Database Properties
Main Properties
Property | Type | Description |
|---|---|---|
db.type | string | Required. Defines the type of database RapidIdentity will connect to. Select one of the three valid values.
|
db.host | string | The database host. Defaults to 127.0.0.1. |
db.port | integer | The database port. Defaults to the database-specific default port.
|
db.username | string | The username used to connect to the database. Defaults to "idautoAdmin". |
db.password | string | The password used to connect to the database. Defaults to "idautoAdmin". |
db.database | string | The database name. Defaults to "idautodb". |
db.failFast | boolean | Whether to immediately fail the RapidIdentity startup if database connections cannot be immediately established. If "false," then RapidIdentity will enter a "holding pattern" until the connection pools can be successfully established. Defaults to "false". |
HikariCP Properties
RapidIdentity uses HikariCP as the database connection pool provider and various configuration properties are available.
RapidIdentity provides sensible defaults with the ability to adjust these configuration values as needed. To provide custom configuration values, prefix the HikariCP configuration item name with "db.hikari.".
For example, to adjust the maximum pool size, provide an integer value for db.hikari.maximumPoolSize.
This table defines the explicit default values provided by RapidIdentity.
Property | Type | Description |
|---|---|---|
db.hikari.driverClassName | String | RapidIdentity provides a default value based on the db.type.
The JDBC drivers above are provided with the RapidIdentity distribution. Any change requires that JDBC driver to be present on the classpath. |
db.hikari.maximumPoolSize | integer | 10 |
db.hikari.minimumIdle | integer | 1 RapidIdentity will not use a value less than 1 or greater than 3. |
db.hikari.idleTimeout | integer | 120000 |
db.hikari.initializationFailTimeout | integer | -1 |
db.hikari.connectionTestQuery | string | If the db.type value is mssql, the value " SELECT 1 " is used for this configuration item |
Database Driver Properties
Each database driver has its own set of driver-specific properties that can be specified.
To provide custom configuration values, prefix the driver property name with "db.driver..
Hibernate Properties
If any custom Hibernate properties are required these can be provided by prefixing the property name with "db.hibernate."
Other Properties
db.other.jdbcUrl | string | RapidIdentity builds a JDBC URL based on the database information provided in the other various properties. If that is not sufficient, providing a value for this property will override the one created by RapidIdentity. |
db.other.ha | string | If the db.hikari.driverClassNamevalue equals org.mariadb.jdbc.Driver, then this property can be used to configure the MariaDB driver for HA. Please see Failover Parameters for more information and possible values. |
Audit Database
A separate audit database can be configured in exactly the same way as the main database except that all properties should be prefixed with "auditdb." instead of "db.".
All auditdb.* properties are ignored unless a auditdb.enabled property is present with the value true.
Tomcat Properties
This table defines the explicit default values provided by RapidIdentity.
Property | Type | Description |
|---|---|---|
tomcat.sslPort | integer | The port to use for SSL. Defaults to 8443. |
tomcat.httpPort | integer | The port to use for non-SSL HTTP. Defaults to 8080. |
tomcat.proxyPort | integer | The port to use for the "proxy" connector. Defaults to 8081. |
tomcat.proxyPortEnabled | boolean | Whether the proxy port is enabled. Defaults to true. |
tomcat.redirectPort | integer | The port to redirect to automatically from the httpPort. Defaults to 443. |
tomcat.sessionTimeoutMinutes | integer | The session timeout in minutes. |
tomcat.sslProfile | string | The ID or name of the SSL Profile to use. Defaults to '___default___'. |
tomcat.sslCipherBlacklist | string | Comma-separated list of SSL ciphers to blacklist. Default: a hard-coded out-of-the-box list of ciphers. Available since RapidIdentity 2017.10.5. |
tomcat.sslProtocols | string | Comma-separated list of SSL protocols to allow. Default: TLSv1.1, TLSv1.2. See Tomcat Apache Support for information about values which are valid. |
JMX Properties
This table defines the explicit default values provided by RapidIdentity.
Property | Type | Description |
|---|---|---|
jmx.enabled | boolean | Whether JMX should be enabled. Defaults to true. |
jmx.hostname | string | The IP address for remote access. Defaults to the discovered IP address. |
jmx.port | integer | The port for remote access. Defaults to 10001. |
jmx.username | string | The authentication username for remote access. Defaults to a random string. |
jmx.password | string | The authentication password for remote access. Defaults to a random string. |
SSO Properties
This table defines the explicit default values provided by RapidIdentity.
Property | Type | Description |
|---|---|---|
sso.disabled | boolean | Whether SSO should be disabled for the instance. Set this to true if SSO is broken and you want to force "altentry". Defaults to false. |
sso.requireAdminIfDisabled | boolean | Whether only admins may authenticate to this instance if SSO is disabled. If sso.disabled is false this property has no effect. Defaults to true. |
sso.sp | String | The name of the SAML service provider assignment to which the instance should bind. This allows a subset of instances in a RapidIdentity cluster to use a completely different SAML Service Provider configuration than the rest. Defaults to rapididentity. |
CORS Properties
Global CORS configuration for all RapidIdentity instances is stored in the database. These properties only need to be defined in rapididentity.properties if this particular instance of RapidIdentity needs to be configured differently from other instances. If these are defined, they take precedence over those defined globally in the database.
Property | Type | Description |
|---|---|---|
cors.allowedHeaders | string | Comma-separated list of HTTP request headers which can be used when making a cross-origin request. These headers will also be returned in the Access-Control-Allow-Headers header in pre-flight responses. Default: Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization |
cors.allowedMethods | string | Comma-separated list of HTTP methods which can be used to access resources using cross-origin requests. These are the methods which will also be included in the Access-Control-Allow-Methods header in pre-flight responses. Default:GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS |
cors.allowedOrigins | string | Comma-separated list of origins allowed to access resources on the server using cross-origin requests. A value of "*" indicates that resources are allowed to be accessed from any origin. Default: * |
cors.exposedHeaders | string | Comma-separated list of headers other than simple response headers that browsers are allowed to access. These are the headers which will be included in the Access-Control-Expose-Headers header in pre-flight responses. Default: |
cors.maxAge | integer | The amount of seconds a browser is allowed to cache the result of a pre-flight request. This will be included as the Access-Control-Max-Age header in pre-flight responses. A negative value will prevent the header from being included in pre-flight responses. Default: 1800 |
cors.supportsCredentials | boolean | Whether user credentials are supported for cross-origin requests. This flag is exposed as part of the Access-Control-Allow-Credentials header in pre-flight responses. It helps browsers determine whether or not an actual request can be made using credentials. Default: false |
Log Properties
Property | Type | Description |
|---|---|---|
log.format | string | The format for application logs. The only non-default value currently supported is fluentd. This format provides log events as single-lined JSON-encoded values and is suitable when using Fluentd to collect logs. |