oxTrust JSON Configurations#
Overview#
This page explains the oxTrust JSON Configuration which can by found by navigating to Configuration > JSON Configuration.
oxtrust.properties#
The following fields are available for edit in the menu.
| Fields/Attributes | Description |
|---|---|
| baseDN | The base distinguished name of oxtrust. The default is o=gluu |
| orgIname | This can be left blank |
| orgSupportEmail | The support email address of the Gluu Server installation |
| applianceInum | The INUM of the appliance |
| applianceUrl | The URI of the appliance |
| baseEndpoint | |
| schemaAddObjectClassWithAttributeTypesDefinition | The schema to add various attribute types |
| schemaAddObjectClassWithoutAttributeTypesDefinition | The schema to add various attribute types |
personObjectClassTypes#
This class holds the relation between the person entry and its relative object class. If a custom attribute is required for a specific operation and needs to be stored in LDAP, add it here.
| Fields/Attributes | Description |
|---|---|
| item 1 | gluuCustomPerson |
| item 2 | gluuPerson |
| item 3 | eduPerson |
| personCustomObjectClass |
personObjectClassDisplayNames#
This class holds the relation between the display name of the person and the relative object class.
| Fields/Attributes | Description |
|---|---|
| item 1 | inetOrgPerson |
| item 2 | gluuPerson |
| schemaAddAttributeDefenition |
contactObjectClassDisplayNames#
Items can be added under this class by clicking on the + item button.
| Fields/Attributes | Description |
|---|---|
| photoRepositoryRootDir | Path to the root directory of photographs |
| photoRepositoryThumbWidth | thumb width of a photo |
| photoRepositoryThumbHeight | sets the thumb height of a photo |
| photoRepositoryCountLevels | count level per photo repository |
| photoRepositoryCountFoldersPerLevel | number of folders per level |
| authMode | set this tag to basic to use basic authentication or leave it blank to use oxAuth |
| ldifStore | Path to the LDIF store |
| shibboleth2IdpRootDir | root directory for the shibboleth plugin |
| shibboleth2SpConfDir | Configuration directory for the shibboleth plugin |
| pokenApplicationSecret | |
| updateAplicanceStatus | update appliance state for the site. Use true to allow, and false to forbid (default value) |
| svnConfigurationStoreRoot | Root of the SVN configuration store |
| svnConfigurationStorePassword | Password of the SVN configuration store |
| keystorePath | Path to the keystore |
| keystorePassword | Password to the keystore |
| allowPersonModification | Enables or disables the allowance to modify a person entry. Use true to allow (default value), and false otherwise |
| idpUrl | uri of the OpenID provider that is in use |
| velocityLog | Velocity log filename with path |
| spMetadataPath | Path to the Gluu Server metadata |
| logoLocation | Directory name for the images and logos that are used |
| idpSecurityKey | Security key of the OpenID provider |
| idpSecurityKeyPassowrd | Security password of the OpenID provider |
| idpSecurityCert | Security certificate of the machine |
gluuSpAttributes#
Items can be added here by clicking on the + item button.
| Fields/Attributes | Description |
|---|---|
| configGeneration | This entry controls the automatic generation of the configuration files. Use enable to allow and disable otherwise |
| idpLdapProtocol | Protocol used by the [LDAP][ldap] server |
| idpLdapServer | Hostname of the [LDAP][ldap] server with port |
| orgInum | INUM of the organization |
| idpBindDn | Domain name of the OpenID provider |
| idpBindPassowrd | Password for the OpenID provider |
| idpUserFields | |
| gluuSpCert | Certificate name and location of the Gluu Server |
| mysqlUrl | MySql connector as URI |
| mysqlUser | Username for the MySql server |
| mysqlPassword | Passowrd for the MySql server |
| shibboleth2FederationRootDir | Root directory for the Shobboleth federation plugin |
| cacheRefreshEnabled | Value of the cache refresh mechanism. Use true to enable and false otherwise |
| cacheRefreshIntervalMinutes | Time in minutes counting down to next cache-refresh event |
| caCertsLocation | Keystore to use for downloaded SSL certificates |
| caCertsPassphrase | Password for the caCerts keystore |
| tempCertDir | Temporary location for certificates while certificate update procedure |
| certDir | Locaiton of certificates used in configuration files |
| servicesRestartTrigger | Location of the file which will restart the applicance server if deleted |
| persistSVN | State of persistence in SVN. Use true to enable or false otherwise |
| oxAuthAuthorizeUrl | Authorization URI for oxAuth |
| oxAuthTokenUrl | Token URI for oxAuth |
| oxAuthValidateTokenUrl | URI for oxAuth token validation |
| oxAuthEndSessionUrl | URI for oxAuth session termination |
| oxAuthLogoutUrl | URI for logging out of oxAuth |
| oxAuthTokenValidationUrl | URI for oxAuth token validation |
| oxAuthUserInfo | URI for oxAuth user information |
| oxAuthSectorIdentifierUrl | URI for oxAuth sector identifier |
| oxAuthClientId | Identification number for oxAuth client |
| oxAuthClientPassowrd | Password for oxAuth client |
| oxAuthClientScope | Scope of the oxAuth client |
| loginRedirectUrl | Redirect URI for oxAuth |
| logoutRedirectUrl | URI for oxAuth |
clusteredInums#
Items can be added here by clicking on the + item button.
| Fields/Attributes | Description |
|---|---|
| clientAssociationAttribute | Attribute which identifies the OpenID client |
| oxAuthIssuers | URI of the issuer authorization server |
| ignoreValidation | Control to check/ignore token validation. Use true to validate or false otherwise |
| umaIssuer | URI of the issuer authorization server |
| scimUmaClientId | Identification of the UMA client |
| scimUmaClientKeyId | |
| scimUmaResourceId | |
| scimUmaScope | Scopes available for this resource |
| scimUmaClientKeyStoreFile | |
| scimUmaClientKeyStorePassword | |
| passportUmaClientId | |
| passportUmaClientKeyId | |
| passportUmaResourceID | |
| passportUmaScope | |
| passportUmaClientKeyStoreFile | |
| recaptchaSiteKey | |
| recaptchaSecretKey | |
| cssLocation | Path to the CSS files |
| jsLocation | Path to the JS files |
| metricReporterInterval | The interval for metric reporter in seconds |
| metricReporterKeepDataDays | The number of days to keep metric reported data |
| metricReporterEnabled | Boolean value specifying whether to enable Metric Reporter |
| rptConnectionPoolUseConnectionPooling | |
| rptConnectionPoolMaxTotal | |
| rptConnectionPoolDefaultMaxPerRoute | |
| rptConnectionPoolValidateAfterInactivity | |
| rptConnectionPoolCustomKeepAliveTimeout | |
| scimTestMode | |
| shibbolethVersion | |
| shibboleth3ldpRootDir | |
| shibboleth3SpConfDir | |
| organizationName | |
| idp3SigningCert | |
| idp3EncryptionCert | |
| disableJdkLogger | Boolean value specifying whether to disable JDK loggers |
| passwordResetRequestExpirationTime | Expiration time in secionds for password reset requests |
| cleanServiceInterval | Time interval for the Clean Service in seconds |
clientWhiteList#
This list details the whitelisted client redirection URIs
clientBlackList#
This list details the blacklisted client redirection URIs
Scim Properties#
Description of OxTrust Properties#
Description of OxTrust Properties can be viewed here
Oxtrust import JSON description here