Versions Compared

Old Version 38

changes.mady.by.user Stonebranch

Saved on

compared with

New Version 39

changes.mady.by.user Stonebranch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Panel
Table of Contents
maxlevel2

...

Note
titleNote

Properties for Universal Message Service (OMS) are installed as configuration file options when OMS is installed as a component of Universal Agent. The values for these options are set during the installation. There are several configuration methods available for changing these values.

...

Note
titleNote

The backslash character in a property value must be escaped as a double backslash.

For example:

example.path=c:\\stonebranch\\uc


Property Name

Description

Default

For MySQL:




Panel
uc.db.mysql.character_encoding


Allows the retrieval of output with extended unicode characters. If the property is not set, character encoding will not be used in the JDBC URL.
 
Examples:

Panel
uc.db.mysql.character_encoding=US-ASCII
uc.db.mysql.character_encoding=Cp1252
uc.db.mysql.character_encoding=UTF-8




Panel
uc.db.rdbms=mysql


Database type. Specify this property if you are using a MySQL database.



Panel
uc.db.url=jdbc:mysql://localhost/


JDBC connect URL. Specify this property if you are using a MySQL database.


For SQLServer




Panel
uc.db.rdbms=sqlserver


Database type. Specify this property if you are using a SQLServer database.



Panel
uc.db.url=jdbc:sqlserver:
//localhost:1433;DatabaseName=uc


JDBC connect URL. Specify this property if you are using a SQLServer database.


For Oracle




Panel
uc.db.rdbms=oracle


Database type. Specify this property if you are using an Oracle database.



Panel
uc.db.url=jdbc:oracle:thin:@
//localhost:1521/@oracle.db.name@


JDBC connect URL. Specify this property if you are using an Oracle database.


For All Databases




Panel
uc.db.name



Warning
titleIMPORTANT

If you specify a database name in this property and in uc.db.url, the names must be the same.

Name for the Controller database.

uc


Panel
uc.db.password


Database password that will be replaced by uc.db.password.encrypted in the uc.properties file upon start-up.

(none)


Panel
uc.db.password.encrypted


Encrypted version of uc.db.password that will replace uc.db.password in the uc.properties file upon start-up.

(none)


Panel
 uc.db.pooler.connections


Sets the minimum number of idle connections to maintain in the Server connection pool, or zero to create none.
 
The Server connection pool is used by all internal database transactions.

1


Panel
uc.db.pooler.connections.Client


Sets the minimum number of idle connections to maintain in the Client connection pool, or zero to create none.
 
The Client connection pool is used by all user interface related database transactions.

1


Panel
uc.db.pooler.connections.max


Sets the maximum number of connections that can be allocated by the Server connection pool at a given time.
 
The Server connection pool is used by all internal database transactions.
 

Note
titleNote

The installer overrides the default by configuring a maximum number of 40 in the uc.properties file.


30


Panel
uc.db.pooler.connections.max.Client


Sets the maximum number of connections that can be allocated by the Client connection pool at a given time.
 
The Client connection pool is used by all user interface related database transactions.

30


Panel
uc.db.pooler.connections.max.Reserved


Sets the maximum number of connections that can be allocated by the Reserved connection pool at a given time.
 
The Reserved connection pool is used by all critical internal database transactions.

30


Panel
uc.db.pooler.connections.Reserved


Sets the minimum number of idle connections to maintain in the Reserved connection pool, or zero to create none.
 
The Reserved connection pool is used by all critical internal database transactions.

1


Panel
uc.db.url.append.properties


Allows additional options to be appended to the JDBC URL generated by Universal Controller.
 
Example:
 

Panel


Html bobswift
<pre>
uc.db.url.append.properties=&verifyServerCertificate=false&useSSL=true
</pre>




(none)


Panel
uc.db.user


Login ID that the Controller will use to log in to your database.

root

For LDAP:



Anchor
uc.ldap.groups.filter_indirect
uc.ldap.groups.filter_indirect

Panel
uc.ldap.groups.filter_indirect


When this property is set to true, any Groups synchronized indirectly (that is, through a User's memberOf attribute) will honor the Group search filter and Group OU filters under the LDAP Advanced Settings section.
 

Note
titleNote

The code default for this property, which is used if this property is not set, is false.


true


Panel
uc.ldap.groups.single_parent_per_child



Warning
titleIMPORTANT

This property should be set to true only if your Groups being synchronized from AD have at most one parent Group.

When synchronizing Groups, the default behavior in the Controller is to copy the members of a Sub Group into the Parent Group.
 
When this property is set to true, the Controller assumes that each Group has, at most, a single Parent Group and will use the Parent field on the Group definition to maintain the hierarchy instead of copying members.

false

Anchor
uc.ldap.groups.update_members
uc.ldap.groups.update_members

Panel
uc.ldap.groups.update_members



Warning
titleIMPORTANT

This property should be set to false only when synchronizing Groups from AD, and the number of values for the member attribute exceeds the MaxValRange LDAP policy (and the MaxValRange cannot be increased).

When synchronizing Groups, the default behavior in the Controller is to use the multi-valued member attribute to update the members for a Group; however, AD limits the number of values returned for an attribute, which can result in Group members being removed unexpectedly. This limit is determined by the MaxValRange LDAP policy (typically 1,500).
 
When this property is set to false, the Controller will not use the member attribute values to update members when synchronizing Groups from AD. Group membership will continue to be updated based on the memberOf attribute values when synchronizing Users from AD.

true

Anchor
uc.ldap.users.synchronize_by_range
uc.ldap.users.synchronize_by_range

Panel
uc.ldap.users.synchronize_by_range



Warning
titleIMPORTANT

This property should be set to false only if your LDAP server supports paged results.

 
When synchronizing Users, the default behaviour in the Controller is to search based on ranges, using a filter like (&(uid>=a)(uid<=b)). To use the <= or >= operators in a filter, an ordering rule must be defined for the attribute in the LDAP schema.
 
OpenLDAP's schema does not define an ordering rule for the User Id Attribute (for example, uid), so searches using filters like the above do not return any results.
 
When this property is set to false, the Controller will not search based on ranges when synchronizing Users.

true

Anchor
uc.ldap.users.synchronize_indirect
uc.ldap.users.synchronize_indirect

Panel
uc.ldap.users.synchronize_indirect



Warning
titleIMPORTANT

This property should be set to true only if your LDAP server does not support the User Membership Attribute (for example, memberOf).

Synchronizes LDAP users indirectly based on group membership. This only applies to groups that users are direct members of.
 
When this property is set to true, the following will apply for the LDAP refresh (scheduled and server operations):

  • Users will not be synchronized directly based on the User Filter and User Target OU List.
  • Groups will continue to be synchronized directly based on the Group Filter and Group Target OU List.
  • For each matching group, the Group Member Attribute (for example, member) will be used to synchronize users matching the User Filter and User Target OU List
Note
titleNote

The uc.ldap.groups.update_members property will be ignored when indirect user synchronization is enabled.


Note
titleNote

There is currently no support for nested groups if the User Membership Attribute is not supported by the LDAP server.


false

Anchor
uc.ldap.users.update_memberships_on_login
uc.ldap.users.update_memberships_on_login

Panel
uc.ldap.users.update_memberships_on_login



Warning
titleIMPORTANT

This property should not be set to true if group membership for users is static, since there is extra overhead to process the groups, which may impact login performance.

When this property is set to true, LDAP group memberships for existing LDAP users are updated upon successful login.

Note
titleNote

When dynamically creating a new LDAP user at login, the user will be added only to groups that it is a direct member of. Likewise, when updating an existing LDAP user at login, the user will be removed from any groups that it is not a direct member of. Therefore, it is not recommended that you enable this property if a group hierarchy exists, since the user will be removed from any parent groups when logging in. (Group membership for the parent groups will be restored the next time the LDAP refresh runs; however, this can take up to 24 hours.)


false

For Single Sign-On:



Anchor
saml.log.level
saml.log.level

Panel
saml.log.level


Configures the log level for the SAML framework: ALL, TRACE, DEBUG, INFO, WARN, or ERROR.

INFO

Anchor
saml.maxAuthenticationAge
saml.maxAuthenticationAge

Panel
saml.maxAuthenticationAge


Specifies how long, in seconds, users can single sign-on after their initial authentication with the Identity Provider (based on value AuthInstance of the Authentication statement). Some Identity Providers allow users to stay authenticated for longer periods than this, so you might need to change the default value.

7200

Other Properties:



Anchor
jdk.xml.entityExpansionLimit
jdk.xml.entityExpansionLimit

Panel
jdk.xml.entityExpansionLimit


Limits the number of XML entity expansions.
 
Valid values are any positive integer. A value equal to 0 indicates no limit.
 
If jdk.xml.entityExpansionLimit is not specified in uc.properties (or on start-up with -Djdk.xml.entityExpansionLimit=<limit>), Universal Controller will initialize it to a default value of 1.

  • If jdk.xml.entityExpansionLimit is specified on start-up with -Djdk.xml.entityExpansionLimit=<limit>, this takes precedence over the Universal Controller default value of 1.
  • If jdk.xml.entityExpansionLimit is specified in uc.properties, this takes precedence over specifying it on start-up with -Djdk.xml.entityExpansionLimit=<limit>.

1

Anchor
uc.date.formats
uc.date.formats

Panel
uc.date.formats


Accepted input date formats for Date Functions and Stored Procedure parameters. For example: uc.date.formats=yyyy/MM/dd;dd/MM/yyyy. Formats can vary, but years must be defined with four digits (yyyy). Formats are used on a "first match" basis.


Anchor
uc.email.attachments.local.path
uc.email.attachments.local.path

Panel
uc.email.attachments.local.path


Directory location from where files can be attached for a specific Cluster Node / Server. You must specify a location in this property in order for the Attach Local File field to display in the Email Task and Email Notifications Details.
 
The uc.properties file is refreshed every 10 minutes to accommodate changes to this property without requiring a restart. Every 10 minutes, uc.properties is read, and if this property value has changed, that new value then will be used within the Controller.
 

Note
title+note
title+note

This property is local to the Cluster Node and must be specified on each Node based upon the path for that Node. Each Node can have a different path, but they should point to the same shared physical location in order to achieve the expected behavior. Best practices would be to use the same path in each Node.




Panel
uc.action.email_notification.attach_output.subscription.timeout_in_seconds


Number of seconds for Email Notification output timeout.180


Panel
uc.keymanager.algorithm


Java key manager algorithm.

  • For IBM AIX, the value must be IbmX509.
  • For all other platforms, use the default value.

If no value is specified, the configured JVM default will be used.


Anchor
uc.keymanager.client.alias
uc.keymanager.client.alias

html-bobswift
Panel
<pre> 
uc.keymanager.client.alias
</pre>

If multiple certificates reside in the keystore that could match the OMS server's certificate request, specifying an alias ensures that the intended client certificate is presented to the OMS server.

 Anchor
uc.keymanager.keystore
uc.keymanager.keystore
html-bobswift
 Panel
<pre> 
uc.keymanager.keystore
 </pre>

Location of the keystore which holds certificates and keys.

 Anchor
uc.keymanager.keystore.password
uc.keymanager.keystore.password
html-bobswift
 Panel
<pre> 
uc.keymanager.keystore.password
 </pre>

Password (if required) for the keystore that will be replaced by uc.keymanager.keystore.password.encrypted in the uc.properties file upon start-up.


html-bobswift
 Panel
<pre> 
uc.keymanager.provider
 </pre>

Java key manager provider.
  • For IBM AIX, the value must be IBMJSSE2.
  • For all other platforms, use the default value.
If no value is specified, the configured JVM default will be used.


html-bobswift
 Panel
<pre>
 uc.mbean.catalina.manager.name 
</pre>

The Controller uses the Catalina:type=Manager MBean for the User Sessions feature.
 
To determine the Manager MBean object name, the Controller dynamically determines the context. For example: 
 
Catalina:type=Manager,context=/uc,host=localhost
 
If the following error appears in the Console while you are using the User Sessions feature, you may need to configure this property manually: 
 
Universal Controller not configured for user session operations.
 
In the uc.log, you would see the following: 
 
javax.management.InstanceNotFoundException: Catalina:type=Manager,context=/uc,host=localhost


html-bobswift
 Panel
<pre> 
uc.oms.service_timeout
 </pre>

Sets the OMS service timeout value specifying the number of seconds of inactivity before a timeout exception will be thrown.
For example, you will see the following in the uc.log:
Default (180 seconds)
 Panel
2021-08-04-21:12:25:542 -0400 INFO [UC.OMS.Monitor.0] Created: OMSServerConnection [userName=null, clientId=ops.controller.f9a86ee2bd5e4928b3173b186e0feb3c, clientInstance=15296bc7-e994-49eb-a6cf-0ecbf72d5f2f, transportAddresses=OMSTransportAddress [[localhost/127.0.0.1:7878]], nft=true, socketTimeout=30, serviceTimeout=180, authenticateServer=false, serverAddress=null, nextSessionId=0, isClosing=false, connectionInstance=1]
uc.oms.service_timeout=300
 Panel
OMSServerConnection [userName=null, clientId=ops.controller.f9a86ee2bd5e4928b3173b186e0feb3c, clientInstance=96e45eb5-c513-489a-8746-6223e962e901, transportAddresses=OMSTransportAddress [[localhost/127.0.0.1:7878]], nft=true, socketTimeout=30, serviceTimeout=300, authenticateServer=false, serverAddress=null, nextSessionId=0, isClosing=false, connectionInstance=1]

180 seconds

html-bobswift
 Panel
<pre> 
uc.overdue.timer.startup.threshold
 </pre>

Maximum number of days after which an overdue trigger is considered "stale/expired."
2

<pre>
 uc.servlet.port 
</pre>
 Panel
 Html bobswift

Port number used by Tomcat.
8080

html-bobswift
 Panel
<pre> 
uc.trustmanager.algorithm
 </pre>

Java trust manager algorithm.
  • For IBM AIX, the value must be IbmX509.
  • For all other platforms, use the default value.
SunX509

html-bobswift
 Panel
<pre> 
uc.trustmanager.provider
 </pre>

Java trust manager provider.
  • For IBM AIX, the value must be IBMJSSE2.
  • For all other platforms, use the default value.
SunJSSE
 Anchor
uc.trustmanager.ssl.protocols
uc.trustmanager.ssl.protocols
<pre>uc
uc.trustmanager.ssl.protocols
 </pre>
 Panel
 Html bobswift

Comma-separated list of SSL/TLS protocols that can be used for Controller/OMS communications.
 
  • If the property does not contain a protocol list, a default SSL/TLS context will be referenced for building the SSL/TLS socket used for Controller/OMS communications.
  • If the property is used, only those protocols will be enabled for the Controller/OMS session.
  • If the property is not used, only the protocols specified in currently configured default SSL/TLS Context's default SSL/TLS protocol list will be enabled for the Controller/OMS session.

 Anchor
uc.trustmanager.truststore
uc.trustmanager.truststore
html-bobswift
 Panel
<pre> 
uc.trustmanager.truststore
 </pre>

Location of the keystore which holds certificates and keys.
properties/cacerts
 Anchor
uc.trustmanager.truststore.password
uc.trustmanager.truststore.password
html-bobswift
 Panel
<pre> 
uc.trustmanager.truststore.password
 </pre>

Password (if required) for the keystore that will be replaced by uc.trustmanager.truststore.password.encrypted in the uc.properties file upon start-up.
changeit
 Anchor
uc.trustmanager.truststore.password.encrypted
uc.trustmanager.truststore.password.encrypted
html-bobswift
 Panel
<pre>
 uc.trustmanager.truststore.password.encrypted  
</pre>

Encrypted version of uc.trustmanager.truststore.password that will replace uc.trustmanager.truststore.password in the uc.properties file upon start-up.


<pre>
 uc.ui.session_timeout
 </pre>
 Panel
 Html bobswift

Default browser session timeout, in minutes. To use the Tomcat session configuration (default 30 minutes), set this property to 0.
30
 Anchor
uc.web_service.httpclient.socket.keep_alive
uc.web_service.httpclient.socket.keep_alive
<pre>uc
uc.web_service.httpclient.socket.keep_alive
  </pre>
 Panel
 Html bobswift

Specifies (true or false) whether TCP socket keep-alive option is enabled for HTTP(S)/REST Web Service Tasks.
false
...