Addional Parameters

security.pdp.xacml.engine

Specifies where XACML authorization requests ("PDP requests") are processed

  • inmemory (default): Requests are directly processed by the WSS.

  • remote: Requests are sent over HTTP to the PDP endpoint provided by the Administration Web App and are processed here.

Since version 4.6.0

security.url.forwardOriginalError

Specifies if the original error of a protected URL backend service, is forwarded to the requesting client.

  • true: The error is executed and forwarded to the client, like every other response.

  • false (default): The error (HTTP status code and body) is replaced by a generic HTTP 500 response.

Since version 4.6.4

security.user.termsofuse.terms

Comma-separated list of identifiers for terms of use. If set, a user has to accept the terms before they can sign in.

Versions 4.11.0 and higher do not provide a way to display and accept the terms in the UI. To accept terms of use, applications can integrate with a technical HTTP interface that security.manager provides.

Example: privacy_terms,legal_terms

Since version 4.11.0

security.user.termsofuse.ignoredUsername

Username of a user who doesn’t have to accept any terms of use defined by security.user.termsofuse.terms before she is able to login. Per default this is the super administrator.

Since version 4.11.0

security.user.termsofuse.ignoredUsernameIsRegex

Specifies if the value defined for security.user.termsofuse.ignoredUsername is to be interpreted as a regular expression. Accepted values: true, false.

Since version 4.11.0

security.user.termsofuse.ignoredDomains

Comma-separated list of domain names. Users that belong to one of these domains (see Hybrid user management) do not have to accept the terms of use, defined in security.user.termsofuse.terms before they are allowed to sign in.

Since version 4.11.0