Valves
Note
This manual provides documentation of the valves that are shipped with PhenixID Authentication Services.
A valve is a small highly specialised block of logic. By putting valves together in a chain, called a PIPE, PhenixID server enables high level of customization.
Every valve has it's unique set of configuration, which is documented here.
Common configuration
There are multiple configuration properties that can be configured on most valves/are shared between multiple valves.
| Name | Description | Default value |
|---|---|---|
| exec_if_expr | Javascript expression for if the valve should be executed. Only applied if the value has been configured. | |
| skip_if_expr | Javascript expression for if the valve should be skipped. Only applied if the value has been configured. | |
| item_include_expr | Javascript expression for filtering the set of items applying the valve to. Many valves respect this property, but not all. Only applied if the value has been configured. | |
| proceed_on_error | In case the valve execution fails, the execution of the pipe will still continue if this has been set to true |
false |
| fail_property | In the case the valve execution fails, and proceed_on_error has been set to true, the configured property will be set to true on the first item. If there are no items in the flow, a new item with a random will be added to the flow. Only applied if the value has been configured. This can be useful in order in order to implement fallback logic, retries or similar. |
|
| use_extended_expr_syntax | If extended expressions with dotted syntax should be used for template expansions | See Globals |
| lockout_enabled | If the user lockout logic should be enabled for the valve or not. Only used by a handful valves. See the article User Lockout for more details. | false |
| lockout_hard_enabled | If hard user lockout logic should be enabled for the valve or not. Only used by a handful valves. See the article User Lockout for more details. | false |
| lockout_login_attempts | The number of allowed login attempts for the user lockout logic, if has been enabled. Only used by a handful valves. See the article User Lockout for more details. | 3 |
| lockout_login_window | For how long, in minutes, the configured lockout_login_attempts will be enforced, if has been enabled. Only used by a handful valves. See the article User Lockout for more details. |
30 |
| lockout_time | For how long, in minutes, a user will be locked out by the user lockout logic, if has been enabled. Only used by a handful valves. See the article User Lockout for more details. | 60 |
| lockout_hard_threshold | If hard user lockout logic has been enabled, a hard lockout will be activated for the user after having triggered this many soft lockouts. Only used by a handful valves. See the article User Lockout for more details. | 2 |
| workerPoolName | Some valves that are not naturally asynchronous and/or potentially blocking due to being CPU-intensive or I/O-bound might use a worker thread for such tasks. This property is only used if useDedicatedWorkerPool is true - if so, this is the name of the worker pool to use/create. |
valve-NAME_OF_THE_VALVE, for example valve-AddImageToPDFValve |
| workerPoolSize | If useDedicatedWorkerPool is true, and the valve wants to delegate work to a worker thread, this is the number of thread to populate the worker pool with. This pool is not local do a single instance of the Valve/deployed instance of the Pipes module (the module might be deployed in multiple instances in order to improve performance) |
4 |
| useDedicatedWorkerPool | For valves that wants to offload tasks to a worker thread, this dictates whether the default worker pool should be used (false) or a dedicated pool (true). In case of the latter, a shared worker pool will be created, which will span all deployed modules in PAS. |
false, for most valves - valves doing SOAP-calls to third party services are an example of valves where the default value might be true. |
| maximumWorkerPoolExecutionTimeMilliseconds | If useDedicatedWorkerPool is true, the system might start to issue warnings in the system logs if operations are taking longer time than this, warning for potential performance problems. |
10000 |
Secrets
Secrets is a concept with valves - they are local within the execution of a single pipe (flow). Secrets must never be exposed accidentally, for example the private keys for a certificate. Instead of storing the private key inside an item in the flow, where it can easily be leaked, ex. by dumping to logs, it's stored inside the flow as a temporary secret, and has a temporar UUID assigned to it so it can be referenced and used between various valves during the flow's execution - the UUID isn't sensitive and can safely be stored in an item in the flow.