Properties/Configuration
If you want CIM to work with ERS and pickup changed templates correctly, you will need to set the following environment variables for CIM:
CIM environment variable | Default | Mandatory | Example | Description |
---|---|---|---|---|
EXTENSION_CONFIG_CACHE_MODE | PROD |
TEST |
Determines if caching of extension configuration is permanent (as in PROD use) or reloadable (as in TEST use). Allowed values are: TEST, PROD | |
EXTENSION_CONFIG_CACHE_TEST_TTL_MILLIS | 20000 |
5000 |
Determines time between extension configuration cache eviction in TEST cache mode |
Below is the list of properties that are necessary to be configured for the external resources service.
Git -> S3 synchronization
Environment variable | Default | Mandatory | Example | Description |
---|---|---|---|---|
GIT_IGNOREDDIRECTORIES | .git |
.git,excluded,docs |
List of directories that should be skipped during git -> s3 synchronization | |
GIT_IGNOREDFILES | <empty> |
script.sh |
List of files that should be skipped during git -> s3 synchronization | |
GIT_REPOSITORYMAXSIZEMB | 20MB |
5MB |
Maximum size of a git repository. If exceeded the synchronization is skipped | |
GIT_OPERATIONTIMEOUT | 30s |
100ms |
Maximum duration for connecting to a git repository and fetching its contents | |
S3_BUCKETID | yes | onegini-ers-test |
Name of the AWS S3 bucket that is used to store the resources | |
S3_REGION | yes | eu-west-1 |
AWS region where the S3 bucket is hosted | |
SYNCHRONIZATION_THREADPOOLSIZE | 2 |
5 |
Thread pool size for GIT repository with S3 synchronization |
Bearer authentication related
Some endpoints in this application are only accessible when using bearer authentication with a JSON Web Token (JWT). The following environment variables are needed to validate the JWT.
Environment variable | Default | Mandatory | Example | Description |
---|---|---|---|---|
SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWKSETURI | yes | https://tokenserver.example/oauth/v1/keys |
The endpoint in the Authorization Server that returns the JSON Web Keys (JWKs) to validate the signature of the JWT | |
SECURITY_OAUTH2_JWT_AUD | yes | https://ers.example |
Identifier of the audience (External Resource Services) that is listed as the aud claim in the payload of the JWT |
|
SECURITY_OAUTH2_JWT_ISS | yes | https://tokenserver.example/oauth |
Identifier of the issuer (Authorization Server) that is listed as iss claim in the payload of the JWT |
|
SECURITY_OAUTH2_JWT_CLOCKSKEW | 60s | 2m |
The allowed difference between the internal clocks of the External Resource Service and the Authorization Server to calculate the validity of a JWT | |
SECURITY_OAUTH2_JWT_SCOPES_CONFIGURATION | css_configuration | The OAuth scope that gives access to modify the configuration and manually trigger synchronization. |
Database encryption
Environment variable | Default | Mandatory | Example | Description |
---|---|---|---|---|
DATABASE_ENCRYPTION_POOLSIZE | 4 |
yes | 4 |
The size of the pool with encryptors. If not set, the default is 4 |
DATABASE_ENCRYPTION_PASSWORD | yes | password |
Database encryption password |
Configure connection and read timeouts
Property | Default | Description |
---|---|---|
RESTSERVICES_WAITFORAVAILABLECONNECTIONINPOOLTIMEOUT | 5s | Timeout for waiting for available connection in pool |
RESTSERVICES_REQUESTCONNECTIONPOOLMAXSIZETOTAL | 30 | Total max size of the http connection pool |
RESTSERVICES_REQUESTCONNECTIONPOOLMAXSIZEPERROUTE | 5 | Max size of the http connection pool per single route |
RESTSERVICES_REQUESTCONNECTIONPOOLVALIDATEAFTERINACTIVITY | 2s | Timeout validating connection in pool after inactivity |
RESTSERVICES_READTIMEOUT | 10s | Request read timeout |
RESTSERVICES_CONNECTIONTIMEOUT | 2500ms | Request connection timeout |
You can use different units for time based properties, ie all of the following will set read timeout to 1 minute:
RESTSERVICES_READTIMEOUT=1min
RESTSERVICES_READTIMEOUT=60s
RESTSERVICES_READTIMEOUT=60000ms