Skip to content

Latest commit

 

History

History
715 lines (436 loc) · 16.5 KB

CONFIGURATION.md

File metadata and controls

715 lines (436 loc) · 16.5 KB

Configurations

Overview

The portals i.e. Console & My Account are configurable using the deployment.toml when they are hosted inside the Identity Server. The Jinja 2 template files which can be found in features/org.wso2.identity.apps.{$appName}.server.feature/resources/deployment.config.json.j2 are used to template the configuration file i.e. deploymemnt.config.json which can be found at the root of the webapp.

Note: If the portals are to be hosted outside, the aforementioned deployment.config.json file has to be modified accordingly.

To learn more abut the new configuration model, click here.

Common Configs

The following sections contain the common configs that are needed to configure/override the existing behaviour of the Console or My Account application.

app_base_name

✅ Default JSON value - "console" | "myaccount"

This configuration is needed if you want to change app base name from console or myaccount to something else.

Note: Changing just the bellow config will not be enough to achieve the desired results. You will have to manually rename the application in <IS_HOME>/repository/deployment/server/webapps. And also you will have to refactor the paths(links to the theme, rpIframe etc.) in index.jsp at the root of the console webapp.

Supported Values - Any string value

[console]
app_base_name = "custom-console"

Note for Developers: If you want to build the application with a different basename, change this config in <REPO_ROOT>/apps/console/src/public/deployment.config.json. Webapack will use this value during build time to put all the build files.

app_base_name_for_history_api

💡 No value defined in Default JSON

🏁 Fallback Value - "/"

Base name used by the browser history API. For the default SaaS behaviour / has been used due to limitations in history API. See remix-run/history#644. This config was added to enable support for none SaaS apps so that they can easily history push.

Supported Values - Any path with a leading forward slash.

[console]
app_base_name_for_history_api = "/console"

client_id

✅ Default JSON value - "CONSOLE" | "MY_ACCOUNT"

Client ID of the application.

Supported Values - Any string value. Check the OIDC configurations section of the application to retrieve the correct value.

[console]
client_id = "CONSOLE"

debug

✅ Default JSON value - false

Enable debug logs for certain features such as i18n etc.

Supported Values - true | false

[console]
debug.enable = true

idp_configs

Configs for the authentication SDK.

enablePKCE

💡 No value defined in Default JSON

🏁 Fallback Value - true

The Proof Key for Code Exchange (PKCE) is a specification supported by WSO2 Identity Server to mitigate code interception attacks. See Mitigating Authorization Code Interception Attacks to configure PKCE for an OAuth application.

Supported Values - true | false

[console]
idp_configs.enablePKCE = true

clockTolerance

💡 No value defined in Default JSON

🏁 Fallback Value - 60 Seconds (Declared in SDK)

Allowed leeway when validating the id_token. Required to address possible time mismatches between the client and the server. Check the Specification

Supported Values - Any number (in Seconds)

[console]
idp_configs.clockTolerance = 120

responseMode

💡 No value defined in Default JSON

🏁 Fallback Value - "form_post"

How the result of the authorization request is formatted.

Supported Values - "form_post" | "query"

[console]
idp_configs.responseMode = "form_post"

scope

💡 No value defined in Default JSON

🏁 Fallback Value - [ "SYSTEM" ]

Scopes requested when the token request is made.

Supported Values - String array

[console]
idp_configs.scope = [ "internal_login", "internal_identity_mgt_view" ]

serverOrigin

💡 No value defined in Default JSON

🏁 Fallback Value - "https://localhost:9443"

The origin of the Identity Provider. eg: https://localhost:9443

Supported Values - Any URL.

[console]
idp_configs.serverOrigin = "https://localhost:9443"

storage

💡 No value defined in Default JSON

🏁 Fallback Value - "webWorker"

The storage medium where the session information such as the access token should be stored.

Supported Values - "sessionStorage" | "webWorker" | "localStorage"

[console]
idp_configs.storage = "webWorker"

authorizeEndpointURL

💡 No value defined in Default JSON

🏁 Fallback Value - "/oauth2/authorize"

The endpoint to send the authorization request to.

Supported Values - Any relative URL.

[console]
idp_configs.authorizeEndpointURL = "/oauth2/authorize"

jwksEndpointURL

💡 No value defined in Default JSON

🏁 Fallback Value - "/oauth2/jwks"

The endpoint from which the JSON Web Keyset can be obtained.

Supported Values - Any relative URL.

[console]
idp_configs.jwksEndpointURL = "/oauth2/jwks"

logoutEndpointURL

💡 No value defined in Default JSON

🏁 Fallback Value - "/oidc/logout"

The endpoint to send the logout request to.

Supported Values - Any relative URL.

[console]
idp_configs.logoutEndpointURL = "/oidc/checksession"

oidcSessionIFrameEndpointURL

💡 No value defined in Default JSON

🏁 Fallback Value - "/oidc/checksession"

The URL of the OIDC session iframe.

Supported Values - Any relative URL.

[console]
idp_configs.oidcSessionIFrameEndpointURL = "/oidc/checksession"

tokenRevocationEndpointURL

💡 No value defined in Default JSON

🏁 Fallback Value - "/oauth2/revoke"

The endpoint to send the revoke-access-token request to..

Supported Values - Any relative URL.

[console]
idp_configs.tokenRevocationEndpointURL = "/oauth2/revoke"

tokenEndpointURL

💡 No value defined in Default JSON

🏁 Fallback Value - "/oauth2/token"

The endpoint to send the token request to.

Supported Values - Any relative URL.

[console]
idp_configs.tokenEndpointURL = "/oauth2/token"

tokenEndpointURL

💡 No value defined in Default JSON

🏁 Fallback Value - "/oauth2/oidcdiscovery/.well-known/openid-configuration"

The endpoint to receive the OIDC endpoints from.

Supported Values - Any relative URL.

[console]
idp_configs.wellKnownEndpointURL = "/oauth2/oidcdiscovery/.well-known/openid-configuration"

session

OIDC Session management configs.

userIdleTimeOut

✅ Default JSON value - 600

Idle session timeout interval.

Supported Values - Any numerical value. (in seconds)

[console]
session.params.userIdleTimeOut = 600

userIdleWarningTimeOut

✅ Default JSON value - 580

When will the warning modal appear to warn about idle timeout.

Supported Values - Any numerical value. (in seconds and should be less than userIdleTimeOut)

[console]
session.params.userIdleWarningTimeOut = 580

sessionRefreshTimeOut

✅ Default JSON value - 300

When to send the session extension request.

Supported Values - Any numerical value. (in seconds)

[console]
session.params.sessionRefreshTimeOut = 300

checkSessionInterval

✅ Default JSON value - 3

At what interval should the app poll for session state.

Supported Values - Any numerical value. (in seconds)

[console]
session.params.checkSessionInterval = 3

tenantResolutionStrategy

💡 No value defined in Default JSON

🏁 Fallback Value - "id_token"

How is the tenant resolved after the user is logged in. In SaaS mode, the tenant will be extracted from the logged in users ID token. Otherwise, the tenant can be obtained by reading the URL.

Supported Values - "location" | "id_token"

[console]
tenantResolutionStrategy = "id_token"

server_origin

💡 No value defined in Default JSON

🏁 Fallback Value - URL will be taken from IdentityUtil.getServerURL()

Server Origin URL to be used for API requests etc. URL will be taken from getServerURL() method in IdentityUtil when the app is deployed inside IS.

Supported Values - Any URL.

[console]
server_origin = "https://localhost:9443"

route_paths

App route paths.

home

✅ Default JSON value - "/develop/applications" (for Console) | "/overview" (for My Account)

Where to route the users when the app is loaded.

Supported Values - Any path defined in the app.

[console]
route_paths.home = "/manage/users"

login

✅ Default JSON value - "/login" (for Console) | "/login" (for My Account)

Where to route the users on login.

Supported Values - Any path defined in the app.

[console]
route_paths.login = "/login"

logout

✅ Default JSON value - "/logout" (for Console) | "/logout" (for My Account)

Where to route the users on logout.

Supported Values - Any path defined in the app.

[console]
route_paths.logout = "/logout"

ui

UI configurations.

announcements

Announcements to be displayed on the banner. Configured as an array.

color

💡 No value defined in Default JSON

Color of the Announcements banner.

Supported Values - SemanticCOLORS | "primary" | "secondary"

[[console.ui.announcements]]
color = "primary"
order

💡 No value defined in Default JSON

Order of the Announcement.

Supported Values - number

[[console.ui.announcements]]
order = 1.0
expire

💡 No value defined in Default JSON

Announcement expiry time.

Supported Values - Time stamp.

[[console.ui.announcements]]
expire = "1593475200"
id

💡 No value defined in Default JSON

Unique ID for the Announcement.

Supported Values - Any string. Preferably a GUID.

[[console.ui.announcements]]
id = "d47a8201-3d58-43ae-b1a9-1ac653814f4e"
message

💡 No value defined in Default JSON

Main message for the Announcement.

Supported Values - Any string.

[[console.ui.announcements]]
message = "Regular maintenance work will be carried out and the service will be unavailable for few hours."

app_copyright

✅ Default JSON value - "WSO2 Identity Server"

App copyright to be displayed on footer.

Supported Values - Any string.

[console]
ui.app_copyright = "WSO2 Identity Server"

app_title

✅ Default JSON value - "Console | WSO2 Identity Server" (for Console) | "My Account | WSO2 Identity Server" (for My Account)

Browser tab title.

Supported Values - Any string.

[console]
ui.app_title = "Console | WSO2 Identity Server"

app_name

✅ Default JSON value - "Console" (for Console) | "My Account" (for My Account)

Display name of the app.

Supported Values - Any string.

[console]
ui.app_name = "Console"

app_logo_path

✅ Default JSON value - "/assets/images/logo.svg"

Path of the app logo.

Supported Values - Relative paths (will be resolved from the resource bundle) | Hosted Images | Data URLs

[console]
ui.app_logo_path = "https://cdn.wso2.is.com/assets/images/logo.svg"

gravatar.configs

Gravatar configs.

fallback

✅ Default JSON value - "404"

Fallback types for gravatar images.

Supported Values - "404" | "default" | "mp" | "identicon" | "monsterid" | "wavatar" | "retro" | "robohash" | "blank"

[console]
ui.gravatar.configs.fallback = "404"
defaultImage

💡 No value defined in Default JSON

Custom fallback image URL if Gravatar is not found.

Supported Values - Any image URL.

[console]
ui.gravatar.configs.defaultImage = "https://cdn.wso2.is.com/assets/images/gravatar-fallback.png"
size

💡 No value defined in Default JSON

Gravatar image size.

Supported Values - Any number. See http://en.gravatar.com/site/implement/images/#size.

[console]
ui.gravatar.configs.size = 200

product_name

✅ Default JSON value - "Identity Server"

Product name.

Supported Values - Any string.

[console]
ui.product_name = "Identity Server"

product_version.configs

Configurations for customizing the product version label.

allowSnapshot

💡 No value defined in Default JSON

🏁 Fallback Value - false

Shows the snapshot label if present in product version.

Supported Values - true | false

[console]
product_version.configs.allowSnapshot = false

productVersion

💡 No value defined in Default JSON

Overrides the version number. Use "" if version should be hidden. Drop the attribute if no change to version number is required.

Supported Values - Any string or ""

[console]
product_version.configs.productVersion = "ALPHA"

textCase

💡 No value defined in Default JSON

Text case for the version.

Supported Values - "lowercase" | "uppercase"

[console]
product_version.configs.textCase = "uppercase"

labelColor

💡 No value defined in Default JSON

🏁 Fallback Value - "primary"

Color of the label.

Supported Values - "auto" | "primary" | "secondary" | SemanticCOLORS

[console]
product_version.configs.labelColor = "primary"

theme

Theme configurations.

name

✅ Default JSON value - "default"

Name of the app theme.

Supported Values - Any string.

[console]
theme = "default"

Console Specific Configs

The following sections contain Console specific configs that cann be used to configure/override the existing behaviour of the Console application.

applications

Different configurations for applications that are used inside the Console.

account_app

My Account app configurations.

[console]
applications.account_app.configs.origin = "<MY_ACCOUNT_ORIGIN>" # Defaults to the server URL (ex: https://localhost:9443).
applications.account_app.configs.path = "<PATH>" # Relative path(without tenant) to navigate when the My Account link is clicked on the user dropdown. Defaults to `/myaccount/overview`.

admin_app

Console app's Manage section configs.

[console]
applications.admin_app.configs.basePath = "<BASE_PATH>" # Defaults to the `/manage`.
applications.admin_app.configs.displayName = "<DISPLAY_NAME>" # Name to displayed in the tab. Defaults to the `Manage`.
applications.admin_app.configs.path = "<PATH>" # Path to navigate the users when the manage tab is clicked. Defaults to the `/manage/users`.

developer_app

Console app's Develop section configs.

[console]
applications.developer_app.configs.basePath = "<BASE_PATH>" # Defaults to the `/develop`.
applications.developer_app.configs.displayName = "<DISPLAY_NAME>" # Name to displayed in the tab. Defaults to the `Develop`.
applications.developer_app.configs.path = "<PATH>" # Path to navigate the users when the manage tab is clicked. Defaults to the `/develop/applications`.

extensions

❎ No value defined in Default JSON

App extensions configuration.