Configure the config.sh file

To configure the config.sh file for installing MMG, follow these steps:

Login to the server as a non-root user.
Navigate to the <installation directory>/OFS_MMG/bin directory.

Configure the applicable config.sh attributes as shown here:

Sample config.sh files:

#!/bin/sh ##

export APPLICATION_NAME=##APPLICATION_NAME##

export WALLET_LOCATION=##WALLET_LOCATION##

export TNS_ADMIN_PATH=##TNS_ADMIN_PATH##

export WALLET_ALIAS=##WALLET_ALIAS## export
                        LOG_HOME=##LOG_HOME##

export FTPSHARE=##FTPSHARE##

export LOG_TIMEZONE=##LOG_TIMEZONE##

##By default, Data Studio is assumed to run on the same
                        server. If it is running on a different host, uncomment the line below and
                        provide the appropriate URL. #export
                        DATASTUDIO_URL=##DATASTUDIO_URL##

export BE_HOSTNAME=##

BE_HOSTNAME##

export BE_PORT=##BE_PORT##

export UI_PORT=##

UI_PORT## export SCHEMA_PORT=##SCHEMA_PORT##

export CONTEXT_PATH=##CONTEXT_PATH##

export STUDIO_AUTH_TYPE=##STUDIO_AUTH_TYPE##

export
                        RESTRICT_UNMAPPED_DATASTORES_ACCESS=##RESTRICT_UNMAPPED_DATASTORES_ACCESS##

export SSL_ENABLED=##SSL_ENABLED##

export SSL_KEYSTORE=##SSL_KEYSTORE##

export SSL_KS_SECRET=##SSL_KS_SECRET##

export SSL_KS_TYPE=##SSL_KS_TYPE##

export SSL_KS_ALIAS=##SSL_KS_ALIAS##

export
                        SESSION_TOKEN_CREDENTIALS=##SESSION_TOKEN_CREDENTIALS##

export FCC_API_USER=##FCC_API_USER##

export MMG_DATASOURCE_MAX_POOL_SIZE=10

export MMG_DATASOURCE_IDLE_TIMEOUT=30000

export MMG_DATASOURCE_CONN_TIMEOUT=80000

export EXT_DATASOURCE_MAX_POOL_SIZE=10

export EXT_DATASOURCE_IDLE_TIMEOUT=30000

export EXT_DATASOURCE_CONN_TIMEOUT=80000

export MMG_HTTP_MAX_CONN=20

export MMG_HTTP_MAX_CONN_PER_ROUTE=2

export MMG_HTTP_CONNECT_TIMEOUT=30000

export MMG_HTTP_READ_TIMEOUT=120000

export APPLICATION_ID=##APPLICATION_ID##

## Properties for MMG-ui

export
                    APPLICATION_FAVICON_PATH=##APPLICATION_FAVICON_PATH##

export UI_AUTH_TYPE=##AUTH_TYPE##

export AAI_AUTH_URL=##AAI_AUTH_URL##

export SAML_IDP_URL=##SAML_IDP_URL##

export SAML_SP_ENTITY=##SAML_SP_ENTITY##

export SAML_SRV_URL=##SAML_SRV_URL##

export SAML_LOGOUT_URL=##SAML_LOGOUT_URL##

export SAML_SIGN_AUTHN_REQ=##SAML_SIGN_AUTHN_REQ##

export SAML_PRIVATE_KEY_PATH=##SAML_PRIVATE_KEY_PATH##

export SAML_SP_X509_CERT_PATH=##SAML_SP_X509_CERT_PATH##

export SAML_SIGN_ALGORITHM=##SAML_SIGN_ALGORITHM##

export
                    AUTH_SAML_REQUEST_TYPE=##AUTH_SAML_REQUEST_TYPE##

export
                        AUTH_SAML_INCLUDE_SP_CERT=##AUTH_SAML_INCLUDE_SP_CERT##

export LDAP_URL=##LDAP_URL##

export LDAP_SEARCH_BASE=##LDAP_SEARCH_BASE##

export LDAP_USER_FILTER=##LDAP_USER_FILTER##

export
                        LDAP_USER_SEARCH_FILTER=##LDAP_USER_SEARCH_FILTER##

export LDAP_GROUP_SEARCH_FILTER=##LDAP_GROUP_SEARCH_FILTER##

export LDAP_GROUP_SEARCH_BASE=##LDAP_GROUP_SEARCH_BASE##

export LDAP_GROUP_MEMBER=##LDAP_GROUP_MEMBER##

Note:

Accepted Values for SAML_SIGN_ALGORITHM Property:

http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
http://www.w3.org/2000/09/xmldsig#rsa-sha1

## Properties for enabling AAI Authorization.
                            Applicable for SAML/LDAP Profiles

## This is disabled by default. Set AAI_AUTHZ_ENABLED to true to enable.

## AAI_AUTH_URL must be set.

export AAI_AUTHZ_ENABLED=##AAI_AUTHZ_ENABLED##

export AAI_CLIENT_ID=##AAI_CLIENT_ID##

export AAI_CLIENT_SECRET=##AAI_CLIENT_SECRET##

export
                        SERVER_COOKIE_DOMAIN=##SERVER_COOKIE_DOMAIN##

export SERVER_COOKIE_NAME=##SERVER_COOKIE_NAME##

export SERVER_COOKIE_TIMEOUT=##SERVER_COOKIE_TIMEOUT##

export SERVER_COOKIE_IS_SECURE=##SERVER_COOKIE_IS_SECURE##

##Properties for MMG-Service

export BE_AUTH_TYPE=public

export MMG_PYTHON_INTERPRETER=##MMG_PYTHON_INTERPRETER##

##Properties for MMG-Studio

export DATASTUDIO_SCHEMA_WALLET_ALIAS=##DATASTUDIO_SCHEMA_WALLET_ALIAS##

export LOGIN_SHOW=##LOGIN_SHOW##

export SESSION_MODE=##SESSION_MODE##

export STUDIO_REALM=##STUDIO_REALM##

export OFSAA_URL=##OFSAA_URL##

export API_USERS=##API_USERS##

export VALID_ROLES=##VALID_ROLES##

export STUDIO_LOG_LEVEL=##STUDIO_LOG_LEVEL##

export PYTHON_HOME=##PYTHON_HOME##

#Following are spark specific configurations, Leave as it is if not
                        applicable

export MMG_SPARK_ENABLED=##MMG_SPARK_ENABLED## #will be false by default

export SPARK_HOME=##SPARK_HOME## #required if MMG_SPARK_ENABLED is true

export HADOOP_HOME=##HADOOP_HOME## #only needed if running spark with hadoop cluster

export SPARK_MASTER=##SPARK_MASTER## #required if MMG_SPARK_ENABLED is true

export SPARK_DEPLOY_MODE=##SPARK_DEPLOY_MODE## #required if MMG_SPARK_ENABLED is true

export DATASTUDIO_SPARK_INTERPRETER_PORT=##DATASTUDIO_SPARK_INTERPRETER_PORT## #required if MMG_SPARK_ENABLED is true

export R_ENABLED=##R_ENABLED## export R_PYTHON_HOME=##R_PYTHON_HOME##

# Following are fcc services specific configurations, Leave as it is
                        if not applicable

export TEMPLATE_CONFIG_PATH=##TEMPLATE_CONFIG_PATH##

export TEMPLATE_DEFAULT_LINK=##TEMPLATE_DEFAULT_LINK##

export AUTH_SERVICE_URL=##AUTH_SERVICE_URL##

export META_SERVICE_URL=##META_SERVICE_URL##

export ER_SERVICE_URL=##ER_SERVICE_URL##

export BATCH_SERVICE_URL=##BATCH_SERVICE_URL##

export SAML_ISSUER=##SAML_ISSUER##

export SAML_DESTINATION=##SAML_DESTINATION##

export SAML_ASSERTION=##SAML_ASSERTION##

export SAML_ROLE_ATTRIBUTE=##SAML_ROLE_ATTRIBUTE##

export SAML_STUDIO_LOGOUT_URL=##SAML_STUDIO_LOGOUT_URL##

export SAML_COOKIE_DOMAIN=##SAML_COOKIE_DOMAIN##

# Following are pipeline services specific configurations, Leave as it
                        is if not applicable

export DATAPIPELINE_SERVICE_PORT1=##DATAPIPELINE_SERVICE_PORT1##

export DATAPIPELINE_SERVICE_PORT2=##DATAPIPELINE_SERVICE_PORT2##

export DATAPIPELINE_METADATA_ARCHIVE_PATH=##DATAPIPELINE_METADATA_ARCHIVE_PATH##

export DATAPIPELINE_METADATA_IMPORT_SERVICE_PORT=##DATAPIPELINE_METADATA_IMPORT_SERVICE_PORT##

export DATAPIPELINE_ERXMLPATH=##DATAPIPELINE_ERXMLPATH##

export DATAPIPELINE_GATEWAY_SERVICE_PORT=##DATAPIPELINE_GATEWAY_SERVICE_PORT##

export PIPELINE_UI_SERVICE_PORT=##PIPELINE_UI_SERVICE_PORT##

export DATA_PIPELINE_UI_SERVICE_PORT=##DATA_PIPELINE_UI_SERVICE_PORT##

export DATAPIPELINE_HAZELCAST_PORT=##DATAPIPELINE_HAZELCAST_PORT##

#URLS for pipeline,ER and matching service. Leave as it is if not
                        applicable. Will impact the pipeline that could be added to a
                            graph

export MATCHRULE_BASE_URL=##MATCHRULE_BASE_URL##

export LOADGRAPH_BASE_URL=##LOADGRAPH_BASE_URL##

export MATCHSRVC_UI_URL=##MATCHSRVC_UI_URL##

#URLS for index service. Leave as it is if not applicable. Will impact
                        the pipeline that could be added to a graph

export GRAPH_INDEX_BASE_URL=##GRAPH_INDEX_BASE_URL##

export LOADINDEX_UI_URL=##LOADINDEX_UI_URL##

export MATCHING_MECHANISM=##MATCHING_MECHANISM##

export CANDIDATE_SELECTION_SERVICE_URL=##CANDIDATE_SELECTION_SERVICE_URL##

export LOAD_TO_OS_URL=##LOAD_TO_OS_URL## #Changes for auth services + mmg keys export AAI_COOKIE_DOMAIN=##AAI_COOKIE_DOMAIN##

export MMG_KEYS_LOC=##MMG_KEYS_LOC##

#Properties to package Load to Graph (L2G) service inside
                            MMG

## Start of L2G Properties

## export GRAPH_INSTALLATION_PATH=##GRAPH_INSTALLATION_PATH##

export GRAPH_KEYSTORE_PASSWORD=##GRAPH_KEYSTORE_PASSWORD##

export GRAPH_SERVICE_PORT=##GRAPH_SERVICE_PORT##

## Graph Schema
                        Configurations

export MMG_DB_SERVER_NAME=##MMG_DB_SERVER_NAME##

export MMG_DB_PORT=##MMG_DB_PORT##

export MMG_DB_SERVICE_NAME=##MMG_DB_SERVICE_NAME##

export PGX_SERVER_URLS=##PGX_SERVER_URLS##

#### PGX data memory limits configurations ##

Overall Configuration

export MAX_TOTAL_SHARED_DATA_MEMORY_SIZE=##MAX_TOTAL_SHARED_DATA_MEMORY_SIZE##

export MAX_TOTAL_PRIVATE_DATA_MEMORY_SIZE=##MAX_TOTAL_PRIVATE_DATA_MEMORY_SIZE##

export MAX_PER_SESSION_DATA_MEMORY_SIZE=##MAX_PER_SESSION_DATA_MEMORY_SIZE## ## Role wise data memory limits

export MAX_DATA_MEMORY_SIZE_DSUSRGRP=##MAX_DATA_MEMORY_SIZE_DSUSRGRP##

export MAX_DATA_MEMORY_SIZE_DSBATCH=##MAX_DATA_MEMORY_SIZE_DSBATCH##

export MAX_DATA_MEMORY_SIZE_DSINTER=##MAX_DATA_MEMORY_SIZE_DSINTER##

export MAX_DATA_MEMORY_SIZE_DSAPPROVER=##MAX_DATA_MEMORY_SIZE_DSAPPROVER##

export MAX_DATA_MEMORY_SIZE_DSUSER=##MAX_DATA_MEMORY_SIZE_DSUSER##

export MAX_DATA_MEMORY_SIZE_IHUSRGRP=##MAX_DATA_MEMORY_SIZE_IHUSRGRP##

export GRAPH_SERVICE_CACHE_SERVER_PORT=##GRAPH_SERVICE_CACHE_SERVER_PORT##

#end of Properties configurations for L2G

##Schema details for graph service. This is configured as a
                        temporary/target space for DP to create target tables which will act as
                        input to L2G

export
                        GRAPH_SCHEMA_WALLET_ALIAS=##GRAPH_SCHEMA_WALLET_ALIAS##

export
                        GRAPH_SCHEMA_DB_SCHEMA_NAME=##GRAPH_SCHEMA_DB_SCHEMA_NAME##

#Additional MMG Features

export MMG_MODEL_PIPELINE_SANDBOX_DEFAULT_VIEW=##MMG_MODEL_PIPELINE_SANDBOX_DEFAULT_VIEW##

## The following properties are optional and enabled by default. If
                        needed, you can uncomment them and set them to
                            false.

#export MMG_HTTP2_ENABLED=##MMG_HTTP2_ENABLED##

#export MMG_SERVER_ACCESS_LOG_ENABLED=##MMG_SERVER_ACCESS_LOG_ENABLED##

## The following properties are optional and disabled by default. If
                        needed, you can uncomment them and set them to
                            true.

#export OJET_CDN_ENABLED=##OJET_CDN_ENABLED##

##The following Properties are related to EST export
                        EST_ENABLED=##EST_ENABLED##

export EST_UI_URL=##EST_UI_URL##

export EST_SERVICE_URL=##EST_SERVICE_URL##

export DATACATALOG_SERVICE_URL=##DATACATALOG_SERVICE_URL##

##DEFAULT CONNECTION POOLING CONFIGURATION FOR EXTERNAL SCHEMA (Time
                        in ISO-8601 format)

export GRAPH_EXT_SCHEMA_ENABLE_CP=##GRAPH_EXT_SCHEMA_ENABLE_CP##

export GRAPH_EXT_SCHEMA_CP_MAX_IDLE=##GRAPH_EXT_SCHEMA_CP_MAX_IDLE##

export GRAPH_EXT_SCHEMA_CP_MIN_IDLE=##GRAPH_EXT_SCHEMA_CP_MIN_IDLE##

export GRAPH_EXT_SCHEMA_CP_INITIAL_SIZE=##GRAPH_EXT_SCHEMA_CP_INITIAL_SIZE##

export GRAPH_EXT_SCHEMA_CP_MAX_TOTAL=##GRAPH_EXT_SCHEMA_CP_MAX_TOTAL##

export GRAPH_EXT_SCHEMA_CP_MAX_WAIT_MILLIS=##GRAPH_EXT_SCHEMA_CP_MAX_WAIT_MILLIS##

export GRAPH_EXT_SCHEMA_CP_MIN_EVICTABLE_IDLE_TIME=##GRAPH_EXT_SCHEMA_CP_MIN_EVICTABLE_IDLE_TIME##

export GRAPH_EXT_SCHEMA_CP_SOFT_MIN_EVICTABLE_IDLE_TIME=##GRAPH_EXT_SCHEMA_CP_SOFT_MIN_EVICTABLE_IDLE_TIME##

export GRAPH_DOCUMENT_DOWNLOAD_PATH=##GRAPH_DOCUMENT_DOWNLOAD_PATH##

##Proxy Configurations

export GRAPH_NO_PROXY=##GRAPH_NO_PROXY##

##Data Studio Ports

## Following are the default ports 7008, 7009, 7012,-1. If needed, you can change the port numbers other than the default values.

export DATASTUDIO_SERVER_PORT=##DATASTUDIO_SERVER_PORT##

export DATASTUDIO_MARKDOWN_INTERPRETER_PORT=##DATASTUDIO_MARKDOWN_INTERPRETER_PORT##

export DATASTUDIO_PYTHON_INTERPRETER_PORT=##DATASTUDIO_PYTHON_INTERPRETER_PORT##

export DATASTUDIO_R_INTERPRETER_PORT=##DATASTUDIO_R_INTERPRETER_PORT##

export DATASTUDIO_JDBC_INTERPRETER_PORT=##DATASTUDIO_JDBC_INTERPRETER_PORT##

export DATASTUDIO_PYTHON_INTERPRETER_REST_SERVER_PORT=##DATASTUDIO_PYTHON_INTERPRETER_REST_SERVER_PORT##

DATASTUDIO_PGX_PYTHON_INTERPRETER_REST_SERVER_PORT=##DATASTUDIO_PGX_PYTHON_INTERPRETER_REST_SERVER_PORT##

export DATASTUDIO_THRIFT_EVENT_HANDLER_PORT=##DATASTUDIO_THRIFT_EVENT_HANDLER_PORT##

export DATASTUDIO_PGX_INTERPRETER_PORT=##DATASTUDIO_PGX_INTERPRETER_PORT##

export MMG_COHERENCE_CLUSTER_PORT=##MMG_COHERENCE_CLUSTER_PORT##

##MMG Gateway Configuration

export MMG_GATEWAY_ENABLED=##MMG_GATEWAY_ENABLED##

export MMG_GATEWAY_PORT=##MMG_GATEWAY_PORT##

## If Gateway is enabled, the following property can be set to control
                        the pages where MMG can be embedded:

# Set to 'self' to allow embedding only from the same origin (recommended for most setups).

# Set to 'all' or '*' to allow embedding from any origin. (less secure)

# Set to a comma-separated list of origins to allow embedding from those specified origins and from the same origin.

# By default, this is set to 'self'. export MMG_CSP_FRAME_ANCESTORS=##MMG_CSP_FRAME_ANCESTORS##

# If the Gateway is enabled, this property can be set to control the
                        pages where Data Studio can be embedded:

# Set to '*' to allow embedding from any origin (less secure).

# Set to a comma-separated list of origins to allow embedding from those specified origins and from the same origin.

# By default, this is set to MMG Gateway URL.

# If a load balancer or an external gateway is configured for MMG Gateway, the URL must be included in the list of origins.

export DATASTUDIO_CSP_FRAME_ANCESTORS=##DATASTUDIO_CSP_FRAME_ANCESTORS##

##MMG Model Serving
                        Configuration

export MMG_MODEL_ENDPOINT_RESTART_INTERVAL=##MMG_MODEL_ENDPOINT_RESTART_INTERVAL##

##Enhanced Configurability for Data Studio Performance and Session Parameters

##Interpreter Idle Session Timeout and Cleanup

export DATASTUDIO_INTERPRETER_IDLE_SESSION_TIMEOUT=##DATASTUDIO_INTERPRETER_IDLE_SESSION_TIMEOUT##

export DATASTUDIO_INTERPRETER_CLEANUP_ENABLED=##DATASTUDIO_INTERPRETER_CLEANUP_ENABLED##

export DATASTUDIO_INTERPRETER_CLEANUP_CRON="##DATASTUDIO_INTERPRETER_CLEANUP_CRON##"

# Studio Server Thread Pool Size

export DATASTUDIO_SERVER_ASYNC_THREADPOOL_SIZE=##DATASTUDIO_SERVER_ASYNC_THREADPOOL_SIZE##

export DATASTUDIO_SERVER_SCHED_THREADPOOL_SIZE=##DATASTUDIO_SERVER_SCHED_THREADPOOL_SIZE##

# Hikari Pool Configurations

export DATASTUDIO_HIKARI_MAXPOOLSIZE=##DATASTUDIO_HIKARI_MAXPOOLSIZE##

export DATASTUDIO_HIKARI_CONN_TIMEOUT_MS=##DATASTUDIO_HIKARI_CONN_TIMEOUT_MS##

export DATASTUDIO_HIKARI_MINIMUM_IDLE=##DATASTUDIO_HIKARI_MINIMUM_IDLE##

export DATASTUDIO_HIKARI_MAX_LIFE_TIME=##DATASTUDIO_HIKARI_MAX_LIFE_TIME##

# Tomcat Threads

export DATASTUDIO_SERVER_TOMCAT_THREADS_MAX=##DATASTUDIO_SERVER_TOMCAT_THREADS_MAX##

# Zeppelin Scheduler Threadpool Size

export DATASTUDIO_ZPLN_SCHED_THREADPOOL_SIZE=##DATASTUDIO_ZPLN_SCHED_THREADPOOL_SIZE###

Note:

Gateway is enabled by default and gateway port is mandatory to access gateway enabled UI.

GIT Repository Access Functionality

export GIT_ENV_ID=##GIT_ENV_ID##

export GIT_USERNAME=##GIT_USERNAME##

export GIT_PAT_SECRET=##GIT_PAT_SECRET##

export GIT_PROXY_URL=##GIT_PROXY_URL##

export GIT_PROXY_PORT=##GIT_PROXY_PORT##

Note:

Only tokens (classic) is supported now. Fine grained is not yet supported.

A new group GIT ADMIN is created which is mapped to GIT_ADV role which is mapped to below functions. Kindly map the above group to the user to access the required GIT functionality:

GITVIEW
GITPUSH
GITPULL

Batch_export_import_utility.sh

A new utility to export and import batch/batchgroups/schedules have been introduced under: OFS_MMG/bin/batch_export_import_utility.sh.

# FTPSHARE value in the above utility needs to be manually updated before triggering the utility file.

# Export can be triggered using below command:

## ./batch_export_import_utility.sh EXPORT <workspace> <mmguser> <batchcode> batch/schedule/batchgroup ##

For example: ./batch_export_import_utility.sh EXPORT CS mmgadmin BatchRest batch

# Import can be triggered using below command:

##./batch_export_import_utility.sh IMPORT <workspace> <mmguser> <batchcode> batch/schedule/batchgroup <OVERWRITE_flag> <filename without .txt extension>

## For example: ./batch_export_import_utility.sh IMPORT DEMO7 mmgadmin BatchRest batch N CS_batch_BatchRest

#ENDOFFILE#

Table 5-1 config.sh file

Parameter	Description	Is Mandatory	Comments
##APPLICATION_NAME##	Title of the application; if not replaced, default is : Model Management and Governance.	YES	It defaults to "Model Management and Governance." Note: Provide double quotes for the application name if it is long or contains spaces.
##WALLET_LOCATION##	The wallet is the folder containing the sqlnet.ora, wallet.sso, and .p12 files.	YES	/scratch/users/wallet
##TNS_ADMIN_PATH##	The folder that contains the tnsnames.ora file.	YES	/scratch/users/tns
##WALLET_ALIAS##	The wallet alias name configured for the MMG application config schema.	YES	MMG CONFIG
##LOG_HOME##	A writable folder designated for storing application and MMG Studio logs.	YES	/scratch/users/logs Note: Ensure that log folder is created before installation.
##FTPSHARE##	This can be any writable folder accessible to the process owner.	YES	/scratch/users/ftpshare Ensure that ftpshare folder is created before installation. This should be same as the metadata directory mentioned above.
##LOG_TIMEZONE##	Specifies the timezone used for displaying log timestamps	YES	GMT+05:30, GMT-04:00, Asia/Kolkata
##DATASTUDIO_URL##	URL for MMG Studio.	YES	By default, Data Studio is assumed to run on the same server. If it is running on a different host, uncomment the line below and provide the appropriate URL. https://<hostname/IP>:7008/<contextpath> NOTE: The default port for MMG Studio is 7008 and should not be modified.
##BE_HOSTNAME##	Hostname on which the backend service (mmg-service) runs. Use the same hostname wherever applicable.	YES	HostIP or FQDN
##BE_PORT##	Port on which the backend service (mmg-service) needs to run.	YES	7002
##UI_PORT##	Port on which UI service (mmg-ui) needs to run.	YES	7001
##SCHEMA_PORT##	Port on which Schema Creator service needs to run.	YES	7003
##CONTEXT_PATH##	Context path of the application.	YES	MMG
##STUDIO_AUTH_TYPE##	FCC_SSO – for SAMLRealm based authentication in FCC Studio MMG_AAI- AAI based authentication for MMG Studio	YES	Can be either MMG_AAI or FCC_SSO
##SSO_TOKEN##		YES	Note: Token generation is now automated and stored into a separate file in `"install-helper/tmp/sso-token.log"`.
##SSL_ENABLED##	This enables HTTPS.	YES	Example: `true`
##SSL_KEYSTORE##	Absolute path for the keystore file. Note: Run the following command to create a keystore: keytool -genkey -v -alias demoalias -keyalg RSA -keysize 2048 -keystore server.keystore -validity 3650 -keypass secret -storepass secret -storetype PKCS12	YES	../conf/server.keystore. Include the file name in the path. NOTE: If ##SSL_ENABLED## is set to false, you must configure keystore for mmg-studio, as it is SSL-enabled by default. MMG application and MMG Studio can share the same SSL configuration if set up on the same server.
##SSL_KS_SECRET##	Keystore secret The value passed in the aforementioned command for -keypass	YES	Example: secret
##SSL_KS_TYPE##	Keystore type The value passed in the aforementioned command for -storetype Can be either JKS or PKCS12	YES	Example: PKCS12
##SSL_KS_ALIAS##	Keystore alias The value passed in the aforementioned command for -alias	YES	Example: demoalias
##SESSION_TOKEN_CREDENTIALS##	The password used to generate the Authorization header token to communicate with mmg-services.	YES	NOTE: If not applicable, enter NA
##FCC_API_USER##	API user for FCC Studio.	YES	NOTE: If not applicable, enter NA
##MMG_DATASOURCE_MAX_POOL_SIZE##	Maximum connection pool size allowed for Config Datasource.	YES	It defaults to 10. You can edit it if required.
##MMG_DATASOURCE_IDLE_TIMEOUT##	Idle timeout for config Datasource.	YES	It defaults to 30000. You can edit it if required.
##MMG_DATASOURCE_CONN_TIMEOUT##	Connection timeout for Config Datasource.	YES	It defaults to 80000. You can edit it if required.
##EXT_DATASOURCE_MAX_POOL_SIZE##	Maximum connection pool size allowed for meta/data schemas.	YES	It defaults to 10. You can edit it if required.
##EXT_DATASOURCE_IDLE_TIMEOUT##	Idle timeout for meta/data schemas.	YES	It defaults to 30000. You can edit it if required.
##EXT_DATASOURCE_CONN_TIMEOUT##	Connection timeout for meta/data schemas.	YES	It defaults to 80000. You can edit it if required.
##MMG_HTTP_MAX_CONN##	The maximum number of connections allowed across all routes.	YES	It defaults to 20.
## MMG_HTTP_MAX_CONN_PER_ROUTE##	The maximum number of HTTP connections allowed for a route.	YES	It defaults to 2.
##MMG_HTTP_CONNECT_TIMEOUT##	The connection timeout for HTTP connection. A timeout value of 0 specifies an infinite timeout.	YES	It defaults to 30000.
##MMG_HTTP_READ_TIMEOUT##	The socket read timeout for HTTP connection. A timeout value of 0 specifies an infinite timeout.	YES	It defaults to 120000.
##APPLICATION_ID##	The id will be stored as app_id and must be the same as mentioned in the APP_ID column of MMG_PATCHES table. Currently the UI displays the MMG Version <version number of application> and last applied MMG version.	YES	The APPLICATION_ID should be without spaces.
##APPLICATION_FAVICON_PATH##	Icon for the application. If not specified, it will default to the icon at the following location: `css/images/favicon.ico`	NO	`css/images/favicon.ico`
##UI_AUTH_TYPE##	aai – if using an existing AAI instance as the identity provider. saml – for saml based authentication ldap – for ldap based authentication NOTE: This is case sensitive.	YES	Can be one of the following: aai, or saml or ldap.
##AAI_AUTH_URL##	Base URL of the AAI instance. Will be used for ##UI_AUTH_TYPE## = aai Note: If the target AAI is https, then it is necessary to import the AAI host certificate into the MMG server Java keystore.	YES	http(s)://whfxxxxx.in.oracle.com:7110/mmg
AUTH_SAML_REQUEST_TYPE	This can be set to REDIRECT (default) /POST.	NA	NA
AUTH_SAML_INCLUDE_SP_CERT	This can be set to True/False (default).	NA	NA
##SAML_IDP_URL##	This is the endpoint on the IDP side where SAML requests are posted. The Service Provider (SP) needs to obtain this information from the Identity Provider (IDP).	YES	http(s)://idcs-xxxx.com/fed/v1/idp/sso This is used only if ##UI_AUTH_TYPE## is SAML.
##SAML_SP_ENTITY##	Enter a globally unique name for SAML entity. It typically takes the URL of an identity provider or a service provider as a value.	YES	http(s)://<UI_HOST>:<UI_PORT>/mmg This is used only if ##UI_AUTH_TYPE## is SAML.
##SAML_SRV_URL##	UI Landing Page URL.	YES	http(s)://<UI_HOST>:<UI_PORT>/mmg/home This is used only if ##UI_AUTH_TYPE## is SAML.
##SAML_LOGOUT_URL##	Initiated SAML Single Logout URL.	YES	http(s)://idcs-xxxx.com/sso/v1/user/logout This is used only if ##UI_AUTH_TYPE## is SAML.
##LDAP_URL##	LDAP URL Will be used for ##UI_AUTH_TYPE## = LDAP	YES	ldap://whf00xyz:3060/
##LDAP_SEARCH_BASE##	LDAP Search Base Will be used for ##UI_AUTH_TYPE## = LDAP	YES	"cn=Users,dc=oracle,dc=com"
##LDAP_USER_FILTER##	LDAP User Filter Will be used for ##UI_AUTH_TYPE## = LDAP	YES	"cn={0}"
#LDAP_USER_SEARCH_FILTER##	LDAP User Search Filter Will be used for ##UI_AUTH_TYPE## = LDAP	YES	NA
##LDAP_GROUP_SEARCH_FILTER##	LDAP Group Search Filter Will be used for ##UI_AUTH_TYPE## = LDAP	YES	NA
##LDAP_GROUP_SEARCH_BASE##	LDAP Group Search Base Will be used for ##UI_AUTH_TYPE## = LDAP	YES	NA
##LDAP_GROUP_MEMBER#	LDAP Group Member Will be used for ##UI_AUTH_TYPE## = LDAP	YES	NA
##SERVER_COOKIE_DOMAIN##	The domain name.	YES	This should be the domain name of the host server. Example: .in.xyz.com Note: If the MMG application is configured with the IP address, then provide the same.
##SERVER_COOKIE_NAME##	The name for the cookie.	YES	If not set it will default to ORA_OLDS_SESSION
##SERVER_COOKIE_TIMEOUT##	Timeout/expiry duration in seconds.	YES	If not set, it defaults to 999999
##SERVER_COOKIE_IS_SECURE##	Specifies if we are using cookies to add an additional security layer to prevent cross-origin requests. Can be either true or false	YES	If not set, it defaults to true.
##BE_AUTH_TYPE##	Auth Type on which the backend service (mmg-service) runs.	YES	It defaults to public.
##MMG_PYTHON_INTERPRETER##	A comma separated value without whitespaces that specifies python interpreter python,fcc-ml4aml	YES	If not set, it defaults to python.
##DATACATALOG_SERVICE_URL##	Only used when EST application is integrated with MMG.	NO	NA
##STUDIO_WALLET_ENABLED##	Set as true when using a wallet for the MMG Studio Schema. Can be either true/TRUE or false/FALSE (all caps or all small)	YES	true/TRUE
##LOGIN_SHOW##	Can be either true/TRUE or false/FALSE (all caps or all small) Note: Set as true when the login screen of Studio is required. This property should be set as true if MMG application is non-SSL.	YES	It defaults to true.
##SESSION_MODE##	Can be either NOTEBOOK or NOTEBOOK_USER.	YES	If not set, it defaults to NOTEBOOK.
##STUDIO_REALM##	Can be either OFSAARealm or saml.OFSAASamlRealm	YES	OFSAARealm – the default realm for studio auth type FCC_AAI, MMG_AAI. .auth.saml.OFSAASamlRealm – for SAML specific studio authentication
##OFSAA_URL##	AAI login IDM Service URL. This is applicable only if ## STUDIO_AUTH_TYPE ## is " MMG_AAI ".	YES	Format: http://<ofsa-web-host>:<port>/<context>/rest-api For example, http://ABC00abc:4325/LLFP/rest-api The /rest-api is mandatory for OFSAA URL.
##API_USERS##	This is the API user with which the token is generated; if not set, it defaults to MMG_API_USER. Note: Use the same <API_USER> as given in the ##SSO_TOKEN##	YES	MMG_API_USER
##VALID_ROLES##	MDLUSR,MDLREV,MDLAPPR The comma separated values for Studio-related roles in USER-ROLE mapping.	YES	MDLBATCHUSR, DSUSRGRP, DSREDACTGRP
##DATASOURCE_URL##	The connection address to the database where the MMG Studio Schema is created. When ##WALLET_ENABLED## is false- jdbc:oracle:thin:@<Host>:<Port>/<Service_Name> When ##WALLET_ENABLED## is true- jdbc:oracle:thin:@<DS ALIAS> where <DS_ALIAS> is the wallet alias configured for the MMG Studio Schema.	YES	NA
##DATASOURCE_USERNAME##	MMG Studio Schema/User name; required only when ##WALLET_ENABLED## is false	YES	dsschema
##DATASOURCE_PASSWORD##	MMG Studio Schema/User Password; required only when ##WALLET_ENABLED## is false	YES	password
##DATASOURCE_DRIVER##	Database Driver used in connection	YES	oracle.jdbc.OracleDriver
##JPA_DB_PLATFORM##	Hibernate Class or SQL Dialect used in Database	YES	org.hibernate.dialect.Oracle12cDialect
##STUDIO_LOG_LEVEL##	Logging level for logs.	YES	info, warn, debug or error logs
##PYTHON_HOME##	Home Path of Python Library. It defaults to python3 during installation. For a custom installation of python3 where the soft link is not configured, you can mention the complete path up to python3.	YES	python3
##SPARK_HOME##	Absolute path of Apache Spark Library.	NO	NA
##R_ENABLED##	This can be set to TRUE/true or FALSE/false depending on which R interpreter will be started and will be present in the interpreters list. Note: If you are using an older Studio schema with an R-interpreter already present and then install with R_ENABLED set as FALSE; the R- interpreter will remain in the interpreter’s menu of Studio and must be deleted from there.	YES	The default is False.
##RS_CONF_PATH##	Absolute path to Rserve.conf file for running Rserve.	YES	/scratch/users/datastudio/conf/Rserve.conf
##RS_KEYSTORE##	Absolute path for the Keystore file made for Rserve.conf.	YES	/scratch/users/datastudio/conf/rinterpreterkeystore
##RS_KS_SECRET##	Keypass for rinterpreterkeystore.	YES	Example: changeit
##TEMPLATE_CONFIG_PATH##	Configuration path of the Template.	NO	NA
##TEMPLATE_DEFAULT_LINK##	Default link of the template.	NO	NA
##AUTH_SERVICE_URL##	The AUTH service URL that is activated after the fccstudio.sh file runs.	NO	Example: https://<hostname>:7041/authservice
##META_SERVICE_URL##	The metaservice URL that is activated after the fccstudio.sh file runs.	NO	Example: https://<hostname>:7045/metaservice
##ER_SERVICE_URL##	Used for the entity resolution service.	NO	Example: https://<hostname>:<port>
##BATCH_SERVICE_URL##	Used for the batch service.	NO	Example: https://<hostname>:<port>/batchservice
##SAML_ISSUER##	The SAML entity ID (Studio URL) configured in the IDP.	YES	https://<hostname>.xyz.com:7008
##SAML_DESTINATION##	The SAML IDP URL that the Identity Provider provides after creating the SAML application.	YES	https://idcs-xyzgvh.com/fed/v1/idp/sso
##SAML_ASSERTION##	The SAML Consume URL (Studio/URL/saml/consume) that is configured in IDP.	YES	https://<hostname>.xyz.com:7008/saml/consume
##SAML_ROLE_ATTRIBUTE##	The SAML client identifier provided by the SAML Administrator for the role and attributes information while creating the SAML application for MMG Studio. The attribute will contain the role required for the application.	YES	Example: group
##SAML_STUDIO_LOGOUT_URL##	The SAML client identifier provided by the SAML Administrator for the Logout URL information, while creating the SAML application for MMG Studio.	YES	https://idcs-xyzgvh.com/sso/v1/user/logout
##SAML_COOKIE_DOMAIN##	Domain of the server.	YES	Example: in.xyz.com
pipeline services specific configurations
##DATAPIPELINE_SERVICE_PORT1##	The port where the pipeline service resides.	YES	By default, it is set as 18005.
##DATAPIPELINE_SERVICE_PORT2##	The port where the data pipeline service resides.	YES	By default, it is set as 18006.
##DATA PIPELINE_METADATA_ARCHIVE_PATH##	The dump path for the pipeline service.	YES	/OFS_MMG/mmg-pipeline/pipeline/pipeline-service-x.x.x.x.x.
##DATA PIPELINE_METADATA_IMPORT_SERVICE_PORT##	Meta data import service port.	YES	By default, it is set as 18007.
##DATAPIPELINE_ERXMLPATH##	The XML path in which the schema details are stored.	NO	NA
##DATAPIPELINE_GATEWAY_SERVICE_PORT##	Data pipeline gateway service port.	YES	NA
##PIPELINE_UI_SERVICE_PORT##	Pipeline UI service port.	YES	NA
##DATA_PIPELINE_UI_SERVICE_PORT##	Data pipeline UI service port	YES	NA
##MATCHRULE_BASE_URL##	The host and port where the match rule service resides.	NO	http(s)://abc.in.xyz.com:7051
##LOADGRAPH_BASE_URL##	The host and port where the load graph service resides.	YES	http(s)://abc.in.xyz.com: 7059/graph-service
##MATCHSRVC_UI_URL##	Matching Service UI resource path.	NO	NA
##GRAPH_INDEX_BASE_URL##	Indicates the Graph Index resource path.	NO	NA	http(s)://<hostname>xyz.com:7053/load-to-elastic-search
##LOADINDEX_UI_URL##	Indicates the Graph Load Index UI resource path.	NO	NA
##MATCHING_MECHANISM##	Indicates the matching mechanism for Entity Resolution and Graph Enter the value that is used for matching mechanism for Entity Resolution and Graph. The options are OS, and OT. Where OS refers to OpenSearch, and OT refers to Candidate Selection with Oracle Text matching. By default, the value of the parameter is OT. For MATCHING_MECHANISM = OT, no additional installation or configuration is required as it is part of the Oracle Database. NOTE: This is applicable for Compliance Studio.	NO	NA
##CANDIDATE_SELECTION_SERVICE_URL##	Enable this service for Entity Resolution and Graph use cases when MATCHING_MECHANISM is set to OT. NOTE: This is applicable for Compliance Studio.	NO	NA
##LOAD_TO_OS_URL##	Provide the URL for Entity Resolution and Graph use cases when MATCHING_MECHANISM is set to OT. NOTE: This is applicable for Compliance Studio.	NO	NA
##AAI_COOKIE_DOMAIN##	The domain of the server.	YES	Example: in.xyz.com
##MMG_KEYS_LOC##	Indicates public and private key location.	YES	Example:< MMG Installation Path> /OFS_MMG/conf
##GRAPH_INSTALLATION_PATH##	The installation path of the Graph.	YES	<MMG Installation Path>/ OFS_MMG/mmg-load-to-graph/graph-service
##GRAPH_KEYSTORE_PASSWORD##	Graph Keystore Password.	YES	Password
##GRAPH_SERVICE_PORT##	Graph Service Port	YES	By default, it is set as 7059. You should not modify the Graph Service Port if graphs are already created and executed.
##MMG_DB_SERVER_NAME##	Name of the MMG Database Server.	YES	NA
##MMG_DB_PORT##	The port of the MMG database server.	YES	NA
##MMG_DB_SERVICE_NAME##	Name of the MMG Database Service.	YES	NA
##PGX_SERVER_URLS##	Indicates the pgx server resource path. Skip this if not installing pgx.	YES	http(s)://<hostname>.xyz.com:<pgx port>/<pgx context name>
##MAX_TOTAL_SHARED_DATA_MEMORY_SIZE##	Maximum total shared data memory size.	YES	Edit if required; default value is 20 GB.
##MAX_TOTAL_PRIVATE_DATA_MEMORY_SIZE##	Maximum total private data memory size.	YES	Edit if required; default value is 8 GB.
##MAX_PER_SESSION_DATA_MEMORY_SIZE##	Maximum per session data memory size.	YES	Edit if required; default value is 700 MB.
##MAX_DATA_MEMORY_SIZE_DSUSRGRP##	Maximum data memory size allowed for DSUSRGRP.	YES	Edit if required; default value is 10 GB.
##MAX_DATA_MEMORY_SIZE_DSBATCH##	Maximum data memory size allowed for DSBATCH.	YES	Edit if required; default value is 10 GB.
##MAX_DATA_MEMORY_SIZE_DSINTER##	Maximum data memory size allowed for DSINTER.	YES	Edit if required; default value is 5 GB.
##MAX_DATA_MEMORY_SIZE_DSAPPROVER##	Maximum data memory size allowed for DSAPPROVER.	YES	Edit if required; default value is 5 GB.
##MAX_DATA_MEMORY_SIZE_DSUSER##	Maximum data memory size allowed for DSUSER.	YES	Edit if required; default value is 5 GB.
##GRAPH_SCHEMA_WALLET_ALIAS##	Wallet alias created for the Graph Schema.	YES	NA
##GRAPH_SCHEMA_DB_SCHEMA_NAME##	Name of the Graph schema.	YES	NA
##EST_ENABLED##	Only used when EST application is integrated with MMG.	YES	The default value is FALSE.
##EST_UI_URL##	The URL of EST application. This is set based on ##EST_ENABLED## property.	NO	NA
##DATASTUDIO_SERVER_PORT##	The port of the Data Studio server.	NO	The default value is 7008.
##DATASTUDIO_MARKDOWN_INTERPRETER_PORT##	The port of the Data Studio Markdown Interpreter.	NO	The default values are 7009, 7029.
##DATASTUDIO_PYTHON_INTERPRETER_PORT##	The port of the Data Studio Python Interpreter.	NO	The default values are 7012, 7032, 6012.
##DATASTUDIO_JDBC_INTERPRETER_PORT##	The port of the Data Studio JDBC Interpreter.	NO	The default values are 7011, 7031.
##DATASTUDIO_PYTHON_INTERPRETER_REST_SERVER_PORT##	The port of the Data Studio Python Interpreter Rest server.	NO	The default value is 6012
##DATASTUDIO_PGX_PYTHON_INTERPRETER_REST_SERVER_PORT##	The port of the Data Studio PGX Python Interpreter Rest server.	NO	The default value is 6022
##DATASTUDIO_THRIFT_EVENT_HANDLER_PORT##	The port of the Data Studio Thrift Event handler.	NO	The default value is 8432
##DATASTUDIO_PGX_INTERPRETER_PORT##	The port of the Data Studio PGX Interpreter.	NO	The default value is 7022.
##MMG_COHERENCE_CLUSTER_PORT##	This is the port where the Coherence Cluster for the Notification service runs. By default, this value is 7574.	YES	NA
##MMG Gateway Configuration
##MMG_GATEWAY_ENABLED##	Enables or disables the MMG Gateway. By default, this is set to 'self'. Note: Gateway is enabled by default and gateway port is mandatory to access gateway enabled UI.	YES	NA
##MMG_GATEWAY_PORT##	Specifies the port on which the MMG Gateway will run.	YES	NA
##MMG_CSP_FRAME_ANCESTORS##	Configure this attribute to all or the AAI origin when MMG has to be embedded from AAI. By default, MMG pages cannot be embedded if Gateway is enabled. This is to prevent CLickjacking vulnerability.	YES	NA
##DATASTUDIO_CSP_FRAME_ANCESTORS##	If the Gateway is enabled, this property can be set to control the pages where Data Studio can be embedded: Set to '*' to allow embedding from any origin (less secure). Set to a comma-separated list of origins to allow embedding from those specified origins and from the same origin. By default, this is set to MMG Gateway URL.	YES	NA
export SAML_SIGN_AUTHN_REQ	NA	YES	NA
export SAML_PRIVATE_KEY_PATH	NA	NA	/scratch/mmg8131/config/sp-privatekey.pem
export SAML_SP_X509_CERT_PATH	NA	NA	/scratch/mmg8131/config/sp-certificate.cer
export SAML_SIGN_ALGORITHM	NA	NA	##SAML_SIGN_ALGORITHM##
export AUTH_SAML_REQUEST_TYPE	NA	NA	##AUTH_SAML_REQUEST_TYPE##
export AUTH_SAML_INCLUDE_SP_CERT	NA	NA	##AUTH_SAML_INCLUDE_SP_CERT##
export GIT_ENV_ID	This variable represents the environment in which your GIT operations or deployments are being performed. Common environment names include dev (development), QA (quality assurance), SIT (system integration testing), PROD (production), and so on. It helps you to understand with which branch you need to work.	NA	##GIT_ENV_ID##
export GIT_USERNAME	This is your GitHub username.	NA	##GIT_USERNAME##
export GIT_PAT_SECRET	This variable stores your GitHub Personal Access Token (PAT). A PAT is a secret token used for authenticating API requests or GIT operations over HTTPS instead of a password.	NA	##GIT_PAT_SECRET##
export GIT_PROXY_URL	If your environment requires you to access external resources like GitHub through a proxy server, this variable defines the proxy server's hostname or IP Address.	NA	##GIT_PROXY_URL##
export GIT_PROXY_PORT	This defines the port number on which the proxy server listens. It works together with GIT_PROXY_URL to route your Git traffic through the proxy.	NA	##GIT_PROXY_PORT##
RESTRICT_UNMAPPED_DATASTORES_ACCESS	Restriction of users access to Data Stores from a workspace for unmapped datasources: If the value is set as True, only the current workspace attached data stores will get connection in notebook sessions using get_conn(). This will only work if the session-mode in application.yml is set to NOTEBOOK_USER. Only True/False is allowed.	NA	The default value is False.
DATASTUDIO_INTERPRETER_IDLE_SESSION_TIMEOUT	The amount of time an interpreter session can stay idle before getting invalidated by the application to free resources. An interpreter session is considered idle while it isn't running any tasks. Example values are: 1h (one hour), or use ISO 8601 duration format for more complex values like PT2H30M (2h30m).	NA
DATASTUDIO_INTERPRETER_CLEANUP_ENABLED	Idle sessions will never get invalidated if cleanup is not enabled by the additional settings described below, or when the idle-session-timeout value is set to 0.	NA
DATASTUDIO_INTERPRETER_CLEANUP_CRON	Refers to a scheduled cleanup task for an interpreter (such as the one that executes reports or queries) within a system like Data Studio, which helps optimize system performance by clearing out temporary or unused data at regular intervals.	NA
DATASTUDIO_SERVER_ASYNC_THREADPOOL_SIZE	This is a configuration parameter for controlling the number of concurrent threads allocated to handle asynchronous tasks (like data processing, report rendering, etc.) on a Data Studio (or similar) server. It helps manage system performance, especially when many users are interacting with the system or large amounts of data need to be processed.	NA
DATASTUDIO_SERVER_SCHED_THREADPOOL_SIZE	This is a setting that controls the number of concurrent threads available for executing scheduled tasks on the Data Studio server. By adjusting this, you can manage how many tasks, such as data refreshes or scheduled reports, can be processed in parallel.	NA
DATASTUDIO_HIKARI_MAXPOOLSIZE	This setting controls the maximum number of database connections that can be maintained by the HikariCP connection pool in the Data Studio server. When the system needs to interact with a database (for data fetching, report generation, etc.), it requests a connection from the pool.	NA
DATASTUDIO_HIKARI_CONN_TIMEOUT_MS	controls the maximum time (in milliseconds) that the HikariCP connection pool will wait for an available database connection. If no connection is available within that time frame, it will throw an error.	NA
DATASTUDIO_HIKARI_MINIMUM_IDLE	This determines the minimum number of idle connections HikariCP will maintain in the connection pool at all times. Even if there are no active requests for database connections, HikariCP will ensure that at least this number of idle connections remain open, ready to be used.	NA
DATASTUDIO_HIKARI_MAX_LIFE_TIME	This controls the maximum duration a connection can stay open before being closed and replaced by a new one. This helps prevent issues like stale connections or long-lived, problematic connections that could lead to database issues or degrade performance over time. (Not a mandatory parameter)	NA
DATASTUDIO_SERVER_TOMCAT_THREADS_MAX	This controls the maximum number of concurrent threads that the Tomcat server can use to process incoming requests.	NA
DATASTUDIO_ZPLN_SCHED_THREADPOOL_SIZE	This controls the number of threads in the ZPLN scheduler’s thread pool, determining how many concurrent tasks the system can handle	NA

Note:

If changes are done directly on UI and then restart is done then in that case overwrite will not be triggered so configuration would not change, it is only dependent on file system JSON).

Note:

In case of ##OFSAA_URL## and ##MMG_SVC_URL##, do not add any ending ‘/’ in the URLs
If pool size, connection timeout and idle timeout are not configured, then it will proceed with default Hikari Configurations.
The default session timeout is 3600 seconds (60 mins). You can configure timeout using server.servlet.session.timeout property.
If the AUTH type specified is AAI, make sure the AAI System has appropriate user groups mapped for the users. WKSPADMIN, IDNTYADMN, IDNTYAUTH need minimally to be present for a successful subsequent logins.
The name for MMG Studio cookie is ORA_OLDS_SESSION.
If the ##SSL_ENABLED## is set to false, keystore configuration must be done for mmg-studio as it is SSL enabled by default. MMG application and MMG Studio can use the same SSL configuration if configured in the same server.
The wallet is same for all the MMG services including MMG Studio. So, if you want to use the MMG Studio with wallet configurations, then configure in the same wallet.
If the MMG Studio is remotely configured, then the MMG Application Configuration Schema wallet alias and tnsnames.ora file entries need to be added to the MMG Studio configured wallet and tnsnames.ora file.
If MMG application is Non SSL, set the below property to “false” in the application.yml file inside the MMG Studio and restart the services.
security:

cookies:

secure: false

Note:

Setting both Timeouts

Data Studio user Login sessions to be logged out automatically after a set amount of time:

It is recommended to set both the relative and absolute session timeouts.

With the following properties, a user session will expire after one hour of inactivity or the maximum duration of 24 hours.

Studio-Server:

Security:

Absolute-session-timeout-ms: 86400000 // 24 hours

Session-timeout-ms: 3600000 // 1 hour

Paragraph Execution Timeout

Automatically cancel a paragraph execution after a set amount of time:

Studio-server:

Interpreter:

Execution:

Run-timeout: 24 hours

You can set the timeout to 0 to disable the timeout entirely. When the timeout is disabled, paragraphs will run either until they finish or are being manually cancelled.

With the following properties, a paragraph will be timed out after 24 hours.

Synchronous Run Timeout

Timeout for synchronous code running (this is used for pipeline executions in MMG):

Studio-server:

Rest:

Code:

Maximum Runtime Sync: 20 minutes

With the following configuration, the synchronous run will be timed out after 20 minutes.

Note:

The flag *IS_SELF_USR_GRP_AUTH_ALLOWED* in NEXTGENEMF_CONFIG table is used to check if the Self Groups Approvers/Reviewers are allowed or not. If it is 'Y', the Requested User as well Approvers and Reviewers can belong to the same user group. Otherwise, 'Self User Group Authorization is not allowed' is returned.

Note:

The SSO Token value is for Studio authentication. This is applicable only when STUDIO_AUTH_TYPE is FCC_SSO and MMG_AAI. For FCC_SSO, refer to the Oracle Financial Services Compliance Studio Installation Guide.

Support of Alphanumeric Name in SAML Entity ID for SAML Configuration

MMG Application: mmg_ui/application.properties file contains SAML entity ¿saml.auth.sp.entity¿ placeholder that contains value like ¿https://<FQDN of compliance server>:7001/cs¿

However, the requirement is to have this parameter value to ¿amlcs8126¿ i.e. support of SAML Entity ID as alphanumeric name.

The expected value from SAML team:

saml.auth.sp.entity="amlcs8126":

Entity ID should not contain below special character as per ForgeRock MF Authentication (Policy sets in the UI: ForgeRock Identity Cloud docs).

The regex allowed is: ^[A-Za-z0-9,.\\/:@&?\\-_]+$, and it should be passed in string.