Skip to main content
Version: 8.2411.x.x RR

nevisAdapt service description

The next section describes the configuration attributes of the nevisAdapt service. You set these attributes in the file /var/opt/nevisadapt/conf/nevisadapt.properties.

It is recommended not changing the default values if not necessary. Also, always use the nevisAdapt Instance pattern in nevisAdmin 4 for configuring the adaptive authentication use cases.

The table only includes attributes that are relevant for the nevisAdapt service. Technical parameters such as database schema or certificate settings are excluded. For more information about such technical parameters, refer to System Configuration in the nevisDetect Reference Guide.

nevisadapt.ipReputationFilePath

  • Type or unit: String
  • Example: file:/var/opt/nevisadapt/conf/list.netset.nevis
  • Defines the location of the IP blacklist file. nevisAdapt uses this file to check whether the IP in the auth request is blacklisted.

nevisadapt.ipReputation.update.cron

  • Type or unit: String
  • Example: 0 0 2 ** *
  • Default: 0 0 4 ** *
  • Defines the update schedule for the IP reputation mapping file. If this schedule is missing, no scheduled update takes place. The syntax follows cron expression rules, with seconds in the first position:<seconds> <minutes> <hours> <days> <months> <days of week>

nevisadapt.ipReputation.update.directory

  • Type or unit: String
  • Example: /my/download/directory
  • Default: /tmp/
  • Specifies the download target directory. The update consists of two stages: The first stage downloads the new file to the location set here. The second stage moves the required file over to the final destination.

nevisadapt.ipReputation.update.url

  • Type or unit: String
  • Example: https://<ip-reputation-provider-url>
  • Default: https://iplists.firehol.org/files/firehol_level1.netset
  • Defines the download URL for the IP blacklist update. Set to empty string to avoid external updates.

nevisadapt.ipToLocationFilePath

  • Type or unit: String
  • Example: file:/var/opt/nevisadapt/conf/IP2LOCATION-LITE-DB5.CSV
  • Defines the location of the IP-to-location-mapping file. nevisAdapt uses this file to derive the country code, and optionally also the latitude and longitude, from the IP address.

nevisadapt.ipToLocation.service.class

  • Type or unit: String
  • Example: ipToLocationBinService or ipToLocationCsvService
  • Defines the IP-to-location database integration method to use. The following options are available: 1. ipToLocationBinService: Reads the file on queries. This method requires less dedicated memory. It is the default setting for update schedules configured via nevisAdmin4. 2. ipToLocationCsvService: Reads the file after the update is completed, and loads it into memory. This method requires a large amount of dedicated memory resource. It is not recommended for large database files in a productive environment.

nevisadapt.ipToLocation.update.cron

  • Type or unit: String
  • Example: 0 0 2 3 **
  • Default: 0 0 2 4 **
  • Defines the update schedule for the IP-to-location mapping file. If this schedule is missing, no update takes place. The syntax follows cron expression rules, with seconds in the first position:<seconds> <minutes> <hours> <days> <months> <days of week>

nevisadapt.ipToLocation.update.directory

  • Type or unit: String
  • Example: /my/download/directory
  • Default: /tmp/
  • Specifies the download target directory. The update consists of two stages: The first stage downloads the new file to the location set here. The second stage moves the required file over to the final destination.

nevisadapt.ipToLocation.update.token

  • Type or unit: String
  • Example: AbCdEfGh123IjKlMnOp456QrStUvWx789Yz0
  • Sets the download token provided by IP2LOCATION.

nevisadapt.ipToLocation.update.fileSelector

  • Type or unit: String
  • Example: DB5LITEBIN
  • Sets the code as specified by IP2LOCATION.

nevisadapt.nevisadapt.ipReputation.service.privateNetworkFilter

  • Type or unit: Boolean
  • Example: true
  • Enables or disables private IP address filtering.

nevisadapt.ipReputation.service.privateNetworkCountryCode

  • Type or unit: String
  • Example: CH
  • Used as default geolocation if private address filtering is disabled.

nevisadapt.proxy.host

  • Type or unit: String
  • Example: <forward-proxy-host>
  • Sets the host URL for the forward proxy, if required.

nevisadapt.proxy.port

  • Type or unit: Number
  • Example: 4321
  • Sets the port for the forward proxy, if required.

nevisadapt.suspiciousCountryCodeList

  • Type or unit: List of strings
  • Example: CH,HU,DE
  • Specifies a comma-separated list of suspicious countries.

nevisadapt.observation.timeframe.days

  • Type or unit: Number / days
  • Example: 365
  • Default: 60
  • Defines the time frame in days. For the calculation of the risk score, nevisAdapt will only consider context data observed within this time frame. Trusted observations cannot be deleted earlier.

nevisadapt.observation.cleanup.period.days

  • Type or unit: Number / days
  • Example: 1
  • Default: 1
  • Defines how long to keep the old observations in the database, in addition to the observation time frame. (info) The observation time frame is set in nevisadapt.observation.timeframe.days.

nevisadapt.observation.untrusted.timeframe.days

  • Type or unit: Number / days
  • Example: 1
  • Default: 60
  • Defines how long to keep data for untrusted sessions (incomplete login attempts). This cleanup period doesn't depend on nevisadapt.observation.timeframe.days, it can happen earlier.

nevisadapt.observation.cleanup.cron

  • Type or unit: String
  • Example: 0 0 2 3 **
  • Default: 0 0 3 ** *
  • Defines when the observation cleanup job should run. The syntax follows the cron expression rules, with seconds in the first position:<seconds> <minutes> <hours> <days> <months> <days of week>

nevisadapt.observation.cleanup.threshold

  • Type or unit: Number
  • Example: 120
  • Default: 100
  • Define the maximum number of records to be removed during a cleanup period.

nevisadapt.max.session.lifetime

  • Type or unit: Number / seconds
  • Example: 600
  • Default: 86400
  • Define the maximum duration of a new session.

nevisadapt.device.cookie.established.threshold

  • Type or unit: Number
  • Example: 3
  • Default: 3
  • Sets the "established" threshold (number) for the device cookie. The Device Recognition module must recognize the same device cookie at least this number of times before it considers the device cookie as "established" for a specific user.

nevisadapt.device.cookie.trained.threshold

  • Type or unit: Number
  • Example: 1
  • Default: 1
  • Sets the "trained" threshold (number) for the user. The Device Recognition module must have stored context data for this user at least this number of times before the module considers the user as "trained".

nevisadapt.module.device.cookie.disabled

  • Type or unit: Boolean
  • Example: false
  • Default: false
  • Flag to disable the Device Recognition module.

nevisadapt.module.device.cookie.mandatory

  • Type or unit: Boolean
  • Example: false
  • Default: false
  • Flag to make the Device Recognition module mandatory.

nevisadapt.module.fingerprint.mandatory

  • Type or unit: Boolean
  • Example: false
  • Default: false
  • Flag to make the Fingerprint module mandatory.

nevisadapt.module.fingerprint.disabled

  • Type or unit: Boolean
  • Example: false
  • Default: false
  • Flag to disable the Fingerprint module.

nevisadapt.fingerprint.established.threshold

  • Type or unit: Number
  • Example: 3
  • Default: 3
  • Sets the "established" threshold (number) for the device fingerprint. The Fingerprint module must recognize the same device fingerprint at least this number of times before it considers the device fingerprint as "established" for a specific user.

nevisadapt.fingerprint.trained.threshold

  • Type or unit: Number
  • Example: 1
  • Default: 1
  • Sets the "trained" threshold (number) for the user. The Fingerprint module must have stored context data for this user at least this number of times before the module considers the user as "trained".

nevisadapt.geolocation.established.threshold

  • Type or unit: Number
  • Example: 3
  • Default: 3
  • Sets the "established" threshold (number) for the geolocation. A user must send requests from the same country at least this number of times before the Geolocation module considers this country as "established" for this user.

nevisadapt.geolocation.trained.threshold

  • Type or unit: Number
  • Example: 1
  • Default: 1
  • Sets the "trained" threshold (number) for the user. The Geolocation module must have stored context data for this user at least so many times before the module considers the user as "trained".

nevisadapt.module.geolocation.disabled

  • Type or unit: Boolean
  • Example: false
  • Default: false
  • Flag to disable the Geolocation module.

nevisadapt.module.geolocation.mandatory

  • Type or unit: Boolean
  • Example: true
  • Default: false
  • Flag to make the Geolocation module mandatory.

nevisadapt.ip.established.threshold

  • Type or unit: Number
  • Example: 3
  • Default: 3
  • Sets the "established" threshold (number) for an IP address. A user must send requests from the same IP address at least this number of times before the Geolocation module considers this IP address as "established" for this user.

nevisadapt.ip.trained.threshold

  • Type or unit: Number
  • Example: 1
  • Default: 1
  • Sets the "trained" threshold (number) for an IP address. The Geolocation module must have stored context data for this IP address and user at least so many times before the module considers the user as "trained".

nevisadapt.ip.velocity.duration.threshold

  • Type or unit: Number
  • Example: 20
  • Default: 20
  • The duration (in hours) beyond which the IP location analyzer no longer calculates the velocity.

nevisadapt.ip.velocity.velocity.threshold

  • Type or unit: Number
  • Example: 800
  • Default: 800
  • The velocity threshold (in km/h) above which the request location is considered too far to be physically feasible to reach.

nevisadapt.module.device.cookie

  • Type or unit: Boolean
  • Example: true
  • Default: true
  • If set to false, nevisAdapt will not use Device Cookies.

nevisadapt.module.device.shared

  • Type or unit: Boolean
  • Example: true
  • Default: true
  • If set to false, nevisAdapt will not use Shared Device analyzer.

nevisadapt.module.fingerprint.browser

  • Type or unit: Boolean
  • Example: true
  • Default: true
  • If set to false, nevisAdapt will not use Browser Fingerprint analyzer.

nevisadapt.module.fingerprint.device

  • Type or unit: Boolean
  • Example: true
  • Default: true
  • If set to false, nevisAdapt will not use Device Fingerprint analyzer.

nevisadapt.module.geolocation.suspiciousCountry

  • Type or unit: Boolean
  • Example: true
  • Default: true
  • If set to false, nevisAdapt will not use Suspicious Country analyzer.

nevisadapt.module.geolocation.geoLocation

  • Type or unit: Boolean
  • Example: true
  • Default: true
  • If set to false, nevisAdapt will not use Geolocation analyzer.

nevisadapt.module.geolocation.ipAddress

  • Type or unit: Boolean
  • Example: true
  • Default: true
  • If set to false, nevisAdapt will not use IP Address analyzer.

nevisadapt.rememberme.token.lifetime.days

  • Type or unit: Number / days
  • Example: 60
  • Default: 30
  • Validity duration for a remember me token.

nevisadapt.remember.me.cookie.name

  • Type or unit: String
  • Example: REMEMBERME
  • Default: RM_COOKIE
  • The cookie name to check for remember me tokens.

sectoken.truststore

  • Type or unit: String
  • Example: /var/opt/neviskeybox/default/nevisadapt/truststore_sectoken.jks
  • Default: None
  • Path to the secure token verifier truststore.

sectoken.trustStorePassword

  • Example: sectoken
  • Default: None
  • Password for the secure token verifier truststore.

feedback.generation.key

  • Type or unit: String
  • Example: zXGaOkX2kboSbt5x3lBDWdVlxetIwPRlQ0slzGhtxvQ=
  • Default: None
  • Enter a 256-bit encryption key represented in Base64. If left empty, a default value will be generated in a consistent manner (it will be active again if the custom value is removed).

feedback.redirect.url

  • Type or unit: String
  • Example: https://www.nevis.net/en/
  • Default: None
  • Enter a URL to which the browser should redirect after the end user presses a distrust feedback link.

spring.datasource.url

  • Type or unit: String
  • Example: jdbc:oracle:thin:@server:port:sid
  • Default: None
  • Define the JDBC URL for the database. It can be either Oracle or MariaDB (MySQL).

spring.datasource.driver-class-name

  • Type or unit: String
  • Example: oracle.jdbc.OracleDriver
  • Default: None
  • Define the JDBC driver class name. It can be either oracle.jdbc.OracleDriver or org.mariadb.jdbc.Driver.

spring.datasource.username

  • Type or unit: String
  • Example: nevisadapt1
  • Default: None
  • Define the database username.

spring.datasource.password

  • Type or unit: String
  • Example: password1
  • Default: None
  • Define the database password.

flyway.edition

  • Type or unit: String
  • Example: community | pro | enterprise | teams
  • Default: community
  • Update the Flyway Edition only if a key is available.

flyway.licenseKey

  • Type or unit: String
  • Example: <hash>
  • Default: None
  • Set the license key if the edition is not community.