Configuration of the Manager UI

Configuration files

Configuration files are processed by security.manager NEXT Manager UI web application in the following order:

  1. WEB-INF/classes/default-application.properties (DO NOT EDIT)
    This file contains all configuration options of the Manager UI with their default values.

  2. WEB-INF/classes/custom-application.properties
    If a change to the data directory (data.directory.location) is required, the change has to be made in this file. Any further changes have to be made in the following file.

  3. [data.directory.location]/application.properties
    Editing this file is the recommended way to make configuration changes. The default data directory (data.directory.location) of Manager UI is ${user.home}/.secman-next.

The format of the configuration files must correspond to the Java Properties file format .

Sample .properties file
# The files have to be UTF-8 encoded, otherwise special characters can lead to errors!
# A safe method is to use Unicode syntax e.g: รค = \u00E4 (see http://0xcc.net/jsescape/)

# comments use the hash sign

# the syntax is:
key = value

# a value can reference another key
key1 = http://${key.with.server}/test

Configuration parameters

General settings

This section describes the parameters that most often need to be changed in a standard installation. Further parameters are described in comments in the file WEB-INF/classes/default-application.properties.

data.directory.location

Data directory where the local configuration of the Manager UI is stored.

In case the Tomcat server is running as a Windows service, the .secman-next directory is located in the user directory of the Tomcat user who started the service. Path separators must be specified as either / or \\.

Tomcat User on Windows
If no Tomcat user has been created, the Tomcat server runs with the system user (not recommended!). Depending on how the Tomcat has been installed the user directory is created either under %systemroot%/config/systemprofile/.secman-next or %systemroot%/ServiceProfiles/LocalService/.secman-next.

A divergent data directory can be configured in WEB-INF/classes/custom-application.properties.

Default: data.directory.location=${user.home}/.secman-next

Application settings

security.authn.mode

Authentication mode of the Manager UI.

For federated ArcGIS Server setups use oauth. In this mode the Manager UI will redirect you to the portal to sign in with a portal admin user.
For unfederated ArcGIS Server setups use arcgis. With this mode activated the Manager UI will display a login window where you have to enter username and password of an ArcGIS Server admin user.

Allowed values: oauth, arcgis
Default value: oauth

policyManagement.arcgisServers

Comma-separated list of the ArcGIS Server instance base URLs.

This list defines the ArcGIS Server instances that are available in the Manager UI.
For federated ArcGIS Server setups this can be a list of URLs.
For unfederated ArcGIS Server setups this is a single URL always.

Examples:

  • Unfederated ArcGIS Server:
    https://gis1.example.com:6443/arcgis

  • Federated ArcGIS Server:
    https://gis1.example.com:6443/arcgis,https://gis2.example.com:6443/arcgis

Links to services are displayed in the security.manager NEXT Manager UI. If the services are not accessible under the direct, internal URL of the server, please additionally configure the public URL under which the services are accessible. To do this, for each server where this applies, first specify the direct, internal URL, and then, separated by "|", the public URL in the form <Internal URL>|<Public URL>. The configuration of a public URL is optional.

Examples:

  • Unfederated ArcGIS Server:
    https://gis1.internal.example.com:6443/arcgis|https://gis1.public.example.com/server

  • Federated ArcGIS Server:
    https://gis1.internal.example.com:6443/arcgis|https://gis1.public.example.com/server,https://gis2.internal.example.com:6443/arcgis|https://gis2.public.example.com/server

policyManagement.portalUrl

URL of the ArcGIS Enterprise portal installation.

The portal defined here is used to authenticate users signing in to the Manager UI. This is a required setting for federated ArcGIS Server setups.

Example: https://gis.example.com:7443/portal

security.authn.oauth.clientId

App ID under which the Manager UI has been registered at ArcGIS Portal.

This is a required setting for federated ArcGIS Server setups.

cors.request.trustedServers

Comma-separated list of trusted servers.

This property is only required if ArcGIS Enterprise portal or ArcGIS Server is configured to use Integrated Windows Authentication.
For federated ArcGIS Server setups, the value is the same as that of policyManagement.portalUrl with the path removed from the URL.
For unfederated ArcGIS Server setups, the value is the same as that of policyManagement.arcgisServers with the path removed from the URL.

Examples: https://gis-portal.example.com:7443, https://gis-server.example.com:6443

client.config.defaultExpiresHeaderInDays

Time in days that the browser should consider the web application’s files unchanged and use cached files if available.

Defaults to 0, so changes to application.properties are reflected without the need to clear the browser cache, for example. In a production deployment it is recommended to set this to 0.5 (12 hours). Setting this to -1 prevents the Manager UI to from setting a cache header.

Default: 0

Log settings

logging.logger.level

Level of detail for the log messages.

Possible values: TRACE, DEBUG, INFO, WARN, ERROR
Default value: WARN

logging.file.location

Log file location.

The default value is the folder of the Tomcat log files. To create Manager UI log files in the data directory of the web application use ${data.directory.location}/logs.

Default: ${catalina.base}/logs

logging.file.prefix

Name of the log files.

Default value: ct-secman-next

Additional logging options are described in the default-application.properties file, for example to enable or disable logging into the console, into files, and GELF logging.