Properties reference
This reference describes agent configuration properties.
When you create an agent profile, you choose whether to store the agent configuration in AM’s configuration store or locally to the agent installation. The local configuration file syntax is the same as that of a standard Java properties file.
Property aliases
A property alias specifies a path for a property. A property can have multiple aliases but each alias is unique to that property.
How the agent manages multiple aliases
When you assign multiple values to the same property through different aliases, the agent assigns the values as follows:
-
For list properties, it appends each assignment to the list.
-
For simple string properties, it overwrites the current value with each new value. The final value is the last value to be assigned.
The following example assigns different values to a string property with three aliases:
com.sun.identity.agents.app.username=one
com.sun.identity.agents.config.profilename=two
org.forgerock.agents.profile.name=three
The final value of the property is three
, the last value to be assigned.
How AM manages multiple aliases
Each version of AM recognizes a different group of agent aliases. When you are
using AM commands, such as ssoadm
to configure an agent, consider the
following points on using recognized and unrecognized aliases:
-
When you use a recognized alias in an
ssoadm
command (for example,com.sun.identity.agents.config.notenforced.ip.cache.size=2000
), the agent updates the value for the property represented by that alias.For the above example, Max Entries in Not-Enforced IP Cache is displayed as
2000
in the Application tab of the AM console. -
When you use an unrecognized alias in an
ssoadm
command (for example,org.forgerock.agents.notenforced.ip.cache.size=4000
), the agent creates a custom property.For the above example,
org.forgerock.agents.notenforced.ip.cache.size=4000
is displayed in Custom Properties, in the Advanced tab of the AM console. -
When a property is set by both a standard property and a custom property, the custom property takes precedence. The value of the standard property is not updated, and both values are displayed in the configuration.
List properties
List properties can be configured with or without an index location. The following formats are allowed and equivalent:
property[0]=one
property[1]=two
property[2]=three
property=one
property=two
property=three
When the agent assigns values to a list property, it adds to the list in the order the assignments are made, ignoring any index specified, and appending to the end of the list. The following formats are equivalent:
property[]=one
property[]=two
property[]=three
property[10]=one
property[1]=two
property[42]=three
The agent uses the index location only in the following cases:
-
When the index location is set to
@
and the value is comma-separated:The agent sets multiple properties according to the number of comma-separated values specified. In the following example, there are three comma-separated values:
property[@]=one,two,three
The agent sets three individual properties. The final assignment is as follows:
property[]=one property[]=two property[]=three
-
When the value for an index location is empty:
The agent deletes that location in the list. In the following example, the last value for index location
[1]
is empty:property[0]=one property[1]=two property[2]=three property[1]=
The agent deletes index location
[1]
from the list and then moves index location[2]
to[1]
. The final assignment is as follows:property[0]=one property[1]=three
-
When the index location is empty and the value is empty:
The agent deletes all values from the list; the list exists, but is empty. In the following example, the second value for index location
[]
is empty:property[]=one property[]= property[]=two property[]=three
The agent does the following:
-
Adds the text "one" to the list
-
Deletes all values from the list
-
Adds the text "two" into index location
[0]
-
Adds the text "three" into index location
[1]
The final assignment is as follows:
property[0]=two property[1]=three
-
List of bootstrap properties
Property | Description | Function |
---|---|---|
Agent |
||
Profile, Required |
||
Profile, Required |
||
Authentication service, Required |
||
Authentication service, Required |
||
Authentication service, Required |
||
Authentication service, Required |
||
Audit |
||
Audit |
||
Deprecated |
||
Audit |
||
Audit |
||
Agent, Required |
||
Monitoring |
||
Profile |
||
Connection pooling |
||
Connection pooling |
||
Connection pooling |
||
Audit |
||
Notifications |
||
Notifications |
||
Global |
||
Encryption, Required |
||
Profile |
||
Session |
||
Connection pooling |
||
Connection pooling |
||
Not-enforced |
||
Profile |
||
Profile |
||
Audit |
||
Profile, Required |
||
Session |
||
Profile |
||
Policy enforcement |
||
POST data preservation |
||
Profile |
||
Connection pooling |
||
Policy enforcement |
||
Not-enforced |
||
Policy enforcement |
||
POST data preservation |
||
POST data preservation |
||
POST data preservation |
||
POST data preservation |
||
Miscellaneous, Required |
||
Miscellaneous |
||
Session |
||
Agent |
List of all properties
Property | Description (UI name) | Function |
---|---|---|
Access denied |
||
Logs |
||
Agent |
||
Profile, Required |
||
Profile, Required |
||
Agent |
||
Agent |
||
Agent |
||
Logout |
||
Authentication service, Required |
||
Authentication service, Required |
||
Authentication service, Required |
||
Authentication service, Required |
||
Custom login redirect, Default Login Redirect, Login redirect, Login Redirect (Default) |
||
Audit |
||
Audit |
||
Audit |
||
Deprecated |
||
Audit |
||
Audit |
||
Audit |
||
Login |
||
Login |
||
Authentication failure |
||
Authentication failure |
||
Authentication failure |
||
Cross-domain single sign-on, Required |
||
Agent, Required |
||
Bad configuration detection |
||
Bad configuration detection |
||
Bad configuration detection |
||
Client identification, Continuous security |
||
Client identification, Continuous security |
||
Client identification |
||
Client identification |
||
Logout |
||
Profile |
||
Container, Not-enforced |
||
Container, Not-enforced |
||
Continuous security |
||
Continuous security |
||
Configure behaviour |
||
Configure behaviour |
||
Configure behaviour |
||
Configure behaviour |
||
Configure behaviour |
||
Configure behaviour |
||
SSO cookie handling |
||
Cookie reset |
||
Attributes |
||
Monitoring |
||
Miscellaneous |
||
Fully qualified domain name |
||
Attributes |
||
Policy enforcement |
||
Profile |
||
Connection pooling |
||
Custom login redirect, Default Login Redirect, Login redirect, Login Redirect (Default) |
||
Cookie |
||
Fully qualified domain name |
||
Global |
||
Connection pooling |
||
Connection pooling |
||
Cookie |
||
Connection pooling |
||
Miscellaneous |
||
Authentication service |
||
Cookie |
||
Audit |
||
Logout |
||
Not-enforced |
||
Not-enforced |
||
Notifications |
||
Notifications |
||
Notifications |
||
Notifications |
||
Policy enforcement |
||
POST data preservation |
||
Global |
||
Login |
||
Custom login redirect, Login redirect, SSO cookie handling |
||
User mapping |
||
Miscellaneous, Required |
||
Encryption, Required |
||
Authentication service, Encryption |
||
Profile |
||
SameSite |
||
Session |
||
Monitoring |
||
Attributes |
||
Fully qualified domain name |
||
Fragment |
||
Policy enforcement |
||
Global |
||
Authentication failure |
||
Configure behaviour |
||
Global |
||
Global |
||
Global |
||
Global |
||
Global |
||
Connection pooling |
||
Miscellaneous |
||
Connection pooling |
||
Miscellaneous |
||
Not-enforced |
||
Not-enforced |
||
Not-enforced |
||
Policy enforcement |
||
Profile |
||
Profile |
||
Profile |
||
Custom login redirect, Default Login Redirect, Login redirect, Login Redirect (Default) |
||
Cookie |
||
Audit |
||
Locale |
||
Locale |
||
Profile, Required |
||
Deprecated |
||
Deprecated |
||
Custom login redirect, Login redirect |
||
Login |
||
Logout |
||
Logout |
||
Logout |
||
Cookie, Pre-authentication |
||
Session |
||
Profile |
||
Not-enforced |
||
Not-enforced |
||
Policy enforcement |
||
POST data preservation |
||
Profile |
||
Connection pooling |
||
Cookie |
||
Policy enforcement |
||
POST data preservation |
||
Not-enforced |
||
Not-enforced |
||
Not-enforced |
||
Not-enforced |
||
Custom login redirect, Default Login Redirect, Login redirect, Login Redirect (Default) |
||
Policy enforcement |
||
Policy enforcement |
||
Policy enforcement |
||
POST data preservation |
||
POST data preservation |
||
Cookie, POST data preservation |
||
POST data preservation |
||
POST data preservation |
||
POST data preservation |
||
POST data preservation |
||
POST data preservation |
||
POST data preservation |
||
POST data preservation |
||
Policy enforcement |
||
Cookie, Pre-authentication |
||
Cookie, POST data preservation, Pre-authentication |
||
Attributes, Cookie reset, Profile |
||
Profile |
||
Miscellaneous, Required |
||
Authentication service |
||
Query parameter |
||
Configure behaviour |
||
Agent |
||
Miscellaneous |
||
Login |
||
Query parameter |
||
Query parameter |
||
Query parameter |
||
Cookie reset |
||
Cookie reset |
||
Cookie reset |
||
Attributes, Response |
||
Response |
||
Policy enforcement |
||
Configure behaviour |
||
Miscellaneous |
||
Attributes, Cookie reset, Session |
||
Session |
||
Session |
||
SameSite |
||
SameSite |
||
SSO cookie handling |
||
Agent |
||
Configure behaviour |
||
Cross-domain single sign-on |
||
Authentication service |
||
User mapping |
||
User mapping |
||
User mapping |
||
Profile |
||
Timeout |
||
Timeout |
||
Cross-site scripting |
||
Cross-site scripting |