" below the table), for JPKIEncoder download.

webServer.httpsOverridePort

Operator

Disabled by default (see info "HTTPS Override Ports" below the table), for CA connector calls.

scheduledJob.monitorInterval

0 0/1 * * * ?

Operator

This cron expression determines the scan interval of the ScheduledJobMonitor.

scheduledJob.permissionRole

BaseRoleBatchSync

Operator

The scheduled jobs are executed with this role.

batchSyncItemReader.pageSize

1000

Operator

The number of entries read at once while executing batch synchronization.

processtracker.enabled

true

Operator

Enable or disable the Process Tracker. Note: Debug logging for de.nexus.projectutils.processtracker has to be enabled. (It is disabled by default.)

You can enable it here and change it on/off without restarting tomcat by changing the log4j2 config. Note: The performance might slightly decrease due to this.

idmInstanceId

Operator

In a multi-node environment, the instance ID is the value that uniquely identifies each Tomcat.

MLTextTranslationProvider.defaultLanguage

en

Admin, Operator

See Configure language in Smart ID Identity Manager.

multilanguageHelper.localeString

de,en,fr,sv

Admin, Operator

See Configure language in Smart ID Identity Manager.

licenseRestController.permittedRole

Administrator

Admin, Operator

The role which is allowed to upload product licenses, either on first login or through the REST API.

hermodEncodingService.pollWaitSec

1

Operator

Long time polling can be less efficient than operating with several short polls if the Smart ID Messaging server is clustered.

Value 1 means waiting 1 second. Value 0 waits until time out configured in the messaging connection. 

commonHistoryService.signatureVerifyThreads

30

Operator

The history verification is done in multiple concurrent threads.

This is the thread pool size.

jksKeyStoreProvider.keyStorePath

${catalina.base}/conf/prime.truststore

Operator

Path to the truststore to use for certificate validation.

jksKeyStoreProvider.keyStorePassword

Operator

The password for the truststore.

jksKeyStoreProvider.keyStoreType

Operator

The type of the truststore. Valid values include "JKS" for the keystore used with Tomcat and "PKCS12" for PKCS#12 keystore.

HTTPS override ports

If you use client-auth to log into Identity Manager Operator or Self Service, you need to configure overrides to non-client-auth HTTPS ports here, otherwise the CardSDK trying to download the JPKIEncoder or the JPKIEncoder calling an integrated CA connector will not be able to connect.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.