Application Properties
System properties influence the behavior of the system. Administrators use them to set timeout values, url addresses, processing settings, and many other properties.
System properties can be set:
-
in the ohi-proddef.properties file
-
by the Properties API.
A new Oracle Health Insurance Product Definition release may have a different set of properties that is supported.
The Property Definitions Integration Point contains the list of all available properties. |
The following tables describe all properties. The property names are formatted for readability, note that the property names and associated values should always be specified on one line in the properties file.
Name | Description | Default Value | Possible Values | Change Effective |
---|---|---|---|---|
ohi.properties.file. |
Changes made to any of these properties are not immediately picked up by the application. That only happens when it reads the properties-file again. This property specifies how often the system will read the file, in minutes. Default value, every 10 minutes. Minimum value, 1 minute. Values lower than that are ignored, meaning the default value is used. |
10 |
Integer ≥ 1 |
Next Execution |
Base View Generator
Name | Description | Default Value | Possible Values | Change Effective |
---|---|---|---|---|
ohi.baseview.generation. |
The number of worker threads to start for a base view generation process |
8 |
Integer ≥ 1 |
Immediate |
Dynamic Logic
Name | Description | Default Value | Possible Values | Change Effective |
---|---|---|---|---|
ohi.dynamiclogic. |
Path to directory in which the system places the generated Dynamic Logic classes. |
/tmp |
String |
Next Execution |
ohi.dynamiclogic. |
An optional property that determines whether to compile the Dynamic Logic (those who are not compiled before) at the startup of the application or not. |
true |
Boolean |
Next Execution |
ohi.dynamiclogic.timeout |
An optional property that determines the timeout of a running Dynamic Logic. If the timeout expires, the system interrupts the Dynamic Logic and throws an exception. The value is in seconds. Please note that when you add/update a Dynamic Logic timeout property, the Dynamic Logic needs to recompile for the property change to take effect. You can do this by using the "Invalidate Dynamic Logic Integration Point" that we explain in the Integration Guide. |
300 |
Integer ≥ 0 |
Next Execution |
ohi.dynamiclogic. |
An optional property that determines the timeout of the running
Dynamic Logic. If the timeout expires, the system interrupts the
Dynamic Logic and throws an exception. The value is in seconds. This
property is for a particular Dynamic Logic code, so replace the
placeholder <0> with the Dynamic Logic code for which you want to
specify the timeout. Please note that when you add/update a Dynamic
Logic timeout property, the Dynamic Logic needs to recompile for the
property change to take effect. You can do this by using the
"Invalidate Dynamic Logic Integration Point" that we explain in the
Integration Guide. If this property is not set, it takes the value of
|
Integer ≥ 0 |
Next Execution |
Logging Support
Name | Description | Default Value | Possible Values | Change Effective |
---|---|---|---|---|
ohi.logging.fileset.max. |
Maximum time in days between start and end time for bundling log events in a file set |
2 |
Integer ≥ 1 |
Immediate |
ohi.logging.phi.min. |
Minimal number of days for retaining PHI log events |
1825 |
Integer ≥ 1 |
Immediate |
ohi.logging.target |
Determines whether logging persists to the database or uses any configured Logback Appender. Possible values are 'database' and 'log' respectively |
log |
String |
Next Execution |
Incident Reports
Name | Description | Default Value | Possible Values | Change Effective |
---|---|---|---|---|
ohi.incident. |
Whenever OHI Incident storage in datafile sets activates, this property defines the number of days that the system will keep OHI Incident datafile sets, and remove OHI Incident datafile sets that are older. |
10 |
Integer ≥ 1 |
After Restart |
ohi.incident.rootdir |
OHI Components makes use of the Logback library for generating log output. In the event of an unanticipated application exception, the system writes more detailed exception trace information to an individual exception trace file. This property controls the location of these exception trace files. By default, the location 'target/trace' is relative to the directory where the WebLogic server starts. When changing the value for this property, make sure that the OS user that executes the WebLogic server processes needs to create (and read/write files in) the directory that the property refers to. |
target/trace |
String |
After Restart |
ohi.incident.target |
OHI Incident files can be stored in the database, in a datafile set. Whenever you set this property to "datafileset" this feature activates. Otherwise, the default mechanism of writing incident files to an OS file system directory. The OHI Incident datafile sets will have a Code with a following pattern: "OHIIncidents<yyyyMMdd>". Note that the value for this property must be set in the properties file, not using properties API. |
file |
"file" or "datafileset" |
After Restart |
Cache Control
Name | Description | Default Value | Possible Values | Change Effective |
---|---|---|---|---|
ohi.httpapi.cache. |
This property specifies the code of a OHI_RESOURCE_CACHE_SETTING for
metadata settings. See |
String |
Next Execution |
|
ohi.httpapi.cache. |
Property to enable HTTP API Caching, which is disabled by default. When enabled, HTTP API will add a Cache-Control header in the response it sends. |
false |
Boolean |
Next Execution |
ohi.messagegroup. |
Use it as an initial sizing element for the number of cached message groups |
1000 |
Integer ≥ 1 |
Next Execution |
ohi.process.cache. |
This property enables or disables business process cache facilities. |
false |
Boolean |
Next Execution |
ohi.process.cache.push_ |
The time in milliseconds to back-off invalidating the business process cache for consecutive bursts of invalidations. |
250 |
Integer ≥ 0 |
After Restart |
Web Service Settings
Name | Description | Default Value | Possible Values | Change Effective |
---|---|---|---|---|
ohi.ws.client. |
MANDATORY |
1000 |
Integer ≥ 0 |
After Restart |
ohi.ws.fileimport. |
MANDATORY |
String |
Next Execution |
|
ohi.service.client. |
The rest client cache size. |
500 |
Integer ≥ 1 |
Immediate |
ohi.service.client.pool. |
Enable or disable to leverage connection pool functionality |
true |
Boolean |
After Restart |
ohi.service.client.pool. |
The maximum number of connections in the pool per destination. Effective immediately for non-cached clients. |
64 |
Integer ≥ 1 |
After Restart |
ohi.service.client.pool. |
The maximum number of connections in the pool allowed to be queued per destination. Effective immediately for non-cached clients. |
1024 |
Integer ≥ 1 |
After Restart |
ohi.service.client.pool. |
The max time, in milliseconds, to resolve the host address. Effective immediately for non-cached clients. |
15000 |
Integer ≥ 1 |
After Restart |
ohi.service.client.pool. |
The time in milliseconds before the attempt to connect to an outbound service times out. Effective immediately for non-cached clients. |
15000 |
Integer ≥ 1 |
After Restart |
ohi.service.client.pool. |
The max time, in milliseconds, a connection can be idle. Effective immediately for non-cached clients. |
60000 |
Integer ≥ 1 |
After Restart |
ohi.service.client. |
Maximum allowed response content size in MegaBytes (MB). |
2147 |
Integer ≥ 1 |
After Restart |
ohi.service.<0>.client. |
This property specifies the (Jersey/REST specific) authentication mechanism to use for machine-to-machine communication. Allowable values are 'None', 'BasicAuthentication' (and 'OAuth'). The notification key replaces the <0>. |
BasicAuthentication |
String |
Next Execution |
ohi.service.<0>.client. |
The maximum number of connections in the pool per destination for client <0>. Effective immediately for non-cached clients. |
Integer ≥ 1 |
After Restart |
|
ohi.service.<0>.client. |
The maximum number of connections in the pool allowed to be queued per destination for client <0>. Effective immediately for non-cached clients. |
Integer ≥ 1 |
After Restart |
|
ohi.service.<0>.client. |
The max time, in milliseconds, to resolve the host address. This property is specific to client <0>. Effective immediately for non-cached clients. |
Integer ≥ 1 |
After Restart |
|
ohi.service.<0>.client. |
The max time, in milliseconds, a connection can take to connect to destinations. A value of 0 means never timeout. This property is specific to clientId <0>. Effective immediately for non-cached clients. |
Integer ≥ 1 |
After Restart |
|
ohi.service.<0>.client. |
The max time, in milliseconds, a connection can be idle. This property is specific to client <0>. Effective immediately for non-cached clients. |
Integer ≥ 1 |
After Restart |
|
ohi.service.<0>.media. |
For the notification media type. Notification key replaces the <0>. |
application/json |
String |
Next Execution |
ohi.service.<0>.method. |
This property is for the notification method type. The notification key replaces the <0>. |
POST |
String |
Next Execution |
ohi.ws.api.default. |
Number of items fetched in a HTTP API request. |
50 |
Integer ≥ 1 |
Next Execution |
ohi.ws.client. |
The time in milliseconds before the attempt to connect to an outbound service times out. A value of 0 means never timeout. |
60000 |
Integer ≥ 0 |
Immediate |
ohi.ws.client. |
The maximum number of concurrent connections the HTTP client will allow to a certain host at any given moment. |
2 |
Integer ≥ 1 |
Immediate |
ohi.ws.client. |
Sets the maximum number of total concurrent connections the HTTP client will allow at any given moment. |
20 |
Integer ≥ value of ohi. |
Immediate |
ohi.ws.client. |
The time in milliseconds that the client will wait for the server to respond to the request. A value of 0 means never timeout. |
60000 |
Integer ≥ 0 |
Immediate |
ohi.ws.last.login. |
The number of hours that need to pass between logins before updating the user’s last login timestamp. By default, the last login timestamp will not update more than once per hour. This only applies to logins through a web service, not the ADF UI. |
1 |
Integer ≥ 1 |
Next Execution |
Web Service Client Authentication
Outbound RESTful invocations can be secured using Basic Authentication or
OAuth2. For details, refer to the relevant chapter in the Security Guide.
Each client needs to be configured separately. The applicable properties all
follow the same naming convention:
ohi.service.<service>.client.authentication
. The default
value is "BasicAuthentication". The placeholder is the name of the client. Oracle Health Insurance
defined client names are listed as follows:
Web Service: Activity Notification
Client Name: ActivityResponseClient
Relevant Properties: ohi.service.ActivityResponseClient.client.authentication
Web Service: Data Exchange Export Notification
Client Name: DataExchangeExportNotificationClient
Relevant Properties: ohi.service.DataExchangeExportNotificationClient.client.authentication
Web Service: Data Exchange Import Notification
Client Name: DataExchangeImportNotificationClient
Relevant Properties: ohi.service.DataExchangeImportNotificationClient.client.authentication
Web Service: Data Set Operations
Client Name: DataExchangeClient
Relevant Properties: ohi.service.DataExchangeClient.client.authentication
Defining the property for the authentication mechanism needs to be done in conjunction with defining the credentials that the web service client will use when making the request. How to enter credentials is also outlined in the Developer Guide.
Web Service Media Type
Certain outbound RESTFul invocation support multiple output formats (i.e. XML
or JSON). This can be configured via the media type property. If unspecified,
the default value is "application/json". The property name follows the naming
convention: ohi.service.<service>.media.type
. The
placeholder is the name of the client. The names of the clients that support a
configurable media type are listed as follows:
Web Service: Activity Notification
Client Name: ActivityResponseClient
Relevant Properties: ohi.service.ActivityResponseClient.media.type
URL References
In HTTP API RESTful services links, URL references may be passed. Construction of the URL for these pages is driven by the following parameters:
Name | Description | Default Value | Possible Values | Change Effective |
---|---|---|---|---|
ohi.<0>.application. |
MANDATORY |
String |
After Restart |
|
ohi.<0>.deeplink.url |
MANDATORY |
String |
After Restart |
|
ohi.http.api.path |
The context root of the application. For example,
|
api |
String |
Next Execution |
Before sending URI’s out, the system will encode these. The receiving system is expected to decode the URI.
Task and Activity Processing
Name | Description | Default Value | Possible Values | Change Effective |
---|---|---|---|---|
ohi.activityprocessing. |
RESTful Service endpoint URL for delivering the response notification
after activity processing completes. OHI Components applications will
use a POST operation by default. You can overwrite this by using
|
String |
Next Execution |
|
ohi.activityprocessing. |
Activity type-specific RESTful Service endpoint URL for delivering the
response notification once activity processing completes. The activity
type code must replace the <0>. For example, REFSHEETLINE_IMPORT. When
you do not set this property, the property uses the value of
|
String |
Next Execution |
|
ohi.amount.scale |
By default, amounts are stored with the scale of 2 (two digits after the decimal point). A subset of amounts allows for a higher scale. For example, the premium amounts in calculation results allow up to 12 digits after the decimal point. How many of those additional digits the system actually uses depends on this property. The system can use it to store calculation result amounts with greater scale. An increase of scale allows for sending financial data on a detail level (For example, VAT on a premium for a member) to the financial system and round only after aggregation (For example, on a group account); rounding in an early stage to two decimals leads to a substantial difference with the expected outcome on an aggregate level. |
2 |
2 ≤ Integer ≤ 12. |
Next Execution |
ohi.max.headroom |
The maximum number of tasks to load into the processing grid. |
2000 |
Integer ≥ 1 |
Next Execution |
ohi.max.headroom.<0> |
The maximum number of tasks to load into the processing grid - per given activity type. |
2000 |
Integer ≥ 1 |
Next Execution |
ohi.processing. |
A non-zero value for this property means that the system retains data (That is, extra_info) for failed attempts. |
0 |
Integer ≥ 0 |
Next Execution |
ohi.processing. |
Utilized for extract items bucketing. It decides how many items will be exported in one transaction to improve performance. Suggested is a value between 1 and 1000. |
500 |
Integer ≥ 1 |
Next Execution |
ohi.processing.cache. |
Specification for a cache that caches the results (Flex Code entity)
of queries on Flex Code by key value and Flex Code system code. For
more information, see CacheBuilderSpec’s javadoc:
|
maximumSize=10000, |
String |
Next Execution |
ohi.processing.cache. |
Specification for a cache that caches the results (Flex Code system
code) of queries on Flex Code system by ID. For more information, see
CacheBuilderSpec’s javadoc:
|
maximumSize=1000, |
String |
Next Execution |
ohi.processing.cache. |
This property allows for caching of the responses of the "InGroup" family of function calls. |
false |
Boolean |
Next Execution |
ohi.processing.cache. |
Cache for messages in a message group. |
maximumSize=1000, |
String |
Next Execution |
ohi.processing. |
Default amount of delay in seconds when a failed task re-queues for another attempt. The system can override this property if a delay is set on the task type. |
3 |
Integer ≥ 0 |
Next Execution |
ohi.processing.filldepth |
Specifies a target number of work items to process at a time - to best utilize processing capacity. We suggest a value that is a multiple of the number of CPU cores available to the managed server. The system will take the maximum of 2x the number of processors available to the JVM and the value of this property (which has in its turn a default of 3). |
3 |
Integer ≥ 0 |
Next Execution |
ohi.processing. |
Determines the number of tasks that the system submits for processing. Suggested is a value that is 1 less than the number of CPU cores available to the managed server. The system will take the maximum of the number of processors available to the JVM minus 1 and the value of this property (which has in its turn a default of 1). |
1 |
Integer ≥ 1 |
Next Execution |
ohi.processing.groupsize |
The number of tasks to group (when applicable) into a collection of tasks to put into the processing grid as one atomic unit. This complete collection will process on one processing node. |
400 |
Integer ≥ 1 |
Next Execution |
ohi.processing. |
The number of tasks to group (when applicable) into a collection of tasks to put into the processing grid as one atomic unit - per activity type. This complete collection will process on one processing node. |
400 |
Integer ≥ 1 |
Next Execution |
ohi.processing. |
The number of loader tasks the system has to spawn, whenever an activity of that type needs to be processed and has child tasks spawned into the grid. These loaders work concurrently on the set of child tasks to spawn. |
1 |
Integer ≥ 1 |
Next Execution |
ohi.processing. |
The number of loader tasks the system has to spawn for a specific activity type, whenever an activity of that type needs to be processed and has child tasks spawned into the grid. These loaders work concurrently on the set of child tasks to spawn. |
1 |
Integer ≥ 1 |
Next Execution |
ohi.processing. |
This property specifies the time (in seconds) the system holds back a loader task in the grid, in the event it reaches its maximum allowed number of tasks to load and spawn into the grid. |
3 |
Integer ≥ 1 |
Next Execution |
ohi.processing. |
This property specifies the time (in seconds) the system holds back a loader task in the grid, in the event it reaches its maximum allowed number of tasks to load and spawn into the grid.- per given activity type. |
3 |
Integer ≥ 1 |
Next Execution |
ohi.processing.max. |
The maximum amount of times activity processing will try to send out an 'activity processed' event to an external system. |
3 |
Integer ≥ 0 |
Next Execution |
ohi.processing.max. |
The maximum amount of times activity processing will try to send out an 'activity processed' event to an external system - per activity type. |
3 |
Integer ≥ 0 |
Next Execution |
ohi.processing. |
Number of times a task can resolve as 'errored' before it stops a task flow. |
3 |
Integer ≥ 0 |
Next Execution |
ohi.processing. |
Determines how many times a specific incomplete task will reschedule for processing, before marking it as 'errored'. |
10000 |
Integer ≥ 0 |
Next Execution |
ohi.processing. |
Determines if a failed task retries immediately, or re-queues for another attempt after a delay. |
true |
Boolean |
Immediate |
ohi.processing.yield. |
This property specifies the default time (in seconds) that the system holds back a task in the processing grid, in between execution steps. This is typical for parent-child task relationships, where a parent task will has to regularly check on the status of its children. |
3 |
Integer ≥ 1 |
Next Execution |
ohi.processing.yield. |
This property specifies the time (in milliseconds) the system will hold an (aggregate) task backfor task loaders to complete their work. |
3 |
Integer ≥ 1 |
Next Execution |
ohi.processing.yield.<0> |
This property specifies the default time (in seconds) that the system holds back a task in the processing grid, in between execution steps. This is typical for parent-child task relationships, where a parent task has to regularly check on the status of its children - per activity type. |
3 |
Integer ≥ 1 |
Next Execution |
ohi.startup.start.task. |
Controls task processing for a managed server. By default, if a
managed server that executes an OHI Components application starts,
then it will start processing tasks from the work backlog queue. You
can override the default behavior by setting command-line parameter
|
true |
Boolean |
Next Execution |
Specifying Yields, Submission Count, Group Size, and Loader Count Per Activity Type
Oracle Health Insurance Product Definition allows to individually specify some of the aforementioned application properties on a per-activity-type basis. This provides finer grained control of loading and processing semantics. The way to accomplish this is to concatenate the mnemonic for the specific activity type after the specific property key, for example:
ohi.processing.groupsize.REFERENCE_SHEET_IMPORT=250
This mechanism is available for the following properties:
-
ohi.processing.yield.<activity_type>
-
ohi.max.headroom.<activity_type>
-
ohi.processing.groupsize.<activity_type>
-
ohi.processing.loadercount.<activity_type>
-
ohi.processing.loaderyield.<activity_type>
-
ohi.processing.max.numberofretries.<activity_type>
For the mnemonic of individual activity types, check the Developer Guide.
Reinsurance
Name | Description | Default Value | Possible Values | Change Effective |
---|---|---|---|---|
ohi.reinsurance. |
Used to determine whether the application has to create product benefit specification reinsurance entities. |
String |
Next Execution |
|
ohi.reinsurance. |
Used to determine whether the application has to create product benefit specification reinsurance entities |
String |
Next Execution |
Callout Rules
Name | Description | Default Value | Possible Values | Change Effective |
---|---|---|---|---|
ohi.servicecallout.<0>. |
MANDATORY |
String |
Next Execution |
|
ohi.rest.client.logging |
Enable or Disable logging for rest clients. When "true" will log traffic to external system. |
false |
Boolean |
Immediate |
ohi.servicecallout. |
The media type to be used for REST call outs. Can be overriden per call out, see 'ohi.servicecallout.<0>.media.type'. |
application/json |
String |
Next Execution |
ohi.servicecallout.<0>. |
Time interval in seconds used by the system to check if a response for the Callout Rule is received. The <0> placeholder should match the calloutdefinition code that is configured for a specific rule. Rule: 1 ≤ completeness.interval ≤ completeness.timeout. This is verified at system startup. If the completeness interval parameter is not specified for a Callout Rule, the system will use the value of 'ohi.servicecallout.<0>.completeness.timeout' (which has in its turn default value '5'). |
Integer ≥ 1 |
Next Execution |
|
ohi.servicecallout.<0>. |
Time interval in seconds used by the system to determine if a response for the Callout Rule is received in time. If a response is not received before the time out period is exceeded, the system raises an error. The <0> placeholder should match the calloutdefinition code that is configured for a specific rule. Rule: completeness.timeout > 1. This property also provides a fallback value when completeness.interval is not set. |
5 |
Integer > 1 |
Next Execution |
ohi.servicecallout.<0>. |
The media type to be used for an individual REST call out, <0> to be replaced with callout definition code. When this property is not set, the value of 'ohi.servicecallout.media.type' will be used. |
application/json |
String |
Next Execution |
Data Exchange
Name | Description | Default Value | Possible Values | Change Effective |
---|---|---|---|---|
ohi.application.uri.<0> |
MANDATORY |
String |
Next Execution |
|
ohi.cm.concurrency.limit |
This property specifies the number of parallel threads in configuration migration tool for export and import processes. For better performance results, we recommend the value of this system property to be equal to the number of CPUs (core). For example, if there are six CPUs and each of them is single-core, then this property must be six |
2 |
Integer ≥ 1 |
After Restart |
ohi.cm.dynamiclogic. |
Some Dynamic Logic can refer to another Dynamic Logic and if the Dynamic Logics are not imported in the correct order, the compilation will fail. If this happens, the CMT process retries the failed Dynamic Logic. This property specifies how many times the Dynamic Logic Import retries before marking it as errored. We suggest to use a value between one and nine. |
3 |
Integer ≥ 0 |
Next Execution |
ohi.cm.dynamiclogic. |
The number of records from the failure table that the CMT process reads at once during retry processing. |
100 |
Integer ≥ 0 |
Next Execution |
ohi.cm. |
The system uses this property in the export process and it represents the number of high volume entities (For example, Procedure Group detail) to read at a time. We recommend setting this value to N * 1000, where N is the number of JVMs. |
1000 |
Integer ≥ 1 |
Next Execution |
ohi.<0>.endpoint.request |
Allows for web service client interactions to identify their request
URI destination. The system uses this property to get the URI for the
end point. The notification key replaces the <0>. Sample value is
|
String |
Next Execution |
Extract
Name | Description | Default Value | Possible Values | Change Effective |
---|---|---|---|---|
ohi.extract.<0>. |
For sending out an extract completion notification related to a specific notification key. <0> is replaced by the notification key. Example: http://machine.domain:port/notifications |
String |
Next Execution |
Single Sign-On
The following table lists properties that need to be set when an Oracle Health Insurance application take part in Single Sign-On (SSO) scenarios:
Name | Description | Default Value | Possible Values | Change Effective |
---|---|---|---|---|
ohi.security.sso.enabled |
The application will check for an SSO header, and if it does not find one, it will present the user with a login screen. |
false |
Boolean |
Next Execution |
ohi.security.sso.header |
The header value in which to check for an SSO principal if servlet security does not map it. |
OAM_REMOTE_USER |
String |
After Restart |
ohi.security.sso. |
The application will reject traffic without an SSO header. |
false |
Boolean |
Next Execution |
Secrets Store
Name | Description | Default Value | Possible Values | Change Effective |
---|---|---|---|---|
ohi.oauth.cert.signing. |
Determines the signing algorithm for X509 certificates that are used by OHI applications to sign the JWT token that an OHI application generates for obtaining an OAuth2 access token through the assertion grant type (where the JWT is used as assertion). Only RSA algorithms are currently supported. |
SHA512withRSA |
String |
Immediate |
ohi.secure.secrets.store |
The type of store the OHI application uses for secrets |
One of the following: opss, |
After Restart |
|
ohi.vault.address |
Vault address. Must use HTTPS. |
String |
After Restart |
|
ohi.vault.clientkeypem. |
Resource URL to Vault Client Key pem. Must be accompanied by a matching value for system property ohi.vault.clientpem.url |
String |
After Restart |
|
ohi.vault.clientpem.url |
Resource URL to Vault Client pem. Must be accompanied by a matching value for system property ohi.vault.clientkeypem.url |
String |
After Restart |
|
ohi.vault.environment. |
To distinguish secrets on a per OHI application instance basis |
String |
After Restart |
|
ohi.vault.jkskeystore. |
Password for JKS keystore that contains certificatesMust be accompanied by a matching value for system property ohi.vault.jkskeystore.url |
String |
After Restart |
|
ohi.vault.jkskeystore. |
Resource URL to JKS keystore that contains certificates.Must be accompanied by a matching value for system property ohi.vault.jkskeystore.password |
String |
After Restart |
|
ohi.vault.jkstruststore. |
Resource URL to JKS truststore that contains certificates |
String |
After Restart |
|
ohi.vault.kv.secrets. |
By default, OHI applications assume that Vault’s Key-Value secrets engine is enabled at root path "secret".The Key-Value secrets engine is used to store arbitrary secrets within the configured physical storage for Vault. |
secret |
String |
After Restart |
ohi.vault.namespace |
OHI specific Vault namespace section, under the path determined by properties {ohi.vault.kv.secrets.engine}/{ohi.vault.namespace} to look for secrets |
ohi |
String |
After Restart |
ohi.vault.pem.url |
Resource URL to Vault pem |
String |
After Restart |
|
ohi.vault.token |
Vault token |
String |
Next Execution |
Data File Import
The following table lists (technical) properties that influence data file (batch) processing performance. Only change these after consulting with Oracle:
Name | Description | Default Value | Possible Values | Change Effective |
---|---|---|---|---|
ohi. |
The system spawns a separate processing activity to process a chunk or batch of reference sheet lines of the specified size. |
5000 |
Integer ≥1 |
Next Execution |
Cross Origin Resource Sharing
See the Security Guide for an introduction to Cross Origin Resource Sharing (CORS). For further explanation the reader is referred to W3C’s CORS specification.
Name | Description | Default Value | Possible Values | Change Effective |
---|---|---|---|---|
ohi.cors.access.control. |
MANDATORY |
String |
Next Execution |
|
ohi.cors.access.control. |
Header that shows whether the system can expose the response to a request when the omit credentials flag is unset. When this is part of the response to a preflight request, it shows that the actual request can include user credentials. |
true |
Boolean |
Next Execution |
ohi.cors.access.control. |
Header that shows, as part of the response to a preflight request, which header field names can be useful for during the actual request. Allows all headers by default. The value is a comma-separated list of allowed headers. |
String |
Next Execution |
|
ohi.cors.access.control. |
Header that shows, as part of the response to a preflight request, which methods the system can use during the actual request. Allows all methods by default. The value is a comma-separated list of allowed methods. |
String |
Next Execution |
|
ohi.cors.access.control. |
Header that shows which headers are safe to expose to the API of a CORS API specification. The value is a comma-separated list of all exposed headers. |
String |
Next Execution |
|
ohi.cors.access.control. |
Header that shows how long the preflight result cache stores the results of a preflight request, number representing seconds. |
1800 |
Integer ≥ 0 |
Next Execution |
ohi.vary.header |
Property to set Vary HTTP Header. Value is a comma-separated list |
Accept,Accept- |
String |
Next Execution |
Data Set Operations
Name | Description | Default Value | Possible Values | Change Effective |
---|---|---|---|---|
ohi.datasetoperations. |
This property is about the Data Set Operations Integration Point, for export usages. It contains a URI that refers to the notification message, once the process of uploading the data set payload completes this message is sent. |
String |
Next Execution |
|
ohi.datasetoperations. |
This property is about the Data Set Operations Integration Point, for import usages. It contains a URI that refers to the notification message, once the process of uploading the data set payload completes this message is sent. Error messages prevent the import from happening. |
String |
Next Execution |
Intrusion Detection
Oracle Health Insurance applications safeguard against Cross-Site Scripting (XSS) attacks by checking "untrusted" data that may be entered in HTTP API requests (see the Security Guide for intrusion detection principles). Detection behavior can be customized using the properties that are listed in the following table:
Name | Description | Default Value | Possible Values | Change Effective |
---|---|---|---|---|
ohi.untrusteddata.check |
The application enables the XSS vulnerability detection by default. Disable it bysetting the value for this parameter to false. You should use this property if other components in the landscape perform vulnerability detection. |
true |
Boolean |
Next Execution |
ohi.untrusteddata. |
The system checks the domain attributes of type string by default if the length ≥ 30 characters. To be more stringent, decrease the default value using this property. |
30 |
Integer ≥ 1 |
Next Execution |
ohi.untrusteddata. |
The system checks the domain attributes by default. Use this property to define a comma-separated list of excluded customer-specific attributes from intrusion detection checking. Format: <DOMAIN OBJECT SIMPLE NAME>.<ATTRIBUTE NAME>. |
String |
Next Execution |
|
ohi.untrusteddata. |
The property checks the HTTP Headers by default. Use this property to define a comma-separated list of customer-specific headers that need exclusion from intrusion detection checking. Format: <HEADER NAME>,<HEADER NAME>. |
String |
Next Execution |
|
ohi.untrusteddata. |
The system checks HTTP Query Parameters by default. Use this property to define a comma-separated list of customer-specific query parameters that need exclusion from intrusion detection checking. Format: <QUERY PARAMETER NAME>,<QUERY PARAMETER NAME>. |
String |
Next Execution |
For example, to prevent mixed encoded Cookies that a client like a browser sends as part of the request to result in a Bad Request, allow the Cookie header as follows:
ohi.untrusteddata.whitelist.header=Cookie
OAuth2
REST Clients in Oracle Health Insurance applications can be configured to send requests to OAuth2 protected resources. See the Security Guide for further details about OAuth2 support in Oracle Health Insurance applications.
The Oracle Health Insurance application’s RESTful services can also be OAuth2 protected. In that case the application validates and / or introspects OAuth2 access tokens that are sent as Bearer tokens in the HTTP Authorization header.
The following table lists OAuth2 REST Client and server side properties.
Name | Description | Default Value | Possible Values | Change Effective |
---|---|---|---|---|
ohi.oauth.accesstoken. |
To model the overhead of fetching an access token from an OAuth2 authorization server for caching the access token in the REST client, e.g. to account for some network delay between the client and the authorization server.Example: if the authorization server returns a token with an expiry time of 3600 seconds and if the network delay is expected to be 100 ms, then 100 ms could be configured for this key. The resulting access token will be cached for the original expiry time minus overhead time, i.e. 3600000 - 100 = 3599900 ms. The value should be specified in milliseconds. |
10 |
Integer ≥ 0 |
Immediate |
ohi.oauth.jwk.set.url |
URL value for the OAuth2 authorization server JSON Web Key (JWK) Set endpoint. The OAuth2 authorization server should support RFC 7517. Token Validation Method is JWKSET. |
String, URL |
After Restart |
|
ohi.oauth.jwk.set. |
Client Id or audience claim for token validation. Token Validation Method is JWKSET. |
String |
After Restart |
|
ohi.oauth.jwk.set. |
Issuer for token validation. Token Validation Method is JWKSET. |
String or URL |
After Restart |
|
ohi.oauth.jwk.set. |
Signing algorithm used by the Authorization Server. Token Validation Method is JWKSET. |
RS256 |
String |
After Restart |
ohi.oauth.jws.signing. |
Algorithm used for signing the JWT token that an OHI application generates for obtaining an OAuth2 access token through the assertion grant type (where the JWTis used as assertion). Note that only RSA algorithms are currently supported. |
RS512 |
RS256, RS384, RS512 |
Immediate |
ohi.oauth.jwt. |
Expiration period (in seconds) for the JWT token that an OHI application generates for obtaining an OAuth2 access token through the assertion grant type (where the JWT is used as assertion). |
600 |
0 ≤ Integer ≤ 9999 |
Immediate |
ohi.oauth.jwt.userid. |
Specifies the claim in the JWT that can be used to identify the user for which the OAuth2 access token was created. Token Validation Method is JWKSET. |
sub |
String |
Immediate |
ohi.oauth.openidconnect. |
Client ID of the OpenID Connect client that has to be present to acquire an access token. |
String |
Immediate |
|
ohi.oauth.openidconnect. |
Credential associated with the OpenID Connect client that has to be present to acquire an access token. |
String |
Immediate |
|
ohi.oauth.openidconnect. |
Defines the maximum acceptable clock skew (in seconds) for validating timestamps of ID tokens that are issued by an OpenID Provider. |
60 |
Integer ≥ 1 |
After Restart |
ohi.oauth.token. |
Unique client id for resolving the username and password credentials that are used to construct the Basic Authentication Authorization header when calling the OAuth2 authorization server token validation or introspection endpoint. Token Validation Method is OAUTH2_ENDPOINT. |
String |
Immediate |
|
ohi.oauth.token. |
URL value for the OAuth2 authorization server token validation or introspection endpoint. It is assumed that the endpoint supports Basic Authentication. Token Validation Method is OAUTH2_ENDPOINT. |
String, URL |
After Restart |
|
ohi.oauth.token. |
RFC 7662 defined Introspection Response element that will be used to derive the username from. Token Validation Method is OAUTH2_ENDPOINT. |
sub |
String |
Immediate |
ohi.oauth.token.issuer. |
For token validation. Specific issuer identifier. Requires use of properties ohi.oauth.token.issuers and ohi.oauth.token.issuer.<0>.user.claim. |
String or URL |
After Restart |
|
ohi.oauth.token.issuer. |
For token validation. Issuer-specific user claim. Requires use of properties ohi.oauth.token.issuers and ohi.oauth.token.issuer.<0>. |
String |
After Restart |
|
ohi.oauth.token.issuers |
For token validation. Comma-separated string of possible token issuers. Requires use of properties ohi.oauth.token.issuer.<0> and ohi.oauth.token.issuer.<0>.user.claim. |
Comma- |
After Restart |
|
ohi.oauth.token. |
Determines the access token validation method. Possible values: JWKSET: OAuth2 access tokens are validated by the resource server. Assuming the token is a JWT, validates it against a JSON Web Key (JWK) Set as defined by RFC 7517. The source of the JWK Set is an endpoint exposed by an OAuth2 authorization server. Use this method to validate ID tokens issued by an OpenID Provider.OAUTH2_ENDPOINT: validates the token using an OAuth2 authorization server’s token introspection endpoint as defined by RFC 7662. |
JWKSET |
JWKSET, OAUTH2_ |
Immediate |
User Interface
Name | Description | Default Value | Possible Values | Change Effective |
---|---|---|---|---|
ohi. |
Can be used to initiate showing a modal popup for UI accessibility settings, in case that has not been done for the user earlier. |
false |
Boolean |
Next Execution |
ohi.environment. |
Text string on the home page of the system that helps the user to identify the environment. Samples are 'User Acceptance Test' or 'Development'. |
ohi |
String |
Next Execution |
ohi.oauth.idp.uri |
A system property needs to be set to the IDP (IDentity Provider) URL to acquire the OpenID Connect configuration. This property is expected to be set when 'ohi.oauth.use.openidconnect' is set to 'true'. |
String |
After Restart |
|
ohi.oauth.use. |
When set to true, it indicates that Oracle JET UI leverages OpenID Connect authentication. |
false |
Boolean |
After Restart |
ohi.security.oauth. |
Specifies the OpenID Connect callback URL to be invoked after authentication of the user through OpenID Connect has taken place, but before an access token has been obtained. |
oidc/callback |
String |
After Restart |
ohi.security.oauth. |
This property determines the time (in seconds) until the the OAUTH authentication cookie expires. |
3600 |
Integer ≥ 1 |
After Restart |
ohi.security.oauth. |
This property specifies the name of the shared cookie in which the OpenID connect authentication information is stored |
OHI_SHARED_AUTH |
String |
After Restart |
ohi.security.oauth. |
This property specifies the path of the OHI OAUTH Session Cookie. This path must exist in the requested URL, or the browser won’t send the Cookie header. |
/ |
String |
After Restart |
ohi.security.oauth. |
This property determines if the OAUTH authentication cookie is set to 'secure'. When set to true, the cookie is only sent to the server when a request is made with the 'https:' scheme. |
false |
Boolean |
After Restart |
ohi.security.oauth. |
Specifies the base URL of the JET Application that needs to be secured (e.g. https://host:8909/oig) |
/ |
String |
After Restart |
ohi.security.oauth. |
Specifies the OpenID Connect URL that is to be invoked after a user has selected to logout from the UI. |
oidc/logout |
String |
After Restart |
ohi.ui.maxrowstoretrieve |
Maximum number of rows retrieved to show in a UI table. Note that memory usage and page load times are impacted by this value. |
200 |
Integer ≥ 1 |
Next Execution |
ohi.ui. |
Maximum number of rows retrieved to show in a UI table for an individual page. The function code is the one shown in the 'About this page' popup, and is case sensitive. Note: it is not possible to change the number of rows shown for an individual LOV. LOV are always restricted by ohi.ui.maxrowstoretrieve. If this property is not set, the value of ohi.ui.maxrowstoretrieve will be taken (which has in its turn a default of '200') |
Integer ≥ 1 |
Next Execution |
|
ohi.ui.pollinterval |
This property controls the interval between automatic page refreshes for pages that support it. Value in milliseconds |
5000 |
Integer ≥ 1 |
Next Execution |
ohi.ui.pollinterval.<0> |
This property controls the interval between automatic page refreshes for pages that support it. The <function_code> is an optional suffix that can be used to differentiate poll intervals between different pages. |
5000 |
Integer ≥ 1 |
Next Execution |
Monitoring and Metrics
Name | Description | Default Value | Possible Values | Change Effective |
---|---|---|---|---|
ohi.healthcheck.url. |
Defines the mapping between the Healthcheck servlet and a URL pattern. Value is a URL Mapping (For example, /up). |
String |
After Restart |
|
ohi.instrumentation. |
Set to true to tag each metric with the name of the application. |
false |
Boolean |
After Restart |
ohi.instrumentation. |
Set to false to enable recording of non-OHI metrics. |
true |
Boolean |
After Restart |
ohi.instrumentation. |
Set to true to enable recording of metrics. |
false |
Boolean |
Immediate |
ohi.instrumentation. |
Set to true to enable recording of JVM telemetry. |
false |
Boolean |
After Restart |
ohi.instrumentation. |
Comma-separated list of resource path segment prefixes for resource client timers that the system interprets as not being the last segment of the resource path. |
Comma- |
After Restart |
|
ohi.instrumentation.<0>. |
Determines whether to publish histogram buckets for the timer you configure. |
false |
Boolean |
After Restart |
ohi.instrumentation.<0>. |
Percentiles for the timer you configure. |
Comma- |
After Restart |
|
ohi.instrumentation.<0>. |
The system publishes data for the timer if the tag name that you
specify as property |
Regular expression |
After Restart |
|
ohi.instrumentation.<0>. |
Tag name subject to testing with the regular expression that you
specify as property |
String |
After Restart |
|
ohi.prometheusservlet. |
Defines the mapping between the Prometheus servlet and an URL pattern |
String, URL Mapping |
After Restart |
See the Operations Guide for more details about metrics related properties.