Configure Oracle Insurance Gateway properties file

The properties file holds a list of properties that impact the behavior of the system. It provides the system with timeout values, url addresses, processing settings, and many other properties used during operation.

A new Oracle Insurance Gateway release may deliver a changed version of the properties file.

The following tables describe the properties that are can be set in the properties file. The property names are formatted for readability, note that the property names and associated values should always be specified on one line in the properties file.

Australian Localization

The below table lists the generic system properties for Oracle Insurance Gateway in the context of Australian localizations.

Name	Description	Default Value	Possible Values	Change Effective
ohi.as2805_a.claim. origin	MANDATORY A value for this system property is required and identifies the origin of a 0200-170000 or a 0200-171000 request in the context of AS2805_A. This mandatory property reflects the proprietary name of AS2805_A.		Boolean	After Restart
ohi.as2805_b.claim. origin	MANDATORY A value for this system property is required and identifies the origin of a 0200-170000 request in the context of AS2805_B. This mandatory property reflects the proprietary name of AS2805_B.		Boolean	After Restart
ohi.integration. australia	A value of true means that the Australian module will be activated at system start-up.	false	Boolean	After Restart

Name

Description

Default Value

Possible Values

Change Effective

ohi.as2805_a.claim.
origin

MANDATORY
A value for this system property is required and identifies the origin of a 0200-170000 or a 0200-171000 request in the context of AS2805_A. This mandatory property reflects the proprietary name of AS2805_A.

Boolean

After Restart

ohi.as2805_b.claim.
origin

MANDATORY
A value for this system property is required and identifies the origin of a 0200-170000 request in the context of AS2805_B. This mandatory property reflects the proprietary name of AS2805_B.

Boolean

After Restart

ohi.integration.
australia

A value of true means that the Australian module will be activated at system start-up.

false

Boolean

After Restart

Base View Generator

Name	Description	Default Value	Possible Values	Change Effective
ohi.baseview.generation. worker.count	The number of worker threads to start for a base view generation process	8	Integer ≥ 1	Immediate

Name

Description

Default Value

Possible Values

Change Effective

ohi.baseview.generation.
worker.count

The number of worker threads to start for a base view generation process

Integer ≥ 1

Immediate

Cache Control

Name	Description	Default Value	Possible Values	Change Effective
ohi.httpapi.cache. control.cachesetting. metadata	Setting to be used for metadata, code of a OHI_RESOURCE_CACHE_SETTING, see ohi.httpapi.cache.control.enable.		String	Next Execution
ohi.httpapi.cache. control.enable	Property to enable HTTP API Caching, which is disabled by default. When enabled, HTTP API will add a Cache-Control header in the response it sends.	false	Boolean	Next Execution
ohi.process.cache. disabled	This property can be used to determine whether business process cache facilities are enabled.	false	Boolean	Next Execution
ohi.process.cache.push_ wait	The time in milliseconds to back-off invalidating the business process cache for consecutive bursts of invalidations.	250	Integer ≥ 0	After Restart

Name

Description

Default Value

Possible Values

Change Effective

ohi.httpapi.cache.
control.cachesetting.
metadata

Setting to be used for metadata, code of a OHI_RESOURCE_CACHE_SETTING, see ohi.httpapi.cache.control.enable.

String

Next Execution

ohi.httpapi.cache.
control.enable

Property to enable HTTP API Caching, which is disabled by default. When enabled, HTTP API will add a Cache-Control header in the response it sends.

false

Boolean

Next Execution

ohi.process.cache.
disabled

This property can be used to determine whether business process cache facilities are enabled.

false

Boolean

Next Execution

ohi.process.cache.push_
wait

The time in milliseconds to back-off invalidating the business process cache for consecutive bursts of invalidations.

250

Integer ≥ 0

After Restart

Callout Properties

The following table lists properties used by the REST call-out client:

Name	Description	Default Value	Possible Values	Change Effective
ohi.rest.client.logging	Enable/Disable logging for rest clients. When "true" will log traffic to external system.	false	Boolean	Immediate
ohi.service.client. cache.size	The rest client cache size	500	Integer ≥ 1	Immediate

Name

Description

Default Value

Possible Values

Change Effective

ohi.rest.client.logging

Enable/Disable logging for rest clients. When "true" will log traffic to external system.

false

Boolean

Immediate

ohi.service.client.
cache.size

The rest client cache size

500

Integer ≥ 1

Immediate

Cross Origin Resource Sharing

See the Security Guide for an introduction to Cross Origin Resource Sharing (CORS). For further explanation the reader is referred to W3C’s CORS specification.

The following table lists CORS related properties:

Name	Description	Default Value	Possible Values	Change Effective
ohi.cors.access.control. allow.origin	MANDATORY Comma-separated list of allowed origins. The value '*' effectively means that all origins are allowed.		String	Next Execution
ohi.cors.access.control. allow.credentials	Header that indicates whether the response to request can be exposed when the omit credentials flag is unset. When this is part of the response to a preflight request it indicates that the actual request can include user credentials.	true	Boolean	Next Execution
ohi.cors.access.control. allow.headers	Header that indicates, as part of the response to a preflight request, which header field names can be used during the actual request. Allows all headers by default. The value is a comma-separated list of allowed headers.		String	Next Execution
ohi.cors.access.control. allow.methods	Header that indicates, as part of the response to a preflight request, which methods can be used during the actual request. Allows all methods by default. The value is a comma-separated list of allowed methods.		String	Next Execution
ohi.cors.access.control. expose.headers	Header that indicates which headers are safe to expose to the API of a CORS API specification. The value isa comma-separated list of all exposed headers.		String	Next Execution
ohi.cors.access.control. max.age	Header that indicates how long the results of a preflight request can be cached in a preflight result cache, number representing seconds.	1800	Integer ≥ 0	Next Execution
ohi.vary.header	Property to set Vary HTTP Header. Value is a comma-separated list	Accept,Accept- Encoding,Accept- Language,Origin	String	Next Execution

Name

Description

Default Value

Possible Values

Change Effective

ohi.cors.access.control.
allow.origin

MANDATORY
Comma-separated list of allowed origins. The value '*' effectively means that all origins are allowed.

String

Next Execution

ohi.cors.access.control.
allow.credentials

Header that indicates whether the response to request can be exposed when the omit credentials flag is unset. When this is part of the response to a preflight request it indicates that the actual request can include user credentials.

true

Boolean

Next Execution

ohi.cors.access.control.
allow.headers

Header that indicates, as part of the response to a preflight request, which header field names can be used during the actual request. Allows all headers by default. The value is a comma-separated list of allowed headers.

String

Next Execution

ohi.cors.access.control.
allow.methods

Header that indicates, as part of the response to a preflight request, which methods can be used during the actual request. Allows all methods by default. The value is a comma-separated list of allowed methods.

String

Next Execution

ohi.cors.access.control.
expose.headers

Header that indicates which headers are safe to expose to the API of a CORS API specification. The value isa comma-separated list of all exposed headers.

String

Next Execution

ohi.cors.access.control.
max.age

Header that indicates how long the results of a preflight request can be cached in a preflight result cache, number representing seconds.

1800

Integer ≥ 0

Next Execution

ohi.vary.header

Property to set Vary HTTP Header. Value is a comma-separated list

Accept,Accept-
Encoding,Accept-
Language,Origin

String

Next Execution

Data Exchange

Name	Description	Default Value	Possible Values	Change Effective
ohi.application.uri.<0>	MANDATORY Reference to URI of the source application to retrieve data-sets metadata to be processed. <0> to be replaced with source application.		String	Next Execution
ohi.cm.concurrency.limit	Number of parallel threads used in configuration migration tool export and import processes. For better performance results, the value of this system property should be equal to the number of CPUs (core). For example, if there are 6 CPUs and each of them are single core, then this property should be set to 6.	2	Integer ≥ 1	After Restart
ohi.cm. highvolumeentities. export.page.size	This property is used in the export process and represents the number of high volume entities (for example: procedure group detail) to read in one go/at a time. It is recommended to set this value to N * 1000, where N is the number of JVMs.	1000	Integer ≥ 1	Next Execution
ohi.<0>.endpoint.request	Allows for web service client interactions to identify their request URI destination. This property is used to get the URI for the end point. <0> is replaced by notification key. Sample value is http://machine.domain:port/<0>.		String	Next Execution

Name

Description

Default Value

Possible Values

Change Effective

ohi.application.uri.<0>

MANDATORY
Reference to URI of the source application to retrieve data-sets metadata to be processed. <0> to be replaced with source application.

String

Next Execution

ohi.cm.concurrency.limit

Number of parallel threads used in configuration migration tool export and import processes. For better performance results, the value of this system property should be equal to the number of CPUs (core). For example, if there are 6 CPUs and each of them are single core, then this property should be set to 6.

Integer ≥ 1

After Restart

ohi.cm.
highvolumeentities.
export.page.size

This property is used in the export process and represents the number of high volume entities (for example: procedure group detail) to read in one go/at a time. It is recommended to set this value to N * 1000, where N is the number of JVMs.

1000

Integer ≥ 1

Next Execution

ohi.<0>.endpoint.request

Allows for web service client interactions to identify their request URI destination. This property is used to get the URI for the end point. <0> is replaced by notification key. Sample value is http://machine.domain:port/<0>.

String

Next Execution

Data Set Operations

Name	Description	Default Value	Possible Values	Change Effective
ohi.datasetoperations. notification.endpoint. export	This property is related to the Data Set Operations Integration Point, for export usages. It contains a URI that refers to the notification message, this message is sent once the process of building the data set payload is completed.		String	Next Execution
ohi.datasetoperations. notification.endpoint. import	This property is related to the Data Set Operations Integration Point, for import usages. It contains a URI that refers to the notification message, this message is sent once the process of uploading the data set payload is completed. Error messages prevent the import from happening.		String	Next Execution

Name

Description

Default Value

Possible Values

Change Effective

ohi.datasetoperations.
notification.endpoint.
export

This property is related to the Data Set Operations Integration Point, for export usages. It contains a URI that refers to the notification message, this message is sent once the process of building the data set payload is completed.

String

Next Execution

ohi.datasetoperations.
notification.endpoint.
import

This property is related to the Data Set Operations Integration Point, for import usages. It contains a URI that refers to the notification message, this message is sent once the process of uploading the data set payload is completed. Error messages prevent the import from happening.

String

Next Execution

Destination Address

Name	Description	Default Value	Possible Values	Change Effective
address.key.<0>	Used for defining the address key property. The <0> is replaced by the particular address key of Destination		String	Immediate

Name

Description

Default Value

Possible Values

Change Effective

address.key.<0>

Used for defining the address key property. The <0> is replaced by the particular address key of Destination

String

Immediate

Dynamic Logic

Name	Description	Default Value	Possible Values	Change Effective
ohi.dynamiclogic. classes.directory	Path to directory in which the system generated Dynamic Logic classes are placed.	/tmp	String	Next Execution
ohi.dynamiclogic. startup.compile	An optional property that determines whether to compile the dynamic logic (those who are not compiled before) at start-up of the application or not.	true	Boolean	Next Execution
ohi.dynamiclogic.timeout	An optional property that determines the timeout of a running dynamic logic. If the timeout is expired, the dynamic logic is interrupted and an exception is thrown. The value is in seconds. Please note that when the dynamic logic timeout property is added/updated, the dynamic logic(s) need to be recompiled for the property change to take effect. This can be done by using the Invalidate Dynamic Logic Integration Point explained Integration Guide.	300	Integer ≥ 0	Next Execution
ohi.dynamiclogic. timeout.<0>	An optional property that determines the timeout of the running dynamic logic. If the timeout is expired, the dynamic logic is interrupted and an exception is thrown. The value is in seconds. This property is keyed on the particular dynamic logic code, therefore the placeholder <0> should be replacedwith the dynamic logic code. Please note that when the dynamic logic timeout property is added/updated, the dynamic logic(s) need to be recompiled for the property change to take effect. This can be done by using the Invalidate Dynamic Logic Integration Point explained Integration Guide. If this property is not set, the value of 'ohi.dynamiclogic.timeout' will be taken (which in its turn has a default of '300').		Integer ≥ 0	Next Execution

Name

Description

Default Value

Possible Values

Change Effective

ohi.dynamiclogic.
classes.directory

Path to directory in which the system generated Dynamic Logic classes are placed.

/tmp

String

Next Execution

ohi.dynamiclogic.
startup.compile

An optional property that determines whether to compile the dynamic logic (those who are not compiled before) at start-up of the application or not.

true

Boolean

Next Execution

ohi.dynamiclogic.timeout

An optional property that determines the timeout of a running dynamic logic. If the timeout is expired, the dynamic logic is interrupted and an exception is thrown. The value is in seconds. Please note that when the dynamic logic timeout property is added/updated, the dynamic logic(s) need to be recompiled for the property change to take effect. This can be done by using the Invalidate Dynamic Logic Integration Point explained Integration Guide.

300

Integer ≥ 0

Next Execution

ohi.dynamiclogic.
timeout.<0>

An optional property that determines the timeout of the running dynamic logic. If the timeout is expired, the dynamic logic is interrupted and an exception is thrown. The value is in seconds. This property is keyed on the particular dynamic logic code, therefore the placeholder <0> should be replacedwith the dynamic logic code. Please note that when the dynamic logic timeout property is added/updated, the dynamic logic(s) need to be recompiled for the property change to take effect. This can be done by using the Invalidate Dynamic Logic Integration Point explained Integration Guide. If this property is not set, the value of 'ohi.dynamiclogic.timeout' will be taken (which in its turn has a default of '300').

Integer ≥ 0

Next Execution

Logging Support

Name	Description	Default Value	Possible Values	Change Effective
ohi.logging.fileset.max. timespan	Maximum time in days between start and end time for bundling log events in a file set	2	Integer ≥ 1	Immediate
ohi.logging.phi.min. retentionperiod	Minimal number of days for retaining PHI log events	1825	Integer ≥ 1	Immediate

Name

Description

Default Value

Possible Values

Change Effective

ohi.logging.fileset.max.
timespan

Maximum time in days between start and end time for bundling log events in a file set

Integer ≥ 1

Immediate

ohi.logging.phi.min.
retentionperiod

Minimal number of days for retaining PHI log events

1825

Integer ≥ 1

Immediate

Incident Reports

Name	Description	Default Value	Possible Values	Change Effective
ohi.incident. datafileset. retentionperiod	Whenever OHI Incident storage in datafile sets is activated, this property defines the number of days that OHI Incident datafile sets are retained. Older OHI Incident datafile sets are removed.	10	Integer ≥ 1	After Restart
ohi.incident.rootdir	OHI Components makes use of the Logback library for generating log output. In the event of an unanticipated application exception, additional - more detailed exception trace information is written out to an individual exception trace file. The location for these exception trace files is controlled by this property. By default the location 'target/trace' relative to the directory where the WebLogic server was started is used. When changing the value for this property, make sure that the OS user that executes the WebLogic server processes needs to be able to create (and read/write files in) the directory referenced by the property.	target/trace	String	After Restart
ohi.incident.target	OHI Incident files can be stored in the database, in a datafile set. Whenever this property is set to "datafileset" this feature is activated. Otherwise the default mechanism of writing incident files to an O/S file system directory. The OHI Incident datafile sets will have a code with a following pattern: "OHIIncidents<yyyyMMdd>"	file	"file" or "datafileset"	After Restart

Name

Description

Default Value

Possible Values

Change Effective

ohi.incident.
datafileset.
retentionperiod

Whenever OHI Incident storage in datafile sets is activated, this property defines the number of days that OHI Incident datafile sets are retained. Older OHI Incident datafile sets are removed.

Integer ≥ 1

After Restart

ohi.incident.rootdir

OHI Components makes use of the Logback library for generating log output. In the event of an unanticipated application exception, additional - more detailed exception trace information is written out to an individual exception trace file. The location for these exception trace files is controlled by this property. By default the location 'target/trace' relative to the directory where the WebLogic server was started is used. When changing the value for this property, make sure that the OS user that executes the WebLogic server processes needs to be able to create (and read/write files in) the directory referenced by the property.

target/trace

String

After Restart

ohi.incident.target

OHI Incident files can be stored in the database, in a datafile set. Whenever this property is set to "datafileset" this feature is activated. Otherwise the default mechanism of writing incident files to an O/S file system directory. The OHI Incident datafile sets will have a code with a following pattern: "OHIIncidents<yyyyMMdd>"

file

"file" or "datafileset"

After Restart

Integration

Name	Description	Default Value	Possible Values	Change Effective
ohi.<0>.application. baseurl	MANDATORY The base URL for accessing the application, typically includes the machine or loadbalancer, the domain and a port number. These are mandatory to set to have correct links in the response or location header. Placeholder <0> should be replaced with the application name. It is possible to overwrite the behaviour using a custom header in requests: X-OHI-OBEY-HOST. * If this header is present with value true, the links would be created from the request url itself* If the header is not present or the value is false, the links would be created with the help of the properties. For all asynchronous responses, notifications, containing links, the properties would be used as was always done. Example of the value is http://localhost:7001.		String	After Restart
ohi.<0>.deeplink.url	MANDATORY The base URL of an application used only in ADF deep linking URL formation. It includes the machine or load balancer, the domain and a port number. This is mandatory to set to have correct link in deep linking URL. Placeholder <0> should be replaced with the application name. Example of the value is http://localhost:7001.		String	After Restart
ohi.http.api.path	The context root of the application. For example: /<application>-ws/api. We do not anticipate for this property to be hot reloadable.	api	String	Next Execution
ohi.max.redirect.count	Maximum number of redirections that a particular external invocation take	10	Positive integer	Immediate
ohi.timeout. maxRepeatAttempts	Determines how many times a a timeout task will check if the underlying work is complete	3	Integer ≥0	Immediate
<0>-timeAllowed	This key stores the time allowed for an external system to complete the long running process after which the exchange tries to find the status of the process using the location header stored with the key above. The placeholder should be replaced with the suitable integration step code. Example key is: invokeActivityStep-timeAllowed		Integer ≥ 1	Immediate

Name

Description

Default Value

Possible Values

Change Effective

ohi.<0>.application.
baseurl

MANDATORY
The base URL for accessing the application, typically includes the machine or loadbalancer, the domain and a port number. These are mandatory to set to have correct links in the response or location header. Placeholder <0> should be replaced with the application name. It is possible to overwrite the behaviour using a custom header in requests: X-OHI-OBEY-HOST. * If this header is present with value true, the links would be created from the request url itself* If the header is not present or the value is false, the links would be created with the help of the properties. For all asynchronous responses, notifications, containing links, the properties would be used as was always done. Example of the value is http://localhost:7001.

String

After Restart

ohi.<0>.deeplink.url

MANDATORY
The base URL of an application used only in ADF deep linking URL formation. It includes the machine or load balancer, the domain and a port number. This is mandatory to set to have correct link in deep linking URL. Placeholder <0> should be replaced with the application name. Example of the value is http://localhost:7001.

String

After Restart

ohi.http.api.path

The context root of the application. For example: /<application>-ws/api. We do not anticipate for this property to be hot reloadable.

api

String

Next Execution

ohi.max.redirect.count

Maximum number of redirections that a particular external invocation take

Positive integer

Immediate

ohi.timeout.
maxRepeatAttempts

Determines how many times a a timeout task will check if the underlying work is complete

Integer ≥0

Immediate

<0>-timeAllowed

This key stores the time allowed for an external system to complete the long running process after which the exchange tries to find the status of the process using the location header stored with the key above. The placeholder should be replaced with the suitable integration step code. Example key is: invokeActivityStep-timeAllowed

Integer ≥ 1

Immediate

Blocking Integration Interaction Pattern

The following properties are used by the system to provide the notion of seemingly blocking integration interaction. The system automatically adjusts the pool size according to the bounds set by 'ohi.exchange.await.core.poolsize' and 'ohi.exchange.await.max.poolsize'.

Name	Description	Default Value	Possible Values	Change Effective
ohi.exchange.await.core. poolsize	If fewer threads are running, a new thread is created to handle the request, even if other worker threads are idle. Default is 2 times the number of available processors/CPU cores.		Integer ≥0	Immediate
ohi.exchange.await.max. poolsize	If there are more than ohi.exchange.await.core.poolsize but less than ohi.exchange.await.max.poolsize threads running, a new thread will be created only if the queue (having a maximum size of 2147483647) is full. Typically this means that with a value of 40, at most there will be 40 threads available for 'async await'.	40	Integer ≥0	Immediate
ohi.exchange.await.poll. interval	The time between consecutive polls the system will take checking up on an asynchronous exchange. Specified in milliseconds.	1000	Integer ≥0	Immediate
ohi.exchange.blocking. timeout.max	The maximum amount of time the system will wait for an asynchronous exchange to be completed. Specified in milliseconds.	5000	Integer ≥0	Immediate
ohi.exchange.scheduler. poolsize	Specifies a numeric value that indicates the pool size for thread that should execute scheduler based integrations.	10	Integer ≥0	Immediate

Name

Description

Default Value

Possible Values

Change Effective

ohi.exchange.await.core.
poolsize

If fewer threads are running, a new thread is created to handle the request, even if other worker threads are idle. Default is 2 times the number of available processors/CPU cores.

Integer ≥0

Immediate

ohi.exchange.await.max.
poolsize

If there are more than ohi.exchange.await.core.poolsize but less than ohi.exchange.await.max.poolsize threads running, a new thread will be created only if the queue (having a maximum size of 2147483647) is full. Typically this means that with a value of 40, at most there will be 40 threads available for 'async await'.

Integer ≥0

Immediate

ohi.exchange.await.poll.
interval

The time between consecutive polls the system will take checking up on an asynchronous exchange. Specified in milliseconds.

1000

Integer ≥0

Immediate

ohi.exchange.blocking.
timeout.max

The maximum amount of time the system will wait for an asynchronous exchange to be completed. Specified in milliseconds.

5000

Integer ≥0

Immediate

ohi.exchange.scheduler.
poolsize

Specifies a numeric value that indicates the pool size for thread that should execute scheduler based integrations.

Integer ≥0

Immediate

Intrusion Detection

OHI applications safeguard against Cross-Site Scripting (XSS) attacks by checking "untrusted" data that may be entered in HTTP API requests (see the Security Guide for intrusion detection principles). Detection behavior can be customized using the properties that are listed in the following table:

Name	Description	Default Value	Possible Values	Change Effective
ohi.untrusteddata.check	XSS vulnerability detection is enabled by default. Disable it by setting the value for this parameter to false. This property should be used if other components in the landscape perform vulnerability detection.	true	Boolean	Next Execution
ohi.untrusteddata. domain.attribute.length	Domain attributes of type "String" are checked by default if the length ≥ 30 characters. To be more stringent decrease the default value using this property.	30	Integer ≥ 1	Next Execution
ohi.untrusteddata. whitelist. domainattribute	Domain attributes are checked by default. Use this property to define a comma-separated list of customer-specific attributes that should be excluded from intrusion detection checking. Format: <DOMAIN OBJECT SIMPLE NAME>.<ATTRIBUTE NAME>,		String	Next Execution
ohi.untrusteddata. whitelist.httpheader	HTTP Headers are checked by default. Use this property to define a comma-separated list of customer-specific headers that should be excluded from intrusion detection checking. Format: <HEADER NAME>,<HEADER NAME>.		String	Next Execution
ohi.untrusteddata. whitelist.queryparameter	HTTP Query Parameters are checked by default. Use this property to define a comma-separated list of customer-specific query parameters that should be excluded from intrusion detection checking. Format: <QUERY PARAMETER NAME>,<QUERY PARAMETER NAME>.		String	Next Execution

Name

Description

Default Value

Possible Values

Change Effective

ohi.untrusteddata.check

XSS vulnerability detection is enabled by default. Disable it by setting the value for this parameter to false. This property should be used if other components in the landscape perform vulnerability detection.

true

Boolean

Next Execution

ohi.untrusteddata.
domain.attribute.length

Domain attributes of type "String" are checked by default if the length ≥ 30 characters. To be more stringent decrease the default value using this property.

Integer ≥ 1

Next Execution

ohi.untrusteddata.
whitelist.
domainattribute

Domain attributes are checked by default. Use this property to define a comma-separated list of customer-specific attributes that should be excluded from intrusion detection checking. Format: <DOMAIN OBJECT SIMPLE NAME>.<ATTRIBUTE NAME>,

String

Next Execution

ohi.untrusteddata.
whitelist.httpheader

HTTP Headers are checked by default. Use this property to define a comma-separated list of customer-specific headers that should be excluded from intrusion detection checking. Format: <HEADER NAME>,<HEADER NAME>.

String

Next Execution

ohi.untrusteddata.
whitelist.queryparameter

HTTP Query Parameters are checked by default. Use this property to define a comma-separated list of customer-specific query parameters that should be excluded from intrusion detection checking. Format: <QUERY PARAMETER NAME>,<QUERY PARAMETER NAME>.

String

Next Execution

For example, to prevent mixed encoded Cookies that a client like a browser sends as part of the request to result in a Bad Request, whitelist the Cookie header as follows:

ohi.untrusteddata.whitelist.httpheader=Cookie

Monitoring & Metrics

Name	Description	Default Value	Possible Values	Change Effective
ohi.instrumentation. common.application.tag	Set to true to tag each metric with the name of the application	false	Boolean	After Restart
ohi.instrumentation. filter.ohi.nameprefix	Set to false to enable recording of non-OHI metrics	true	Boolean	After Restart
ohi.instrumentation. gather. applicationmetrics	Set to true to enable recording of metrics	false	Boolean	Immediate
ohi.instrumentation. gather.jvmtelemetry	Set to true to enable recording of JVM telemetry	false	Boolean	After Restart
ohi.instrumentation.<0>. histogram	Determines if histogram buckets for the configured timer are published	false	Boolean	After Restart
ohi.instrumentation.<0>. percentiles	Percentiles for the configured timer.		Comma- separated string, e.g. 0.5,0.75,0. 95,0.99	After Restart
ohi.instrumentation.<0>. regex	Data for the timer is published if the tag name that is specified as property "ohi.instrumentation.<0>.regex.tagname" matches this regular expression		Regular expression	After Restart
ohi.instrumentation.<0>. regex.tagname	Tag name subject to testing with the regular expression that is specified as property "ohi.instrumentation.<0>.regex". Data for the timer is published if the tag name matches the regular expression.		String	After Restart

Name

Description

Default Value

Possible Values

Change Effective

ohi.instrumentation.
common.application.tag

Set to true to tag each metric with the name of the application

false

Boolean

After Restart

ohi.instrumentation.
filter.ohi.nameprefix

Set to false to enable recording of non-OHI metrics

true

Boolean

After Restart

ohi.instrumentation.
gather.
applicationmetrics

Set to true to enable recording of metrics

false

Boolean

Immediate

ohi.instrumentation.
gather.jvmtelemetry

Set to true to enable recording of JVM telemetry

false

Boolean

After Restart

ohi.instrumentation.<0>.
histogram

Determines if histogram buckets for the configured timer are published

false

Boolean

After Restart

ohi.instrumentation.<0>.
percentiles

Percentiles for the configured timer.

Comma-
separated string,
e.g. 0.5,0.75,0.
95,0.99

After Restart

ohi.instrumentation.<0>.
regex

Data for the timer is published if the tag name that is specified as property "ohi.instrumentation.<0>.regex.tagname" matches this regular expression

Regular expression

After Restart

ohi.instrumentation.<0>.
regex.tagname

Tag name subject to testing with the regular expression that is specified as property "ohi.instrumentation.<0>.regex". Data for the timer is published if the tag name matches the regular expression.

String

After Restart

See the Operations Guide for more details about metrics related properties.

Properties File Poll Interval

Name	Description	Default Value	Possible Values	Change Effective
ohi.properties.file. poll.interval	Changes made to any of these properties are not immediately picked up by the application. That only happens when it reads the properties-file again. This property specifies how often the system will read the file, in minutes. Default value, every 10 minutes. Minimum value, 1 minute. Values lower than that are ignored, meaning the default value is used.	10	Integer > 0	Next Execution

Name

Description

Default Value

Possible Values

Change Effective

ohi.properties.file.
poll.interval

Changes made to any of these properties are not immediately picked up by the application. That only happens when it reads the properties-file again. This property specifies how often the system will read the file, in minutes. Default value, every 10 minutes. Minimum value, 1 minute. Values lower than that are ignored, meaning the default value is used.

Integer > 0

Next Execution

Purge Notification Properties

Name	Description	Default Value	Possible Values	Change Effective
ohi.purge.notification. endpoint	The base URI of the system that is going to receive notification events.		String, as URL	Immediate
ohi.purge.notification. endpoint.<0>	This overrides any value that has been specified for ohi.purge.notification.endpoint for the specific {PURGE TYPE}. Possible purge types: 'PurgeEvent', 'PurgeExchange', 'PurgeTechnicalData'.		String, as URL	Immediate

Name

Description

Default Value

Possible Values

Change Effective

ohi.purge.notification.
endpoint

The base URI of the system that is going to receive notification events.

String, as URL

Immediate

ohi.purge.notification.
endpoint.<0>

This overrides any value that has been specified for ohi.purge.notification.endpoint for the specific {PURGE TYPE}. Possible purge types: 'PurgeEvent', 'PurgeExchange', 'PurgeTechnicalData'.

String, as URL

Immediate

Single Sign-On and Web Gate

The following table lists properties that need to be set when OHI Components application take part in Single Sign-On (SSO) scenarios or when OHI applications are fronted by a gateway that is responsible for handling authentication:

Name	Description	Default Value	Possible Values	Change Effective
ohi.security.sso.enabled	The application will check for an SSO header, and if one is not found, present the user with a login screen.	false	Boolean	Next Execution
ohi.security.sso.header	The header value in which to check for an SSO principal if it is not mapped via servlet security.	OAM_REMOTE_USER	String	After Restart
ohi.security.sso. required	The application will reject traffic without an SSO header.	false	Boolean	Next Execution

Name

Description

Default Value

Possible Values

Change Effective

ohi.security.sso.enabled

The application will check for an SSO header, and if one is not found, present the user with a login screen.

false

Boolean

Next Execution

ohi.security.sso.header

The header value in which to check for an SSO principal if it is not mapped via servlet security.

OAM_REMOTE_USER

String

After Restart

ohi.security.sso.
required

The application will reject traffic without an SSO header.

false

Boolean

Next Execution

Task Processing

Name	Description	Default Value	Possible Values	Change Effective
ohi.processing. attemptLogLevel	A non '0' value for this property means that data (i.e. extra_info) for failed attempts will be retained.	0	Integer ≥ 0	Next Execution
ohi.processing.cache. ingroup.message.spec	Cache for messages in a message group.	maximumSize=1000, softValues, recordStats	String	Next Execution
ohi.processing. defaultdelay	Default amount of delay in seconds used when a failed task is re-enqueued for another attempt. Is overridden if a delay is set on the task type.	3	Integer ≥ 0	Next Execution
ohi.processing.filldepth	Specifies a target number of work items to process at any given time - to best utilize processing capacity. Suggested value is a multiple of the number of CPU cores available to the managed server. The system will take the maximum of 2x the number of processors reported to the JVM and the value of this property (which has in his turn a default of '3').	3	Integer ≥ 0	Next Execution
ohi.processing. fillthreshhold	Determines the number of tasks that will be submitted for processing at any given time. Suggested value is 1 less than number of CPU cores available to the managed server. The system will take the maximum of the number of processors reported to the JVM minus 1 and the value of this property (which has in his turn a default of '1').	1	Integer ≥ 1	Next Execution
ohi.processing. maxErrorAttempts	Number of times a task can resolve as 'errored' before it stops a task flow.	3	Integer ≥ 0	Next Execution
ohi.processing. maxIncompleteAttempts	Determines how many times a specific incomplete task will be rescheduled for processing, before marking it as 'errored'	10000	Integer ≥ 0	Next Execution
ohi.processing. retryimmediate	Determines if a failed task is retried immediately, or re-enqueued for another attempt after a delay.	true	Boolean	Immediate
ohi.startup.start.task. processing	Controls task processing for a managed server. By default, if a managed server that executes an OHI Components application is started then it will start processing tasks from the work backlog queue. The default behavior can be overridden by setting command-line parameter ohi.startup.start.task.processing; if it is set to false a managed server that executes the OHI Components application will not process tasks after it is started. The default value is true, meaning the managed server that executes the OHI Components application will start processing tasks from the work backlog queue after it is started.	true	Boolean	Next Execution

Name

Description

Default Value

Possible Values

Change Effective

ohi.processing.
attemptLogLevel

A non '0' value for this property means that data (i.e. extra_info) for failed attempts will be retained.

Integer ≥ 0

Next Execution

ohi.processing.cache.
ingroup.message.spec

Cache for messages in a message group.

maximumSize=1000,
softValues,
recordStats

String

Next Execution

ohi.processing.
defaultdelay

Default amount of delay in seconds used when a failed task is re-enqueued for another attempt. Is overridden if a delay is set on the task type.

Integer ≥ 0

Next Execution

ohi.processing.filldepth

Specifies a target number of work items to process at any given time - to best utilize processing capacity. Suggested value is a multiple of the number of CPU cores available to the managed server. The system will take the maximum of 2x the number of processors reported to the JVM and the value of this property (which has in his turn a default of '3').

Integer ≥ 0

Next Execution

ohi.processing.
fillthreshhold

Determines the number of tasks that will be submitted for processing at any given time. Suggested value is 1 less than number of CPU cores available to the managed server. The system will take the maximum of the number of processors reported to the JVM minus 1 and the value of this property (which has in his turn a default of '1').

Integer ≥ 1

Next Execution

ohi.processing.
maxErrorAttempts

Number of times a task can resolve as 'errored' before it stops a task flow.

Integer ≥ 0

Next Execution

ohi.processing.
maxIncompleteAttempts

Determines how many times a specific incomplete task will be rescheduled for processing, before marking it as 'errored'

10000

Integer ≥ 0

Next Execution

ohi.processing.
retryimmediate

Determines if a failed task is retried immediately, or re-enqueued for another attempt after a delay.

true

Boolean

Immediate

ohi.startup.start.task.
processing

Controls task processing for a managed server. By default, if a managed server that executes an OHI Components application is started then it will start processing tasks from the work backlog queue. The default behavior can be overridden by setting command-line parameter ohi.startup.start.task.processing; if it is set to false a managed server that executes the OHI Components application will not process tasks after it is started. The default value is true, meaning the managed server that executes the OHI Components application will start processing tasks from the work backlog queue after it is started.

true

Boolean

Next Execution

Specifically for Oracle Insurance Gateway, Oracle recommends setting the value for ohi.processing.fillthreshhold to the value of ohi.processing.filldepth + 1. Rationale: tasks in Oracle Insurance Gateway may take a relatively large amount of time to complete. As the application only fetches additional work from the queue if the fill depth drops below the fill threshold, these longer running tasks can prevent the system from fully utilizing its processing capacity.

Using OAuth2 for REST Client Invocations

REST Clients in OHI applications can be configured to send requests to OAuth2 protected resources. In that case the application validates and / or introspects OAuth2 access tokens that are sent as Bearer tokens in the HTTP Authorization header. See the implementation guide for further details about OAuth2 support in OHI applications.

The following table lists OAuth2 REST Client and server side properties.

Name	Description	Default Value	Possible Values	Change Effective
ohi.oauth.accesstoken. expiry.time.delay	To model the overhead of fetching an access token from an OAuth2 authorization server for caching the access token in the REST client, e.g. to account for some network delay between the client and the authorization server.Example: if the authorization server returns a token with an expiry time of 3600 seconds and if the network delay is expected to be 100 ms, then 100 ms could be configured for this key. The resulting access token will be cached for the original expiry time minus overhead time, i.e. 3600000 - 100 = 3599900 ms. The value should be specified in milliseconds.	10	Integer ≥ 0	Immediate
ohi.oauth.cert.signing. algorithm	Determines the signing algorithm for X509 certificates that are used by OHI applications to sign the JWT token that an OHI application generates for obtaining an OAuth2 access token through the assertion grant type (where the JWT is used as assertion). Only RSA algorithms are currently supported.	SHA512withRSA	String	Immediate
ohi.oauth.jwk.set.url	URL value for the OAuth2 authorization server JSON Web Key (JWK) Set endpoint. The OAuth2 authorization server should support RFC 7517. Token Validation Method is JWKSET.		String, URL	After Restart
ohi.oauth.jwk.set. validation.audience	Client Id or audience claim for token validation. Token Validation Method is JWKSET.		String	After Restart
ohi.oauth.jwk.set. validation.issuer	Issuer for token validation. Token Validation Method is JWKSET.		String or URL	After Restart
ohi.oauth.jwk.set. validation.jws.signing. algorithm	Signing algorithm used by the Authorization Server. Token Validation Method is JWKSET.	RS256	String	After Restart
ohi.oauth.jws.signing. algorithm	Algorithm used for signing the JWT token that an OHI application generates for obtaining an OAuth2 access token through the assertion grant type (where the JWTis used as assertion). Note that only RSA algorithms are currently supported.	RS512	RS256, RS384, RS512	Immediate
ohi.oauth.jwt. expiration.period	Expiration period (in seconds) for the JWT token that an OHI application generates for obtaining an OAuth2 access token through the assertion grant type (where the JWT is used as assertion).	600	0 ≤ Integer ≤ 9999	Immediate
ohi.oauth.jwt.userid. claim	Specifies the claim in the JWT that can be used to identify the user for which the OAuth2 access token was created. Token Validation Method is JWKSET.	sub	String	Immediate
ohi.oauth.openidconnect. accesstoken.client_id	Client ID of the OpenID Connect client that has to be present to acquire an access token.		String	Immediate
ohi.oauth.openidconnect. accesstoken.credential	Credential associated with the OpenID Connect client that has to be present to acquire an access token.		String	Immediate
ohi.oauth.openidconnect. accesstoken.validation. clockskew	Defines the maximum acceptable clock skew (in seconds) for validating timestamps of ID tokens that are issued by an OpenID Provider.	60	Integer ≥ 1	After Restart
ohi.oauth.token. introspection.endpoint. client_id	Unique client id for resolving the username and password credentials that are used to construct the Basic Authentication Authorization header when calling the OAuth2 authorization server token validation or introspection endpoint. Token Validation Method is OAUTH2_ENDPOINT.		String	Immediate
ohi.oauth.token. introspection.endpoint. url	URL value for the OAuth2 authorization server token validation or introspection endpoint. It is assumed that the endpoint supports Basic Authentication. Token Validation Method is OAUTH2_ENDPOINT.		String, URL	After Restart
ohi.oauth.token. introspection.response. username	RFC 7662 defined Introspection Response element that will be used to derive the username from. Token Validation Method is OAUTH2_ENDPOINT.	sub	String	Immediate
ohi.oauth.token.issuer. <0>	For token validation. Specific issuer identifier. Requires use of properties ohi.oauth.token.issuers and ohi.oauth.token.issuer.<0>.user.claim.		String or URL	After Restart
ohi.oauth.token.issuer. <0>.user.claim	For token validation. Issuer-specific user claim. Requires use of properties ohi.oauth.token.issuers and ohi.oauth.token.issuer.<0>.		String	After Restart
ohi.oauth.token.issuers	For token validation. Comma-separated string of possible token issuers. Requires use of properties ohi.oauth.token.issuer.<0> and ohi.oauth.token.issuer.<0>.user.claim.		Comma- separated string, e.g. oracle_idcs, azure_ad	After Restart
ohi.oauth.token. validation.method	Determines the access token validation method. Possible values: JWKSET: OAuth2 access tokens are validated by the resource server. Assuming the token is a JWT, validates it against a JSON Web Key (JWK) Set as defined by RFC 7517. The source of the JWK Set is an endpoint exposed by an OAuth2 authorization server. Use this method to validate ID tokens issued by an OpenID Provider.OAUTH2_ENDPOINT: validates the token using an OAuth2 authorization server’s token introspection endpoint as defined by RFC 7662.	JWKSET	JWKSET, OAUTH2_ ENDPOINT	Immediate

Name

Description

Default Value

Possible Values

Change Effective

ohi.oauth.accesstoken.
expiry.time.delay

To model the overhead of fetching an access token from an OAuth2 authorization server for caching the access token in the REST client, e.g. to account for some network delay between the client and the authorization server.Example: if the authorization server returns a token with an expiry time of 3600 seconds and if the network delay is expected to be 100 ms, then 100 ms could be configured for this key. The resulting access token will be cached for the original expiry time minus overhead time, i.e. 3600000 - 100 = 3599900 ms. The value should be specified in milliseconds.

Integer ≥ 0

Immediate

ohi.oauth.cert.signing.
algorithm

Determines the signing algorithm for X509 certificates that are used by OHI applications to sign the JWT token that an OHI application generates for obtaining an OAuth2 access token through the assertion grant type (where the JWT is used as assertion). Only RSA algorithms are currently supported.

SHA512withRSA

String

Immediate

ohi.oauth.jwk.set.url

URL value for the OAuth2 authorization server JSON Web Key (JWK) Set endpoint. The OAuth2 authorization server should support RFC 7517. Token Validation Method is JWKSET.

String, URL

After Restart

ohi.oauth.jwk.set.
validation.audience

Client Id or audience claim for token validation. Token Validation Method is JWKSET.

String

After Restart

ohi.oauth.jwk.set.
validation.issuer

Issuer for token validation. Token Validation Method is JWKSET.

String or URL

After Restart

ohi.oauth.jwk.set.
validation.jws.signing.
algorithm

Signing algorithm used by the Authorization Server. Token Validation Method is JWKSET.

RS256

String

After Restart

ohi.oauth.jws.signing.
algorithm

Algorithm used for signing the JWT token that an OHI application generates for obtaining an OAuth2 access token through the assertion grant type (where the JWTis used as assertion). Note that only RSA algorithms are currently supported.

RS512

RS256, RS384, RS512

Immediate

ohi.oauth.jwt.
expiration.period

Expiration period (in seconds) for the JWT token that an OHI application generates for obtaining an OAuth2 access token through the assertion grant type (where the JWT is used as assertion).

600

0 ≤ Integer ≤ 9999

Immediate

ohi.oauth.jwt.userid.
claim

Specifies the claim in the JWT that can be used to identify the user for which the OAuth2 access token was created. Token Validation Method is JWKSET.

sub

String

Immediate

ohi.oauth.openidconnect.
accesstoken.client_id

Client ID of the OpenID Connect client that has to be present to acquire an access token.

String

Immediate

ohi.oauth.openidconnect.
accesstoken.credential

Credential associated with the OpenID Connect client that has to be present to acquire an access token.

String

Immediate

ohi.oauth.openidconnect.
accesstoken.validation.
clockskew

Defines the maximum acceptable clock skew (in seconds) for validating timestamps of ID tokens that are issued by an OpenID Provider.

Integer ≥ 1

After Restart

ohi.oauth.token.
introspection.endpoint.
client_id

Unique client id for resolving the username and password credentials that are used to construct the Basic Authentication Authorization header when calling the OAuth2 authorization server token validation or introspection endpoint. Token Validation Method is OAUTH2_ENDPOINT.

String

Immediate

ohi.oauth.token.
introspection.endpoint.
url

URL value for the OAuth2 authorization server token validation or introspection endpoint. It is assumed that the endpoint supports Basic Authentication. Token Validation Method is OAUTH2_ENDPOINT.

String, URL

After Restart

ohi.oauth.token.
introspection.response.
username

RFC 7662 defined Introspection Response element that will be used to derive the username from. Token Validation Method is OAUTH2_ENDPOINT.

sub

String

Immediate

ohi.oauth.token.issuer.
<0>

For token validation. Specific issuer identifier. Requires use of properties ohi.oauth.token.issuers and ohi.oauth.token.issuer.<0>.user.claim.

String or URL

After Restart

ohi.oauth.token.issuer.
<0>.user.claim

For token validation. Issuer-specific user claim. Requires use of properties ohi.oauth.token.issuers and ohi.oauth.token.issuer.<0>.

String

After Restart

ohi.oauth.token.issuers

For token validation. Comma-separated string of possible token issuers. Requires use of properties ohi.oauth.token.issuer.<0> and ohi.oauth.token.issuer.<0>.user.claim.

Comma-
separated string,
e.g. oracle_idcs,
azure_ad

After Restart

ohi.oauth.token.
validation.method

Determines the access token validation method. Possible values: JWKSET: OAuth2 access tokens are validated by the resource server. Assuming the token is a JWT, validates it against a JSON Web Key (JWK) Set as defined by RFC 7517. The source of the JWK Set is an endpoint exposed by an OAuth2 authorization server. Use this method to validate ID tokens issued by an OpenID Provider.OAUTH2_ENDPOINT: validates the token using an OAuth2 authorization server’s token introspection endpoint as defined by RFC 7662.

JWKSET

JWKSET, OAUTH2_
ENDPOINT

Immediate

Claims in an OAuth2 token may differ per token issuer. The following example demonstrates mapping a specific claim in an access token to an OHI User based on the issuer of the token:

# configure multiple token issuers as comma-separated string
ohi.oauth.token.issuers=oracle_idcs,azure_ad

# configure issuer to user claim mapping for issuer oracle_idcs
ohi.oauth.token.issuer.oracle_idcs=https://identity.oraclecloud.com/
ohi.oauth.token.issuer.oracle_idcs.user.claim=sub

# configure issuer to user claim mapping for issuer azure_ad
ohi.oauth.token.issuer.azure_ad=https://sts.windows.net/fa15d692-e9c7-4460-a743-29f29522229/
ohi.oauth.token.issuer.azure_ad.user.claim=oid

User Interface

Name	Description	Default Value	Possible Values	Change Effective
ohi.environment. identifier	Text string that is displayed on the home page of the system that helps the user to identify the environment.Samples are 'User Acceptance Test' or 'Development'.	ohi	String	Next Execution
ohi.ui.accessToken.root. url	The webgate URL root (Required for CSP whitelist).		String	After Restart
ohi.ui.accessToken.url	The webgate URL to access accessToken resource.		String	After Restart
ohi.ui.api. authentication.method	Authentication mechanism for the JET UI. One of OAuth, BasicAuthentication, WebGate (in case a gateway handles authentication) or OpenID (in case OpenID Connect is used - see below table for more properties).	Oauth	String	After Restart
ohi.ui.api. authentication.oauth. clientId	The clientId is the public identifier for the JET UI. Mandatory when using OAuth. Not applicable when not using OAuth. Has no default value.		String	After Restart
ohi.ui.backEnd.root.url	The base URL for accessing web services, typically includes the machine or loadbalancer, the domain and a port number.		String	After Restart
ohi.ui.backEndURL	Fully qualified URL for HTTP API resources. The path in the URL should include the context root for HTTP API resources. The default context root for HTTP API resources is '/api'. Note that this could be a load balancer URL and / or that the default context root might have been overwritten using a deployment plan.		String	After Restart
ohi.ui.logout.url	The URL used by Oracle JET to actively logout a user (session)		String	After Restart
ohi.ui.session.timeout	The timeout is the time (in milliseconds) after which the current user session expires and displays 'The page has expired' warning dialog. Clicking OK re-directs the user to the login page. The default value is set to 1hr (3600000 ms). A value of 0 means never timeout.	3600000	Integer ≥ 0	After Restart
ohi.ui.waitTime	The waitTime is the time (in milliseconds) between entering a character in a search field, and the search firing. Applies to quick search and LOV, suggested is 1500.	1500	Integer ≥ 1	After Restart
ohi.ui.webgate.logout. url	Logout from WebGate/SSO external provider	/logout	String	After Restart
ohi.ui.webgate.url	OAM URL (Required for CSP whitelist).		String	After Restart

Name

Description

Default Value

Possible Values

Change Effective

ohi.environment.
identifier

Text string that is displayed on the home page of the system that helps the user to identify the environment.Samples are 'User Acceptance Test' or 'Development'.

ohi

String

Next Execution

ohi.ui.accessToken.root.
url

The webgate URL root (Required for CSP whitelist).

String

After Restart

ohi.ui.accessToken.url

The webgate URL to access accessToken resource.

String

After Restart

ohi.ui.api.
authentication.method

Authentication mechanism for the JET UI. One of OAuth, BasicAuthentication, WebGate (in case a gateway handles authentication) or OpenID (in case OpenID Connect is used - see below table for more properties).

Oauth

String

After Restart

ohi.ui.api.
authentication.oauth.
clientId

The clientId is the public identifier for the JET UI. Mandatory when using OAuth. Not applicable when not using OAuth. Has no default value.

String

After Restart

ohi.ui.backEnd.root.url

The base URL for accessing web services, typically includes the machine or loadbalancer, the domain and a port number.

String

After Restart

ohi.ui.backEndURL

Fully qualified URL for HTTP API resources. The path in the URL should include the context root for HTTP API resources. The default context root for HTTP API resources is '/api'. Note that this could be a load balancer URL and / or that the default context root might have been overwritten using a deployment plan.

String

After Restart

ohi.ui.logout.url

The URL used by Oracle JET to actively logout a user (session)

String

After Restart

ohi.ui.session.timeout

The timeout is the time (in milliseconds) after which the current user session expires and displays 'The page has expired' warning dialog. Clicking OK re-directs the user to the login page. The default value is set to 1hr (3600000 ms). A value of 0 means never timeout.

3600000

Integer ≥ 0

After Restart

ohi.ui.waitTime

The waitTime is the time (in milliseconds) between entering a character in a search field, and the search firing. Applies to quick search and LOV, suggested is 1500.

1500

Integer ≥ 1

After Restart

ohi.ui.webgate.logout.
url

Logout from WebGate/SSO external provider

/logout

String

After Restart

ohi.ui.webgate.url

OAM URL (Required for CSP whitelist).

String

After Restart

Specifically for OpenID Connect Support

The following table lists user interface related properties, specifically for OpenID Connect support:

Name	Description	Default Value	Possible Values	Change Effective
ohi.oauth.idp.uri	A system property needs to be set to the IDP (IDentity Provider) URL to acquire the OpenID Connect configuration. This property is expected to be set when 'ohi.oauth.use.openidconnect' is set to 'true'.		String	After Restart
ohi.oauth.use. openidconnect	When set to true, it indicates that Oracle JET UI leverages OpenID Connect authentication.	false	Boolean	After Restart
ohi.security.oauth. callback	Specifies the OpenID Connect callback URL to be invoked after authentication of the user through OpenID Connect has taken place, but before an access token has been obtained.	oidc/callback	String	After Restart
ohi.security.oauth. cookie.maxage	This property determines the time (in seconds) until the the OAUTH authentication cookie expires.	3600	Integer ≥ 1	After Restart
ohi.security.oauth. cookie.name	This property specifies the name of the shared cookie in which the OpenID connect authentication information is stored	OHI_SHARED_AUTH	String	After Restart
ohi.security.oauth. cookie.path	This property specifies the path of the OHI OAUTH Session Cookie. This path must exist in the requested URL, or the browser won’t send the Cookie header.	/	String	After Restart
ohi.security.oauth. cookie.secure	This property determines if the OAUTH authentication cookie is set to 'secure'. When set to true, the cookie is only sent to the server when a request is made with the 'https:' scheme.	false	Boolean	After Restart
ohi.security.oauth. frontend	Specifies the base URL of the JET Application that needs to be secured (e.g. https://host:8909/oig)	/	String	After Restart
ohi.security.oauth. logout	Specifies the OpenID Connect URL that is to be invoked after a user has selected to logout from the UI.	oidc/logout	String	After Restart

Name

Description

Default Value

Possible Values

Change Effective

ohi.oauth.idp.uri

A system property needs to be set to the IDP (IDentity Provider) URL to acquire the OpenID Connect configuration. This property is expected to be set when 'ohi.oauth.use.openidconnect' is set to 'true'.

String

After Restart

ohi.oauth.use.
openidconnect

When set to true, it indicates that Oracle JET UI leverages OpenID Connect authentication.

false

Boolean

After Restart

ohi.security.oauth.
callback

Specifies the OpenID Connect callback URL to be invoked after authentication of the user through OpenID Connect has taken place, but before an access token has been obtained.

oidc/callback

String

After Restart

ohi.security.oauth.
cookie.maxage

This property determines the time (in seconds) until the the OAUTH authentication cookie expires.

3600

Integer ≥ 1

After Restart

ohi.security.oauth.
cookie.name

This property specifies the name of the shared cookie in which the OpenID connect authentication information is stored

OHI_SHARED_AUTH

String

After Restart

ohi.security.oauth.
cookie.path

This property specifies the path of the OHI OAUTH Session Cookie. This path must exist in the requested URL, or the browser won’t send the Cookie header.

String

After Restart

ohi.security.oauth.
cookie.secure

This property determines if the OAUTH authentication cookie is set to 'secure'. When set to true, the cookie is only sent to the server when a request is made with the 'https:' scheme.

false

Boolean

After Restart

ohi.security.oauth.
frontend

Specifies the base URL of the JET Application that needs to be secured (e.g. https://host:8909/oig)

String

After Restart

ohi.security.oauth.
logout

Specifies the OpenID Connect URL that is to be invoked after a user has selected to logout from the UI.

oidc/logout

String

After Restart

Web Service Settings

Name	Description	Default Value	Possible Values	Change Effective
ohi.ws.client. retrytimeout	MANDATORY The time in milliseconds that the system will wait before another attempt is made to access a failing service. A value of 0 means no timeout before retrying.	1000	Integer ≥ 0	After Restart
ohi.ws.fileimport. filesrootdirectory	MANDATORY Directory paths used for File Import will be prepended with the given root directory. This is for security reasons, it ensures that files are stored in a specific area only.		String	Next Execution
ohi.ws.api.default. pagesize	Number of items fetched in a HTTP API request.	50	Integer ≥ 1	Next Execution
ohi.ws.client. connectiontimeout	The time in milliseconds before the attempt to connect to an outbound service times out. A value of 0 means never timeout.	60000	Integer ≥ 0	Immediate
ohi.ws.client. maxconnectionsperhost	The maximum number of concurrent connections the HTTP client will allow to a certain host at any given moment.	2	Integer ≥ 1	Immediate
ohi.ws.client. maxtotalconnections	Sets the maximum number of total concurrent connections the HTTP client will allow at any given moment.	20	Integer ≥ value of ohi. ws.client. maxconnectionsperhost	Immediate
ohi.ws.client. readtimeout	The time in milliseconds that the client will wait for the server to respond to the request. A value of 0 means never timeout.	60000	Integer ≥ 0	Immediate
ohi.ws.last.login. update.threshold	The number of hours that need to pass between logins before updating the user’s last login timestamp. By default, the last login timestamp will not be updated more than once per hour. This only applies to logins through a web service, not the ADF UI.	1	Integer ≥ 1	Next Execution

Name

Description

Default Value

Possible Values

Change Effective

ohi.ws.client.
retrytimeout

MANDATORY
The time in milliseconds that the system will wait before another attempt is made to access a failing service. A value of 0 means no timeout before retrying.

1000

Integer ≥ 0

After Restart

ohi.ws.fileimport.
filesrootdirectory

MANDATORY
Directory paths used for File Import will be prepended with the given root directory. This is for security reasons, it ensures that files are stored in a specific area only.

String

Next Execution

ohi.ws.api.default.
pagesize

Number of items fetched in a HTTP API request.

Integer ≥ 1

Next Execution

ohi.ws.client.
connectiontimeout

The time in milliseconds before the attempt to connect to an outbound service times out. A value of 0 means never timeout.

60000

Integer ≥ 0

Immediate

ohi.ws.client.
maxconnectionsperhost

The maximum number of concurrent connections the HTTP client will allow to a certain host at any given moment.

Integer ≥ 1

Immediate

ohi.ws.client.
maxtotalconnections

Sets the maximum number of total concurrent connections the HTTP client will allow at any given moment.

Integer ≥ value of ohi.
ws.client.
maxconnectionsperhost

Immediate

ohi.ws.client.
readtimeout

The time in milliseconds that the client will wait for the server to respond to the request. A value of 0 means never timeout.

60000

Integer ≥ 0

Immediate

ohi.ws.last.login.
update.threshold

The number of hours that need to pass between logins before updating the user’s last login timestamp. By default, the last login timestamp will not be updated more than once per hour. This only applies to logins through a web service, not the ADF UI.

Integer ≥ 1

Next Execution

Some additional service settings:

Name	Description	Default Value	Possible Values	Change Effective
ohi.service.<0>.client. authentication	Used to specify the (Jersey/REST specific) authentication mechanism to use for machine-to-machine communication. Allowable values are 'None', 'BasicAuthentication' (and 'OAuth'). The <0> is replaced by notification key.	BasicAuthentication	String	Next Execution
ohi.service.<0>.media. type	Used for the notification media type. <0> is replaced by notification key.	application/json	String	Next Execution
ohi.service.<0>.method. type	Used for the notification method type. The <0> is replaced by notification key.	POST	String	Next Execution

Name

Description

Default Value

Possible Values

Change Effective

ohi.service.<0>.client.
authentication

Used to specify the (Jersey/REST specific) authentication mechanism to use for machine-to-machine communication. Allowable values are 'None', 'BasicAuthentication' (and 'OAuth'). The <0> is replaced by notification key.

BasicAuthentication

String

Next Execution

ohi.service.<0>.media.
type

Used for the notification media type. <0> is replaced by notification key.

application/json

String

Next Execution

ohi.service.<0>.method.
type

Used for the notification method type. The <0> is replaced by notification key.

POST

String

Next Execution