Oracle® Access Manager Customization Guide 10g (10.1.4.0.1) Part Number B25345-01 |
|
|
View PDF |
Oracle Access Manager provides a simple means for users to modify the way it operates, by changing the content of specified parameter files, also called catalog files. This appendix describes the file format, provides a list of the files, and describes values within them that you can change to customize Oracle Access Manager system operation.
All of the parameter files are located relative to the Identity System or Access System installation directory, which could be, for example:
On Windows, an example of the installation directory could be c:\OAM\identity\oblix
or c:\OAM\access\oblix
On Unix, an example would be /var/OAM/identity/oblix or /var/OAM/access/oblix
At times this manual refers to the installation directory as the component_install_dir.
Note: The remainder of this discussion will refer to paths relative to the installation directory, and will use the path separator / . This is to aid readability; it also happens to be the correct syntax for UNIX systems and URLs, as well as relative paths for external references within XML and other files. When referring to file paths on disk, Windows users should replace / with \ as necessary. |
The parameter files can be viewed as belonging to one of several categories, distinguished by the type of parameters they contain:
Parameters that affect the administration of Identity applications: User Manager Configuration, Group Manager Configuration, Org. Manager Configuration.
Parameters that affect the Identity applications and end user functions: User Manager, Group Manager, Org. Manager, Asynch Mailer, Password Management, Query Builder, Selector.
Parameters whose effects are common across applications: the user applications, the administrative applications and the Comm Server (a binary streaming data module).
Parameters that affect Oracle Access Manager interaction with the directory server, further subcategorized as follows: user, group, organization, application, configuration, workflow, and LDAP referential integrity.
Parameters that affect Oracle Access Manager multi-tier architecture, for example, the WebPass Web application, or the Identity Server engine.
Parameters that control each category in the previous list reside in one of the following files:
apps/admin/bin/objservcenteradminparams.xml
apps/admin/bin/frontpageadminparams.xml
apps/userservcenter/bin/userservcenterparams.xml
apps/userservcenter/bin/usc_wf_params.xml
apps/groupservcenter/bin/groupservcenterparams.xml
apps/groupservcenter/bin/gscaclparams.xml
apps/groupservcenter/bin/gsc_wf_params.xml
apps/objservcenter/bin/objservcenterparams.xml
apps/objservcenter/bin/osc_wf_params.xml
apps/asynch/bin/asynchparams.xml
apps/querybuilder/bin/querybuilderparams.xml
apps/selector/bin/selectorparams.xml
apps/common/bin/globalparams.xml
apps/common/bin/oblixadminparams.xml
apps/common/bin/oblixappparams.xml
apps/common/bin/oblixbaseparams.xml
apps/common/bin/comm_serverparams.xml
Directory Interaction Parameters
data/common/appdbparams.xml
data/common/configdbparams.xml
data/common/userdbparams.xml
data/common/groupdbparams.xml
data/common/objectdbparams.xml
data/common/workflowdbparams.xml
data/common/ldapappdbparams.xml
data/common/ldapconfigdbparams.xml
data/common/basedbparams.xml
data.ldap/common/ldapreferentialintegrityparams.xml
Oracle Access Manager Multi-tier Architecture Parameters
apps/webpass/bin/webpass.xml
The parameter files are read once, when the Identity System or Access System starts up. You can modify the parameter files in-place using a text editor or an XML editor. The changes will not take effect until the next time the Identity or Access Server starts up.
It is always a good idea to make a backup copy of all the files before you edit them so that you have a known state to roll back to if you make a mistake.
The parameter files are not validated by Oracle Access Manager. If you see unexpected behavior after making changes, check the Identity System log files located under IdentityServer_install_dir/identity/oblix/logs for error messages that might help you locate the problem. When editing XML files it is relatively easy to break the XML syntax, for instance by omitting a closing tag. Oracle recommends that you use an XML editor instead of a conventional text editor.
If more than one Identity or Access Server is installed, a set of catalog files will have been installed under the component_install_dir of each server instance. If you want your changes to affect all installed servers, propagate the changes to all instances.
Some parameters exist in more than one file. When this occurs, Oracle Access Manager resolves the value using the following heuristics. In all cases, the search stops as soon as the parameter is found:
User Application Parameters
The application-specific parameter file (under the application directory for User Manager, Group Manager, and so on), is searched first.
Then, the oblixappparams.xml file is searched.
Then, the oblixbaseparams.xml file is searched.
Admin Application Parameters
The set of application-specific administration parameter files (User Manager Admin, Group Manager Admin, and so on) are searched first.
Then, the oblixadminparams.xml file is searched.
Then, the oblixbaseparams.xml file is searched.
Directory (DB) Parameters
The set of parameter files specific to the DB (ldapuserdbparams, and so on) are searched first.
Then, the default DB parameter files (userdbparams.xml, appdbparams.xml, and so on) are searched.
Then, the basedbparams.xml file is searched.
Parameter files are expressed in XML. They have a simple structure, and make extensive use of user-friendly names to aid in working with the files.
When working with parameter files, it is essential that you limit your changes to only the text falling within quotation marks and strictly follow the rules for each kind of change.
The following excerpt is from the userservcenterparams.xml file. Methods for providing the parameter values are highlighted in bold in the following example and discussed after the example.
<?xml version="1.0" ?> <ParamsCtlg xmlns="http://www.oblix.com" CtlgName="userservcenterparams"> <CompoundList ListName=""> <SimpleList> <NameValPair ParamName="top_frame" Value="_top" /> <NameValPair ParamName="top_main_frame" Value="main_frame" /> <NameValPair ParamName="min_location_area" Value="400" /> </SimpleList> <ValList ListName="search_result_views"> <ValListMember Value="table_view" /> <ValListMember Value="custom_view" /> </ValList> <SimpleList> <NameValPair ParamName="ObEnhanceSearch" Value="true" /> </SimpleList> <ValNameList ListName="ObEnhanceSearchList"> <NameValPair ParamName="OOS" Value="That Contains" /> ... ... <NameValPair ParamName="OSL" Value="That Sounds Like" /> </ValNameList> <SimpleList> <NameValPair ParamName="navbar_bgcolor" Value="#669966" /> </SimpleList> </CompoundList> </ParamsCtlg>
There are three methods of providing parameter values. These are shown in bold in the previous excerpt:
<SimpleList>
The SimpleList
element provides a simple list of NameValPair elements giving parameter names and their values. The parameter names (ParamName ) are known to the Identity Server Manager and are expected to be present. The parameter names and legal values, for this and the other methods, are provided under "Parameter Reference".
<ValList ListName="search_result_views">
The ValList element provides a list of options, such as methods of execution or a choice of display format, as a set of ValListMember elements that are available to the Identity System. The name of the method or format goes in the value attribute. These names are predefined and cannot be changed. You can enhance flexibility for the Identity System by adding a new ValListMember entry. You can reduce functionality by removing a ValListMember element. For example, if you remove the line
<ValListMember Value="custom_view"/>
the Identity System is no longer able to display a custom view.
For this type of change, the Parameter Name column in the tables that follow actually shows the ListName.
<ValNameList ListName="ObEnhanceSearchList">
The ValNameList element is similar to the SimpleList element, because it provides a list of NameValPair elements. Oracle Access Manager generally uses ValNameList parameters to construct pull-down menus in the GUI. The list includes a parameter name (ParamName) and a value for the text describing it. The parameter names are predefined and cannot be changed. You may add them to the list, remove them from the list, or change the text displayed for the parameter in the GUI pull-down menu by changing the content of the value attribute.
For example, if you remove the line
<NameValPair ParamName="OOS" Value="That Contains" />
OOS will no longer appear as a search option. If instead you change the line to the following
<NameValPair ParamName="OOS" Value="That Holds" />
OOS will be described as "That Holds" in the GUI pull-down menu.
For this type of change, the Parameter Name column in the tables shows the ListName.
The following tables describe the parameters that may be present in each parameter file.
The key to the table columns is as follows:
Parameter Name: The name of the parameter. In some cases, a parameter takes a set of subordinate parameters, whose names are listed.
Description: What the parameter is used for.
Default Value: The factory default value in the file when installed.
Possible Values: Alternative values that you can enter for the parameter.
Table B-1 userservcenterparams.xml
Parameter Name | Description | Default Value | Possible Values |
---|---|---|---|
|
The area allocated for the location GIF. This depends on each customer's location image. |
|
A positive integer |
|
The background color for the application navigation bar. This is the value in the obbgcolor attribute of the ObNavbar element. |
|
Any RGB value |
|
Enables extended search user interface and functionality. |
|
|
|
If the ObEnhanceSearch parameter is set to
The value text in parentheses describes the semantics of each value, and is also the default text displayed to the user in the list. You can change the display text in the catalog. In the user interface the ParamName, Oxx, is not displayed. It is an operation code sent to the application doing the search. |
See the description |
All applications:
|
|
Display format for User Manager search results. User Manager supports table format and custom format. |
|
|
|
The minimum number of characters that the user must provide to perform a search operation. Note: This parameter does not appear in the installed version of this file. If you add this parameter, it applies only to the User Manager. |
|
Or any positive integer |
|
Name of the top browser frame in the User Manager. |
|
A frame name |
|
Name of the main browser frame in the User Manager. |
|
A frame name |
Table B-2 groupservcenterparams.xml
Parameter Name | Description | Default Value | Possible Values |
---|---|---|---|
|
The minimum length of the search string that the user must enter to do a member search. This is used only in the Group Manager View Members page, where the user can search for members using specific search criteria. A value of 0 enables the user to do a blank search where the application displays all the members of the group. If this parameter has any other value, then the user can only do a search if the search string has at least that many characters. |
|
Any positive integer, including zero |
|
The background color for application navigation bar. The value is presented in the obbgcolor attribute of the ObNavbar element. |
|
Any RGB value |
|
This parameter controls the of search conditions in the Search toolbar. The name is a search condition understood by the application. The value is a display name that appears in the selection menu.
|
See the description |
|
|
When a search is performed in Organization Manager these are the possible display format(s) for the results. Any combination of these values is allowed. The absence of any one of these values disables that search result's view format. |
|
|
|
The minimum number of characters that the user must provide as the basis for a search. This overrides, for Organization Manager only, the value provided in the oblixappparams.xml file. Note: This parameter does not appear in the installed version of this file. If you add this parameter, the value applies only to Group Manager. |
|
Any positive, non-zero integer |
Table B-3 objservcenterparams.xml
Parameter Name | Description | Default Value | Possible Values |
---|---|---|---|
|
The background color for application navigation bar. The value is presented in the obbgcolor attribute of ObNavbar element. |
|
Any RGB value |
|
A list of search conditions in the search toolbar. The name is a search condition understood by the application. The value in parenthesis is displayed on the selection menu, as follows:
|
See the description |
See the description |
|
When a search is performed in Organization Manager these are the possible display format(s) for the results. Any combination of these values is allowed. The absence of any one of them disables that search results view format. |
|
|
|
The minimum number of characters that the user must provide as the basis for a search. This overrides, for Organization Manager only, the value provided in the oblixappparams.xml file. Note: This parameter does not appear in the installed version of this file. If you add it, the value applies only to Organization Manager. |
|
Any positive, non-zero integer |
Table B-4 gsc_wf_params.xml, osc_wf_params.xml, usc_wf_params.xml
Parameter Name | Description | Default Value | Possible Values |
---|---|---|---|
A compound list for a workflow type |
This compound list contains detailed parameters for each of the workflow types shown in the Possible Values column. Under each workflow type there appears a set of actions compound lists, as explained in the next parameter in this table. |
None |
|
Actions compound list |
The compound list for a workflow type contains one action compound list for each valid action for that workflow type. For example:
Under each of these there is a set of parameters and values, as described in the rest of this table. |
None |
|
|
File name of the archive file. |
None |
Correct file name |
|
File name of the deactivated users archive file. |
None |
Correct file name |
|
Excludes an attribute(s) from showing up in relevant data |
None |
Attribute name in the schema. For SecureWay, gsc_wf_params.xml is replaced by gsc_wf_params-sw.xml during setup. |
|
A
|
None |
|
|
Flag indicating whether the entry should be committed before the user action for this action, for example: activate, deactivate. |
|
|
|
A ValList for which the member values may be any of the items in the Possible Values column. These are allowed roles for the person to be notified. |
None |
previous step owner current step participants next step participants initiator |
|
Allowed number of occurrences for each action. |
None |
n |
|
A ValList for which the member values may be any of the items in the Possible Values column. These are allowed roles for the participant. |
None |
|
|
A ValList, which is a list of possible actions that may occur before this one. |
None |
any action name. |
|
A ValList for which the member values may be any of the items in the Possible Values column. These are possible types of relevant data for this action. |
None |
|
|
A ValList for which the member values may be any of the items in the Possible Values column. These are a set of allowed subscription policies. |
None |
|
|
A flag that indicates if a user action is required for a particular action. For example, the |
None |
|
|
A compound list of names for the different workflow types. These names should be easy for users to recognize. |
None |
Can be any meaningful string for the workflow type |
|
Workflow date formats. |
None |
|
|
A single character used to separate the YMD parts of a date provided in |
/ (slash) |
/ (slash) - (hyphen) . (period)
(space) |
|
Signals if a step with that action can be the first step for that particular type of workflow. You cannot add to the set of permitted first steps, however you can remove items from this set of steps on a per-workflow-type basis. For example, you cannot make the Note: Oracle does not recommend that you change the values for these parameters. |
|
|
Parameter Name | Description | Default Value | Possible Values |
---|---|---|---|
|
The DN of a user who is allowed to do asynchronous operations. |
none |
Any valid user DN |
|
Duration for which the mailer goes to sleep, then wakes up to send the pending mail. |
|
Any positive integer value, in seconds |
|
Queue wait time for the global mail queue. |
|
Any positive integer value, in milliseconds |
Table B-6 querybuilderparams.xml
Parameter Name | Description | Default Value | Possible Values |
---|---|---|---|
|
This is used to set the back ground color of the navigation bar in Query Builder. |
|
Any RGB value |
|
List of search conditions in the Query Builder filter toolbar.
|
As listed under Description |
As listed under Description |
Parameter Name | Description | Default Value | Possible Values |
---|---|---|---|
|
This is used to set the background color of the navigation bar in the Selector. |
|
Any RGB value |
|
List of search conditions in the Search toolbar. The value is the search condition display name that appears in the selection menu that is used by the application. |
|
The same, plus:
|
Table B-8 frontpageadminparams.xml
Parameter Name | Description | Default Value | Possible Values |
---|---|---|---|
|
The area allocated for the location GIF. This depends on each customer's location image. |
|
A positive integer |
|
Name of the top frame in User Manager application. |
|
A frame name |
|
Name of the main frame in User Manager application |
|
A frame name |
Parameter Name | Description | Default Value | Possible Values |
---|---|---|---|
|
Position of the |
headers |
Auth user location in the request, for example,
|
|
The escaped string representation of the ' Note: When a ' |
|
|
|
If this parameter is set to true, (the default), the browser is does not cache the page. If it is set to false, it will cache. You can set this value in the globalparams.xml file, or you can pass it on the URL. |
|
|
|
Indicates whether the attribute access control should be bypassed for directory administrators. |
|
|
|
In the directory schema, the obcompounddata attribute stores multivalued data in XML format. Some directories restrict the size of attribute values. In cases where obcompounddata overflows, you can chunk the obcompounddata value and store it as a multivalued attribute. The default chunk size and threshold value for when the data can be chunked can be specified on this parameter. |
|
The default of |
|
The domain that is used when setting a cookie. The default is the computer name. This is usually used if you have set up something like DNS round-robin for better performance or server failover. |
"" |
"" or, for example, oracle.com |
|
Cookie delimiter used for compacting the various cookies. Do not change the # value. |
Do not change |
Do not change |
|
Maximum cookie size. |
|
Integer value = 4096 |
|
The interval at which an attempt is made to restore broken connections to the database. Increasing this parameter lessens the risk of thrashing due to failed write attempts. |
|
Integer value, in seconds |
|
During database auditing, data must be truncated after it exceeds a certain limit for insert operations to work on SQL Server and the Oracle database. This parameter decides the limit for truncation as follows: For Oracle Access Manager 7.0.x, if set to false, audit data is truncated, that is, the limit is set, at 255 characters. For Oracle Access Manager 10.1.4.0.1, if set to false, audit data is truncated to 255 characters for the Oracle database and 170 characters for the SQL Server database. For all releases, if set to true, audit data is truncated to the length of the column in the audit schema. |
false |
false Note: For an Oracle database with an OCI connection type, set the value to false. Truncation to the length of the column is not supported for the OCI connection type. When an OCI connection type is used, the size limit is 255 characters. |
|
If the directory is Active Directory, NDS, or iPlanet5, when a user is deactivated, the application uses a directory-native deactivate feature to disable the account. This feature is enabled by default. |
|
false |
|
The escaped string representation of the "$" character as returned by the directory server. This is used in context of the ObDPostalAddress display type. Since "$" is the delimiter in a postal address string, some directory servers return it in escaped format. For example, NDS returns it as "\$", Netscape returns it as "\24". NOTE that when a '$' is part of the attribute value itself, it should be escaped and sent as "\24" as discussed in RFC 2252. |
|
and so on |
|
If a directory server does not support concurrent binds on the same LDAP connection, this parameter ensures that the binds are serialized on the connection. This ensures that multiple connections can be established and that the load is balanced on these connections. This value is set to true for NDS and cannot be changed. NDS does not support concurrent binds on a single LDAP connection. For any other directory that does not support concurrent binds on a single LDAP connection, you must add this parameter with a value of true to the globalparams file. |
|
|
|
When there are many users under the same parent node, the performance of the user interface control (a Java applet) that enables you to graphically expand the node is adversely affected. This parameter enables you to specify a list of object classes for which expansion should not be performed. |
|
Object classes that the customer wants to exclude |
|
This parameter controls the space that Oracle Access Manager allocates to a buffer. |
|
Integer |
|
Used in configuring directory server failover. Specifies the amount of time Identity and Access Servers wait to establish a connection with the directory server. If a connection with the directory server is not established within this time, the Identity and Access Servers assume that the directory is down or not reachable, and the servers start establishing connections with the other directory servers. See the section on failover in the Oracle Access Manager Deployment Guide for details. |
|
A positive integer, in milliseconds -1: Wait for the duration of the platform's connection timeout. If in this time a connection is not established, assume that the directory is down and start establishing connections with another directory server. |
|
Indicates if the Identity and Access Servers should proactively identify when a directory server is down. Oracle recommends that you enable this function. Note that if your network is slow and |
|
|
|
HTML support for message catalog changes. |
|
Any valid HTML tag |
|
HTML support for Message Catalog changes. |
|
Any valid HTML tag |
|
If using ADSI instead of LDAP to connect to Active Directory, this parameter is set to true. |
None |
|
|
The |
false |
|
|
This parameter lists all the supported data stores:
|
|
See the description |
|
This parameter contains all the necessary input information for running Oracle Access Manager in different locale modes. charset is character set, language is current language, doUtf Conversion indicates whether to do UTF conversion or not. |
|
charset: Any valid character set language: Any valid language doUtf Conversion: NO or |
|
If logRequestUrl is set to true, a URL is set to log requests. It is used by WebPass. |
false |
|
|
Defines the directory agent cache size. |
|
Any positive integer |
|
This parameter must be set to retrieve members from groups that have a large number of static members. This parameter is used for Active Directory 2000 and Active Directory 2003. |
|
The default value is |
|
Name of the authentication user variable for a Netscape or IIS Web server |
|
Authentication user variable name. For example,
|
|
How long (in seconds) an Identity Server attempts to contact another Identity Server before it considers it unreachable, in which case an error is logged. |
|
An integer, representing number of seconds. |
|
Request Info output format, for use with PresentationXML. |
|
|
|
The level of scope of search on a given searchbase. |
|
|
|
The number of characters permitted in a Security Access Manager account name. This parameter applies to installations that run Active Directory in mixed mode (not native mode). Increase the default value if you are running in native mode. |
|
An integer. |
|
Enables or disables notification events in workflow, attribute change, and container limit events. The flag has no effect on bug or feedback emails since these are routed though the user's email client. |
false |
|
|
Identifies the type of database used for auditing. |
|
|
|
Controls the amount of space that the Oracle XML Developer's Kit can use for XSL transformation of the Identity stylesheets. A value of at least 512 is required. For complex style sheets, the tranformation engine can run out of space, and the Identity Server can exit. You can set this parameter to a higher value for complex style sheets. |
|
An integer value, in KB. Minimum value: |
|
A thread that wants to flush the osd and config db caches needs to wait for all other service threads to complete before flushing. This value is the maximum time the flush thread should wait, in seconds, before flushing. If all service threads complete before this time, then the flush thread will stop waiting and start flushing. |
|
Integer value greater than or equal to zero. Zero is legal but not a good idea; setting this value too low could lead to SEGV crashes |
|
|
|
|
|
In a pure ADSI environment, if this flag is enabled, Oracle Access Manager will use LDAP for authentication calls. All other operations would go through ADSI. |
None |
|
|
This parameter indicates which directory attribute is used to log into Oracle Access Manager. |
|
Any directory attribute or |
|
This parameter specifies the name of the header variable that specifies the language of the request. |
|
Header variable name |
|
This parameter specifies the name of the header variable in the user's browser that specifies the language of the request. |
|
Header variable name |
|
Name of the HTTP header variable containing user type information. The value must correspond to obnavigation.xml. This is additional support of navigation if the usertype parameter is not in the URL, mainly for single sign-on. |
|
Header variable name |
|
This cache stores in memory the static portion of each XML document.
|
XMLStructureCache. timeout —
|
XMLStructureCache. timeout — Any valid seconds
|
|
PortalIdCache defines information that controls portalId caching. PortalIdCache.maxNum Elems indicates the maximum number of portal IDs to be cached. PortalIdCache.timeout sets the timeout of the portal Id cache refresh. PortalIdCache.disabled indicates whether to disable or enable the Portal ID cache. |
|
|
|
The value of this parameter is true if the Master Administrator selects Active Directory as the directory server type during Identity Server configuration, false otherwise. |
None |
|
|
Controls the maximum number of stylesheets to hold in the cache. A cached stylesheet is in a binary form that can be used immediately in an XSL transformation to generate a requested page. If the stylesheet for a requested page is not in the cache, it must be loaded from disk and processed by the XML parser before it can be used for a transformation. Caching the most frequently used pages can reduce the perceived latency. The trade-off is that cached binary stylesheets can be quite large. (Exactly how large depends on your stylesheet design.) An efficient strategy to conserve memory is to set this parameter slightly higher than the number of pages that you consider frequently used. All those stylesheets will be cached, and relatively infrequent ones can be brought into cache without flushing the common ones. |
|
Any integer greater than zero. Do not use a value less than or equal to zero. If you do, an internal test value is used; this value is not zero. |
|
This causes the following behavior when the stylesheet for the requested page is already in the stylesheet cache: true — Check timestamp on the top-level stylesheet file. If the file is newer, refresh the cache entry. true is convenient because you do not have to restart the server or artificially fill the cache in order to see the result of a stylesheet update. false — Do not check the timestamp. If the stylesheet is cached, use it. In a stable system, a value of false eliminates unnecessary file system access for cached stylesheets and can result in better performance. |
false |
|
Table B-10 oblixadminparams.xml
Parameter Name | Description | Default Value | Possible Values |
---|---|---|---|
|
A CSV field delimiter that is used to separate two fields when generating reports. |
(comma) |
|
|
CSV value delimiter is used to separate two values when generating reports. |
(comma) |
|
|
An RGB hexadecimal number that defines the configuration attributes background color. |
|
An RGB hexadecimal number for a color |
|
An RGB hexadecimal number that defines the configuration attributes foreground color. |
000000 |
An RGB hexadecimal number for a color |
|
The location of the MIME type file. |
|
Do not configure |
|
The RDN of the node under which all the Oblix configuration information is stored. This is prefixed to the config DN that you specify during setup. The entire DN is the container for all Oblix data. For example, if the configuration DN was specified as "o=company,c=us", and the oblixNode parameter is given the value "o=configdata", then the oblix container DN is "o=configdata, o=company,c=us". |
The parameter is not specified in the installed version of this file. Until specified otherwise during setup, the value is taken to be |
Any valid RDN values such that they satisfy the container requirements of the parent node [the config DN]. |
Parameter Name | Description | Default Value | Possible Values |
---|---|---|---|
|
For performance reasons, if a user has write (modify) permissions for an attribute, applications do not check that the user is a participant in a Change Attribute workflow for that attribute. If this flag is true and the user has write permission, applications check that the user is a participant. This causes a Request button(s) to appear in the application, next to the attribute to be modified. |
false |
|
|
A CSV field delimiter is used to separate two fields when generating reports. |
(comma) |
|
|
A CSV value delimiter is used to separate two values when generating reports. |
(comma) |
|
|
Enable optional authentication view. |
false |
or any other string |
|
The URL to get to a group application. |
|
|
|
The program that is used to view a group profile (this is used to append to the URL as &program=view) or whatever program you want the application to go to (during cross application linking) view a group. |
|
Go to the Group Manager application for other options such as viewing member details, and so on |
|
Use the initial search as the first view when user wants to perform a search. |
false |
or any other string |
|
The number of fields to display for an initial advanced search. Use with initial_search_advance. |
|
Any positive integer |
|
The URL to get to the Organization Manager application. |
|
|
|
The program used to view an object profile (this is used to append to the URL as |
view |
view (Go to the group manager application for other options) |
|
Show the count for the number of search results returned in a search operation. |
false |
or any other string |
|
When a search is performed, these are the possible display format(s) for the results. Any combination of these values is allowed. Also the order of the search results side tabs depends on the order of the values listed. The absence of any one of these values disables that search results view format. |
|
|
|
If the same attribute has provided multiple values in a search request, assume that it is an AND if set to false or an OR if set to true. |
false |
|
|
The minimum number of characters that the end user needs to provide in order to perform a search operation. The value can be overridden for each of the Identity applications by adding this parameter to the parameter file that is specific to the Identity application. |
|
Any positive integer. |
|
The URL to access an Identity application, for example, User Manager. |
|
Same as default |
|
The program that is used to view a user profile (this is used to append to the URL as |
|
|
|
Turns DN validation on or off when a user views the values of all DN-type attributes. If it is true, all DN attributes are validated before being displayed to the user, and the logged in user only sees values of the DN-type attributes that he or she has view access to. View access is set on the class attribute for the object class of the DN. View access is also determined by localized access, that is, this DN falls under the user's search bases with respect to the object class type of the DN. |
false |
|
|
Turns DN validation on or off for the modify mode for the values of all DN-type attributes. If it is true, all DN attributes are validated before being displayed to the user in the form. Validation means that the logged in user see values of the DN that he or she has view access to. View access is set on the class attribute of the object class of the DN. View access can also be localized access, that is, this DN falls under the user's search bases with respect to the type of object class of the DN. The user is allowed to add and remove only the DNs that he has access to. |
false |
|
|
Turns DN validation on or off for view mode for the values of the specified DN type attribute. This is a ValList parameter. You provide the list of attributes as a vallist. This parameter is used only if the DN attributes in this vallist are validated before being displayed. Validation means that the logged in user sees values of the DN that he or she has view access to as specified on the class attribute of the object class of the DN, or that he or she has localized access to. That is, this DN falls under the user's search bases with respect to the type of object class of the DN. |
none |
A vallist of DN type attributes. Use LDAP names, not display names. |
|
Turns DN validation on or off for modify mode for the values of the specified DN type attribute. This is a ValList parameter. You provide the list of attributes as a vallist. This parameter is used only if the parameter DN attributes that you specify in this vallist are validated before being displayed in the form. Validation means that the logged in user only sees values of the DN that he or she has view access to, as specified on the class attribute of the object class of the DN, or if he or she has localized access. With localized access, this DN falls under the user's search bases with respect to the type of object class of the DN. |
none |
A vallist of DN type attributes. Use LDAP names, not display names. |
Table B-12 oblixbaseparams.xml
Parameter Name | Description | Default Value | Possible Values |
---|---|---|---|
|
information about the Group Manager Admin application. The listed parameters define the version of the application running, the code used for license checking, relative path of the application, the mouseover message for the application, the name of the GIF used on the top navigation bar, and the relative path to the GIF used on the top navigation bar. |
|
DESCRIPTION can be any text string NAVBAR_GIF can be any gif name with a .gif extension that exists in the NAVBAR_GIF2 can be any gif name with a .gif extension that exists in the |
with sub parameters:
|
information about the User Manager Admin application. The listed parameters define the version of the application running, the code used for license checking, relative path of the application, mouseover message for the application, name of the GIF used on the top navigation bar, and the relative path to the GIF used on the top navigation bar. |
|
DESCRIPTION can be any text string
|
|
This list contains customization values for dimensions of the Attribute Access Control applet. |
|
A positive integer |
|
information about the Access Administration application. The listed parameters define the version of the application running, the code used for license checking, relative path of the application, mouseover message for the application, name of the GIF used on the top navigation bar, and the relative path to the GIF used on the top navigation bar. |
DESCRIPTION= Access Administration
|
DESCRIPTION can be any text string
|
|
Enables you to configure dimensions for various applets used in the Identity System This compound list contains the following valname lists.
|
According to the list |
|
|
Specify whether to apply lost password management. |
Default parameter in params file is |
All other values mean no |
|
Attribute values that can show up on a certificate. |
|
This is a multi-valued parameter: issuerDN validFrom validTill
|
|
When a user initiates an action, Oracle Access Manager can be set to check to see if that user is deactivated. By default, this check is disabled in order to reduce the number of reads of the directory. The check can be enabled by adding this parameter, and setting its value to true . |
|
|
with sub-parameters:
|
This list contains values for dimensions of the Containment Limit applet. |
|
A positive integer |
|
Number of people that can be selected, for example, in the Selector application, before the cookie size limit is exceeded. This depends greatly on the size of the DN for each entry, and upon the operating system. Suggested values are 15 or less for Active Directory, 25 or less for others. |
|
A positive integer. If there are any Latin-1 characters in the user DN, then each such Latin-1 character should be counted as 3 characters (this is because Latin-1 characters are escaped to their %xx hex equivalent in the cookie) |
|
A character used to separate fields in a date value. |
/ |
A single character |
|
Different formats to display a date value. |
|
|
|
Display name for a no-operation, single-selection menu item and its corresponding value. This is used while creating a report. |
|
Any string |
|
Default number of values to display in the results for a search. It is used when the user first does a search, or if the user's cookie file is not available. Subsequent searches get this value from the user's cookie. This value also controls what is shown on Generate Reports, Incoming Requests, Outgoing Requests, and Monitor Requests pages in the Identity Server. |
|
A positive integer |
with sub parameters:
|
This list contains values for dimensions of the Delegate Admin applet. |
column_width=135 |
A positive integer |
|
Information about the Identity Administration application. The listed parameters define the version of the application running, the code used for license checking, relative path of the application, mouseover message for the application, name of the GIF used on the top navigation bar, and the relative path to the GIF used on the top navigation bar. |
VERSION-5.00 CODE=FPAD ID=front_page_admin PROGRAM=../../admin/bin/front_page_admin.cgi DESCRIPTION= Identity Administration
|
DESCRIPTION can be any text string
|
NAVBAR_GIF2
|
Specific information about the Group Manager application. The listed parameters define the version of the application running, the code used for license checking, relative path of the application, mouseover message for the application, name of the GIF used on the top navigation bar, and the relative path to the GIF used on the top navigation bar. |
|
DESCRIPTION can be any text string NAVBAR_GIF can be any gif name with a .gif extension that exists in the NAVBAR_GIFDIR NAVBAR_GIF2 can be any gif name with a .gif extension that exists in the NAVBAR_GIFDIR WORKFLOW_ALLOWED if set to true means allowed, any other values mean not allowed |
|
Name of the applications that are enabled. |
N.A. |
For the Identity System, the applications are:
|
|
Oracle Access Manager expects the machine times for all Web Servers running Policy Manager and Identity Server to be synchronized. If they are not, logging in to the Policy Manager or the Access System Console is not possible. This parameter specifies a slack time in seconds by which the machine times may differ. |
|
A positive integer (in seconds) |
|
The maximum URL length for the specified browsers. The length is expressed in bytes. |
|
netscape: A positive integer ie: A positive integer |
with sub parameters:
|
information about the Organization Manager Admin application. The listed parameters define the version of the application running, the code used for license checking, relative path of the application, mouseover message for the application, name of the GIF used on the top navigation bar, and the relative path to the GIF used on the top navigation bar. |
|
DESCRIPTION can be any text string NAVBAR_GIF can be any gif name with a .gif extension that exists in the NAVBAR_GIFDIR NAVBAR_GIF2 can be any gif name with a .gif extension that exists in the NAVBAR_GIFDIR |
|
Information about the Organization Manager application. The listed parameters define the version of the application running, the code used for license checking, relative path of the application, mouseover message for the application, name of the GIF used on the top navigation bar, and the relative path to the GIF used on the top navigation bar. |
|
DESCRIPTION can be any text string NAVBAR_GIF can be any gif name with a .gif extension that exists in the NAVBAR_GIFDIR NAVBAR_GIF2 can be any gif name with a .gif extension that exists in the NAVBAR_GIFDIR WORKFLOW_ALLOWED value of true means allowed, any other values mean not allowed |
|
Information about the Policy Manager application. The listed parameters define the version of the application running, the code used for license checking, relative path of the application, mouseover message for the application, name of the GIF used on the top navigation bar, and the relative path to the GIF used on the top navigation bar. |
|
DESCRIPTION can be any text string NAVBAR_GIF can be any gif name with a .gif extension that exists in the NAVBAR_GIFDIR NAVBAR_GIF2 can be any gif name with a .gif extension that exists in the NAVBAR_GIFDIR |
|
This list contains values for dimensions of the Set Searchbase applet. |
|
A positive integer |
|
This parameter determines whether to display replication-related warnings, for example, "Your changes may not be immediately available," after any of the following operations: modify or add attributes, create ticket, process ticket, change style, modify or add location. |
true |
|
with sub parameters:
|
Information about the System Admin application. The listed parameters define the version of the application running, the code used for license checking, relative path of the application, mouseover message for the application, name of the GIF used on the top navigation bar, and the relative path to the GIF used on the top navigation bar. |
|
DESCRIPTION can be any text string NAVBAR_GIF can be any gif name with a .gif extension that exists in the NAVBAR_GIFDIR NAVBAR_GIF2 can be any gif name with a .gif extension that exists in the NAVBAR_GIFDIR |
|
The application to appear on the System Console. |
|
This is a multi-valued parameter:
|
|
Name of the top frame in the Front Page application. |
|
A frame name (eg._top) |
|
Name of the main frame in the Front Page application. |
|
A frame name (for example, |
NAVBAR_GIF2
|
Information about the User Manager application. The listed parameters define the version of the application running, the code used for license checking, relative path of the application, mouseover message for the application, name of the GIF used on the top navigation bar, and the relative path to the GIF used on the top navigation bar. |
|
DESCRIPTION can be any text string NAVBAR_GIF can be any gif name with a .gif extension that exists in the NAVBAR_GIFDIR NAVBAR_GIF2 can be any gif name with a .gif extension that exists in the NAVBAR_GIFDIR WORKFLOW_ALLOWED if true means allowed, any other values mean not allowed |
|
This parameter overrides the SSO Logout URL parameter configured in the Access System Console |
None |
Any valid URL that does the single sign-on logout. |
with sub-parameters:
|
This list contains values for dimensions of the workflow applet. This includes the three pages in workflow creation: workflow definition, target definition and step definition. The |
|
A positive integer |
Table B-13 appdbparams.xml
Parameter Name | Description | Default Value | Possible Values |
---|---|---|---|
|
The size of the caches for LDAP connections to the Access Server and Policy Manager increase over time. Oracle Access Manager does not control this caches directly. To prevent the cache size from causing a performance problem, you can configure the ldapMaxSessionTimeInMins parameter to close the connection. Closing the connection clears the cache. |
|
An integer (in minutes) |
|
Warms up the OSD cache. |
true |
anything else: warm up |
Parameter Name | Description | Default Value | Possible Values |
---|---|---|---|
|
When the directory server returns a referral, this parameter controls whether the referral is automatically chased. A referral message provides the address of a master server. A client can chase a referral. |
true (automatically chase the referral) |
|
Parameter Name | Description | Default Value | Possible Values |
---|---|---|---|
|
If this parameter is set to true, the user can modify an attribute that is part of the DN, if they have modification rights. This check is imposed because non-RDN modification affects the DN itself and results in moving the directory entry to a different subtree. This affects referential integrity issues. This parameter enables the administrator to prevent such operations. This only applies to attributes that make up the non-RDN portion of the DN. For example, ou, o, and c in the DN "cn=John Smith, ou=Corporate, o=Company,c=US". |
|
true (allow non-RDN modifications)
|
|
Default policy for access control to generic or location objects when no policy is found. |
|
|
|
Selects which of the four subscription policies supported by Group Manager are available. The policies are displayed at the time of definition for a Create Group workflow. In the workflow definition, the user can select the subscription policies he wants to allow for groups that are created using this workflow definition. Then at the time of the actual create operation by the end-user, these options are shown in the Subscription Policy field, as a list, from which the end-user is supposed to select one policy that he wants to apply to this group. Note that the subset of the policies that are selected during workflow definition is also stored in each group entry created using that workflow, in an attribute hidden from the user. Later on, if the user wants to modify the subscription policies, then the values are obtained form this hidden attribute and again shown in the single-selection list. |
All of the possible values are made available by default. |
|
|
Default policy for group subscription when no policy is found in the group entry. |
|
The allowed policies are:
(Automatic if new member satisfies filter, no approval necessary)
See the |
|
An LDAP filter. This filter, if specified, is used by Group Manager to qualify group searches. This filter may contain an Oblix rule substitution. |
|
Any valid LDAP filter, which may or may not contain a valid rule substitution. Note: Any characters that are valid syntax for an LDAP filter, but are also xml markup, must be specified as entity references. |
|
This parameter can be used to control the length of the filter that is used in group queries. It is an integer that says how many elements can make up the filter. The Group Manager application uses a search algorithm to minimize the number of searches done. It uses OR logic to combine multiple filters (essentially queries) into one large filter. But every directory server has its own limitations on the length of a filter used in doing the LDAP searches. This parameter enables the administrator to tune it according to the directory server used. |
|
Any integer value, depending on what the directory server is able to handle |
|
Indicates whether or not to use the extra_group_filter to further qualify group searches in group expansion. |
|
|
|
Indicates whether or not to use the extra_group_filter to further qualify group searches in the MyGroups Profile. |
|
true
|
|
This parameter is applicable to IBM SecureWay. In the SecureWay schema, a uniquemember attribute is required in the schema. Deactivating a user who is also the last member of a group causes an objectclass violation if the deactivation is done through User Manager. Therefore, User Manager attempts to replace this soon-to-be deactivated user with an entry for the Directory Administrators group. This parameter is used in place of the Directory Administrator group, if specified. |
None |
Any valid dn |
Parameter Name | Description | Default Value | Possible Values |
---|---|---|---|
|
If this parameter is set to true then modifying an attribute that is part of the DN will effect the DN itself and will result in moving the directory entry to a different subtree. This only applies to attributes that make up the non-RDN portion of the DN. For example, ou, o, and c in the DN "cn=John Smith, ou=Corporate, o=Company, c=US". Unlike similar parameter in groupdbparams.xml and userdbparams.xml, this parameter is configured for each object class. |
false (do not move the entry) for each object class |
true (allow moving) for each object class false (do not move the entry) for each object class |
|
Default policy for Containment Limit when no policy is found. |
|
|
|
Default policy for access control to generic or location objects when no policy is found. |
|
true (Allow Access)
|
Table B-17 workflowdbparams.xml
Parameter Name | Description | Default Value | Possible Values |
---|---|---|---|
|
Controls whether Quickstart is enabled for Group Manager. |
|
|
|
Controls whether Quickstart is enabled for Object Manager. |
|
|
|
Controls whether Quickstart is enabled for User Manager. |
|
|
|
Determines if the workflow caches are to be disabled or not. |
false |
|
|
Maximum number of allowed elements in each of the workflow caches. |
|
Unsigned integer |
|
Timeout for each individual element in the cache. |
|
Long integer |
|
Determines the maximum number of step definition filters that can be used in each search. If the final number of filters is more than this specified value then multiple searches will be done. |
None |
Integer |
|
A flag indicating if a single-user-action step workflow instance should be written to the directory server. This flag enables you to not save workflow instances if they are based on a single user action step and are not required later (for example, for auditing) and improve workflow runtime performance. false: Write workflow intances to the directory server. true: Do not write to the directory server, unless otherwise required by the workflow definition. |
|
|
Table B-18 ldapappdbparams.xml
Parameter Name | Description | Default Value | Possible Values |
---|---|---|---|
|
List of directory server read-only system attributes utilized for ACL filter substitution. These attributes values do not return unless the directory server specifically queries for them. The list is entered as a ValList, in the form <ValList ListName="ListOfDSAttributesForFilterSubstitution"> <ValListMember Value="entrydn" Operation="Add"/> </ValList> |
nothing |
List of attributes such as entrydn, creatorsname, password expirationtime |
|
The hash size for the cache. |
|
Any positive integer (preferably a prime number) |
Table B-19 ldapconfigdbparams.xml
Parameter Name | Description | Default Value | Possible Values |
---|---|---|---|
|
Set objectclass. This is only used for AD: AD does not allow the use of auxiliary class in the objectClass attribute. |
false |
|
|
Used to cache in attributes for group class. |
The cn attribute is derived from the auxiliary class mailrecipient, and hence does not show up on the list of required attributes. Also, sAMAccount Name attribute is cached by default. |
Any valid attribute names. |
|
Bind DN, and password |
none |
Any valid string value for each |
|
Used to cache in attributes for person class. |
SAMAccount Name attribute is cached. |
Any valid attribute names |
|
If the oidnamingattribute flag is set, convert the name to oid. Currently, this flag is only set in the case of Active Directory. |
false |
|
Parameter Name | Description | Default Value | Possible Values |
---|---|---|---|
|
Default policy for access control to any object. If the driving application database does not override this parameter, the default set here is assumed. |
false (Deny Access |
true (Allow Access) false (Deny Access) |
|
This signals that the AccessGate client has been configured on the OIS server and it can now begin to send user flush requests to the Access System, using the Policy Manager API. |
|
|
|
|||
|
This tells the Access System to automatically logon the requester right after self-registration if the person is activated. To do this, the settings for |
|
|
|
This is one of the |
None |
An valid domain name, for example |
|
One of the |
None |
Any of the IP or IP addresses, if any, specified in the |
|
Access Manager SDK query parameter, used with self-registration. This parameter, along with the |
|
Any one of the HTTP Request Methods that are protected by the Access System |
|
One of the ObSSOCookie generation parameters. This parameter will be used to generate ObSSOCookie. If none is specified, / will be used. |
/ |
/ or any URL path |
|
Access Manager SDK query parameter, used with self-registration.This parameter, along with the |
|
Any URL protected by the Access System |
Table B-21 ldapreferentialintegrityparams.xml
Parameter Name | Description | Default Value | Possible Values |
---|---|---|---|
|
This compoundlist contains a set of ValList elements named after object classes. Each ValList may be empty or may contain ValListMember elements named after attributes belonging to the object class. The object classes listed are those that Oracle Access Manager will update whenever an entry is renamed (such as its DN changed). The attributes listed for each object class are of type DN, and thus may refer to the entry which is being renamed. If no attributes are listed for a particular object class, Oracle Access Manager queries the schema to find all the DN attributes for that object class. If there is an attribute list, then only the listed attributes are used for the referential integrity check. |
See the following table for a list of objectclasses and attributes. |
Any valid objectclass with DN syntax attributes. Note: In order for Oracle Access Manager to work correctly, the default values should NOT be changed. You should only add your own objectclass and attributes to this list. |
|
Determines how to deal with a reference to a non-existent entry. Since AD and Novell automatically remove references to non-existent entries, this parameter should be set to false for those Directory Servers. The Netscape/iPlanet DS does not; Oracle Access Manager adjusts the reference as you direct. |
|
Active Directory: Set to Novell: Set to Netscape/ iPlanet:
|
|
Determines the responsibility for renaming a DN. The Active Directory and Novell directory servers do this automatically, |
Varies with the Directory Server, defined at install time. |
Active Directory: Set to Novell: Set to Netscape: Set to |
|
Specify a list of attributes whose values need to be unique under the configured directory server namespace. Necessary values vary with the brand of directory server. The Possible Values column shows the required entries; users may add additional attributes. |
|
Novell: Remove list Active Directory: Add one ValListMember, Netscape: Leave the default ValListMember, |
Here are the attributes referred to in the previous table, under ObjectclassesAndAttributesToDoReferentialIntegrity:
Table B-22 ObjectClass Attributes for Referential Integrity
ObjectClass | Attributes |
---|---|
|
uniqueMember owner seeAlso |
|
manager secretary |
|
obmodifyaccessuid obviewaccessuid obnotifyuid |
|
oblocationdn |
|
obaccessuid obnotifyuid |
|
obResourceUid |
|
obgroupadministrator obgroupcreator |
|
obResourceUid |
|
obparentlocationdn |
|
obindirectmanager oblocationdn |
|
obpolicyconditionUid obpolicyconditiongroup |
|
obResourceUid |
Parameter Name | Description | Default Value | Possible Values |
---|---|---|---|
|
Indicates whether or not the WebPass client should be in debug mode and write debug information to the debug file. |
|
|
|
The number of Identity Server connections that the WebPass client will attempt to keep active. If the number of connections falls under the failoverThreshold, the WebPass client will attempt to open additional connections until the number of open connections equals the failoverThreshold. To meet the failoverThreshold, the WebPass client will use Identity Servers first from the primary server list, then from the secondary server list. |
1 |
Any number |
|
Unique identifier for WebPass client plug-in. |
webpassdefault |
Any |
|
The maximum number of connections to Identity Servers. |
1 |
Any number |
|
The time an Identity Server connection will remain open in hours. |
24 |
Any number |
|
List of primary Identity Servers. Each list entry is a triplet of host, port, numConnections. |
The triplet (for example, |
Any valid triplet of (host, port, num Connections): host: The host on which the primary Identity Server resides port: The port on the host on which the primary Identity Server listens num Connections: The number of connections that the WebPass client can open to a particular primary Identity Server. |
|
Indicates whether or not the WebPass client configuration file, |
|
|
|
List of secondary Identity Servers. Each list entry is a triplet of (host,port,numConnections) |
None |
Any valid triplet of (host, port, num Connections) host: The host on which the secondary Identity Server resides port: The port on host on which the secondary Identity Server listens num Connections: The number of connections that the WebPass client will open to a particular secondary Identity Server |
|
The mode of transport security used for WebPass client and Identity Servers.
|
open |
open simple cert as described in the Description column. |
|
A time interval in seconds. After each interval, the WebPass client will update its configuration if the refresh flag is set to true. Also, the interval after which the WebPass client will do its failoverThreshold calculation and open additional connections, if necessary. |
60 |
Any number. |
Table B-24 overridedbprofile.xml
Parameter Name | Description | Default Value | Possible Values |
---|---|---|---|
|
List of agents for which the default values obtained from the directory server are to be overridden. Each list has a list name that should be the same as the agent for which the connection parameters are required to be overridden. Each agent should be accompanied by the following (host, port, secureport) This is used in the case where one directory server replicates another, and the user wants to use the replicant. An example of this file is installed at:
You must change the content of the file and move it to:
in order for it to take effect. |
none |
A valid agent name along with the following three parameters:
|
Table B-25 accessdb.xml, appdb.xml, configdb.xml, obgroupdb.db.xml, obobjectdb.xml,userdb.xml, webresrcdb.xml, workflowdb.xml, ticketdb.xml
Parameter Name | Description | Default Value | Possible Values |
---|---|---|---|
|
Bind dn. |
Specified during setup |
Any valid dn |
|
Bind password. |
Specified during setup |
Any password |
|
LDAP host name for this database. |
Specified during setup |
Any valid host name |
|
LDAP port number. |
Specified during setup |
Any valid port number |
|
Client side size limit. |
0 |
Any valid integer |
|
Client side time limit. |
0 |
Any valid integer |
(only in |
The base dn where workflow definitions are stored. |
None (obcontainer= workflow Definitions |
Any valid dn |
(only in |
The base dn where workflow instances are stored. |
None (obcontainer= workflow Instances under oblix tree) |
Any valid dn |
|
Oblix xml name space. |
http://www. oblix.com |
|
Table B-26 adsi_params.xml (Active Directory Services Interface Parameters)
Parameter Name | Description | Default Value | Possible Values |
---|---|---|---|
|
Integer value that limits the number of query results returned for authentication. |
0 |
Do not change this value. |
|
Integer value that limits the number of seconds before a query times out. |
0 |
Any positive integer |
|
Page size of results that ADSI request from the server. |
100 |
Any positive integer |
|
Which credentials to use. |
0 |
0: Implicit Credentials 1: Explicit Credentials 2: Use User Principal Name |
|
An LDAP specification of a user, such as "cn=Administrator,cn=users,dc=myhost,dc=mydomain,dc=com". |
None |
Valid credential |
|
An encoded text string representing the LDAP user's password. |
None |
Valid password |
|
Flag, asks the question: do you want to use the Global Catalog for authentication. If set to true, users may not be able to login until user accounts are replicated to the Global Catalog from the respective domain controllers. |
|
|
|
To prefix the domain name to LDAP strings, a new parameter has been added to the adsi_params.xml and adsi_params.lst files. By default this parameter is not in adsi_params.xml. Before running setup, this parameter has to be manually added and set to true for the Identity Server. You do not need to set service login credentials. |
None |
|
|
When set to true, this flag encrypts the traffic between the Identity and Access Servers and Directory Server. When set to true, the SSL port (636) on Active Directory should be enabled. The rootCA certificates must have been installed in the local store for Trusted Certificate Authorities. This flag is applicable for authentications in all bind modes, and for all directory server traffic for explicit bind types (1 and 2). Note that password change on Active Directory always goes through the SSL port (636), irrespective of what the encryption flag is set to. |
false |
|
|
Flag, asks the question: shall ADSI operate in its default mode, enabled to perform asynchronous searches? If set to false, it does synchronous searches. |
true |
|