1 User Configuration Reference #
This is a quick reference section for all the user management configuration parameters. Note: Parameters marked with a small padlock (padlock) icon cannot be edited.
1.1 Infrastructure #
| Key | Description | Valid input |
|---|---|---|
| com.aris.umc.audit.enabled | Specifies whether further activi-ties of a logged-in user are saved in the user statistics. The system always logs who is logged in and when a user was logged in to the system the last time. If the value is true, the system logs the user who logged in and when a user last logged in to the system. In addition, the data rec-ords and database items that were changed by the logged-in user are logged, as well as the models or information most or least accessed. The user group of the logged-in user is also logged. | true, false |
| com.aris.umc.basicauth.tenant | Specifies that the default tenant is used for authentication. | String |
| com.aris.umc.cache.active | Specifies whether the read cache at the DAO level is activated. | true, false |
| com.aris.umc.client.connect.timeout | Specifies the duration after which a client's connection attempt is canceled. This is defined in milli-seconds. | Integer > 0 |
| com.aris.umc.client.connect.max | Specifies the maximum number of connections that may be estab-lished simultaneously. This is de-fined in milliseconds. | Integer > 0 |
| com.aris.umc.client.connect.perhost | Specifies the maximum number of connection attempts. | Integer > 0 |
| com.aris.umc.client.idle.timeout | Specifies the wait time timeout of the Administration REST client. This is defined in milliseconds. | Integer > 0 |
| com.aris.umc.client.read.timeout | Specifies the wait time timeout of the Administration REST client. This is defined in milliseconds. | Integer > 0 |
| com.aris.umc.client.retry.max | Specifies the maximum number of attempts. | Integer > 0 |
| com.aris.umc.config.cache.ttl | Specifies the valid duration of the configuration cache in seconds. The configuration is reloaded after the time set here. | Integer > 0 |
| com.aris.umc.config.encrypted | Comma-separated list of encrypt-ed property keys. For example, com.softwareag. aris.umc.ldap.service.pwd | List of strings |
| com.aris.umc.jaas.login.context | Specifies the login name for the JAAS context. For example, UMC-DB | String |
| com.aris.umc.remote.clients | Comma-separated list of client IPs that use the remote interface of Administration. | String |
| com.aris.umc.session.renewal.cache.size | Specifies the number of session IDs to be saved in the cache for session renewal. When the cache is full, the oldest session is deleted from the cache. | Integer > 0 |
| com.aris.umc.session.renewal.cache.ttl | Specifies how long a session that has just been renewed is to be saved in the cache for session renewal. The session can be re-newed after this period of time at the earliest. This is defined in seconds. | Integer > 0 |
| com.aris.umc.ssl.host.verification.active | Specifies whether the verification of the SSL host name is activated. Verification is enabled by default. | true, false |
| com.aris.umc.version | Build number of Administration. For example, 9.0.0-SNAPSHOT | String |
1.2 LDAP Connection #
| Key | Description | Valid input |
|---|---|---|
| com.aris.umc.ldap.active | Specifies whether the LDAP integration is activated. | true, false |
| com.aris.umc.ldap.attribute.memberof. resolveOnFirstLogin | If this property is set to true, the memberOf attribute is read and the referenced groups are automatically imported. The import of the groups occurs when a user from the group logs in for the first time. | true, false |
| com.aris.umc.ldap.user.attributes.paging.enabled | Specifies whether a page break is to be inserted if the server-side limit for valid values is exceeded for attributes. For example, if more than 1,500 attribute values exist. | true, false |
| com.aris.umc.ldap.auth.only | Specifies that only LDAP users may log in. This does not apply to the arissservice, guest, superuser, and system users. | true, false |
| com.aris.umc.ldap.auth.only | Specifies that only LDAP users may log in to a database | true, false |
| com.aris.umc.ldap.backup.url | Backup URL of the LDAP server. This URL is only used if the server cannot be reached via its primary URL. For example, ldap:0815bfs01.my.corp.com:389 | String |
| com.aris.umc.ldap.connection.concurrent | Specifies the maximum number of simultaneous connections to the same LDAP server. If additional connections are made, they are refused. | Integer > 0 |
| com.aris.umc.ldap.connection.concurrent.timeout | Specifies the maximum amount of time that a connection request may take if the maximum number of connections to the LDAP server was exceeded. | Integer > 0 |
| com.aris.umc.ldap.connection.pool.size | Specifies the maximum number of connections that are ready for reuse in a pool. The connection that was used last is discarded when the pool is full. | Integer > 0 |
| com.aris.umc.ldap.connection.pool.timeout | Specifies the maximum amount of time that a connection remains in a pool. The connection is removed from the pool at the latest after this period of time. | Integer > 0 |
| com.aris.umc.ldap.entity.cache.size | Specifies the maximum number of LDAP entities that are cached during an import. For example, 3500 | Integer > 0 |
| com.aris.umc.ldap.filter.group | Query filter for LDAP groups. For example, (&(objectClass=role)(name=y*)) | String |
| com.aris.umc.ldap.filter.user | Query filter for LDAP users. For example, (&(sAMAccountName=*)) | String |
| com.aris.umc.ldap.group.import.parent.enabled | Specifies whether the superior group is also to be imported automatically when importing the group. | true, false |
| com.aris.umc.ldap.group.searchpath | Semicolon-separated list of all LDAP search paths for user groups. Overwrites the list of general search paths. For example, OU\=distribution lists\,DC\=my,DC\=corp\,DC\=company\,DC\=com | String |
| com.aris.umc.ldap.searchpath | Comma-separated list of all LDAP search paths. For example, OU\=stadt\,OU\=location\, OU\=employees\,DC\=my\,DC\=corp\, DC\=company\,DC\=com | String |
| com.aris.umc.ldap.pagesize | Specifies the maximum number of entries that are loaded in a single LDAP query. | Integer > 0 |
| com.aris.umc.ldap.recursion.depth | Specifies the recursion depth that is to be used for nested groups and users. | 1 means one level, 0 means all |
| com.aris.umc.ldap.referral | Specifies how references to other LDAP systems are processed. | follow means that the recommendation is automatically followed. ignore means that the recommendations are ignored. throw means that the recommendations are checked. |
| com.aris.umc.ldap.service.pwd | Password of the LDAP user. | String |
| com.aris.umc.ldap.service.user | User name of LDAP user. | String |
| com.aris.umc.ldap.sync.skipOnFault | Specifies whether the LDAP import ignores users or user groups for which errors occurred without showing an error message. | true (without message), false (with error message) |
| com.aris.umc.ldap.timeout | Specifies the duration after which the attempt to connect to the LDAP server is canceled. This is defined in milliseconds. | Integer > 0 |
| com.aris.umc.ldap.url | Primary URL of the LDAP server. For example, ldap:0815bfs01.my.corp.company.com:389 | String |
| com.aris.umc.ldap.user.importOnLogin | Specifies whether an LDAP user is to be imported automatically during the login attempt. | true, false |
| com.aris.umc.ldap.user.searchpath | Semicolon-separated list of the LDAP search paths for users. Overwrites the list of general search paths. For example, OU\=employees\,DC\=my\,DC\=corp\, DC\=company\,DC\=com | String |
| com.aris.umc.loadbalancer.url | URL of the load balancer For example, https://yourserver.en | String |
1.3 LDAP Attribute Mapping #
| Key | Description | Valid input |
|---|---|---|
| com.aris.umc.ldap.attribute.distinguishedname | Attribute that contains the fully qualified name (distinguished name). | String |
| com.aris.umc.ldap.attribute.group.name | Attribute that contains the group name. | String |
| com.aris.umc.ldap.attribute.guid | Attribute that contains the LDAP GUID. | String |
| com.aris.umc.ldap.attribute.hasmember | Attribute that references the members of a group. | String |
| com.aris.umc.ldap.attribute.memberof | Attribute that references the group of a user. | String |
| com.aris.umc.ldap.attribute.objectclass | Attribute that contains the object class. | String |
| com.aris.umc.ldap.attribute.user.email | Attribute that contains the e-mail address of a user. | String |
| com.aris.umc.ldap.attribute.user.firstname | Attribute that contains the first name of a user. | String |
| com.aris.umc.ldap.attribute.user.lastname | Attribute that contains the last name of a user. | String |
| com.aris.umc.ldap.attribute.user.name | Attribute that contains the user name of a user. | String |
| com.aris.umc.ldap.group.attributes.userdefined | Comma-separated list of LDAP attributes that should be imported as user-defined attributes of a group. | String |
| com.aris.umc.ldap.group.objectclass | Object class of the LDAP groups. | String |
| com.aris.umc.ldap.user.attributes.userdefined | Comma-separated list of LDAP attributes that should be imported as user-defined attributes of a user. | String |
| com.aris.umc.ldap.user.objectclass | Object class of the LDAP user. | String |
1.4 User-defined Notifications #
| Key | Description | Valid input |
|---|---|---|
| com.aris.umc.notification.licenseExpired.enabled | Specifies whether administrators with the License management privilege are notified if a license has expired. | true, false |
| com.aris.umc.notification.licenseExpired.message | Specifies the text of the notification that is sent if a license has expired. | String |
| com.aris.umc.notification.licenseExpired.subject | Specifies the subject of the notification that is sent when a license has expired. | String |
| com.aris.umc.notification.licenseExpiring.enabled | Specifies whether administrators with the License management privilege are notified if a license is about to expire. | true, false |
| com.aris.umc.notification.licensselicenseExpiring.message | Specifies the text of the notification that is sent if a license is about to expire. | String |
| com.aris.umc.notification.licenseExpiring.subject | Specifies the subject of the notification that is sent when a license is about to expire. | String |
| com.aris.umc.notification.licenseExpiring.threshold | Specifies how many days before license expiration a notification is sent. | Integer > 0 |
| com.aris.umc.notification.licenseSeatsConsumed.enabled | Specifies whether administrators with the License management privilege are notified if the total number of logins allowed for the license is reached. | true, false |
| com.aris.umc.notification.licenseSeatsConsumed.message | Specifies the text of the notification that is sent if the total number of logins allowed for the license is reached. | String |
| com.aris.umc.notification.licenseSeatsConsumed.subject | Specifies the subject of the notification that is sent if the total number of logins allowed for the license is reached. | String |
| com.aris.umc.notification.passwordChanged.enabled | Specifies whether a user is to be notified after his password was changed. | true, false |
| com.aris.umc.notification.passwordChanged.enabled | Specifies whether the user is to be notified after his password was changed. | true, false |
| com.aris.umc.notification.passwordChanged.message | Specifies the text of the notification that is sent if a password is changed. | String |
| com.aris.umc.notification.passwordChanged.subject | Specifies the subject of the notification that is sent if a password is changed. | String |
| com.aris.umc.notification.passwordReset.enabled | Specifies that a user is to be notified after his password is reset. | true, false |
| com.aris.umc.notification.passwordReset.message | Specifies the text of the notification that is sent if a password is reset. | String |
| com.aris.umc.notification.passwordReset.subject | Specifies the subject of the notification that is sent if a password is reset. | String |
| com.aris.umc.notification.tenantDeleted.enabled | Specifies whether a notification is sent if a tenant was deleted. | true, false |
| com.aris.umc.notification.tenantDeleted.message | Specifies the text of the notification that is sent if a tenant was deleted. | String |
| com.aris.umc.notification.tenantDeleted.sendToAll.enabled | Specifies whether a notification is to be sent to all users. | true, false |
| com.aris.umc.notification.tenantDeleted.subject | Specifies the subject of the notification that is sent if a tenant was deleted. | String |
| com.aris.umc.notification.tenantDisabled.enabled | Specifies whether a notification is sent if a tenant was deactivated. | true, false |
| com.aris.umc.notification.tenantDisabled.message | Specifies the text of the notification that is sent if a tenant was deactivated. | String |
| com.aris.umc.notification.tenantDisabled.sendToAll.enabled | Specifies whether a notification is sent to all users if a tenant was deactivated. | true, false |
| com.aris.umc.notification.tenantDisabled.subject | Specifies the subject of the notification that is sent if a tenant was deactivated. | String |
| com.aris.umc.notification.tenantEnabled.enabled | Specifies whether a notification is sent if a tenant was activated. | true, false |
| com.aris.umc.notification.tenantEnabled.message | Specifies the text of the notification that is sent if a tenant was activated. | String |
| com.aris.umc.notification.tenantEnabled.sendToAll.enabled | Specifies whether a notification is sent to all users if a tenant was activated. | true, false |
| com.aris.umc.notification.tenantEnabled.subject | Specifies the subject of the notification that is sent if a tenant was activated. | String |
| com.aris.umc.notification.userCreated.enabled | Specifies whether a user is to be notified after he is created. | true, false |
| com.aris.umc.notification.userCreated.message | Specifies the text of the notification that is sent if a user is created. | String |
| com.aris.umc.notification.userCreated.subject | Subject of the notification when a user is created. | String |
| com.aris.umc.notification.userDisabled.enabled | Specifies whether a user is to be notified after he is deactivated. | true, false |
| com.aris.umc.notification.userDisabled.message | Specifies the text of the notification that is sent if a user is deactivated. | String |
| com.aris.umc.notification.userDisabled.subject | Specifies the subject of the notification that is sent if a user is deactivated. | String |
| com.aris.umc.notification.userEnabled.enabled | Specifies whether a user is to be notified after he is activated. | true, false |
| com.aris.umc.notification.userEnabled.message | Specifies the text of the notification that is sent if a user is activated. | String |
| com.aris.umc.notification.userEnabled.subject | Specifies the subject of the notification that is sent if a user is activated. | String |
1.5 Password Policies #
| Key | Description | Valid input |
|---|---|---|
| com.aris.umc.password.characters.lowercase.min | Specifies the minimum number of lowercase letters in a password. | Integer > 0 |
| com.aris.umc.password.characters.numeric.allowed | Specifies whether numbers are allowed in a password. | true, false |
| com.aris.umc.password.characters.numeric.min | Specifies the minimum number of numbers that must be contained in a password. | Integer > 0 |
| com.aris.umc.password.characters.special.allowed | Specifies whether special characters are allowed in a password. | true, false |
| com.aris.umc.password.characters.special.min | Specifies the minimum number of special characters in a password. | Integer > 0 |
| com.aris.umc.password.characters.special.set | Specifies which characters are special characters. For example, *$-+?&=!%{}/ _ | String |
| com.aris.umc.password.characters.uppercase.allowed | Specifies whether uppercase letters are allowed in a password. | true, false |
| com.aris.umc.password.characters.uppercase.min | Specifies the minimum number of uppercase letters in a password. | Integer > 0 |
| com.aris.umc.password.length.max | Specifies the maximum length of a password. | 0 < Integer > 47 |
| com.aris.umc.password.length.min | Specifies the minimum length of a password. | Integer > 0 |
| com.aris.umc.password.expiry.active | Specifies whether passwords are set to be valid only for a specific amount of time. This is defined for a single tenant. Once the password expires, the user is directed to a Web site enabling the password to be changed. Thereafter, the user is redirected to the application. | true, false |
| com.aris.umc.password.expiry.days | Specifies the period of time after which a password expires. This is defined for a single tenant. | Integer > 0 |
| com.aris.umc.password.change.forceOnFirstLogin | Specifies whether a user must change the password upon first login. This is defined for a single tenant. | true, false |
| com.aris.umc.password.change.forceAfterReset | Specifies whether a user must change the password if it was reset (and sent via e-mail). This is defined for a single tenant. | true, false |
| com.aris.umc.password.change.forceDifference | Specifies whether the new password must differ from the old one. This is defined for a single tenant. | true, false |
| com.aris.umc.password.reset.confirmation.active | Specifies whether a user must confirm a password reset. | true, false |
| com.aris.umc.password.reset.confirmation.ttl | Specifies the time in seconds during which a user can click the link sent by e-mail in order to confirm the password. | Integer > 0 |
1.6 SAML #
| Key | Description | Valid input |
|---|---|---|
| com.aris.umc.saml.active | Determines if SAML-based login is allowed | true, false |
| com.aris.umc.saml.assertion.timeoffset | Time offset between assertion producer and consumer (seconds) Assertions are accepted if they are received between $(assertionIssueTime-offset) and $(assertionExpiry+offset) | Integer >= 0 |
| com.aris.umc.saml.assertion.ttl | Maximum lifetime of SAML 2 assertions in seconds | Integer > 0 |
| com.aris.umc.saml.signature.provider | Provider class used to sign SAML assertions. | String |
| com.aris.umc.saml.signature.algorithm | Selects the algorithm used to sign assertions. | RSAwithSHA1 oder DSAwithSHA1 |
| com.aris.umc.saml.signature.assertion.active | Specifies if SAML assertions need to be signed. | true, false |
| com.aris.umc.saml.signature.request.active | Specifies if SAML requests need to be signed. | true, false |
| com.aris.umc.saml.keystore.alias | Alias name used to access the keystore. | String |
| com.aris.umc.saml.keystore.location | Location of the keystore file containing the key used to sign assertions. For example, ./keystore.jks | String |
| com.aris.umc.saml.keystore.password | Password used to access the keystore. | String |
| com.aris.umc.saml.keystore.type | Type of the keystore. For example, JKS | String |
| com.aris.umc.saml.login.mode.dn.active | Specifies if the login should be tried using the fully-qualified name instead of the username. | true, false |
| com.aris.umc.saml.login.mode.keyword.active | Specifies if the full-qualified name should be decomposed. | true, false |
| com.aris.umc.saml.login.mode.keyword.name | Specifies which part of the full-qualified name should be used for login. | String |
| com.aris.umc.saml.identity.provider.artifact.resolution.url | Endpoint of the SAML provider that is used to resolve SAML artifacts. | URL |
| com.aris.umc.saml.identity.provider.sso.url | Endpoint of the SAML provider used for SSO with POST binding. For example, http://mywsserver:8080/services/SAML | URL |
| com.aris.umc.saml.tenant | Tenant used for SAML-based login. | String |
| com.aris.umc.saml.truststore.alias | Alias name used to access the truststore. | String |
| com.aris.umc.saml.truststore.location | Location of the truststore file containing the key used to sign assertions. | String |
| com.aris.umc.saml.truststore.password | Password used to access the truststore. | String |
| com.aris.umc.saml.truststore.type | Type of the truststore. | String |
1.7 Users #
| Key | Description | Valid input |
|---|---|---|
| com.aris.umc.collaboration.picture.size.max | Specifies the maximum size of a profile picture in bytes. The default setting is 1048576 bytes. | Integer > 0 |
| com.aris.umc.users.admin.email | E-mail address of the administrator. | String |
| com.aris.umc.users.admin.name | Login name of the administrator in Administration. | String |
| com.aris.umc.users.admin.password | Specifies the initial password of the administrator in Administration. | String |
| com.aris.umc.users.email.required | Specifies whether the E-mail address box must be specified for a user. | true, false |
| com.aris.umc.users.email.validation.active | Specifies whether a check is performed when entering the e-mail address of a user to determine whether the e-mail address is valid. | true, false |
| com.aris.umc.users.name.length.max | Specifies the maximum length of the login names. | Integer > 0 |
| com.aris.umc.users.system.create | Specifies whether the user system is generated at startup if it does not exist yet. | true, false |
| com.aris.umc.users.system.email | E-mail address of the user system. | String |
| com.aris.umc.users.system.name | Login name of the user system. | String |
| com.aris.umc.users.system.password | Initial password of the user system. | String |
1.8 SMTP #
| Key | Description | Valid input |
|---|---|---|
| com.aris.umc.notification.debug | Activates debugging output. | true, false |
| com.aris.umc.notification.language | Specifies the default language in which notifications are sent. If this property is not defined, the server operating system language is used. | en |
| com.aris.umc.notification.queue | Specifies the maximum number of notifications allowed in a send queue. If the send queue is too full, all subsequent notifications are refused. | Integer > 0 |
| com.aris.umc.notification.sender | Sender address of e-mails. | String |
| com.aris.umc.notification.smtp.authentication | Specifies whether authentication to the SMTP server is to be used. | true, false |
| com.aris.umc.notification.smtp.host | Host name or IP address of the SMTP server. | String |
| com.aris.umc.notification.smtp.password | Password that is used for authentication to the SMTP server. | String |
| com.aris.umc.notification.smtp.port | SMTP port. | Integer greater than or equal to 0, but less than or equal to 65535 |
| com.aris.umc.notification.smtp.ssl | Use TLS for the connection to the SMTP server. | true, false |
| com.aris.umc.notification.smtp.ssl.mode | Specifies the method to be used for a trusted connection. STARTTLS or SSL can be used. STARTTLS extends an untrusted initial connection to an encrypted connection without requiring a specific port for the trusted connection. SSL establishes a trusted connection with a dedicated port immediately. | STARTTTLS, SSL |
| com.aris.umc.notification.smtp.timeout | Specifies the duration after which the attempt to connect to the SMTP server is canceled. This is defined in milliseconds. | Integer > 0 |
| com.aris.umc.notification.smtp.userName | User name that is used for the authentication. | String |
| com.aris.umc.Notification.threads | Specifies the maximum number of threads that are used for sending notifications. | Integer > 0 |
See also #
- Introduction
- Preparing Oracle Database
- Preparing SQL Server Database
- Preparing DB2 Database
- Upgrading Collaboration (from previous version)
- Configuring Collaboration User Management Component
- Starting and Stopping Collaboration Server
- Connecting Business Console to Collaboration
- Using Collaboration Cloud Controller (ACC)
- User Management Configuration
- ACC Command Reference