Configuration of the Manager UI
Configuration files
Configuration files are processed by security.manager NEXT Manager UI web application in the following order:
-
WEB-INF/classes/default-application.properties
(DO NOT EDIT)
This file contains all configuration options of the Manager UI with their default values. -
WEB-INF/classes/custom-application.properties
If a change to the data directory (data.directory.location
) is required, the change has to be made in this file. Any further changes have to be made in the following file. -
[data.directory.location]/application.properties
Editing this file is the recommended way to make configuration changes. The default data directory (data.directory.location
) of Manager UI is${user.home}/.secman-next
.
The format of the configuration files must correspond to the Java Properties file format .
# The files have to be UTF-8 encoded, otherwise special characters can lead to errors!
# A safe method is to use Unicode syntax e.g: รค = \u00E4 (see http://0xcc.net/jsescape/)
# comments use the hash sign
# the syntax is:
key = value
# a value can reference another key
key1 = http://${key.with.server}/test
Configuration parameters
General settings
This section describes the parameters that most often need to be changed in a standard installation.
Further parameters are described in comments in the file WEB-INF/classes/default-application.properties
.
data.directory.location
-
Data directory where the local configuration of the Manager UI is stored.
In case the Tomcat server is running as a Windows service, the
.secman-next
directory is located in the user directory of the Tomcat user who started the service. Path separators must be specified as either/
or\\
.Tomcat User on WindowsIf no Tomcat user has been created, the Tomcat server runs with the system user (not recommended!). Depending on how the Tomcat has been installed the user directory is created either under%systemroot%/config/systemprofile/.secman-next
or%systemroot%/ServiceProfiles/LocalService/.secman-next
.A divergent data directory can be configured in
WEB-INF/classes/custom-application.properties
.Default:
data.directory.location=${user.home}/.secman-next
Application settings
security.authn.mode
-
Authentication mode of the Manager UI.
For federated ArcGIS Server setups use
oauth
. In this mode the Manager UI will redirect you to the portal to sign in with a portal admin user.
For unfederated ArcGIS Server setups usearcgis
. With this mode activated the Manager UI will display a login window where you have to enter username and password of an ArcGIS Server admin user.Allowed values:
oauth
,arcgis
Default value:oauth
policyManagement.arcgisServers
-
Comma-separated list of the ArcGIS Server instance base URLs.
This list defines the ArcGIS Server instances that are available in the Manager UI.
For federated ArcGIS Server setups this can be a list of URLs.
For unfederated ArcGIS Server setups this is a single URL always.Examples:
-
Unfederated ArcGIS Server:
https://gis1.example.com:6443/arcgis
-
Federated ArcGIS Server:
https://gis1.example.com:6443/arcgis,https://gis2.example.com:6443/arcgis
Links to services are displayed in the security.manager NEXT Manager UI. If the services are not accessible under the direct, internal URL of the server, please additionally configure the public URL under which the services are accessible. To do this, for each server where this applies, first specify the direct, internal URL, and then, separated by "|", the public URL in the form
<Internal URL>|<Public URL>
. The configuration of a public URL is optional.Examples:
-
Unfederated ArcGIS Server:
https://gis1.internal.example.com:6443/arcgis|https://gis1.public.example.com/server
-
Federated ArcGIS Server:
https://gis1.internal.example.com:6443/arcgis|https://gis1.public.example.com/server,https://gis2.internal.example.com:6443/arcgis|https://gis2.public.example.com/server
-
policyManagement.portalUrl
-
URL of the ArcGIS Enterprise portal installation.
The portal defined here is used to authenticate users signing in to the Manager UI. This is a required setting for federated ArcGIS Server setups.
Example:
https://gis.example.com:7443/portal
security.authn.oauth.clientId
-
App ID under which the Manager UI has been registered at ArcGIS Portal.
This is a required setting for federated ArcGIS Server setups.
cors.request.trustedServers
-
Comma-separated list of trusted servers.
This property is only required if ArcGIS Enterprise portal or ArcGIS Server is configured to use Integrated Windows Authentication.
For federated ArcGIS Server setups, the value is the same as that ofpolicyManagement.portalUrl
with the path removed from the URL.
For unfederated ArcGIS Server setups, the value is the same as that ofpolicyManagement.arcgisServers
with the path removed from the URL.Examples:
https://gis-portal.example.com:7443
,https://gis-server.example.com:6443
client.config.defaultExpiresHeaderInDays
-
Time in days that the browser should consider the web application’s files unchanged and use cached files if available.
Defaults to
0
, so changes toapplication.properties
are reflected without the need to clear the browser cache, for example. In a production deployment it is recommended to set this to0.5
(12 hours). Setting this to-1
prevents the Manager UI to from setting a cache header.Default:
0
Log settings
logging.logger.level
-
Level of detail for the log messages.
Possible values:
TRACE
,DEBUG
,INFO
,WARN
,ERROR
Default value:WARN
logging.file.location
-
Log file location.
The default value is the folder of the Tomcat log files. To create Manager UI log files in the data directory of the web application use
${data.directory.location}/logs
.Default:
${catalina.base}/logs
logging.file.prefix
-
Name of the log files.
Default value:
ct-secman-next
Additional logging options are described in the default-application.properties file, for example to enable or disable logging into the console, into files, and GELF logging.
|