PingIDM 8.0.0

Jetty configuration properties

In IDM 8.0, jetty.xml is no longer supported.

When serving SSL requests, Jetty 12.0.16 checks that the incoming host header matches the server certificate’s subject and will return a 400 Bad Request error on a mismatch. If you’re upgrading to IDM 8.0, you must ensure your IDM server certificate subject matches the host name used by your deployment.

Learn more in Jetty 12.0.16 support.

The configuration for PingIDM’s embedded Jetty web server includes a webserver.json and a webserver.listener-*.json.

By default, the Jetty web server uses the HTTP, SSL, and Mutual Authentication ports defined in IDM.

The default settings are intended for evaluation only. Adjust them according to your production requirements.

Jetty property reference

webserver.json reference
Field Description Default value

maxThreads

The maximum number of threads used to handle requests.

200

gzip

Contains the settings for the global Gzip compression handler.

gzip/enabled

Toggles the Gzip compression handler on or off.

false

gzip/minGzipSize

The minimum response size in bytes required to enable compression of the response.

2048

gzip/inflateBufferSize

The size in bytes of the buffer used to inflate compressed requests.

0

gzip/syncFlush

Toggles the usage of the SYNC_FLUSH mode when compressing responses.

false

gzip/includedMethods

The allow list of HTTP methods that compression will be applied to.

gzip/excludedMethods

The block list of HTTP methods that compression will not be applied to.
webserver.listener-*.json properties
Field Description Default value

enabled

Toggles the listener on or off.

false

port

The port to listen to.

8080

secure

Toggles the use of TLS on or off.

false

mutualAuth

Toggles the use of mTLS on or off. Does nothing if secure is false.

false

sslCertAlias

The key alias IDM uses when choosing the certificate to present for HTTPS connections.

openidm-localhost

includedProtocols

The allow-list of acceptable TLS protocols.

TLSv1.3,TLSv1.2

excludedProtocols

The block-list of non-acceptable TLS protocols.

includedCiphers

The allow-list of acceptable TLS ciphers.

TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

excludedCiphers

The block-list of non-acceptable TLS ciphers.

acceptorThreads

The number of threads used to accept TCP socket connections. Learn more in Jetty’s description of acceptor threads.

1

selectorThreads

The number of threads used to manage the set of accepted TCP sockets. Learn more in Jetty’s description of selector threads.

5

timeout

The amount of time to wait in milliseconds before closing a connection if no data has been sent or received.

30000

outputBufferSize

The maximum size in bytes of a server response buffer.

32768

inputBufferSize

The maximum size in bytes of the client request buffer.

8192

headerBufferSize

The maximum size in bytes of the response and request header buffers.

16384

proxyLoadBalancerConnection

Toggles the handling of proxied requests. Enable this property when running IDM behind a proxy or load balancer.

false

Jetty thread settings and Gzip compression

To change the Jetty thread pool and Gzip compression settings, make changes to your project’s conf/webserver.json file:

{
  "maxThreads": {
    "$int": "&{openidm.webserver.max.threads|&{org.ops4j.pax.web.server.maxThreads|200}}"
  }
}