System Properties
The ohi-claims.properties file holds a list of properties that impact the behavior of the system. It provides the system with timeout values, url addresses, processing settings, and many other properties used during operation.
A new OHI Claims Adjudication and Pricing release may deliver a changed version of the ohi-claims.properties file.
The following tables describe the properties that are can be set in the properties file. The property names are formatted for readability, note that the property names and associated values should always be specified on one line in the properties file.
| Name | Description | Default Value | Possible Values | Change Effective |
|---|---|---|---|---|
ohi.properties.file. |
Changes made to any of these properties are not immediately picked up by the application. That only happens when it reads the properties-file again. This property specifies how often the system will read the file, in minutes. Default value, every 10 minutes. Minimum value, 1 minute. Values lower than that are ignored, meaning the default value is used. |
10 |
Integer > 0 |
Next Execution |
Base View Generator
| Name | Description | Default Value | Possible Values | Change Effective |
|---|---|---|---|---|
ohi.baseview.generation. |
The number of worker threads to start for a base view generation process |
8 |
Integer ≥ 1 |
Immediate |
Dynamic Logic
| Name | Description | Default Value | Possible Values | Change Effective |
|---|---|---|---|---|
ohi.dynamiclogic. |
Path to directory in which the system generated Dynamic Logic classes are placed. |
/tmp |
String |
Next Execution |
ohi.dynamiclogic. |
An optional property that determines whether to compile the dynamic logic (those who are not compiled before) at start-up of the application or not. |
true |
Boolean |
Next Execution |
ohi.dynamiclogic.timeout |
An optional property that determines the timeout of a running dynamic logic. If the timeout is expired, the dynamic logic is interrupted and an exception is thrown. The value is in seconds. Please note that when the dynamic logic timeout property is added/updated, the dynamic logic(s) need to be recompiled for the property change to take effect. This can be done by using the Invalidate Dynamic Logic Integration Point explained Integration Guide. |
300 |
Integer ≥ 0 |
Next Execution |
ohi.dynamiclogic. |
An optional property that determines the timeout of the running dynamic logic. If the timeout is expired, the dynamic logic is interrupted and an exception is thrown. The value is in seconds. This property is keyed on the particular dynamic logic code, therefore the placeholder <0> should be replacedwith the dynamic logic code. Please note that when the dynamic logic timeout property is added/updated, the dynamic logic(s) need to be recompiled for the property change to take effect. This can be done by using the Invalidate Dynamic Logic Integration Point explained Integration Guide. If this property is not set, the value of 'ohi.dynamiclogic.timeout' will be taken (which in its turn has a default of '300'). |
Integer ≥ 0 |
Next Execution |
Logging Support
| Name | Description | Default Value | Possible Values | Change Effective |
|---|---|---|---|---|
ohi.logging.fileset.max. |
Maximum time in days between start and end time for bundling log events in a file set |
2 |
Integer ≥ 1 |
Immediate |
ohi.logging.phi.min. |
Minimal number of days for retaining PHI log events |
1825 |
Integer ≥ 1 |
Immediate |
ohi.logging.target |
Determines whether logging must be persisted to the database or using any configured Logback Appender. Possible values are 'database' and 'log' respectively |
log |
String |
Next Execution |
Incident Reports
| Name | Description | Default Value | Possible Values | Change Effective |
|---|---|---|---|---|
ohi.incident. |
Whenever OHI Incident storage in datafile sets is activated, this property defines the number of days that OHI Incident datafile sets are retained. Older OHI Incident datafile sets are removed. |
10 |
Integer ≥ 1 |
After Restart |
ohi.incident.rootdir |
OHI Components makes use of the Logback library for generating log output. In the event of an unanticipated application exception, additional - more detailed exception trace information is written out to an individual exception trace file. The location for these exception trace files is controlled by this property. By default the location 'target/trace' relative to the directory where the WebLogic server was started is used. When changing the value for this property, make sure that the OS user that executes the WebLogic server processes needs to be able to create (and read/write files in) the directory referenced by the property. |
target/trace |
String |
After Restart |
ohi.incident.target |
OHI Incident files can be stored in the database, in a datafile set. Whenever this property is set to "datafileset" this feature is activated. Otherwise the default mechanism of writing incident files to an O/S file system directory. The OHI Incident datafile sets will have a code with a following pattern: "OHIIncidents<yyyyMMdd>" |
file |
"file" or "datafileset" |
After Restart |
Cache Control
| Name | Description | Default Value | Possible Values | Change Effective |
|---|---|---|---|---|
ohi.httpapi.cache. |
Setting to be used for metadata, code of a OHI_RESOURCE_CACHE_SETTING, see ohi.httpapi.cache.control.enable. |
String |
Next Execution |
|
ohi.httpapi.cache. |
Property to enable HTTP API Caching, which is disabled by default. When enabled, HTTP API will add a Cache-Control header in the response it sends. |
false |
Boolean |
Next Execution |
ohi.messagegroup. |
Used as an initial sizing element for the amount of message groups that can be cached |
1000 |
Integer ≥ 1 |
Next Execution |
ohi.process.cache. |
This property can be used to determine whether business process cache facilities are enabled. |
false |
Boolean |
Next Execution |
ohi.process.cache.push_ |
The time in milliseconds to back-off invalidating the business process cache for consecutive bursts of invalidations. |
250 |
Integer ≥ 0 |
After Restart |
Web Service Connection settings
| Name | Description | Default Value | Possible Values | Change Effective |
|---|---|---|---|---|
ohi.ws.client. |
MANDATORY |
1000 |
Integer ≥ 0 |
After Restart |
ohi.ws.fileimport. |
MANDATORY |
String |
Next Execution |
|
ohi.service.<0>.client. |
Used to specify the (Jersey/REST specific) authentication mechanism to use for machine-to-machine communication. Allowable values are 'None', 'BasicAuthentication' (and 'OAuth'). The <0> is replaced by notification key. |
BasicAuthentication |
String |
Next Execution |
ohi.service.<0>.media. |
Used for the notification media type. <0> is replaced by notification key. |
application/json |
String |
Next Execution |
ohi.service.<0>.method. |
Used for the notification method type. The <0> is replaced by notification key. |
POST |
String |
Next Execution |
ohi.ws.api.default. |
Number of items fetched in a HTTP API request. |
50 |
Integer ≥ 1 |
Next Execution |
ohi.ws.client. |
The time in milliseconds before the attempt to connect to an outbound service times out. A value of 0 means never timeout. |
60000 |
Integer ≥ 0 |
Immediate |
ohi.ws.client. |
The maximum number of concurrent connections the HTTP client will allow to a certain host at any given moment. |
2 |
Integer ≥ 1 |
Immediate |
ohi.ws.client. |
Sets the maximum number of total concurrent connections the HTTP client will allow at any given moment. |
20 |
Integer ≥ value of ohi. |
Immediate |
ohi.ws.client. |
The time in milliseconds that the client will wait for the server to respond to the request. A value of 0 means never timeout. |
60000 |
Integer ≥ 0 |
Immediate |
ohi.ws. |
Allows the enrollment step to be disabled from the claims flow (typically for pricing only installation). |
true |
Boolean |
Next Execution |
ohi.ws. |
Can be specified to be included in enrollment requests to drive response generation based on a specific (dynamic logic) function. |
String |
Next Execution |
|
ohi.ws.last.login. |
The number of hours that need to pass between logins before updating the user’s last login timestamp. By default, the last login timestamp will not be updated more than once per hour. This only applies to logins through a web service, not the ADF UI. |
1 |
Integer ≥ 1 |
Next Execution |
ohi.ws. |
The use of the Payment Status integration point is optional. In the event that the payment status information is provided through another integration point (or not at all) this integration point can be disabled by setting the value to false. |
true |
Boolean |
Next Execution |
ohi.ws. |
Number of replication events that are pulled across (over REST/HTTP) from replication source as one 'page'. |
1000 |
Integer ≥ 1 |
Immediate |
Configuration of external Web Services endpoint URI’s
OHI Claims can call external Web Services. The endpoint URI’s for these services are configured in the ohi-claims.properties file. The following table describes the Web Services endpoint URI parameters.
| Name | Description | Default Value | Possible Values | Change Effective |
|---|---|---|---|---|
ohi.claimsout.datafile. |
MANDATORY |
String |
Next Execution |
|
ohi.paymentstatus. |
MANDATORY |
String |
Next Execution |
|
ohi. |
MANDATORY |
String |
Next Execution |
|
ohi. |
MANDATORY |
String |
Next Execution |
|
ohi.reprocessclaims. |
MANDATORY |
String |
Next Execution |
|
ohi.claimevent.endpoint. |
Reference to the Web Service endpoint that OHI Claims uses to deliver Claim events (if configured). Multiple Web Service endpoints can be specified as comma separated URLs. |
String |
Next Execution |
|
ohi.claimevent.<0>. |
Claim Event Rule specific reference to the Web Service endpoint that OHI Claims uses to deliver Claim events (if configured). Multiple Web Service endpoints can be specified as comma separated URLs. <0> is replaced by the Claim Event Rule code. If specified, this property value takes priority over the value specified for ohi.claimevent.endpoint.request. |
String |
Next Execution |
|
ohi.ctrclaimevent. |
Reference to the Web Service endpoint that OHI Claims uses to deliver Claim Transaction events (if configured). Multiple Web Service endpoints can be specified as comma separated URLs. |
String |
Next Execution |
|
ohi.ctrclaimevent.<0>. |
Reference to the Web Service endpoint that OHI Claims uses to deliver Claim Transaction events (if configured). Multiple Web Service endpoints can be specified as comma separated URLs. <0> is replaced by the Claim Transaction Event Rule code. If specified, this property value takes priority over the value specified for ohi.ctrclaimevent.endpoint.request |
String |
Next Execution |
|
ohi.financialmessage. |
For sending out financial message data file creation notification in Generate Financial Message Activity. For FileBased requests. Sample value is http://machine.domain:port/financialmessage/datafile |
String |
Next Execution |
|
ohi.financialmessage. |
For sending out financial message in Generate Financial Message Activity. For MessageBased requests. Sample value is http://machine.domain:port/financialmessage |
String |
Next Execution |
|
ohi.paymentstatus. |
Reference to the Web Service endpoint which the OHI Claims system uses to request for Payment Status information. Required when ohi.ws.paymentstatusreponse.request.enabled = true |
String |
Next Execution |
|
ohi. |
For re-sending financial message data file creation notification in Resend Financial Message Activity. For FileBased requests. Sample value is http://machine.domain:port/resend/financialmessage/datafile |
String |
Next Execution |
|
ohi. |
For sending out financial message in Resend Financial Message Activity. For MessageBased requests. Sample value is http://machine.domain:port/resend/financialmessage |
String |
Next Execution |
|
ohi.workflowtaskstart. |
Reference to the Web Service endpoint which the OHI Claims system uses to initiate a Workflow task. Multiple Web Service endpoints can be specified as comma separated URLs. |
String |
Next Execution |
|
ohi.<0>.endpoint.request |
Allows for web service client interactions to identify their request URI destination. This property is used to get the URI for the end point. <0> is replaced by notification key. Sample value is http://machine.domain:port/<0>. |
String |
Next Execution |
Web Services Validation and Logging
For logging the request and response payloads of SOAP services set the following logger in the logback configuration:
<logger name="com.oracle.healthinsurance.support.ws.handlers.MessagePayloadLoggingHandler" level="debug" />This will log the payloads for all SOAP services to the "PHI log". Note that this setting cannot be controlled on a per service basis.
| Oracle recommends to enable payload logging for a short period of time and for diagnostic purposes only. |
The ohi-claims.properties file has properties that determine the behavior of Web Services validation. The following table describes these:
| Name | Description | Default Value | Possible Values | Change Effective |
|---|---|---|---|---|
ohi.ws.<0>.request. |
If set to true, the request will be validated against an XSD when it is received. For production systems, with extensively tested integrations, the recommended value is false. |
false |
Boolean |
Next Execution |
ohi.ws.<0>.response. |
If set to true, the response will be validated against an XSD when it is received. For production systems, with extensively tested integrations, the recommended value is false. |
false |
Boolean |
Next Execution |
Applicability for all OHI Web Services is listed in the following table:
| Web Service | IP-name | Relevant Properties |
|---|---|---|
Claims Update |
claimsupdate |
request.validate |
Data Access |
dataaccessgroup |
request.validate |
File Import |
fileimport |
request.validate |
Financial Message |
financialmessage |
request.validate |
Payment Status Response |
paymentstatusresponse |
request.validate |
Adjudication Case |
adjudicationcase |
equest.validate |
Contract Reference |
contractreference |
request.validate |
Draft Provider Pricing Clause |
draftproviderpricingclause |
request.validate |
Web Service Client Authentication
Outbound RESTful invocations can be secured using Basic Authentication or OAuth2. For details, refer to the relevant chapter in the Integration Guide. Each client needs to be configured separately. The applicable properties all follow the same naming convention: ohi.service.<0>.client.authentication. The default value is "BasicAuthentication". The placeholder <0> is the name of the client. OHI defined client names are listed in the following table:
| Web Service | Client Name | Relevant Properties |
|---|---|---|
Activity Notification |
ActivityResponseClient |
ohi.service.ActivityResponseClient.client.authentication |
Data Exchange Export Notification |
DataExchangeExportNotificationClient |
ohi.service.DataExchangeExportNotificationClient.client.authentication |
Data Exchange Import Notification |
DataExchangeImportNotificationClient |
ohi.service.DataExchangeImportNotificationClient.client.authentication |
Data Replication Authorization Events |
DataReplicationAuthorizationEvents |
ohi.service.DataReplicationAuthorizationEvents.client.authentication |
Data Replication Authorization Entities |
DataReplicationAuthorizationEntities |
ohi.service.DataReplicationAuthorizationEntities.client.authentication |
Data Replication Person Events |
DataReplicationPersonEvents |
ohi.service.DataReplicationPersonEvents.client.authentication |
Data Replication Person Entities |
DataReplicationPersonEntities |
ohi.service.DataReplicationPersonEntities.client.authentication |
Financial Message Notification |
FinancialMessageNotificationClient |
ohi.service.FinancialMessageNotificationClient.client.authentication |
Reprocess Claims Criteria |
ClaimReprocessCriteriaResponseNotificationClient |
ohi.service.ClaimReprocessCriteriaResponseNotificationClient.client.authentication |
Claims Out File Delivery |
ClaimsTransactionOutNotificationClient |
ohi.service.ClaimsTransactionOutNotificationClient.client.authentication |
Claim Transaction Event Rules |
PolicyAccountTransactionClient |
ohi.service.PolicyAccountTransactionClient.client.authentication |
Enrollment |
PolicyEnrollmentClient |
ohi.service.PolicyEnrollmentClient.client.authentication |
Send Financial Message |
SendFinancialMessageClient |
ohi.service.SendFinancialMessageClient.client.authentication |
Resend Financial Message |
ResendFinancialMessageClient |
ohi.service.ResendFinancialMessageClient.client.authentication |
Workflow Notification |
WorkflowEventClient |
ohi.service.WorkflowEventClient.client.authentication |
Workflow Task Done Notification |
TaskDoneEventClient |
ohi.service.TaskDoneEventClient.client.authentication |
The following Client Authentication properties are related to SOAP web service invocations. Note that only 'Authorization' header will be sent for the SOAP message in order to support Basic Authentication. Other WS-Security Authentication, such as UsernameToken Profile, are not supported. The placeholder <0> is the name of the client. OHI defined client names are listed in the following table:
| Web Service | Client Name | Relevant Properties |
|---|---|---|
Workflow Notification |
WorkflowEventClientSoap |
ohi.service.WorkflowEventClientSoap.client.authentication |
Workflow Task Done Notification |
TaskDoneEventClientSoap |
ohi.service.TaskDoneEventClientSoap.client.authentication |
CTR Claim Event Notification |
CtrClaimEventClient or Code of the CTR Claim Event |
ohi.service.CtrClaimEventClient.client.authentication |
Claim Event Notification |
ClaimsEventClient or Code of the Claim Event |
ohi.service.ClaimsEventClient.client.authentication |
Note that defining the property for the authentication mechanism needs to be done in conjunction with defining the credentials that the web service client will use when making the request. How to enter credentials is outlined in the Integration Guide.
Web Service Media Type
Certain outbound RESTFul invocation support multiple output formats (i.e. XML or JSON). This can be configured via the media type property. If unspecified, the default value is "application/json". The property name follows the naming convention: ohi.service.<0>.media.type. The placeholder <0> is the name of the client. The names of the clients that support a configurable media type are listed in the following table:
| Web Service | Client Name | Relevant Properties |
|---|---|---|
Activity Notification |
ActivityResponseClient |
ohi.service.ActivityResponseClient.media.type |
Reprocess Claims Criteria |
ClaimReprocessCriteriaResponseNotificationClient |
ohi.service.ClaimReprocessCriteriaResponseNotificationClient.media.type |
Claims Out File Delivery |
ClaimsTransactionOutNotificationClient |
ohi.service.ClaimsTransactionOutNotificationClient.media.type |
Claim Transaction Event Rules |
PolicyAccountTransactionClient |
ohi.service.PolicyAccountTransactionClient.media.type |
Workflow Notification |
WorkflowEventClient |
ohi.service.WorkflowEventClient.media.type |
Workflow Task Done Notification |
TaskDoneEventClient |
ohi.service.TaskDoneEventClient.media.type |
Single Sign-On and Web Gate
The following table lists properties that need to be set when OHI Components application take part in Single Sign-On (SSO) scenarios or when OHI applications are fronted by a gateway that is responsible for handling authentication:
| Name | Description | Default Value | Possible Values | Change Effective |
|---|---|---|---|---|
ohi.security.sso.enabled |
The application will check for an SSO header, and if one is not found, present the user with a login screen. |
false |
Boolean |
Next Execution |
ohi.security.sso.header |
The header value in which to check for an SSO principal if it is not mapped via servlet security. |
OAM_REMOTE_USER |
String |
After Restart |
ohi.security.sso. |
The application will reject traffic without an SSO header. |
false |
Boolean |
Next Execution |
Cross Origin Resource Sharing
See the Security Guide for an introduction to Cross Origin Resource Sharing (CORS). For further explanation the reader is referred to W3C’s CORS specification.
The following table lists CORS related properties:
| Name | Description | Default Value | Possible Values | Change Effective |
|---|---|---|---|---|
ohi.cors.access.control. |
MANDATORY |
String |
Next Execution |
|
ohi.cors.access.control. |
Header that indicates whether the response to request can be exposed when the omit credentials flag is unset. When this is part of the response to a preflight request it indicates that the actual request can include user credentials. |
true |
Boolean |
Next Execution |
ohi.cors.access.control. |
Header that indicates, as part of the response to a preflight request, which header field names can be used during the actual request. Allows all headers by default. The value is a comma-separated list of allowed headers. |
String |
Next Execution |
|
ohi.cors.access.control. |
Header that indicates, as part of the response to a preflight request, which methods can be used during the actual request. Allows all methods by default. The value is a comma-separated list of allowed methods. |
String |
Next Execution |
|
ohi.cors.access.control. |
Header that indicates which headers are safe to expose to the API of a CORS API specification. The value isa comma-separated list of all exposed headers. |
String |
Next Execution |
|
ohi.cors.access.control. |
Header that indicates how long the results of a preflight request can be cached in a preflight result cache, number representing seconds. |
1800 |
Integer ≥ 0 |
Next Execution |
ohi.vary.header |
Property to set Vary HTTP Header. Value is a comma-separated list |
Accept,Accept- |
String |
Next Execution |
Intrustion Detection
OHI applications safeguard against Cross-Site Scripting (XSS) attacks by checking "untrusted" data that may be entered in HTTP API requests (see the Security Guide for intrusion detection principles). Detection behavior can be customized using the properties that are listed in the following table:
| Name | Description | Default Value | Possible Values | Change Effective |
|---|---|---|---|---|
ohi.untrusteddata.check |
XSS vulnerability detection is enabled by default. Disable it by setting the value for this parameter to false. This property should be used if other components in the landscape perform vulnerability detection. |
true |
Boolean |
Next Execution |
ohi.untrusteddata. |
Domain attributes of type "String" are checked by default if the length ≥ 30 characters. To be more stringent decrease the default value using this property. |
30 |
Integer ≥ 1 |
Next Execution |
ohi.untrusteddata. |
Domain attributes are checked by default. Use this property to define a comma-separated list of customer-specific attributes that should be excluded from intrusion detection checking. Format: <DOMAIN OBJECT SIMPLE NAME>.<ATTRIBUTE NAME>, |
String |
Next Execution |
|
ohi.untrusteddata. |
HTTP Headers are checked by default. Use this property to define a comma-separated list of customer-specific headers that should be excluded from intrusion detection checking. Format: <HEADER NAME>,<HEADER NAME>. |
String |
Next Execution |
|
ohi.untrusteddata. |
HTTP Query Parameters are checked by default. Use this property to define a comma-separated list of customer-specific query parameters that should be excluded from intrusion detection checking. Format: <QUERY PARAMETER NAME>,<QUERY PARAMETER NAME>. |
String |
Next Execution |
For example, to prevent mixed encoded Cookies that a client like a browser sends as part of the request to result in a Bad Request, whitelist the Cookie header as follows:
ohi.untrusteddata.whitelist.httpheader=CookieData Set Operations
| Name | Description | Default Value | Possible Values | Change Effective |
|---|---|---|---|---|
ohi.datasetoperations. |
This property is related to the Data Set Operations Integration Point, for export usages. It contains a URI that refers to the notification message, this message is sent once the process of building the data set payload is completed. |
String |
Next Execution |
|
ohi.datasetoperations. |
This property is related to the Data Set Operations Integration Point, for import usages. It contains a URI that refers to the notification message, this message is sent once the process of uploading the data set payload is completed. Error messages prevent the import from happening. |
String |
Next Execution |
Using OAuth2 for REST Client Invocations
OHI application’s RESTful services can be OAuth2 protected. In that case the application validates and / or introspects OAuth2 access tokens that are sent as Bearer tokens in the HTTP Authorization header. See the implementation guide for further details about OAuth2 support in OHI applications.
The following table lists OAuth2 properties:
| Name | Description | Default Value | Possible Values | Change Effective |
|---|---|---|---|---|
ohi.oauth.accesstoken. |
To model the overhead of fetching an access token from an OAuth2 authorization server for caching the access token in the REST client, e.g. to account for some network delay between the client and the authorization server.Example: if the authorization server returns a token with an expiry time of 3600 seconds and if the network delay is expected to be 100 ms, then 100 ms could be configured for this key. The resulting access token will be cached for the original expiry time minus overhead time, i.e. 3600000 - 100 = 3599900 ms. The value should be specified in milliseconds. |
10 |
Integer ≥ 0 |
Immediate |
ohi.oauth.cert.signing. |
Determines the signing algorithm for X509 certificates that are used by OHI applications to sign the JWT token that an OHI application generates for obtaining an OAuth2 access token through the assertion grant type (where the JWT is used as assertion). Only RSA algorithms are currently supported. |
SHA512withRSA |
String |
Immediate |
ohi.oauth.jwk.set.url |
URL value for the OAuth2 authorization server JSON Web Key (JWK) Set endpoint. The OAuth2 authorization server should support RFC 7517. Token Validation Method is JWKSET. |
String, URL |
After Restart |
|
ohi.oauth.jwk.set. |
Client Id or audience claim for token validation. Token Validation Method is JWKSET. |
String |
After Restart |
|
ohi.oauth.jwk.set. |
Issuer for token validation. Token Validation Method is JWKSET. |
String or URL |
After Restart |
|
ohi.oauth.jwk.set. |
Signing algorithm used by the Authorization Server. Token Validation Method is JWKSET. |
RS256 |
String |
After Restart |
ohi.oauth.jws.signing. |
Algorithm used for signing the JWT token that an OHI application generates for obtaining an OAuth2 access token through the assertion grant type (where the JWTis used as assertion). Note that only RSA algorithms are currently supported. |
RS512 |
RS256, RS384, RS512 |
Immediate |
ohi.oauth.jwt. |
Expiration period (in seconds) for the JWT token that an OHI application generates for obtaining an OAuth2 access token through the assertion grant type (where the JWT is used as assertion). |
600 |
0 ≤ Integer ≤ 9999 |
Immediate |
ohi.oauth.jwt.userid. |
Specifies the claim in the JWT that can be used to identify the user for which the OAuth2 access token was created. Token Validation Method is JWKSET. |
sub |
String |
Immediate |
ohi.oauth.openidconnect. |
Client ID of the OpenID Connect client that has to be present to acquire an access token. |
String |
Immediate |
|
ohi.oauth.openidconnect. |
Credential associated with the OpenID Connect client that has to be present to acquire an access token. |
String |
Immediate |
|
ohi.oauth.openidconnect. |
Defines the maximum acceptable clock skew (in seconds) for validating timestamps of ID tokens that are issued by an OpenID Provider. |
60 |
Integer ≥ 1 |
After Restart |
ohi.oauth.token. |
Unique client id for resolving the username and password credentials that are used to construct the Basic Authentication Authorization header when calling the OAuth2 authorization server token validation or introspection endpoint. Token Validation Method is OAUTH2_ENDPOINT. |
String |
Immediate |
|
ohi.oauth.token. |
URL value for the OAuth2 authorization server token validation or introspection endpoint. It is assumed that the endpoint supports Basic Authentication. Token Validation Method is OAUTH2_ENDPOINT. |
String, URL |
After Restart |
|
ohi.oauth.token. |
RFC 7662 defined Introspection Response element that will be used to derive the username from. Token Validation Method is OAUTH2_ENDPOINT. |
sub |
String |
Immediate |
ohi.oauth.token.issuer. |
For token validation. Specific issuer identifier. Requires use of properties ohi.oauth.token.issuers and ohi.oauth.token.issuer.<0>.user.claim. |
String or URL |
After Restart |
|
ohi.oauth.token.issuer. |
For token validation. Issuer-specific user claim. Requires use of properties ohi.oauth.token.issuers and ohi.oauth.token.issuer.<0>. |
String |
After Restart |
|
ohi.oauth.token.issuers |
For token validation. Comma-separated string of possible token issuers. Requires use of properties ohi.oauth.token.issuer.<0> and ohi.oauth.token.issuer.<0>.user.claim. |
Comma- |
After Restart |
|
ohi.oauth.token. |
Determines the access token validation method. Possible values: JWKSET: OAuth2 access tokens are validated by the resource server. Assuming the token is a JWT, validates it against a JSON Web Key (JWK) Set as defined by RFC 7517. The source of the JWK Set is an endpoint exposed by an OAuth2 authorization server. Use this method to validate ID tokens issued by an OpenID Provider.OAUTH2_ENDPOINT: validates the token using an OAuth2 authorization server’s token introspection endpoint as defined by RFC 7662. |
JWKSET |
JWKSET, OAUTH2_ |
Immediate |
Claims in an OAuth2 token may differ per token issuer. The following example demonstrates mapping a specific claim in an access token to an OHI User based on the issuer of the token:
# configure multiple token issuers as comma-separated string ohi.oauth.token.issuers=oracle_idcs,azure_ad # configure issuer to user claim mapping for issuer oracle_idcs ohi.oauth.token.issuer.oracle_idcs=https://identity.oraclecloud.com/ ohi.oauth.token.issuer.oracle_idcs.user.claim=sub # configure issuer to user claim mapping for issuer azure_ad ohi.oauth.token.issuer.azure_ad=https://sts.windows.net/fa15d692-e9c7-4460-a743-29f29522229/ ohi.oauth.token.issuer.azure_ad.user.claim=oid
Activity and Task Processing
| Name | Description | Default Value | Possible Values | Change Effective |
|---|---|---|---|---|
ohi.claims.ignore. |
MANDATORY |
false |
Boolean |
Next Execution |
ohi.activityprocessing. |
RESTful Service endpoint URL for delivering the response notification after activity processing is completed.OHI Components applications will use a POST operation by default. This can be overwritten by using ohi.service.<0>.method.type, where <0> should be replaced with notification key. |
String, |
Next Execution |
|
ohi.activityprocessing. |
Activity type specific RESTful Service endpoint URL for delivering the response notification once activity processing is completed. The <0> should be replaced with the activity type code, for example 'REFSHEETLINE_IMPORT'. When this property is not set, the value of ohi.activityprocessing.notification.endpoint will be used. OHI Components applications will use a POST operation by default. This can be overwritten by using ohi.service.<0>.method.type, where <0> should be replaced with notification key. |
String, |
Next Execution |
|
ohi.amount.scale |
By default, amounts are stored with scale 2 (2 digits after decimal point).A subset of amounts allow for a higher scale. For example the premium amounts in calculation results allow up to 12 digits after the decimal point. How many of those additional digits are actually used depends on this property. Can be used to store calculation result amounts with greater scale. Increase of scale allows for sending financial data on a detail level (e.g. VAT on a premium for a member) to the financial system and round only after aggregation (e.g. on a group account); rounding in an early stage to 2 decimals can lead to a substantial difference with the expected outcome on an aggregate level. |
2 |
2 ≤ Integer ≤ 12. |
Next Execution |
ohi.claims.future. |
This property allows / not allows future service dates for claims. default value is 'false', which means future service dates are not allowed for claims. |
false |
Boolean |
Next Execution |
ohi.claims.quote. |
Property to configure whether financial transactions for claims of process type Q(uote) should be created or not. |
false |
Boolean |
Next Execution |
ohi.claims.reservation. |
Property to configure whether financial transactions for claims of process type R(eservation) should be created or not. |
true |
Boolean |
Next Execution |
ohi.fsli.batch.commit. |
Factor with which a collection of fee schedule lines of a particular fee schedule is partitioned over a cluster wide feeschedule line import. |
500 |
Integer ≥ 1 |
Next Execution |
ohi.fsli.batch. |
Number of concurrent threads that are allowed to run on a single JVM, as part of a clustered wide feeschedule line import. |
5 |
Integer ≥ 1 |
Next Execution |
ohi.max.headroom |
The maximum number of tasks that is to be loaded into the processing grid. |
2000 |
Integer ≥ 1 |
Next Execution |
ohi.max.headroom.<0> |
The maximum number of tasks that is to be loaded into the processing grid - per given activity type |
2000 |
Integer ≥ 1 |
Next Execution |
ohi.processing. |
A non '0' value for this property means that data (i.e. extra_info) for failed attempts will be retained. |
0 |
Integer ≥ 0 |
Next Execution |
ohi.processing. |
Utilized for extract items bucketing. It decides how many items will be exported in one transaction to improve performance. |
500 |
0 < Integer < 1000 |
Next Execution |
ohi.processing. |
Utilized for Select Transactions In Set activity bucketing. It decides how many sub-activities will run in one transaction to improve performance. This one utilizes a technical table to bucketise the working set. |
5000 |
Integer ≥ 1 |
Next Execution |
ohi.processing.cache. |
Specification for cache that caches the results (flex code entity) of queries on flex code by key value and flex code system code. For more information, see CacheBuilderSpec’s javadoc: https://guava.dev/releases/19.0/api/docs/com/google/common/cache/CacheBuilderSpec.html |
maximumSize=10000, |
String |
Next Execution |
ohi.processing.cache. |
Specification for cache that caches the results (flex code system code) of queries on flex code system by id. For more information, see CacheBuilderSpec’s javadoc: https://guava.dev/releases/19.0/api/docs/com/google/common/cache/CacheBuilderSpec.html |
maximumSize=1000, |
String |
Next Execution |
ohi.processing.cache. |
Guava cache setting for FeeScheduleLineDuplicityCache. See https://guava.dev/releases/19.0/api/docs/com/google/common/cache/CacheBuilderSpec.html for additional details. |
maximumSize=1 |
String |
Next Execution |
ohi.processing.cache. |
This property allows for caching of the responses of of the "InGroup" family of function calls. |
false |
Boolean |
Next Execution |
ohi.processing. |
Default amount of delay in seconds used when a failed task is re-enqueued for another attempt. Is overridden if a delay is set on the task type. |
3 |
Integer ≥ 0 |
Next Execution |
ohi.processing. |
Number of minutes gathered enrollment data can be considered as 'up-to-date' (i.e. not expired). |
5 |
Integer ≥ 1 |
Next Execution |
ohi.processing.filldepth |
Specifies a target number of work items to process at any given time - to best utilize processing capacity. Suggested value is a multiple of the number of CPU cores available to the managed server. The system will take the maximum of 2x the number of processors reported to the JVM and the value of this property (which has in its turn a default of '3'). |
3 |
Integer ≥ 0 |
Next Execution |
ohi.processing. |
Determines the number of tasks that will be submitted for processing at any given time. Suggested value is 1 less than number of CPU cores available to the managed server. The system will take the maximum of the number of processors reported to the JVM minus 1 and the value of this property (which has in its turn a default of '1'). |
1 |
Integer ≥ 1 |
Next Execution |
ohi.processing.finalize. |
Total maximum number of times to attempt finalization of a claim. |
1000 |
Integer ≥ 1 |
Next Execution |
ohi.processing.groupsize |
The number of tasks to be grouped (when applicable) into a collection of tasks that is to be put into the processing grid as one atomic unit. This complete collection will be processed on one processing node. |
400 |
Integer ≥ 1 |
Next Execution |
ohi.processing. |
Utilized for activity grouping. It decides how many sub-activities will run in one transactionto improve performance. This directly groups child activities according to groupSize. |
500 |
Integer ≥ 1 |
Next Execution |
ohi.processing. |
Utilized for Generate Financial Message activity grouping It decides how many sub-activities will run in one transaction to improve performance. This directly groups child activities according to groupSize. |
500 |
Integer ≥ 1 |
Next Execution |
ohi.processing. |
Utilized for activity grouping. It decides how many sub-activities will run in one transactionto improve performance. This directly groups child activities according to groupSize. |
100 |
Integer ≥ 1 |
Next Execution |
ohi.processing. |
Utilized for activity grouping. It decides how many sub-activities will run in one transaction to improve performance. This directly groups child activities according to groupSize. |
500 |
Integer ≥ 1 |
Next Execution |
ohi.processing. |
The number of tasks to be grouped (when applicable) into a collection of tasks that is to be put into the processing grid as one atomic unit - per activity type. This complete collection will be processed on one processing node. |
400 |
Integer ≥ 1 |
Next Execution |
ohi.processing. |
The number of loader tasks to be spawned, whenever an activity of that type needs to be processed and has child tasks spawned into the grid. These loaders work concurrently on the set of child tasks that are to be spawned. |
1 |
Integer ≥ 1 |
Next Execution |
ohi.processing. |
The number of loader tasks to be spawned for a specific activity type, whenever an activity of that type needs to be processed and has child tasks spawned into the grid. These loaders work concurrently on the set of child tasks that are to be spawned. |
1 |
Integer ≥ 1 |
Next Execution |
ohi.processing. |
The time (in seconds) a loader task will be held back in the grid, in the event it has reached its maximum number of tasks it is allowed to load and spawn into the grid. |
3 |
Integer ≥ 1 |
Next Execution |
ohi.processing. |
The time (in seconds) a loader task will be held back in the grid, in the event it has reached its maximum number of tasks it is allowed to load and spawn into the grid - per given activity type. |
3 |
Integer ≥ 1 |
Next Execution |
ohi.processing.max. |
The maximum amount of times activity processing will try and sent out an 'activity processed' event to an external system. |
3 |
Integer ≥ 0 |
Next Execution |
ohi.processing.max. |
The maximum amount of times activity processing will try and sent out an 'activity processed' event to an external system - per activity type. |
3 |
Integer ≥ 0 |
Next Execution |
ohi.processing. |
Number of times a task can resolve as 'errored' before it stops a task flow. |
3 |
Integer ≥ 0 |
Next Execution |
ohi.processing. |
Determines how many times a specific incomplete task will be rescheduled for processing, before marking it as 'errored' |
10000 |
Integer ≥ 0 |
Next Execution |
ohi.processing.pagesize. |
Utilized for reading financial message chunks to generate financial messages in flat files or XML. It is used to determine how records will be processed. |
5000 |
Integer ≥ 1 |
Next Execution |
ohi.processing. |
Value (in seconds) - time interval that the application uses to check if all Payment Status response messages for a claim are received. For example: if this value is configured to be 5 seconds then the application will check every 5 seconds (until the period that is specified by property ohi.processing.paymentstatuscomplete.timeout is reached) if all Payment Status response messages for a claim are received. Falls back to ohi.processing.paymentstatuscomplete.timeout when not specified. |
1≤ Integer ≤ value of ohi. |
Next Execution |
|
ohi.processing. |
Value (in seconds) that the application uses to determine if all Payment Status response messages for a claim are received in time; if a response is not received before the time out period is exceeded, the Payment Status Complete task ends in an errored state. Increase this value if the Payment Status service does not respond to requests within 60 seconds. Provides a fallback to ohi.processing.paymentstatuscomplete.interval in case that property has not been specified. |
60 |
Integer ≥ 1 |
Next Execution |
ohi.processing. |
Total maximum number of times a claim can attempt to be finalized for pricing. |
1000 |
Integer ≥ 1 |
Next Execution |
ohi.processing. |
Determines if a failed task is retried immediately, or re-enqueued for another attempt after a delay. |
true |
Boolean |
Immediate |
ohi.processing.yield. |
Default time (in seconds) a task will be held back in the processing grid, in between execution steps. This typically is used between parent-child task relationships, where a parent task will has to regularly check on the status of its children. |
3 |
Integer ≥ 1 |
Next Execution |
ohi.processing.yield. |
Used to specify The time (in milliseconds) an (aggregate) task is going to be held back for task loaders to complete their work. |
3 |
Integer ≥ 1 |
Next Execution |
ohi.processing.yield.<0> |
Default time (in seconds) a task will be held back in the processing grid, in between execution steps. This typically is used between parent-child task relationships, where a parent task will has to regularly check on the status of its children. - per activity type. |
3 |
Integer ≥ 1 |
Next Execution |
ohi.startup.start.task. |
Controls task processing for a managed server. By default, if a managed server that executes an OHI Components application is started then it will start processing tasks from the work backlog queue. The default behavior can be overridden by setting command-line parameter ohi.startup.start.task.processing; if it is set to false a managed server that executes the OHI Components application will not process tasks after it is started. The default value is true, meaning the managed server that executes the OHI Components application will start processing tasks from the work backlog queue after it is started. |
true |
Boolean |
Next Execution |
Specifying yields, submission count, group size and loader count per activity type
OHI Components Claims allows to individually specify some of the aforementioned application properties on a per-activity-type basis. This provides finer grained control of loading and processing semantics. The way to accomplish this is to concatenate the mnemonic for the specific activity type after the specific property key, for example:
ohi.processing.groupsize.CALCULATE_PREMIUM=250
This mechanism is available for the following properties:
-
ohi.processing.yield.<activity_type>
-
ohi.max.headroom.<activity_type>
-
ohi.processing.groupsize.<activity_type>
-
ohi.processing.loadercount.<activity_type>
-
ohi.processing.loaderyield.<activity_type>
-
ohi.processing.max.numberofretries.<activity_type>
For the mnemonic of individual activity types, check the Implementation Guide.
Group membership information can be cached under ohi.processing.cache.ingroup.<cacheName>.spec . For each use case there is a separate cacheName. All those caches are Google Guava caches. The .spec property defines the specification of the Google Guava’s CacheBuilder configuration. It is a string which is a series of comma-separated keys or key-value pairs, each corresponding to a CacheBuilder method. Example (make sure to specify on one line!): "maximumSize=10000, expireAfterWrite=5m,softValues". For more information, see CacheBuilderSpec’s javadoc: http://docs.guava-libraries.googlecode.com/git/javadoc/com/google/common/cache/CacheBuilderSpec.html
| Name | Description | Default Value | Possible Values | Change Effective |
|---|---|---|---|---|
ohi.processing.cache. |
This cache maintain the result if CountryRegion is in CountryRegionGroup, where key is created using the CountryRegion.Id and CountryRegionGroupCode. |
maximumSize=1000, |
String |
Next Execution |
ohi.processing.cache. |
A specification of Google Guava’s CacheBuilder configuration. It configures a cache for diagnosis in a diagnosis group. Defined as a string which is a series of comma-separated keys or key-value pairs, each corresponding to a CacheBuilder method. See CacheBuilderSpec http://docs.guava-libraries.googlecode.com/ for additional detail. |
maximumSize=100000, |
String |
Next Execution |
ohi.processing.cache. |
Cache for flex codes in a flex code group. |
maximumSize=100000, |
String |
Next Execution |
ohi.processing.cache. |
This cache maintains the result if LocationType is in LocationTypeGroup, where a key is created using the LocationType.Id and LocationTypeGroupCode. |
maximumSize=1000, |
String |
Next Execution |
ohi.processing.cache. |
Cache for messages in a message group. |
maximumSize=1000, |
String |
Next Execution |
ohi.processing.cache. |
Specification for the cache storing procedure group membership. Value should be a valid Google Guava specification. See the CacheBuilderSpec’s javadoc: http://docs.guava-libraries.googlecode.com/ |
maximumSize=100000, |
String |
Next Execution |
ohi.processing.cache. |
A specification of Google Guava’s CacheBuilder configuration. It configures a cache for products in a provider group. Defined as a string which is a series of comma-separated keys or key-value pairs, each corresponding to a CacheBuilder method. See CacheBuilderSpec for additional detail. |
maximumSize=10000, |
String |
Next Execution |
ohi.processing.cache. |
A specification of Google Guava’s CacheBuilder configuration. It configures a cache for providers in a provider group. Defined as a string which is a series of comma-separated keys or key-value pairs, each corresponding to a CacheBuilder method. See CacheBuilderSpec for additional detail. |
maximumSize=10000, |
String |
Next Execution |
ohi.processing.cache. |
This cache maintains the result if UnfinalizeReason is in UnfinalizeReasonGroup, where a key is created using the UnfinalizeReason.Id and UnfinalizeReasonGroupCode. |
maximumSize=1000, |
String |
Next Execution |
Data File Import
The following table lists (technical) properties that influence data file (batch) processing performance. Only change these after consulting with Oracle:
| Name | Description | Default Value | Possible Values | Change Effective |
|---|---|---|---|---|
ohi.consumptionimport. |
The number of importable data units to collect as one processable group from a external insurable objects source file |
1000 |
Integer ≥ 1 |
Next Execution |
ohi.diagnosisimport. |
A separate processing activity is spawned for processing a chunk or batch of diagnoses of the specified size. |
5000 |
Integer ≥ 1 |
Next Execution |
ohi. |
A separate processing activity is spawned for processing a chunk or batch of draft provider pricing clauses of the specified size. |
5000 |
Integer ≥ 1 |
Next Execution |
ohi. |
A separate processing activity is spawned for processing a chunk or batch of fee schedules of the specified size. |
5000 |
Integer ≥ 1 |
Next Execution |
ohi. |
A separate processing activity is spawned for processing a chunk or batch of insurable objects ofthe specified size. |
5000 |
Integer ≥ 1 |
Next Execution |
ohi.procedureimport. |
A separate processing activity is spawned for processing a chunk or batch of procedures of the specified size. |
5000 |
Integer ≥ 1 |
Next Execution |
ohi. |
A separate processing activity is spawned for processing a chunk or batch of product benefit specifications of the specified size. |
5000 |
Integer ≥ 1 |
Next Execution |
ohi.providerimport. |
A separate processing activity is spawned for processing a chunk or batch of providers of the specified size. |
5000 |
Integer ≥ 1 |
Next Execution |
ohi. |
A separate processing activity is spawned for processing a chunk or batch of reference sheet lines of the specified size. |
5000 |
Integer ≥1 |
Next Execution |
ohi.registrationimport. |
A separate processing activity is spawned for processing a chunk or batch of registrations of the specified size. |
1000 |
Integer ≥ 1 |
Next Execution |
ohi.relationimport. |
A separate processing activity is spawned for processing a chunk or batch of relations of the specified size. |
5000 |
Integer ≥ 1 |
Next Execution |
ohi.reprocessclaims. |
A separate processing activity is spawned for processing a chunk or batch of reprocessed claims of the specified size. |
5000 |
Integer ≥ 1 |
Next Execution |
Claims In Integration Point
| Name | Description | Default Value | Possible Values | Change Effective |
|---|---|---|---|---|
ohi.claimsin.provider. |
When the this property is set to true, provider matching in claims-in integration point is done on code and flexCodeDefinitionCode of the provider only. If no matching record could be found, the system creates a new provider with the information (e.g. name) that is included in the message. When the code and flexCodeDefinitionCode of the provider could be matched to an existing provider, then the provider is updated with the element values in the message if they are different from the values in the OHI reference data. |
false |
Boolean |
Next Execution |
ohi.claimsin.relation. |
When the this property is set to true, relation matching in claims-in integration point is done on code of the relation only. If no matching record could be found, the system creates a new relation (person/organization) with the information (e.g. name and date of birth) that is included in the message. When the code of the relation could be matched to an existing relation, then the relation is updated with the element values in the message if they are different from the values in the OHI reference data. |
false |
Boolean |
Next Execution |
OHI Claims URL references
In Workflow messages or HTTP API RESTful services links, URL references may be passed. Construction of the URL for these pages is driven by the following parameters:
| Name | Description | Default Value | Possible Values | Change Effective |
|---|---|---|---|---|
ohi.claims.change.url |
MANDATORY |
String |
Next Execution |
|
ohi.claims. |
MANDATORY |
String |
Next Execution |
|
ohi.claims. |
MANDATORY |
String |
Next Execution |
|
ohi.claims. |
MANDATORY |
String |
Next Execution |
|
ohi.claims. |
MANDATORY |
String |
Next Execution |
|
ohi.<0>.application. |
MANDATORY |
String |
After Restart |
|
ohi.<0>.deeplink.url |
MANDATORY |
String |
After Restart |
|
ohi.http.api.path |
The context root of the application. For example: /<application>-ws/api. We do not anticipate for this property to be hot reloadable. |
api |
String |
Next Execution |
| Before sending URI’s out, the system will encode these. The receiving system is expected to decode the URI. |
Callout Rules
| Name | Description | Default Value | Possible Values | Change Effective |
|---|---|---|---|---|
ohi.servicecallout.<0>. |
MANDATORY |
String |
Next Execution |
|
ohi.callout.protocol |
Only to be specified when the legacy protocol SOAP is to be used. |
REST |
REST, SOAP |
Next Execution |
ohi.rest.client.logging |
Enable/Disable logging for rest clients. When "true" will log traffic to external system. |
false |
Boolean |
Immediate |
ohi.service.client. |
The rest client cache size |
500 |
Integer ≥ 1 |
Immediate |
ohi.servicecallout. |
The media type to be used for REST call outs. Can be overriden per call out, see 'ohi.servicecallout.<0>.media.type'. |
application/json |
String |
Next Execution |
ohi.servicecallout.<0>. |
Time interval in seconds used by the system to check if a response for the Callout Rule is received. The <0> placeholder should match the calloutdefinition code that is configured for a specific rule. Rule: 1 ≤ completeness.interval ≤ completeness.timeout. This is verified at system startup. If the completeness interval parameter is not specified for a Callout Rule, the system will use the value of 'ohi.servicecallout.<0>.completeness.timeout' (which in his turn has default value '5'). |
Integer ≥ 1 |
Next Execution |
|
ohi.servicecallout.<0>. |
Time interval in seconds used by the system to determine if a response for the Callout Rule is received in time. If a response is not received before the time out period is exceeded, the system raises an error. The <0> placeholder should match the calloutdefinition code that is configured for a specific rule. Rule: completeness.timeout > 1. This property also provides a fallback value when completeness.interval is not set. |
5 |
Integer > 1 |
Next Execution |
ohi.servicecallout.<0>. |
The media type to be used for an individual REST call out, <0> to be replaced with callout definition code. When this property is not set, the value of 'ohi.servicecallout.media.type' will be used. |
application/json |
String |
Next Execution |
Data Exchange
| Name | Description | Default Value | Possible Values | Change Effective |
|---|---|---|---|---|
ohi.application.uri.<0> |
MANDATORY |
String |
Next Execution |
|
ohi.cm.concurrency.limit |
Number of parallel threads used in configuration migration tool export and import processes. For better performance results, the value of this system property should be equal to the number of CPUs (core). For example, if there are 6 CPUs and each of them are single core, then this property should be set to 6. |
2 |
Integer ≥ 1 |
After Restart |
ohi.cm. |
This property is used in the export process and represents the number of high volume entities (for example: procedure group detail) to read in one go/at a time. It is recommended to set this value to N * 1000, where N is the number of JVMs. |
1000 |
Integer ≥ 1 |
Next Execution |
Enrollment Client
| Name | Description | Default Value | Possible Values | Change Effective |
|---|---|---|---|---|
ohi.enrollment. |
Can be used to switch on/off HTTP traffic logging for Jersey/REST machine-to-machine enrollment communication. When specified as true - requires additional logback configuration |
false |
Boolean |
Next Execution |
ohi.enrollment.server. |
This property specifies the number of milliseconds allowed to establish a connection with the Enrollment Service. |
1000 |
Integer ≥1 |
Next Execution |
ohi.enrollment.server. |
This property specifies the number of milliseconds allowed to get the result from the Enrollment Service, once it is invoked. |
1000 |
Integer ≥1 |
Next Execution |
ohi.enrollment.server. |
This property specifies the request path to identify the Enrollment operation to be invoked. Do not add a leading or trailing slash. |
api/enrollments |
String |
Next Execution |
ohi.enrollment.server. |
This property specifies the scheme + authority part that hosts the Enrollment system. Example value: 'http://acme.net:7998' (do not add a trailing slash). |
String |
Next Execution |
Enrollment inquiries can be logged at a fairly low level. In particular this enables to trace HTTP request and response between the system that initiates the request for enrollment status information and the enrollment system that responds back to these inquiries. To set this up add the following piece of information to the logging configuration.
<logger name="ohi.enrollment_client" level="info"/>User Interface
| Name | Description | Default Value | Possible Values | Change Effective |
|---|---|---|---|---|
ohi. |
Can be used to initiate showing a modal popup for UI accessibility settings, in case that has not been done for the user earlier. |
false |
Boolean |
Next Execution |
ohi.environment. |
Text string that is displayed on the home page of the system that helps the user to identify the environment.Samples are 'User Acceptance Test' or 'Development'. |
ohi |
String |
Next Execution |
ohi.jsui.cmt.payload. |
This property is used to provide maximum number of items that can be included in a CMT payload |
300 |
Integer ≥ 1 |
Immediate |
ohi.jsui.formatted.name. |
This property is used to display the formatted name in context of an individual provider |
String |
After Restart |
|
ohi.jsui.formatted.name. |
This property is used to display the formatted name in context of a person |
String |
After Restart |
|
ohi.ui.accessToken.root. |
The webgate URL root (Required for CSP whitelist). |
String |
After Restart |
|
ohi.ui.accessToken.url |
The webgate URL to access accessToken resource. |
String |
After Restart |
|
ohi.ui.api. |
Authentication mechanism for the JET UI. One of OAuth, BasicAuthentication, WebGate (in case a gateway handles authentication) or OpenID (in case OpenID Connect is used - see below table for more properties). |
Oauth |
String |
After Restart |
ohi.ui.api. |
The clientId is the public identifier for the JET UI. Mandatory when using OAuth. Not applicable when not using OAuth. Has no default value. |
String |
After Restart |
|
ohi.ui.backEnd.root.url |
The base URL for accessing web services, typically includes the machine or loadbalancer, the domain and a port number. |
String |
After Restart |
|
ohi.ui.backEndURL |
Fully qualified URL for HTTP API resources. The path in the URL should include the context root for HTTP API resources. The default context root for HTTP API resources is '/api'. Note that this could be a load balancer URL and / or that the default context root might have been overwritten using a deployment plan. |
String |
After Restart |
|
ohi.ui.logout.url |
The URL used by Oracle JET to actively logout a user (session) |
String |
After Restart |
|
ohi.ui. |
Maximum number of access history records to be shown/stored for the UI page. |
10 |
Integer ≥ 1 |
Next Execution |
ohi.ui.maxrowstoretrieve |
Maximum number of rows retrieved to show in a UI table. Note that memory usage and page load times are impacted by this value. |
200 |
Integer ≥ 1 |
Next Execution |
ohi.ui. |
Maximum number of rows retrieved to show in a UI table for an individual page. The function code is the one shown in the 'About this page' popup, and is case sensitive. Note: it is not possible to change the number of rows shown for an individual LOV. LOV are always restricted by ohi.ui.maxrowstoretrieve. If this property is not set, the value of ohi.ui.maxrowstoretrieve will be taken (which has in its turn a default of '200') |
Integer ≥ 1 |
Next Execution |
|
ohi.ui.pollinterval |
This property controls the interval between automatic page refreshes for pages that support it. Value in milliseconds |
5000 |
Integer ≥ 1 |
Next Execution |
ohi.ui.pollinterval.<0> |
This property controls the interval between automatic page refreshes for pages that support it. The <function_code> is an optional suffix that can be used to differentiate poll intervals between different pages. |
5000 |
Integer ≥ 1 |
Next Execution |
ohi.ui.session.timeout |
The timeout is the time (in milliseconds) after which the current user session expires and displays 'The page has expired' warning dialog. Clicking OK re-directs the user to the login page. The default value is set to 1hr (3600000 ms). A value of 0 means never timeout. |
3600000 |
Integer ≥ 0 |
After Restart |
ohi.ui.waitTime |
The waitTime is the time (in milliseconds) between entering a character in a search field, and the search firing. Applies to quick search and LOV, suggested is 1500. |
1500 |
Integer ≥ 1 |
After Restart |
ohi.ui.webgate.logout. |
Logout from WebGate/SSO external provider |
/logout |
String |
After Restart |
ohi.ui.webgate.url |
OAM URL (Required for CSP whitelist). |
String |
After Restart |
Specifically for OpenID Connect Support
The following table lists user interface related properties, specifically for OpenID Connect support:
| Name | Description | Default Value | Possible Values | Change Effective |
|---|---|---|---|---|
ohi.oauth.idp.uri |
A system property needs to be set to the IDP (IDentity Provider) URL to acquire the OpenID Connect configuration. This property is expected to be set when 'ohi.oauth.use.openidconnect' is set to 'true'. |
String |
After Restart |
|
ohi.oauth.use. |
When set to true, it indicates that Oracle JET UI leverages OpenID Connect authentication. |
false |
Boolean |
After Restart |
ohi.security.oauth. |
Specifies the OpenID Connect callback URL to be invoked after authentication of the user through OpenID Connect has taken place, but before an access token has been obtained. |
oidc/callback |
String |
After Restart |
ohi.security.oauth. |
This property determines the time (in seconds) until the the OAUTH authentication cookie expires. |
3600 |
Integer ≥ 1 |
After Restart |
ohi.security.oauth. |
This property specifies the name of the shared cookie in which the OpenID connect authentication information is stored |
OHI_SHARED_AUTH |
String |
After Restart |
ohi.security.oauth. |
This property specifies the path of the OHI OAUTH Session Cookie. This path must exist in the requested URL, or the browser won’t send the Cookie header. |
/ |
String |
After Restart |
ohi.security.oauth. |
This property determines if the OAUTH authentication cookie is set to 'secure'. When set to true, the cookie is only sent to the server when a request is made with the 'https:' scheme. |
false |
Boolean |
After Restart |
ohi.security.oauth. |
Specifies the base URL of the JET Application that needs to be secured (e.g. https://host:8909/oig) |
/ |
String |
After Restart |
ohi.security.oauth. |
Specifies the OpenID Connect URL that is to be invoked after a user has selected to logout from the UI. |
oidc/logout |
String |
After Restart |
Outbound Restful Service Invocation specific to notifications
| Name | Description | Default Value | Possible Values | Change Effective |
|---|---|---|---|---|
ohi.eventing.ui.path |
MANDATORY |
String |
Next Execution |
Replicating Member and Authorizations data
Member data can be replicated from OHI Policies and Authorizations data from OHI Authorizations. These are referred to as source systems. The following table lists the parameters for that:
| Name | Description | Default Value | Possible Values | Change Effective |
|---|---|---|---|---|
ohi.ws.sourcesystem.<0>. |
MANDATORY |
String |
Immediate |
|
ohi.datareplication. |
For specifying the number of seconds between consecutive polls for retrieving events from a replication source. |
300 |
Integer ≥ 1 |
Immediate |
Extract
| Name | Description | Default Value | Possible Values | Change Effective |
|---|---|---|---|---|
ohi.extract.<0>. |
For sending out extract completion notification related to a specific notification key. <0> is replaced by the notification key. Example: http://machine.domain:port/notifications |
String |
Next Execution |
Monitoring & Metrics
| Name | Description | Default Value | Possible Values | Change Effective |
|---|---|---|---|---|
ohi.healthcheck.url. |
Defines the mapping between the Healthcheck servlet and an URL pattern |
String, |
After Restart |
|
ohi.instrumentation. |
Set to true to tag each metric with the name of the application |
false |
Boolean |
After Restart |
ohi.instrumentation. |
Set to false to enable recording of non-OHI metrics |
true |
Boolean |
After Restart |
ohi.instrumentation. |
Set to true to enable recording of metrics |
false |
Boolean |
Immediate |
ohi.instrumentation. |
Set to true to enable recording of JVM telemetry |
false |
Boolean |
After Restart |
ohi.instrumentation. |
Comma-separated list of resource path segment prefixes for resource client timers that the system interprets as not being the last segment of the resource path. |
Comma- |
After Restart |
|
ohi.instrumentation.<0>. |
Determines if histogram buckets for the configured timer are published |
false |
Boolean |
After Restart |
ohi.instrumentation.<0>. |
Percentiles for the configured timer. |
Comma- |
After Restart |
|
ohi.instrumentation.<0>. |
Data for the timer is published if the tag name that is specified as property "ohi.instrumentation.<0>.regex.tagname" matches this regular expression |
Regular expression |
After Restart |
|
ohi.instrumentation.<0>. |
Tag name subject to testing with the regular expression that is specified as property "ohi.instrumentation.<0>.regex". Data for the timer is published if the tag name matches the regular expression. |
String |
After Restart |
|
ohi.prometheusservlet. |
Defines the mapping between the Prometheus servlet and an URL pattern |
String, URL Mapping |
After Restart |
See the Operations Guide for details about metric related properties.