PingAM 8.0.0

UMA configuration reference

This topic provides reference information for UMA global settings and UMA datastore settings. See the general Reference for reference information on global services.

  • To configure UMA global settings, go to Configure > Global Settings > UMA Provider.

    For more information, see UMA provider.

  • To configure UMA datastore settings:

    • Go to Configure > Server Defaults > UMA to configure the settings for all your servers.

    • Go to Deployment > Servers > Server Name > UMA to configure the settings for one server.

      For more information, see UMA properties.

UMA properties

UMA server settings are inherited by default.

UMA resource store

The following settings appear on the UMA Resource Store tab:

Store Mode

Specifies the datastore where AM stores UMA tokens. Possible values are:

  • Default Token Store: AM stores UMA tokens in the configuration datastore.

  • External Token Store: AM stores UMA tokens in an external datastore.

Root Suffix

Specifies the base DN for storage information in LDAP format, such as dc=uma-resources,dc=example,dc=com.

Max Connections

Specifies the maximum number of connections to the datastore.

External UMA resource store configuration

AM honors the following properties when External Token Store is selected under the Resource Sets Store tab:

SSL/TLS Enabled

When enabled, AM uses SSL or TLS to connect to the external datastore. Make sure AM trusts the datastore’s certificate when using this option.

Connection String(s)

An ordered list of connection strings for external datastores. The format is HOST:PORT[|SERVERID[|SITEID]], where HOST:PORT specify the FQDN and port of the datastore, and SERVERID and SITEID are optional parameters that let you prioritize the particular connection when used by the specified node(s).

Multiple connection strings must be comma-separated, for example, uma-ldap1.example.com:389|1|1, uma-ldap2.example.com:389|2|1.

You can find more syntax examples in the entry for Connection String(s) in CTS properties.

Login Id

The username AM uses to authenticate to the datastore. For example, uid=am-uma-bind-account,ou=admins,dc=uma,dc=example,dc=com. This user must be able to read and write to the root suffix of the datastore.

Password

The password associated with the login ID property.

Heartbeat

The time period, in seconds, that AM should send a heartbeat request to the datastore to ensure that the connection does not remain idle.

Default: 10

UMA audit store

The following settings appear on the UMA Audit Store tab:

Store Mode

Specifies the datastore where AM stores audit information generated when users access UMA resources. Possible values are:

  • Default Token Store: AM stores UMA audit information in the configuration datastore.

  • External Token Store: AM stores UMA audit information in an external datastore.

Root Suffix

Specifies the base DN for storage information in LDAP format, such as dc=uma-audit,dc=example,dc=com.

Max Connections

Specifies the maximum number of connections to the datastore.

External UMA audit store configuration

AM honors the following properties when External Token Store is selected under the UMA Audit Store tab:

SSL/TLS Enabled

When enabled, AM uses SSL or TLS to connect to the external datastore. Make sure AM trusts the datastore’s certificate when using this option.

Connection String(s)

An ordered list of connection strings for external datastores. The format is HOST:PORT[|SERVERID[|SITEID]], where HOST:PORT specify the FQDN and port of the datastore, and SERVERID and SITEID are optional parameters that let you prioritize the particular connection when used by the specified node(s).

Multiple connection strings must be comma-separated, for example, uma-ldap1.example.com:389|1|1, uma-ldap2.example.com:389|2|1.

You can find more syntax examples in the entry for Connection String(s) in CTS properties.

Login Id

The username AM uses to authenticate to the datastore. For example, uid=am-uma-bind-account,ou=admins,dc=uma,dc=example,dc=com. This user must be able to read and write to the root suffix of the datastore.

Password

The password associated with the login ID property.

Heartbeat

The time period, in seconds, that AM should send a heartbeat request to the datastore to ensure that the connection does not remain idle.

Default: 10

Pending requests store

The following settings appear on the Pending Requests Store tab:

Store Mode

Specifies the datastore where AM stores pending requests to UMA resources. Possible values are:

  • Default Token Store: AM stores UMA pending requests in the configuration datastore.

  • External Token Store: AM stores UMA pending requests in an external datastore.

Root Suffix

Specifies the base DN for storage information in LDAP format, such as dc=uma-pending,dc=example,dc=com.

Max Connections

Specifies the maximum number of connections to the datastore.

External pending requests store configuration

AM honors the following properties when External Token Store is selected under the Pending Requests Store tab:

SSL/TLS Enabled

When enabled, AM uses SSL or TLS to connect to the external datastore. Make sure AM trusts the datastore’s certificate when using this option.

Connection String(s)

An ordered list of connection strings for external datastores. The format is HOST:PORT[|SERVERID[|SITEID]], where HOST:PORT specify the FQDN and port of the datastore, and SERVERID and SITEID are optional parameters that let you prioritize the particular connection when used by the specified node(s).

Multiple connection strings must be comma-separated, for example, uma-ldap1.example.com:389|1|1, uma-ldap2.example.com:389|2|1.

You can find more syntax examples in the entry for Connection String(s) in CTS properties.

Login Id

The username AM uses to authenticate to the datastore. For example, uid=am-uma-bind-account,ou=admins,dc=uma,dc=example,dc=com. This user must be able to read and write to the root suffix of the datastore.

Password

The password associated with the login ID property.

Heartbeat

The time period, in seconds, that AM should send a heartbeat request to the datastore to ensure that the connection does not remain idle.

Default: 10

UMA resource labels store

The following settings appear on the UMA Resource Labels Store tab:

Store Mode

Specifies the datastore where AM stores user-created labels used for organizing UMA resources. Possible values are:

  • Default Token Store: AM stores user-created labels in the configuration datastore.

  • External Token Store: AM stores user-created labels in an external datastore.

Root Suffix

Specifies the base DN for storage information in LDAP format, such as dc=uma-resources-labels,dc=example,dc=com.

Max Connections

Specifies the maximum number of connections to the datastore.

External UMA resource labels store configuration

AM honors the following properties when External Token Store is selected under the UMA Resource Labels Store tab.

SSL/TLS Enabled

When enabled, AM uses SSL or TLS to connect to the external datastore. Make sure AM trusts the datastore’s certificate when using this option.

Connection String(s)

An ordered list of connection strings for external datastores. The format is HOST:PORT[|SERVERID[|SITEID]], where HOST:PORT specify the FQDN and port of the datastore, and SERVERID and SITEID are optional parameters that let you prioritize the particular connection when used by the specified node(s).

Multiple connection strings must be comma-separated, for example, uma-ldap1.example.com:389|1|1, uma-ldap2.example.com:389|2|1.

You can find more syntax examples in the entry for Connection String(s) in CTS properties.

Login Id

The username AM uses to authenticate to the datastore. For example, uid=am-uma-bind-account,ou=admins,dc=uma,dc=example,dc=com. This user must be able to read and write to the root suffix of the datastore.

Password

The password associated with the login ID property.

Heartbeat

The time period, in seconds, that AM should send a heartbeat request to the datastore to ensure that the connection does not remain idle.

Default: 10