Platform Properties
This section describes the different properties that you can use in the STR to configure the Platform.
Property | Description |
---|---|
auth.oidc.rp.client.id | Default value: Client ID provided by Identity Provider. If it is not present, the SSO functionality is disabled. |
auth.oidc.rp.provider.url | Default value: Provide the Base URL to the associated Identity Provider. Read access is required for the /.well-known/openid-configuration file to acquire the relevant Provider Configurations. |
auth.oidc.rp.provider.name | Default value: The name of the provider needs to be Azure if it is used and groups are returned as uids. |
auth.oidc.rp.groupPath | Default value "roles" Path in ID Token or UserInfo object to find an array of users Access groups as defined by the Access Controller, separated with a dot (.). |
auth.oidc.rp.auth.method | Default value: "CLIENT_SECRET_BASIC" Available authentication methods are CLIENT_SECRET_BASIC and PRIVATE_KEY_JWT |
auth.oidc.rp.client.secret | Default value: This is mandatory when CLIENT_SECRET_BASIC is used as an authentication method. This property sets the relevant Client Secret. |
auth.oidc.rp.auth.jwt.keystorePath | Default value: Path to JKS keystore when PRIVATE_KEY_JWT is used |
auth.oidc.rp.auth.jwt.alias | Default value: Alias for key in keystore when PRIVATE_KEY_JWT is used |
auth.oidc.rp.auth.jwt.keystorePassword | Default value: Keystore password when PRIVATE_KEY_JWT is used, needs to be Encrypted by MediationZone. |
auth.oidc.rp.auth.jwt.keyPassword | Default value: "" Key password when PRIVATE_KEY_JWT is used, needs to be Encrypted by MediationZone. |
auth.oidc.rp.scopes | Default value: "" Optional additional scopes. Default scopes are openid, profile, and email. |
auth.oidc.rp.claims.username | Default value: "" Claim to use as the user name, if not specify sub will be used. This value should be unique. |
auth.oidc.rp.auth.jwt.keyId | Default value: "" Optional Key ID for JWT header when PRIVATE_KEY_JWT is used |
auth.oidc.rp.group.syncDisabled | Default value false. When the value is set to true, the group synchronization from the Identity Provider is disabled, and the groups are set manually on each SSO User. |
auth.oidc.rp.group.default | Default value "" When Group Sync is disabled, the value of this property will be assigned to the user's default group when the user logs in for the first time. |
auth.oidc.rp.multigroupsync.defaultGroup | Default value "" This property assigns a default group to the user who is a member of multiple groups when the user logs in for the first time. It takes effect only when the group synchronization is enabled. The default group can be changed after logging in and must be one of the member groups. Changes made to the default group after logging in will persist in the next login. |
auth.oidc.rp.auth.debug | Default value false. Set this to true during the implementation of SSO Access to get more information. |
cts.source.systems | This parameter (of type list) is valid only for integrations with SAP CTS+. It enables you to restrict the source systems from which exports (regular configuration and Workflow Package)can originate. If the parameter is left empty, exports from any system will be allowed. Things to note:
Example - System Parameter use cts.source.systems ="dev1,test,staging" |
mail.smtp.ssl.protocols | Default value: "TLSv1.2" Specifies the SSL protocols that will be enabled for SSL connections. The property value is a whitespace separated list of tokens, with possible values "TLSv1, TLSv1.1, TLSv1.2, TLSv1.3". |
mz.codeserver.saveStateInterval | Default value: Whenever an update to the Codeserver state is made, such as when saving a workflow with a change in its APL code, the Codeserver state will have to be saved. Using this property allows you to set the minimum interval (in seconds)for how often the Codeserver saves its state to the disk. |
mz.crypto.hash.algorithm | Default value: SHA-256 This property is to use the crypto algorithm for hashing data, for example, files. |
mz.crypto.key.crypt | Default value: AES This property is to use the crypto algorithm to encrypt and decrypt sensitive data within communications, for example, passwords. The value can be set to AES/GCM/NoPadding for a higher level of security. Note! If you have set the value to AES/GCM/NoPadding, and you try to decrypt data, and it does not succeed on the first attempt, the property value reverts to AES. |
mz.crypto.key.stream | Default value: PBKDF2WithHmacSHA256 This property is to encrypt configurations when you have a user password for the encryption. The value can be set to PBEWithMD5AndDES. Note! If the decryption fails when using the selected algorithm, it will try to use the other algorithm. |
mz.cryptoservice.keystore.path | Default value: This property specifies the full path to the crypto service keystore file. This keystore file is used for encrypting/decrypting passwords with specific keys stored in the keystore, and needs to be of JCEKS type. See the JDK product documentation for further information about using keytool in different scenarios. See also the sections describing the |
mz.cryptoservice.keystore.password | Default value: This property specifies the password for the crypto service keystore file specified by the mz.cryptoservice.keystore.path property. This keystore is used for encrypting/decrypting passwords with specific keys stored in the keystore. See the sections describing the mzsh encryptpassword in the Command Line Tool Reference Guide for further information. |
mz.database.profile.validation.skip | Default value: Set this property to |
mz.desktop.accelerators | Default value: Set this property with the default value to set your own key bindings. You require to unpack a properties file from |
mz.dynamicconnections | Default value: This property specifies if the pico instances for Desktop, mzsh, and Service Contexts must be registered on pico hosts for access:
|
mz.httpd.security.disabled.cipher | Default value: " This property allows you to use regex to manually disable the Java security cipher suite when using any picos to connect to the Platform with SSL enabled. This property is used when the Platform uses a different Java version than the rest of the picos. As there may be differences in the security ciphers between versions, the property aims to disable these ciphers to allow the picos to communicate with the Platform. |
mz.javac.source | Default value: |
mz.license.file | Default value: This property specifies the directory that contains the installation license file, i.e. |
mz.mailserver | Default value: This property specifies the name or IP address of the mail server to be used for event generated e-mails. |
mz.mailserver.auth | Default value: Enables SMTP authentication. |
mz.mailserver.auth.user | Default value: Set the SMTP user to be used for login when having enabled SMTP authentication with the |
mz.mailserver.auth.enabled | Default value: Set this property to true if you want to enable SMTP authentication. If set to |
mz.mailserver.host | Default value: This property specifies the name or IP address of the mail server to be used for event generated e-mails. |
mz.mailserver.auth.password | Default value: Set the encrypted password to be used for the SMTP user stated in the To encrypt the password, use the |
mz.mailserver.port | Default value: Use this property to configure which port you want to used for sending event generated e-mails. When the |
mz.notifier.mailfrom | Default value: This property specifies the sending e-mail address to be used for event generated e-mails. You must enter an e-mail address for an event notification to be sent by e-mail. |
mz.picostorage.usecache | Default value: This property enables the cache during a system import. |
mz.platform.extref.ttl | Default value: 5 Use this property to configure a cache for the external references by entering the number of seconds you want the cache to live. If you require to disable the cache, for example in a development enviroment, set the value to 0. |
mz.platform.s3.extref.ttl | Default value: 5 Use this property to configure a cache for the external references stored on an S3 Container by entering the number of seconds you want the cache to live. This will only work when you have S3 Properties File selected in your external reference profile. If you require to disable the cache, for example in a development environment, set the value to 0. |
mz.platform.wf.max.concurrent.starts | This property decides how many workflows that can start loading at the same time. No limit is set for actual running workflows. |
mz.platform.wf.threadpool | Default value: 10 This is a platform property that controls the number of threads used for the thread pool used by the workflow and group servers. If you have a very large batch system with a lot of scheduling and workflows that are starting and stopping frequently, this property might need to be increased to get more threads. |
mz.security.user.restricted.login | Default value: false Use this property to restrict user login to one instance for each interface type, i e Desktop and Command Line Tool mzsh. |
mz.servicehost.port.range | This property determines the port range used by services. The system will bind to ports in the provided ranges. The values must not overlap with the ports used by SCs that are running on the same host. |
mz.servicehost.natures | This property contains one or more service specific identifiers that sets behaviors, that are required by services that run on the Platform. |
mz.statistics.collect.all | Default value: |
mz.statistics.collect.pico | Default value: |
mz.statistics.collect.workflow | Default value: |
mz.subfolder.enabled | Default value: false This property determines if the |
mz.subfolder.separator | Default value: This property determines the separator you can use when naming folders in the Desktop so that the |
mz.systemlog.maxresults | Default value: This property determines the maximum number of search results when you run a search in the System Log. |
mz.ultra.bitfield.codec | Default value: "false" This property selects the implementation that is to be used for ultra bit_block. If set to “true”, the newly selected implementation will be used. Values that are not set using this property will use the old implementation. |
mz.ultra.xml.handle_as_string | Default value: "" If you want to set any XML data type to be converted into string, you must set the value of this property to the data type you intend to convert. For example, if you wish to have all decimal data type be handled as string, set the value of this property to For further information on XML schema support, see https://infozone.atlassian.net/wiki/x/WSY0D |
mz.ultra.xml.restrictions | Default value: off If you want to use XML union element type, you must enable this property |
mz.use.date.timezone | Default value: Setting this property to In most cases, the property should be set in the pico configuration of ECs . However, in case of audit processing, the property should also be set in the pico configuration of the Platform. Note that if the |
mz.user.emergency.unlock | Default value: Setting this property with an encrypted password will change the mzadmin password at platform startup. For information about how to reset the mzadmin password, see https://infozone.atlassian.net/wiki/x/AqsyD |
mz.use.prefixfilter | Default value: If you add this property with the value |
mz.webserver.host | Default value: Taken from the common property This is the host IP address or hostname used to communicate with the Platform Web Interface. |
mz.webserver.port | Default value: This is the port used to communicate with the Platform Web Interface. |
mz.osgi.bootdelegation.ext | Default value: This property adds extra value to Felix Osgi boot delegation. |
pico.rcp.codeserver.deregister.timeout | Default value: This property specifies the time (in seconds) to wait before de-registering an unreachable EC from the Platform. Once de-registered, another EC can be brought up to replace it. An EC is considered to be unreachable when the last known state was that it was running, but has since lost contact with the Platform. |
pico.rcp.tls.keystore | Default value: Set this property to enable the system to use TLS for all RCP connections that are not from the local host. If this property is not set, TLS will not be used at all. |
pico.tmpdir | Default value: This property specifies the pico temp directory you want the Platform to use. |
snmp.trap.format.b | Default value: Add this property and set it to true if you want to activate the new format for SNMP events corresponding to the latest MIB definitions. If this property is not included, or if it is set to false, the previous invalid format will apply, which may be useful for backwards compatibility reasons. |
Enhanced User Security Platform Properties
The properties below are applicable when the property mz.security.user.control.enabled
is set to true
in the Platform:
Property | Description |
---|---|
mz.security.user.control.enabled | Default value: This property enables or disables enhanced user security. If set to All users are required to change the password during their first login after this property has set to |
mz.security.max.password.age.enabled | Default value: Enables or disables the password expiration check. If the |
mz.security.max.password.age.admin | Default value: This property specifies the maximum password age for administrator users in days. Please refer |
mz.security.max.password.age.user | Default value: This property specifies the maximum password age for users in days. Please refer |
mz.security.max.password.history | Default value: This property specifies how many passwords back that are required to be unique before reusing an old password. |
mz.security.user.control.password.numcaps.count | Default value: The minimum number of upper case characters or number of numerical characters, in a password. |
mz.security.user.control.password.numcaps.message | Default value: The password needs at least one capital letter or a number in it. The message to be displayed for the user when they have not met the condition for the minimum number of upper case or numerical characters in the password. |
mz.security.user.control.password.numcaps.pattern | Default value: The pattern of the permitted values in regular expression. The password will be matched to the pattern to determine if the condition is met. |
mz.security.user.control.password.length.count | Default value: The minimum total number of characters in a password. |
mz.security.user.control.password.length.message | Default value: The message to be displayed for the user when they have not met the condition for the minimum length of the password. |
mz.security.user.control.password.lowercase.count | Default value: The minimum total number of lowercase characters in a password. |
mz.security.user.control.password.uppercase.count | Default value: The minimum total number of uppercase characters in a password. |
mz.security.user.control.password.number.count | Default value: The minimum total number of numeric characters in a password. |
mz.security.user.control.password.special.count | Default value: The minimum number of special characters, in a password. |
mz.security.user.control.password.special.message | Default value: The message to be displayed for the user when they have not met the condition for the minimum number of special characters in the password. |
mz.security.user.control.password.special.pattern | Default value: The pattern of the permitted values in regular expression. The password will be matched to the pattern to determine if the condition is met. |
mz.security.user.control.password.repetition.message | Default value: The message to be displayed for the user when they have not met the condition for the password having the least amount of multiple repeated characters in a sequence. |
mz.security.user.control.password.username.message | Default value: The message to be displayed for the user when they have the username contained within the password. |
mz.security.user.control.password.history.message | Default value: The password may not be a recently used password. The message to be displayed for the user when they are reusing a password that they have used before. |
mz.security.user.control.password.extra.count | Default value: The minimum number of characters for the extra user policy. |
mz.security.user.control.password.extra.message | Default value: The message to be displayed for the user when they did not meet the requirements of the extra user policy. |
mz.security.user.control.password.extra.pattern | Default value: The pattern of the permitted values. The password will be matched to the pattern to determine if the condition is met. |
mz.security.user.control.password.extra.type | Default value: The type that determines what the extra pattern will be. The value of this property can be set to regexp or none. Setting it to regexp ensures that the pattern has to conform to regular expressions. |
mz.user.account.change.password.limit | Default value: false Setting this property to This property does not restrict users from the Administrator Group. |
mz.user.account.inactivity | Default value: false Setting this property to |