Java Agents 2024.11

Properties reference

This reference describes agent configuration properties.

When you create an agent profile, you choose whether to store the agent configuration in AM’s configuration store or locally to the agent installation. The local configuration file syntax is the same as that of a standard Java properties file.

Property aliases

A property alias specifies a path for a property. A property can have multiple aliases but each alias is unique to that property.

How the agent manages multiple aliases

When you assign multiple values to the same property through different aliases, the agent assigns the values as follows:

  • For list properties, it appends each assignment to the list.

  • For simple string properties, it overwrites the current value with each new value. The final value is the last value to be assigned.

The following example assigns different values to a string property with three aliases:

com.sun.identity.agents.app.username=one
com.sun.identity.agents.config.profilename=two
org.forgerock.agents.profile.name=three

The final value of the property is three, the last value to be assigned.

How AM manages multiple aliases

Each version of AM recognizes a different group of agent aliases. When you are using AM commands, such as ssoadm to configure an agent, consider the following points on using recognized and unrecognized aliases:

  • When you use a recognized alias in an ssoadm command (for example, com.sun.identity.agents.config.notenforced.ip.cache.size=2000), the agent updates the value for the property represented by that alias.

    For the above example, Max Entries in Not-Enforced IP Cache is displayed as 2000 in the Application tab of the AM console.

  • When you use an unrecognized alias in an ssoadm command (for example, org.forgerock.agents.notenforced.ip.cache.size=4000), the agent creates a custom property.

    For the above example, org.forgerock.agents.notenforced.ip.cache.size=4000 is displayed in Custom Properties, in the Advanced tab of the AM console.

  • When a property is set by both a standard property and a custom property, the custom property takes precedence. The value of the standard property is not updated, and both values are displayed in the configuration.

List properties

List properties can be configured with or without an index location. The following formats are allowed and equivalent:

property[0]=one
property[1]=two
property[2]=three
property=one
property=two
property=three

When the agent assigns values to a list property, it adds to the list in the order the assignments are made, ignoring any index specified, and appending to the end of the list. The following formats are equivalent:

property[]=one
property[]=two
property[]=three
property[10]=one
property[1]=two
property[42]=three

The agent uses the index location only in the following cases:

  • When the index location is set to @ and the value is comma-separated:

    The agent sets multiple properties according to the number of comma-separated values specified. In the following example, there are three comma-separated values:

    property[@]=one,two,three

    The agent sets three individual properties. The final assignment is as follows:

    property[]=one
    property[]=two
    property[]=three
  • When the value for an index location is empty:

    The agent deletes that location in the list. In the following example, the last value for index location [1] is empty:

    property[0]=one
    property[1]=two
    property[2]=three
    property[1]=

    The agent deletes index location [1] from the list and then moves index location [2] to [1]. The final assignment is as follows:

    property[0]=one
    property[1]=three
  • When the index location is empty and the value is empty:

    The agent deletes all values from the list; the list exists, but is empty. In the following example, the second value for index location [] is empty:

    property[]=one
    property[]=
    property[]=two
    property[]=three

    The agent does the following:

    • Adds the text "one" to the list

    • Deletes all values from the list

    • Adds the text "two" into index location [0]

    • Adds the text "three" into index location [1]

    The final assignment is as follows:

    property[0]=two
    property[1]=three

List of bootstrap properties

Property Description Function

Agent

Profile, Required

Profile, Required

Authentication service, Required

Authentication service, Required

Authentication service, Required

Authentication service, Required

Audit

Audit

Deprecated

Audit

Audit

Agent, Required

Monitoring

Profile

Connection pooling

Connection pooling

Connection pooling

Authentication service

Audit

Notifications

Notifications

Global

Encryption, Required

Profile

Session

Connection pooling

Connection pooling

Not-enforced

Profile

Profile

Audit

Profile, Required

Session

Profile

Policy enforcement

POST data preservation

Profile

Connection pooling

Policy enforcement

Not-enforced

Policy enforcement

POST data preservation

POST data preservation

POST data preservation

POST data preservation

Miscellaneous, Required

Miscellaneous

Session

Agent

List of all properties

Property Description (UI name) Function

Access denied

Logs

Agent

Profile, Required

Profile, Required

Agent

Agent

Agent

Logout

Authentication service, Required

Authentication service, Required

Authentication service, Required

Authentication service, Required

Custom login redirect, Default Login Redirect, Login redirect, Login Redirect (Default)

Audit

Audit

Audit

Deprecated

Audit

Audit

Audit

Login

Login

Authentication failure

Authentication failure

Authentication failure

Cross-domain single sign-on, Required

Agent, Required

Bad configuration detection

Bad configuration detection

Bad configuration detection

Client identification, Continuous security

Client identification, Continuous security

Client identification

Client identification

Logout

Profile

Container, Not-enforced

Container, Not-enforced

Continuous security

Continuous security

Configure behaviour

Configure behaviour

Configure behaviour

Configure behaviour

Configure behaviour

Configure behaviour

SSO cookie handling

Cookie reset

Attributes

Monitoring

Miscellaneous

Fully qualified domain name

Attributes

Policy enforcement

Profile

Connection pooling

Custom login redirect, Default Login Redirect, Login redirect, Login Redirect (Default)

Cookie

Fully qualified domain name

Global

Connection pooling

Connection pooling

Cookie

Connection pooling

Miscellaneous

Authentication service

Cookie

Audit

Logout

Not-enforced

Not-enforced

Notifications

Notifications

Notifications

Notifications

Policy enforcement

POST data preservation

Global

Login

Custom login redirect, Login redirect, SSO cookie handling

User mapping

Miscellaneous, Required

Encryption, Required

Authentication service, Encryption

Profile

SameSite

Session

Monitoring

Attributes

Fully qualified domain name

Fragment

Policy enforcement

Global

Authentication failure

Configure behaviour

Global

Global

Global

Global

Global

Connection pooling

Miscellaneous

Connection pooling

Miscellaneous

Not-enforced

Not-enforced

Not-enforced

Policy enforcement

Profile

Profile

Profile

Custom login redirect, Default Login Redirect, Login redirect, Login Redirect (Default)

Cookie

Audit

Locale

Locale

Profile, Required

Deprecated

Deprecated

Custom login redirect, Login redirect

Login

Logout

Logout

Logout

Cookie, Pre-authentication

Session

Profile

Not-enforced

Not-enforced

Policy enforcement

POST data preservation

Profile

Connection pooling

Cookie

Policy enforcement

POST data preservation

Not-enforced

Not-enforced

Not-enforced

Not-enforced

Custom login redirect, Default Login Redirect, Login redirect, Login Redirect (Default)

Policy enforcement

Policy enforcement

Policy enforcement

POST data preservation

POST data preservation

Cookie, POST data preservation

POST data preservation

POST data preservation

POST data preservation

POST data preservation

POST data preservation

POST data preservation

POST data preservation

Policy enforcement

Cookie, Pre-authentication

Cookie, POST data preservation, Pre-authentication

Attributes, Cookie reset, Profile

Profile

Miscellaneous, Required

Authentication service

Query parameter

Configure behaviour

Agent

Miscellaneous

Login

Query parameter

Query parameter

Query parameter

Cookie reset

Cookie reset

Cookie reset

Attributes, Response

Response

Policy enforcement

Configure behaviour

Miscellaneous

Attributes, Cookie reset, Session

Session

Session

SameSite

SameSite

SSO cookie handling

Agent

Configure behaviour

Cross-domain single sign-on

Authentication service

User mapping

User mapping

User mapping

Profile

Timeout

Timeout

Cross-site scripting

Cross-site scripting

Copyright © 2010-2024 ForgeRock, all rights reserved.