PingIDM 8.0.0

Server configuration

This chapter describes how IDM loads and stores its configuration, and how to modify it.

The configuration is a combination of .properties files, container configuration files, and dynamic configuration objects. Most of the configuration files are stored in your project’s conf/ directory.

Configuration objects

IDM exposes internal configuration objects in JSON format. Configuration elements can be either single instance or multiple instance for an IDM installation.

Single instance configuration objects

Single instance configuration objects correspond to services that have at most one instance per installation. JSON file views of these configuration objects are named object-name.json.

If you create custom configuration files, do not use spaces or special characters in the filenames, in accordance with the OSGi specification.

The following list describes the single instance configuration objects:

audit

Specifies how to log audit events.
authentication

Controls REST access.
cluster

Defines a clustered IDM instance.
endpoint

Controls custom REST endpoints.
managed

Defines managed objects and their schemas.
policy

Defines the policy validation service.
process-access

Defines access to configured workflows.
repo.repo-type

Defines the IDM repository; for example, repo.ds or repo.jdbc.
router

Specifies filters to apply for specific operations.
script

Defines the parameters that are used when compiling, debugging, and running JavaScript and Groovy scripts.
sync

Defines the mappings that IDM uses when it synchronizes and reconciles managed objects.
ui

Defines the configurable aspects of the default user interfaces.
workflow

Defines the configuration of the workflow engine.

Multiple instance configuration objects

Multiple instance configuration objects correspond to services that can have many instances per installation. Multiple instance configuration objects are named objectname/instancename; for example, provisioner.openicf/csvfile. JSON file views of these configuration objects are named objectname-instancename.json, for example, provisioner.openicf-csvfile.json.

IDM provides the following multiple instance configuration objects:

  • Multiple schedule configurations can run reconciliations and other tasks on different schedules.

  • Multiple provisioner.openicf configurations correspond to connected resources.

  • Multiple servletfilter configurations can be used for different servlet filters, such as the Cross Origin and GZip filters.

    You can order servlet filters by specifying the order property in the servlet filter configuration. The default order is 0, which is assigned to all servlet filters and results in a non-deterministic loading order.

    An order property of 0 has the highest priority.

    You can add the order property to any of the three IDM servlet filters. The following sample configuration shows how you can add an order property of 1 to servletfilter-payload.json, which prioritizes this filter after servletfilter-cors and servletfilter-upload with an order property of 0:

    {
    "classPathURLs" : [ ],
    "systemProperties" : { },
    "requestAttributes" : { },
    "scriptExtensions" : { },
    "initParams" : {
        "maxRequestSizeInMegabytes" : 5
    },
    "urlPatterns" : [
        "&{openidm.servlet.alias}/*"
    ],
    "filterClass" : "org.forgerock.openidm.jetty.LargePayloadServletFilter",
    "order" : 1
}