Properties reference
This reference covers agent configuration properties.
When you create the agent profile, you choose whether to store the agent configuration in AM’s configuration store or locally to the agent installation. The local configuration file syntax is the same as of a standard Java properties file.
Property aliases
A property alias specifies a path for a property. One property can have an unlimited number of aliases, however, an alias must be unique.
How the agent manages multiple aliases
When a property has multiple aliases, the agent evaluates the aliases in alphabetical order. If each alias specifies a different value for the property, the agent assigns the value specified by the first alias in the alphabetical order, and then propagates that value to the other aliases.
The following example assigns different values to a property with three aliases:
com.sun.identity.agents.app.username=AGENT3
com.sun.identity.agents.config.profilename=AGENT1
org.forgerock.agents.profile.name=AGENT2
The agent evaluates com.sun.identity.agents.app.username first
,
and propagates that value to the other aliases, resulting in this:
com.sun.identity.agents.app.username=AGENT3
com.sun.identity.agents.config.profilename=AGENT3
org.forgerock.agents.profile.name=AGENT3
How AM manages multiple aliases
Each version of AM recognizes a different group of agent aliases. When you are
using AM commands, such as ssoadm
to configure an agent, consider the
following points on using recognized and unrecognized aliases:
-
When you use a recognized alias in an
ssoadm
command (for example,com.sun.identity.agents.config.notenforced.ip.cache.size=2000
), the agent updates the value for the property represented by that alias.For the above example, Max Entries in Not-Enforced IP Cache is displayed as
2000
in the Application tab of the AM console. -
When you use an unrecognized alias in an
ssoadm
command (for example,org.forgerock.agents.notenforced.ip.cache.size=4000
), the agent creates a custom property.For the above example,
org.forgerock.agents.notenforced.ip.cache.size=4000
is displayed in Custom Properties, in the Advanced tab of the AM console. -
When a property is set by both a standard property and a custom property, the custom property takes precedence. The value of the standard property is not updated, and both values are displayed in the configuration.
Property files
The agent searches for local property files in a location defined by a property added to JAVA_OPTS
.
In Tomcat, the agent can take the file location from bin/setenv.sh
as follows:
JAVA_OPTS="$JAVA_OPTS -Dopenam.agents.bootstrap.dir=/path/to/agents/agent/agent_instance/config"
List of bootstrap properties
Property | Description | Function |
---|---|---|
Agent |
||
Profile, Required |
||
Profile, Required |
||
Authentication service, Required |
||
Authentication service, Required |
||
Authentication service, Required |
||
Authentication service, Required |
||
Agent, Required |
||
Monitoring |
||
Profile |
||
Connection pooling |
||
Connection pooling |
||
Connection pooling |
||
Notifications |
||
Notifications |
||
Global |
||
Encryption, Required |
||
Profile |
||
Session |
||
Connection pooling |
||
Connection pooling |
||
Not-enforced |
||
Profile |
||
Profile |
||
Audit |
||
Profile, Required |
||
Session |
||
Profile |
||
Policy enforcement |
||
POST data preservation |
||
Profile |
||
Connection pooling |
||
Policy enforcement |
||
Not-enforced |
||
Policy enforcement |
||
POST data preservation |
||
POST data preservation |
||
POST data preservation |
||
POST data preservation |
||
Miscellaneous, Required |
||
Miscellaneous |
||
Session |
||
Agent |
List of all properties
Property | Description (UI name) | Function |
---|---|---|
Access denied |
||
Logs |
||
Agent |
||
Profile, Required |
||
Profile, Required |
||
Agent |
||
Agent |
||
Agent |
||
Logout |
||
Authentication service, Required |
||
Authentication service, Required |
||
Authentication service, Required |
||
Authentication service, Required |
||
Custom login redirect, Default Login Redirect, Login redirect, Login Redirect (Default) |
||
Audit |
||
Audit |
||
Audit |
||
Login |
||
Login |
||
Authentication failure |
||
Authentication failure |
||
Authentication failure |
||
Cross-domain single sign-on, Required |
||
Agent, Required |
||
Bad configuration detection |
||
Bad configuration detection |
||
Bad configuration detection |
||
Client identification, Continuous security |
||
Client identification, Continuous security |
||
Client identification |
||
Client identification |
||
Logout |
||
Profile |
||
Container, Not-enforced |
||
Container, Not-enforced |
||
Continuous security |
||
Continuous security |
||
SSO cookie handling |
||
Cookie reset |
||
Attributes |
||
Monitoring |
||
Miscellaneous |
||
Fully qualified domain name |
||
Attributes |
||
Policy enforcement |
||
Profile |
||
Connection pooling |
||
Custom login redirect, Default Login Redirect, Login redirect, Login Redirect (Default) |
||
Cookie |
||
Fully qualified domain name |
||
Global |
||
Connection pooling |
||
Connection pooling |
||
Cookie |
||
Connection pooling |
||
Miscellaneous |
||
Cookie |
||
Audit |
||
Logout |
||
Not-enforced |
||
Not-enforced |
||
Notifications |
||
Notifications |
||
Notifications |
||
Notifications |
||
Policy enforcement |
||
POST data preservation |
||
Global |
||
Login |
||
Custom login redirect, Login redirect, SSO cookie handling |
||
User mapping |
||
Miscellaneous, Required |
||
Encryption, Required |
||
Authentication service, Encryption |
||
Profile |
||
SameSite |
||
Session |
||
Monitoring |
||
Attributes |
||
Fully qualified domain name |
||
Fragment |
||
Policy enforcement |
||
Global |
||
Authentication failure |
||
Global |
||
Global |
||
Global |
||
Global |
||
Global |
||
Connection pooling |
||
Miscellaneous |
||
Connection pooling |
||
Miscellaneous |
||
Not-enforced |
||
Not-enforced |
||
Not-enforced |
||
Policy enforcement |
||
Profile |
||
Profile |
||
Profile |
||
Custom login redirect, Default Login Redirect, Login redirect, Login Redirect (Default) |
||
Cookie |
||
Audit |
||
Audit |
||
Locale |
||
Locale |
||
Profile, Required |
||
Deprecated |
||
Deprecated |
||
Custom login redirect, Login redirect |
||
Login |
||
Logout |
||
Logout |
||
Logout |
||
Cookie, Pre-authentication |
||
Session |
||
Profile |
||
Not-enforced |
||
Not-enforced |
||
Policy enforcement |
||
POST data preservation |
||
Profile |
||
Connection pooling |
||
Cookie |
||
Policy enforcement |
||
POST data preservation |
||
Not-enforced |
||
Not-enforced |
||
Not-enforced |
||
Not-enforced |
||
Custom login redirect, Default Login Redirect, Login redirect, Login Redirect (Default) |
||
Policy enforcement |
||
Policy enforcement |
||
Policy enforcement |
||
POST data preservation |
||
POST data preservation |
||
Cookie, POST data preservation |
||
POST data preservation |
||
POST data preservation |
||
POST data preservation |
||
POST data preservation |
||
POST data preservation |
||
POST data preservation |
||
POST data preservation |
||
Policy enforcement |
||
Cookie, Pre-authentication |
||
Cookie, POST data preservation, Pre-authentication |
||
Attributes, Cookie reset, Profile |
||
Profile |
||
Miscellaneous, Required |
||
Query parameter |
||
Agent |
||
Miscellaneous |
||
Login |
||
Query parameter |
||
Query parameter |
||
Query parameter |
||
Cookie reset |
||
Cookie reset |
||
Cookie reset |
||
Attributes, Response |
||
Response |
||
Policy enforcement |
||
Configure behaviour |
||
Miscellaneous |
||
Attributes, Cookie reset, Session |
||
Session |
||
Session |
||
SameSite |
||
SameSite |
||
SSO cookie handling |
||
Agent |
||
Cross-domain single sign-on |
||
User mapping |
||
User mapping |
||
User mapping |
||
Profile |
||
Timeout |
||
Timeout |
||
Cross-site scripting |
||
Cross-site scripting |