|
gateway.user
|
noaccess
|
The Gateway runs as this user.
The Gateway must be started as root and after initialization, it loses
its root privileges to become this user.
|
|
gateway.jdk.dir
|
|
This is the location of the JDK directory that the Gateway uses.
|
|
gateway.dsame.agent
|
|
This is the URL of the Access Manager that the Gateway contacts while
starting up to get its profile.
|
|
portal.server.protocol
portal.server.host
portal.server.port
|
|
This is the protocol, host and port that the default Portal Server installation
is using.
|
|
gateway.protocolgateway. hostgateway.port
|
|
This is the Gateway protocol, host and port. These values are the same
as the mode and port that you specified during installation. These values
are used to construct the notification URL.
|
|
gateway. trust_all_server_certs
|
true
|
This indicates whether the Gateway has to trust all server certificates,
or only those that are in the Gateway certificate database.
|
|
gateway. trust_all_server_cert_domains
|
false
|
When an SSL communication is between the Gateway and a server, a server
certificate is presented to the Gateway. By default, the Gateway checks if
the server host name is the same as the server certificate CN.
If this attribute value is set to true, the Gateway disables the domain
check for the server certificate that it receives.
|
|
gateway.virtualhost
|
|
If the Gateway machines has multiple hostnames configured, you can specify
a different name and identity provider address in this field.
|
|
gateway.virtualhost. defaultOrg=org
|
|
This specifies the default Org to which the user logs into.
For example, suppose the virtual host field entries are the following:
gateway.virtualhost=test.com employee.test.com
Managers.test.com
with the default org entries as:
test.com.defaultOrg = o=root,dc=test,dc=com
employee.test.com.defaultOrg = o=employee,dc=test,dc=com
Manager.test.com.defaultOrg = o=Manager,dc=test,dc=com
The user can use https://manager.test.com to log
into the manager's org instead of https://test.com/o=Manager,dc=test,dc=com
Note –
virtualhost and defaultOrg are case sensitive in the platform.conf
file, but not when using it in the URL.
|
|
gateway.notification.url
|
|
A combination of the Gateway host, protocol and port is used to construct
the notification URL. This is used to receive session notification from the
Access Manager.
Ensure that the notification URL is not the same as any organization
name. If the notification URL matches an organization name, a user trying
to connect to that organization gets a blank page instead of the login page.
|
|
gateway.retries
|
|
This is the number of times that the Gateway tries to contact the Portal
Server while starting up.
|
|
gateway.debug
|
error
|
This sets the debug level of the Gateway. The debug log file is located
at debug-directory/files. The
debug file location is specified in the gateway.debug.dir entry.
The debug levels are:
-
error - Only serious errors are logged in the debug file.
The Gateway usually stops functioning when such errors occur.
-
warning - Warning messages are logged.
-
message - All debug messages are logged.
-
on - All debug messages are displayed on the console.
The debug files are:
srapGateway.gateway-profile-name -
Contains the Gateway debug messages.
Gateway_to_from_server.gateway-profile-name - In message mode, this file contains all the requests and
response headers between the Gateway and internal servers.
To generate this file, change the write permission on /var/opt/SUNWportal/debug directory.
Gateway_to_from_browser.gateway-profile-name - In message mode, this file contains all the requests and
response headers between the Gateway and the client browser.
To generate this file, change the write permission on /var/opt/SUNWportal/debug directory.
|
|
gateway.debug.dir
|
|
This is the directory where all the debug files are generated.
This directory should have sufficient permissions for the user mentioned
in gateway.user to write to files.
|
|
gateway.logdelimiter
|
|
Not used currently.
|
|
gateway.external.ip
|
|
In case of a multi-homed Gateway machine (one with multiple IP addresses),
you need to specify the external IP address here. This IP is used for Netlet
to run FTP.
|
|
gateway.certdir
|
|
This specifies the location of the certificate database.
|
|
gateway.allow.client.caching
|
true
|
Allow or disallow client caching.
If allowed, client browsers can cache static pages and images for better
performance (by reduced network traffic).
If disallowed, nothing is cached and security is higher but performance
drops with the higher network load.
|
|
gateway.userProfile.cacheSize
|
|
This is the number of user profile entries that get cached at the Gateway.
If the number of entries exceeds this value, frequent retries occur to cleanup
the cache.
|
|
gateway.userProfile. cacheSleepTime
|
|
Sets the sleep time, in seconds, for the cache cleanup.
|
|
gateway.userProfile. cacheCleanupTime
|
|
The maximum time in seconds after which a profile entry can get removed.
|
|
gateway.bindipaddress
|
|
On a multihomed machine, this is the IP address to which the Gateway
binds its serversocket. To configure the Gateway to listen to all interfaces,
replace the IP address so that the gateway.bindipaddress=0.0.0.0
|
|
gateway.sockretries
|
3
|
Not used currently.
|
|
gateway.enable.accelerator
|
false
|
If set to true external accelerator support is allowed.
|
|
gateway.enable.customurl
|
false
|
If set to true the administrator is allowed to specify a custom URL
for the Gateway to rewrite pages to.
|
|
gateway.httpurl
|
|
The HTTP reverse proxy URL for a custom URL for the Gateway to rewrite
pages to. When Proxylet is enabled use this entry.
|
|
gateway.httpsurl
|
|
The HTTPS reverse proxy URL for a custom URL for the Gateway to rewrite
pages to. Do not use this entry if Proxylet is enabled.
|
|
gateway.favicon
|
|
The URL to which the Gateway redirects requests for the favicon.icon file.
This is used for the "favorite icon" in Internet Explore and Netscape
7.0 and higher.
If left empty, the Gateway sends a 404 not found message back to browser.
|
|
gateway.logging.password
|
|
The LDAP password of the user amService-srapGateway that
gateway uses for creating its application session.
This can be either encrypted or in plain text.
|
|
http.proxyHost
|
|
This proxy host is used to contact the Portal Server.
|
|
http.proxyPort
|
|
This is the port for the host used to contact Portal Server.
|
|
http.proxySet
|
|
This property is set to true if a proxy host is required. If the property
is set to false, http.proxyHost and http.proxyPort are ignored.
|
|
portal.server.instance
|
|
The value of this property is the corresponding /etc/opt/SUNWam/config/AMConfig-instance-name.properties file. If the
value is default, then it points to AMConfig.properties.
|
|
gateway.cdm.cacheSleepTime
|
60000
|
The time out value for cache Client Detection Module responses sent
to the Gateway from the Access Manager.
|
|
gateway.cdm.cacheCleanupTime
|
300000
|
The time out value for cache Client Detection Module responses sent
to the Gateway from the Access Manager.
|
|
netletproxy.port
|
10555
|
The Netlet Proxy deamon listens for requests on this port.
|
|
rewriterproxy.port
|
10555
|
The Rewriter Proxy deamon listens for requests on this port.
|
|
gateway.ignoreServerList
|
false
|
If set to true, the Access Manager server URL is constructed using the
values specified in the AMConfig.properties file. Set
this property to true when the Access Manager server is behind a load balancer.
|
|
rewriterproxy.accept.from.gateways
|
|
This is a list of IP addresses from which the Rewriter Proxy can be
made to accept requests from. This works in HTTP and HTTPS modes both. This
is for added security, only requests coming from this set is accepted and
all other requests are not handled. This can be comma separated IP addresses.
Default value is empty which is treated as legacy mode, i.e all requests coming
to Rewriter Proxy are honored.
|
|
rewriterproxy.checkacl=
|
false
|
With this property enabled Rewriter Proxy can be made to check ACL values
just like the Gateway. The legacy mode value is "false". When set to true,
the Rewriter Proxy will check the URL against the values specified in the
gateway access service, at the given DN and will allow/deny requests as per
the list set there. This value is useful both in HTTP and HTTPS modes.
|
