Globals
Globals are system properties affecting all components in a configuration.
For details about where to place these global VM options, see Extra VM options
-D<property-name>=<property-value>
All globals has the following prefix (if not specified otherwise):
com.phenixidentity.globals.
(left out from table below for better readability)
Example:
-Dcom.phenixidentity.globals.httpRequestBodyMaxSize=<property-value>
| Name | Default | Description |
|---|---|---|
| licensePath |
./license | Path to license directory |
| tls.version |
TLSv1.2 |
TLS version to use |
| http.port |
8443 | Default HTTP listen port. Note: This value is only used if the server configuration does NOT contain a HTTP_CONFIGURATION with alias 'default' |
| defaultLanguage |
en | Default language used for localization. |
| defaultHTTPErrorTemplate |
error | Name of template used for displaying errors. |
| faviconFilePath |
Path to favicon | |
| com.phenixidentity.valve.detectionpattern |
com.phenixidentity..* |
Regex matching packages that should be scanned for valves. Note: prefix for this property is 'com.phenixidentity.' |
| datetimepattern |
MMM dd yyyy HH:mm:ss.SSS zzz |
Date/time pattern for events. |
| storePath |
Path to configuration store. | |
| sessionTTL |
30 | Session TTL in minutes. |
| sessionMaxCount |
50000 | Maximum number of concurrent sessions. If this value is exceeded, oldest sessions will be removed before expired. |
| asyncStoreRequestTimeout |
10000 | Timeout in milliseconds for calls to configuration and runtime store. |
| asyncPipeRequestTimeout |
10000 | Timeout in milliseconds for calls to pipes. |
| asyncServiceRequestTimeout |
2000 | Timeout in milliseconds for calls to internal services. |
| useExtendedExprSyntax |
false | Enable support for dotted names in valve expressions. |
| usePromiscuousMode |
false | Enable SSL trust all |
| hazelcastConfigPath |
classes/cluster.xml |
Path to Hazelcast configurations file |
| com.phenixidentity.operatingPlattform |
default | Server platform. This is an internal setting that never should be changed. Note: prefix for this property is 'com.phenixidentity.' |
| listenAddress |
0.0.0.0 | Server bind/listen address |
| httpRequestBodyMaxSize |
2097152 |
Max size in bytes of incoming HTTP request bodies. If a message with a body larger than this value is received it will be rejected. |
| allowedHttpMethods |
GET,PUT,POST,DELETE | Allowed HTTP request methods. Calls with methods NOT in this list will be rejected. |
| requireHttpContentLength |
true | Require HTTP clients to supply header Content-Length in HTTP PUT and POST request. |
| phenixid_lta_signature_size |
20000 | Size (bytes) of LTA signature. |
| datetimepattern | yyyy-MM-dd'T'HH:mm:ssXXX |
Date and time format for CEF logs |
| phenixid.auth.client.address | The default header to extract client IPs from. Used as a fallback if no client IP resolve configuration is added to the HTTP configuration (which is the recommended way to do it). If left blank, and also not configured in the http configurations, client IPs will be socket IPs. When using a reverse proxy the socket ip will in most cases result in logging the proxy address instead of the actual client. | |
| phenixid.auth.cookie.force.secure | false | Cookies set by PAS can be forced to include the secure flag. By default PAS tries to guess if the flag should be set or not. Often when running PAS behind a reverse proxy terminating SSL/TLS and the communication between the reverse proxy and PAS is using basic HTTP this behaviour will result in a less secure set up (the secure flag is not set). When setting this, direct http connections will not work as expected meaning if there are sections of the system running on plain http without a SSL/TLS proxy in front. That part will not work. HTTP API is not affected since cookies are not used in this scenario. |
| msggw.connection.timeout | 1 | Timeout in seconds for connecting to the message gateway, which is used for sending SMS, voice messages etc. |
| msggw.socket.timeout | 1 | The socket timeout, in seconds, when communicating with the message gateway, which is used for sending SMS, voice messages etc. |
| msggw.request.timeout | 4 | The request timeout, in seconds, when communicating with the message gateway, which is used for sending SMS, voice messages etc. |
| com.phenixidentity.globals.enableCaching | true | If caching should be enabled or not. This attempts to cache ex. common static files, gzip compression results, templates etc. Should under normal circumstances be enabled when running in production. Can be useful to disable when developing in order to reflect file changes instantly, ex. CSS, templates or similar. |
| com.phenixidentity.globals.enableLegacyEvents | false | If legacy events should be enabled or not. Note that the modern audit logs will be present even with this enabled. See audit logs introduction for more. |
| com.phenixidentity.http.server.maxInitialLineLength | 32768 | For incoming HTTP requests, the maximal length of the first line of the HTTP request. This is where the path and querystring reside. |
| com.phenixidentity.http.server.maxHeaderSize | 32768 | For incoming HTTP requests, the maximal length of all the HTTP headers |
| com.phenixidentity.http.server.maxFormAttributeSize | 131072 | For incoming HTTP requests, the maximal length of a single a form attribute (ie, a single field's value during a HTTP POST or similar) |