PingIDM 8.0.0

Embedded Jetty configuration

In IDM 8.0, jetty.xml is no longer supported.

When serving SSL requests, Jetty 12.0.16 checks that the incoming host header matches the server certificate’s subject and will return a 400 Bad Request error on a mismatch. If you’re upgrading to IDM 8.0, you must ensure your IDM server certificate subject matches the host name used by your deployment.

Learn more in Jetty 12.0.16 support.

PingIDM includes an embedded Jetty web server. The Jetty web server configuration is included in IDM’s configuration service, allowing for Jetty properties to be modified at runtime. The configuration includes:

  • A webserver.json that contains the global Jetty settings

  • A webserver.listener-*.json that configures a Jetty connector to listen on a specific port

    At least one webserver.listener-*.json must be defined and enabled for Jetty to start.

    Learn more about the configuration properties for webserver.json and webserver.listener-*.json in Jetty configuration properties.

Jetty key store and trust store

Jetty depends on IDM to supply the mainKeyStore and mainTrustStore configured in secrets.json. If the mainTrustStore is not defined, the mainKeyStore is used as Jetty’s trust store.

Understanding Jetty configuration and Apache Felix

IDM runs in the Apache Felix framework, which allows the Jetty configuration to be specified and managed through OSGI components. If there is a change to the Jetty configuration in webserver.json, Apache Felix rebuilds the Jetty instance.

Learn more about OSGI and Apache Felix in the Architectural overview.

Changes to webserver.listener-*.json files don’t cause Jetty to restart. Only the Jetty connector configured by the changed file is restarted or removed if the file is deleted or disabled.