Configure the External REST Service
You can configure several properties of the external REST service. A sample configuration file that lists these properties (with their default values where applicable) is provided in /path/to/openidm/samples/example-configurations/conf/external.rest.json
. To change any of the default settings, copy this file to your project's conf
directory and edit the values. The sample file has the following configuration:
{ "socketTimeout" : "10 s", "connectionTimeout" : "10 s", "reuseConnections" : true, "retryRequests" : true, "maxConnections" : 64, "tlsVersion": "&{openidm.external.rest.tls.version}", "hostnameVerifier": "&{openidm.external.rest.hostnameVerifier}", "proxy" : { "proxyUri" : "", "userName" : "", "password" : "" } }
socketTimeout
(string)The TCP socket timeout, in seconds, when waiting for HTTP responses. The default timeout is 10 seconds.
connectionTimeout
(string)The TCP connection timeout for new HTTP connections, in seconds. The default timeout is 10 seconds.
reuseConnections
(boolean, true or false)Specifies whether HTTP connections should be kept alive and reused for additional requests. By default, connections will be reused if possible.
retryRequests
(boolean, true or false)Specifies whether requests should be retried if a failure is detected. By default requests will be retried.
maxConnections
(integer)The maximum number of connections that should be pooled by the HTTP client. At most
64
connections will be pooled by default.tlsVersion
(string)The TLS version that should be used for connections.
By default, TLS connections made via the external REST service use TLS version 1.2. In some cases, you might need to specify a different TLS version, for example, if you are connecting to a legacy system that supports an old version of TLS that is not accommodated by the backward-compatibility mode of your Java client. If you need to specify that the external REST service use a different TLS version, uncomment the
openidm.external.rest.tls.version
property towards the end of theresolver/boot.properties
file and set its value, for example:openidm.external.rest.tls.version=TLSv1.3
Valid versions for this parameter include TLSv1.1, TLSv1.2, and TLSv1.3.
hostnameVerifier
(string)Specifies whether the external REST service should check that the hostname to which an SSL client has connected is allowed by the certificate that is presented by the server.
The property can take the following values:
STRICT
- hostnames are validatedALLOW_ALL
- the external REST service does not attempt to match the URL hostname to the SSL certificate Common Name, as part of its validation process
By default, this property is set in the
resolver/boot.properties
file and the value inconf/external.rest.json
references that setting. For testing purposes, the default setting inboot.properties
is:openidm.external.rest.hostnameVerifier=ALLOW_ALL
If you do not set this property (by removing it from the
boot.properties
file or theconf/external.rest.json
file), the behavior is to validate hostnames (the equivalent of setting"hostnameVerifier": "STRICT"
). In production environments, you should set this property toSTRICT
.proxy
Lets you set a proxy server specific to the external REST service. If you set a
proxyUri
here, the system-wide proxy settings described in "HTTP Clients" are ignored. To configure a system-wide proxy, leave theseproxy
settings empty and configure the HTTP Client settings instead.