Skip to main content
Version: 8.2411.x.x RR

Properties shared among all nevisIDM authentication plug-ins

All nevisIDM authentication plug-ins share the same base, which is initialized when the very first nevisIDM state in the nevisAuth configuration is initialized. As a consequence, define these properties on the very first nevisIDM plug-in in your nevisAuth configuration, no matter which one of the nevisIDM plug-ins it is.

Class: all nevisIDM authentication plug-ins

Logging: IdmAuth

  • login.service.connection.0, ..., login.service.connection.9 (url, -)

    Defines the network connection to the nevisIDM 2.x SOAP login service. Connections are used in the indexed order for fail-safety. Load balancing and stateful target discarding are not supported at the time.

    Property is required by all nevisIDM plug-ins.

    Example: http://localhost:8989/nevisidm/services/v1/LoginService

    It is enough to configure only for one AuthState and reference the values using propertyRef in all other states.

  • admin.service.connection.0, ..., admin.service.connection.9 (url, -)

    Defines the network connection to the nevisIDM 2.x SOAP admin service. Connections are used in the indexed order for fail-safety. Load balancing and stateful target discarding are not supported at the time.

    Property is required by all nevisIDM plug-ins.

    Example: http://localhost:8989/nevisidm/services/v1/AdminService

    It is enough to configure only for one AuthState and reference the values using propertyRef in all other states.

  • idm.service.locator.version

    Valid values are V1 and V2. Default value is V2.

    Defines the service locator implementation version. The basic communication layer (service locator) is reimplemented to use the same technology as WS of IDM does. V1 refers to the original implementation (before IDM version 2.84.0), and V2 refers to the new implementation. V2 uses Apache CXF, circuit breaker failover and load balancer mechanism. If V2 does not work properly in your environment (for example, because of library collision), contact support, and use the original V1 version until the fixing.

  • poolingMode

    Valid values are failover and loadbalancing. Default value is failover).

    Defines the way nevisAuth uses the configured service backends. If the pooling mode is set to failover, all service calls are executed to the first configured backend. Only if this backend is not available, are the others used.

    If load balancing is configured, round robin distribution is performed with the configured backends.

    info

    The property is deprecated in the V2 implementation.

  • discardInterval (number of seconds, 10)

    Defines how long nevisAuth should wait before trying to reuse a back end that was marked as unavailable.

    info

    The property is deprecated in the V2 implementation.

  • retryDiscardedResources (boolean, false)

    If set to true and all resources are discarded, a retry will be attempted on each resource. If a resource is found to be OK but is currently marked as discarded, it will be re-enabled.

    info

    The property is deprecated in the V2 implementation.

  • idm.service.locator.login.service.failover.feature

    Valid values are CIRCUIT_BREAKER and LOAD_DISTRIBUTOR. Default value is CIRCUIT_BREAKER.

    In V2 locator version it is possible to choose the failover feature for IDM login service. The CIRCUIT_BREAKER provides connection stability by calling the same available endpoint unil a connection problem and it switches to the next. When it reaches the last configured connection it waits the configured timeout if the rounds reached the configured threshold. The LOAD_DISTRIBUTOR provides load balancing by calling the next configured connection for each service calls. Of cource when it reaches the last configured connection it continues with the first one.

    For more information, see https://cxf.apache.org/docs/failoverfeature.html

  • idm.service.locator.admin.service.failover.feature

    Valid values are CIRCUIT_BREAKER and LOAD_DISTRIBUTOR. Default value is CIRCUIT_BREAKER.

    The purpose is the same as in idm.service.locator.login.service.failover.feature, but for IDM admin service.

  • idm.service.locator.login.service.sequential.delay (milliseconds, 0)

    Both failover feature users sequential strategy that means the locator uses the configured connections sequentially. If it is needed to decrease load on IDM a delay can be configured between calls. By default this configuration is 0, there is no waiting when auth states call IDM login services.

  • idm.service.locator.admin.service.sequential.delay (milliseconds, 0)

    The purpose is the same as idm.service.locator.login.service.sequential.delay, but for IDM admin service.

  • idm.service.locator.login.service.circuit.breaker.timeout (milliseconds, 1000)

    In case of CIRCUIT_BREAKER failover feature a delay can be configured to use again the first configured login service connection when the threshold is reached.

  • idm.service.locator.admin.service.circuit.breaker.timeout (milliseconds, 1000)

    The purpose is the same as idm.service.locator.login.service.circuit.breaker.timeout, but for IDM admin service.

  • idm.service.locator.login.service.circuit.breaker.threshold (int, 3)

    In case of CIRCUIT_BREAKER failover feature threshold can be configured after how many cycles on configured login connections need to wait a bit to do not beat IDM with more new request on high load.

  • idm.service.locator.admin.service.circuit.breaker.threshold (int, 3)

    The purpose is the same as idm.service.locator.login.service.circuit.breaker.threshold, but for IDM admin service.

Soap based HttpClient configuration

  • httpclient.tls.trustStoreRef

  • httpclient.tls.keyObjectRef

  • httpclient.tls.hostnameVerification

    info

    HttpClient properties work the same as described here, however the nevisIdm AuthState uses a JAX-WS soap client via CXF. So only the configuration options specified above are applicable.