Collaboration for Business Console - User Configuration Reference

1 User Configuration Reference #

This is a quick reference section for all the user management configuration parameters. Note: Parameters marked with a small padlock (padlock) icon cannot be edited.

1.1 Infrastructure #

Key Description Valid input
com.aris.umc.audit.enabled Specifies whether further activi-ties of a logged-in user are saved in the user statistics. The system always logs who is logged in and when a user was logged in to the system the last time. If the value is true, the system logs the user who logged in and when a user last logged in to the system. In addition, the data rec-ords and database items that were changed by the logged-in user are logged, as well as the models or information most or least accessed. The user group of the logged-in user is also logged. true, false
com.aris.umc.basicauth.tenant Specifies that the default tenant is used for authentication. String
com.aris.umc.cache.active Specifies whether the read cache at the DAO level is activated. true, false
com.aris.umc.client.connect.timeout Specifies the duration after which a client's connection attempt is canceled. This is defined in milli-seconds. Integer > 0
com.aris.umc.client.connect.max Specifies the maximum number of connections that may be estab-lished simultaneously. This is de-fined in milliseconds. Integer > 0
com.aris.umc.client.connect.perhost Specifies the maximum number of connection attempts. Integer > 0
com.aris.umc.client.idle.timeout Specifies the wait time timeout of the Administration REST client. This is defined in milliseconds. Integer > 0
com.aris.umc.client.read.timeout Specifies the wait time timeout of the Administration REST client. This is defined in milliseconds. Integer > 0
com.aris.umc.client.retry.max Specifies the maximum number of attempts. Integer > 0
com.aris.umc.config.cache.ttl Specifies the valid duration of the configuration cache in seconds. The configuration is reloaded after the time set here. Integer > 0
com.aris.umc.config.encrypted Comma-separated list of encrypt-ed property keys. For example, com.softwareag. aris.umc.ldap.service.pwd List of strings
com.aris.umc.jaas.login.context Specifies the login name for the JAAS context. For example, UMC-DB String
com.aris.umc.remote.clients Comma-separated list of client IPs that use the remote interface of Administration. String
com.aris.umc.session.renewal.cache.size Specifies the number of session IDs to be saved in the cache for session renewal. When the cache is full, the oldest session is deleted from the cache. Integer > 0
com.aris.umc.session.renewal.cache.ttl Specifies how long a session that has just been renewed is to be saved in the cache for session renewal. The session can be re-newed after this period of time at the earliest. This is defined in seconds. Integer > 0
com.aris.umc.ssl.host.verification.active Specifies whether the verification of the SSL host name is activated. Verification is enabled by default. true, false
com.aris.umc.version Build number of Administration. For example, 9.0.0-SNAPSHOT String

1.2 LDAP Connection #

Key Description Valid input
com.aris.umc.ldap.active Specifies whether the LDAP integration is activated. true, false
com.aris.umc.ldap.attribute.memberof. resolveOnFirstLogin If this property is set to true, the memberOf attribute is read and the referenced groups are automatically imported. The import of the groups occurs when a user from the group logs in for the first time. true, false
com.aris.umc.ldap.user.attributes.paging.enabled Specifies whether a page break is to be inserted if the server-side limit for valid values is exceeded for attributes. For example, if more than 1,500 attribute values exist. true, false
com.aris.umc.ldap.auth.only Specifies that only LDAP users may log in. This does not apply to the arissservice, guest, superuser, and system users. true, false
com.aris.umc.ldap.auth.only Specifies that only LDAP users may log in to a database true, false
com.aris.umc.ldap.backup.url Backup URL of the LDAP server. This URL is only used if the server cannot be reached via its primary URL. For example, ldap:0815bfs01.my.corp.com:389 String
com.aris.umc.ldap.connection.concurrent Specifies the maximum number of simultaneous connections to the same LDAP server. If additional connections are made, they are refused. Integer > 0
com.aris.umc.ldap.connection.concurrent.timeout Specifies the maximum amount of time that a connection request may take if the maximum number of connections to the LDAP server was exceeded. Integer > 0
com.aris.umc.ldap.connection.pool.size Specifies the maximum number of connections that are ready for reuse in a pool. The connection that was used last is discarded when the pool is full. Integer > 0
com.aris.umc.ldap.connection.pool.timeout Specifies the maximum amount of time that a connection remains in a pool. The connection is removed from the pool at the latest after this period of time. Integer > 0
com.aris.umc.ldap.entity.cache.size Specifies the maximum number of LDAP entities that are cached during an import. For example, 3500 Integer > 0
com.aris.umc.ldap.filter.group Query filter for LDAP groups. For example, (&(objectClass=role)(name=y*)) String
com.aris.umc.ldap.filter.user Query filter for LDAP users. For example, (&(sAMAccountName=*)) String
com.aris.umc.ldap.group.import.parent.enabled Specifies whether the superior group is also to be imported automatically when importing the group. true, false
com.aris.umc.ldap.group.searchpath Semicolon-separated list of all LDAP search paths for user groups. Overwrites the list of general search paths. For example, OU\=distribution lists\,DC\=my,DC\=corp\,DC\=company\,DC\=com String
com.aris.umc.ldap.searchpath Comma-separated list of all LDAP search paths. For example, OU\=stadt\,OU\=location\, OU\=employees\,DC\=my\,DC\=corp\, DC\=company\,DC\=com String
com.aris.umc.ldap.pagesize Specifies the maximum number of entries that are loaded in a single LDAP query. Integer > 0
com.aris.umc.ldap.recursion.depth Specifies the recursion depth that is to be used for nested groups and users. 1 means one level, 0 means all
com.aris.umc.ldap.referral Specifies how references to other LDAP systems are processed. follow means that the recommendation is automatically followed. ignore means that the recommendations are ignored. throw means that the recommendations are checked.
com.aris.umc.ldap.service.pwd Password of the LDAP user. String
com.aris.umc.ldap.service.user User name of LDAP user. String
com.aris.umc.ldap.sync.skipOnFault Specifies whether the LDAP import ignores users or user groups for which errors occurred without showing an error message. true (without message), false (with error message)
com.aris.umc.ldap.timeout Specifies the duration after which the attempt to connect to the LDAP server is canceled. This is defined in milliseconds. Integer > 0
com.aris.umc.ldap.url Primary URL of the LDAP server. For example, ldap:0815bfs01.my.corp.company.com:389 String
com.aris.umc.ldap.user.importOnLogin Specifies whether an LDAP user is to be imported automatically during the login attempt. true, false
com.aris.umc.ldap.user.searchpath Semicolon-separated list of the LDAP search paths for users. Overwrites the list of general search paths. For example, OU\=employees\,DC\=my\,DC\=corp\, DC\=company\,DC\=com String
com.aris.umc.loadbalancer.url URL of the load balancer For example, https://yourserver.en String

1.3 LDAP Attribute Mapping #

Key Description Valid input
com.aris.umc.ldap.attribute.distinguishedname Attribute that contains the fully qualified name (distinguished name). String
com.aris.umc.ldap.attribute.group.name Attribute that contains the group name. String
com.aris.umc.ldap.attribute.guid Attribute that contains the LDAP GUID. String
com.aris.umc.ldap.attribute.hasmember Attribute that references the members of a group. String
com.aris.umc.ldap.attribute.memberof Attribute that references the group of a user. String
com.aris.umc.ldap.attribute.objectclass Attribute that contains the object class. String
com.aris.umc.ldap.attribute.user.email Attribute that contains the e-mail address of a user. String
com.aris.umc.ldap.attribute.user.firstname Attribute that contains the first name of a user. String
com.aris.umc.ldap.attribute.user.lastname Attribute that contains the last name of a user. String
com.aris.umc.ldap.attribute.user.name Attribute that contains the user name of a user. String
com.aris.umc.ldap.group.attributes.userdefined Comma-separated list of LDAP attributes that should be imported as user-defined attributes of a group. String
com.aris.umc.ldap.group.objectclass Object class of the LDAP groups. String
com.aris.umc.ldap.user.attributes.userdefined Comma-separated list of LDAP attributes that should be imported as user-defined attributes of a user. String
com.aris.umc.ldap.user.objectclass Object class of the LDAP user. String

1.4 User-defined Notifications #

Key Description Valid input
com.aris.umc.notification.licenseExpired.enabled Specifies whether administrators with the License management privilege are notified if a license has expired. true, false
com.aris.umc.notification.licenseExpired.message Specifies the text of the notification that is sent if a license has expired. String
com.aris.umc.notification.licenseExpired.subject Specifies the subject of the notification that is sent when a license has expired. String
com.aris.umc.notification.licenseExpiring.enabled Specifies whether administrators with the License management privilege are notified if a license is about to expire. true, false
com.aris.umc.notification.licensselicenseExpiring.message Specifies the text of the notification that is sent if a license is about to expire. String
com.aris.umc.notification.licenseExpiring.subject Specifies the subject of the notification that is sent when a license is about to expire. String
com.aris.umc.notification.licenseExpiring.threshold Specifies how many days before license expiration a notification is sent. Integer > 0
com.aris.umc.notification.licenseSeatsConsumed.enabled Specifies whether administrators with the License management privilege are notified if the total number of logins allowed for the license is reached. true, false
com.aris.umc.notification.licenseSeatsConsumed.message Specifies the text of the notification that is sent if the total number of logins allowed for the license is reached. String
com.aris.umc.notification.licenseSeatsConsumed.subject Specifies the subject of the notification that is sent if the total number of logins allowed for the license is reached. String
com.aris.umc.notification.passwordChanged.enabled Specifies whether a user is to be notified after his password was changed. true, false
com.aris.umc.notification.passwordChanged.enabled Specifies whether the user is to be notified after his password was changed. true, false
com.aris.umc.notification.passwordChanged.message Specifies the text of the notification that is sent if a password is changed. String
com.aris.umc.notification.passwordChanged.subject Specifies the subject of the notification that is sent if a password is changed. String
com.aris.umc.notification.passwordReset.enabled Specifies that a user is to be notified after his password is reset. true, false
com.aris.umc.notification.passwordReset.message Specifies the text of the notification that is sent if a password is reset. String
com.aris.umc.notification.passwordReset.subject Specifies the subject of the notification that is sent if a password is reset. String
com.aris.umc.notification.tenantDeleted.enabled Specifies whether a notification is sent if a tenant was deleted. true, false
com.aris.umc.notification.tenantDeleted.message Specifies the text of the notification that is sent if a tenant was deleted. String
com.aris.umc.notification.tenantDeleted.sendToAll.enabled Specifies whether a notification is to be sent to all users. true, false
com.aris.umc.notification.tenantDeleted.subject Specifies the subject of the notification that is sent if a tenant was deleted. String
com.aris.umc.notification.tenantDisabled.enabled Specifies whether a notification is sent if a tenant was deactivated. true, false
com.aris.umc.notification.tenantDisabled.message Specifies the text of the notification that is sent if a tenant was deactivated. String
com.aris.umc.notification.tenantDisabled.sendToAll.enabled Specifies whether a notification is sent to all users if a tenant was deactivated. true, false
com.aris.umc.notification.tenantDisabled.subject Specifies the subject of the notification that is sent if a tenant was deactivated. String
com.aris.umc.notification.tenantEnabled.enabled Specifies whether a notification is sent if a tenant was activated. true, false
com.aris.umc.notification.tenantEnabled.message Specifies the text of the notification that is sent if a tenant was activated. String
com.aris.umc.notification.tenantEnabled.sendToAll.enabled Specifies whether a notification is sent to all users if a tenant was activated. true, false
com.aris.umc.notification.tenantEnabled.subject Specifies the subject of the notification that is sent if a tenant was activated. String
com.aris.umc.notification.userCreated.enabled Specifies whether a user is to be notified after he is created. true, false
com.aris.umc.notification.userCreated.message Specifies the text of the notification that is sent if a user is created. String
com.aris.umc.notification.userCreated.subject Subject of the notification when a user is created. String
com.aris.umc.notification.userDisabled.enabled Specifies whether a user is to be notified after he is deactivated. true, false
com.aris.umc.notification.userDisabled.message Specifies the text of the notification that is sent if a user is deactivated. String
com.aris.umc.notification.userDisabled.subject Specifies the subject of the notification that is sent if a user is deactivated. String
com.aris.umc.notification.userEnabled.enabled Specifies whether a user is to be notified after he is activated. true, false
com.aris.umc.notification.userEnabled.message Specifies the text of the notification that is sent if a user is activated. String
com.aris.umc.notification.userEnabled.subject Specifies the subject of the notification that is sent if a user is activated. String

1.5 Password Policies #

Key Description Valid input
com.aris.umc.password.characters.lowercase.min Specifies the minimum number of lowercase letters in a password. Integer > 0
com.aris.umc.password.characters.numeric.allowed Specifies whether numbers are allowed in a password. true, false
com.aris.umc.password.characters.numeric.min Specifies the minimum number of numbers that must be contained in a password. Integer > 0
com.aris.umc.password.characters.special.allowed Specifies whether special characters are allowed in a password. true, false
com.aris.umc.password.characters.special.min Specifies the minimum number of special characters in a password. Integer > 0
com.aris.umc.password.characters.special.set Specifies which characters are special characters. For example, *$-+?&=!%{}/ _ String
com.aris.umc.password.characters.uppercase.allowed Specifies whether uppercase letters are allowed in a password. true, false
com.aris.umc.password.characters.uppercase.min Specifies the minimum number of uppercase letters in a password. Integer > 0
com.aris.umc.password.length.max Specifies the maximum length of a password. 0 < Integer > 47
com.aris.umc.password.length.min Specifies the minimum length of a password. Integer > 0
com.aris.umc.password.expiry.active Specifies whether passwords are set to be valid only for a specific amount of time. This is defined for a single tenant. Once the password expires, the user is directed to a Web site enabling the password to be changed. Thereafter, the user is redirected to the application. true, false
com.aris.umc.password.expiry.days Specifies the period of time after which a password expires. This is defined for a single tenant. Integer > 0
com.aris.umc.password.change.forceOnFirstLogin Specifies whether a user must change the password upon first login. This is defined for a single tenant. true, false
com.aris.umc.password.change.forceAfterReset Specifies whether a user must change the password if it was reset (and sent via e-mail). This is defined for a single tenant. true, false
com.aris.umc.password.change.forceDifference Specifies whether the new password must differ from the old one. This is defined for a single tenant. true, false
com.aris.umc.password.reset.confirmation.active Specifies whether a user must confirm a password reset. true, false
com.aris.umc.password.reset.confirmation.ttl Specifies the time in seconds during which a user can click the link sent by e-mail in order to confirm the password. Integer > 0

1.6 SAML #

Key Description Valid input
com.aris.umc.saml.active Determines if SAML-based login is allowed true, false
com.aris.umc.saml.assertion.timeoffset Time offset between assertion producer and consumer (seconds) Assertions are accepted if they are received between $(assertionIssueTime-offset) and $(assertionExpiry+offset) Integer >= 0
com.aris.umc.saml.assertion.ttl Maximum lifetime of SAML 2 assertions in seconds Integer > 0
com.aris.umc.saml.signature.provider Provider class used to sign SAML assertions. String
com.aris.umc.saml.signature.algorithm Selects the algorithm used to sign assertions. RSAwithSHA1 oder DSAwithSHA1
com.aris.umc.saml.signature.assertion.active Specifies if SAML assertions need to be signed. true, false
com.aris.umc.saml.signature.request.active Specifies if SAML requests need to be signed. true, false
com.aris.umc.saml.keystore.alias Alias name used to access the keystore. String
com.aris.umc.saml.keystore.location Location of the keystore file containing the key used to sign assertions. For example, ./keystore.jks String
com.aris.umc.saml.keystore.password Password used to access the keystore. String
com.aris.umc.saml.keystore.type Type of the keystore. For example, JKS String
com.aris.umc.saml.login.mode.dn.active Specifies if the login should be tried using the fully-qualified name instead of the username. true, false
com.aris.umc.saml.login.mode.keyword.active Specifies if the full-qualified name should be decomposed. true, false
com.aris.umc.saml.login.mode.keyword.name Specifies which part of the full-qualified name should be used for login. String
com.aris.umc.saml.identity.provider.artifact.resolution.url Endpoint of the SAML provider that is used to resolve SAML artifacts. URL
com.aris.umc.saml.identity.provider.sso.url Endpoint of the SAML provider used for SSO with POST binding. For example, http://mywsserver:8080/services/SAML URL
com.aris.umc.saml.tenant Tenant used for SAML-based login. String
com.aris.umc.saml.truststore.alias Alias name used to access the truststore. String
com.aris.umc.saml.truststore.location Location of the truststore file containing the key used to sign assertions. String
com.aris.umc.saml.truststore.password Password used to access the truststore. String
com.aris.umc.saml.truststore.type Type of the truststore. String

1.7 Users #

Key Description Valid input
com.aris.umc.collaboration.picture.size.max Specifies the maximum size of a profile picture in bytes. The default setting is 1048576 bytes. Integer > 0
com.aris.umc.users.admin.email E-mail address of the administrator. String
com.aris.umc.users.admin.name Login name of the administrator in Administration. String
com.aris.umc.users.admin.password Specifies the initial password of the administrator in Administration. String
com.aris.umc.users.email.required Specifies whether the E-mail address box must be specified for a user. true, false
com.aris.umc.users.email.validation.active Specifies whether a check is performed when entering the e-mail address of a user to determine whether the e-mail address is valid. true, false
com.aris.umc.users.name.length.max Specifies the maximum length of the login names. Integer > 0
com.aris.umc.users.system.create Specifies whether the user system is generated at startup if it does not exist yet. true, false
com.aris.umc.users.system.email E-mail address of the user system. String
com.aris.umc.users.system.name Login name of the user system. String
com.aris.umc.users.system.password Initial password of the user system. String

1.8 SMTP #

Key Description Valid input
com.aris.umc.notification.debug Activates debugging output. true, false
com.aris.umc.notification.language Specifies the default language in which notifications are sent. If this property is not defined, the server operating system language is used. en
com.aris.umc.notification.queue Specifies the maximum number of notifications allowed in a send queue. If the send queue is too full, all subsequent notifications are refused. Integer > 0
com.aris.umc.notification.sender Sender address of e-mails. String
com.aris.umc.notification.smtp.authentication Specifies whether authentication to the SMTP server is to be used. true, false
com.aris.umc.notification.smtp.host Host name or IP address of the SMTP server. String
com.aris.umc.notification.smtp.password Password that is used for authentication to the SMTP server. String
com.aris.umc.notification.smtp.port SMTP port. Integer greater than or equal to 0, but less than or equal to 65535
com.aris.umc.notification.smtp.ssl Use TLS for the connection to the SMTP server. true, false
com.aris.umc.notification.smtp.ssl.mode Specifies the method to be used for a trusted connection. STARTTLS or SSL can be used. STARTTLS extends an untrusted initial connection to an encrypted connection without requiring a specific port for the trusted connection. SSL establishes a trusted connection with a dedicated port immediately. STARTTTLS, SSL
com.aris.umc.notification.smtp.timeout Specifies the duration after which the attempt to connect to the SMTP server is canceled. This is defined in milliseconds. Integer > 0
com.aris.umc.notification.smtp.userName User name that is used for the authentication. String
com.aris.umc.Notification.threads Specifies the maximum number of threads that are used for sending notifications. Integer > 0

See also #