Property Name | Description | Default |
---|
For MySQL: |
|
|
Panel |
---|
uc.db.mysql.character_encoding |
| Allows the retrieval of output with extended unicode characters. If the property is not set, character encoding will not be used in the JDBC URL. Examples: Panel |
---|
uc.db.mysql.character_encoding=US-ASCII
uc.db.mysql.character_encoding=Cp1252
uc.db.mysql.character_encoding=UTF-8 |
|
|
| Database type. Specify this property if you are using a MySQL database. |
|
Panel |
---|
uc.db.url=jdbc:mysql://localhost/ |
| JDBC connect URL. Specify this property if you are using a MySQL database. |
|
For SQLServer |
|
|
Panel |
---|
uc.db.rdbms=sqlserver |
| Database type. Specify this property if you are using a SQLServer database. |
|
Panel |
---|
uc.db.url=jdbc:sqlserver:
//localhost:1433;DatabaseName=uc |
| JDBC connect URL. Specify this property if you are using a SQLServer database. |
|
For Oracle |
|
|
| Database type. Specify this property if you are using an Oracle database. |
|
Panel |
---|
uc.db.url=jdbc:oracle:thin:@
//localhost:1521/@oracle.db.name@ |
| JDBC connect URL. Specify this property if you are using an Oracle database. |
|
For All Databases |
|
|
|
Warning |
---|
| If you specify a database name in this property and in uc.db.url, the names must be the same. |
Name for the Controller database. | uc |
| Database password that will be replaced by uc.db.password.encrypted in the uc.properties file upon start-up. | (none) |
Panel |
---|
uc.db.password.encrypted |
| Encrypted version of uc.db.password that will replace uc.db.password in the uc.properties file upon start-up. | (none) |
Panel |
---|
uc.db.pooler.connections |
| Sets the minimum number of idle connections to maintain in the Server connection pool, or zero to create none. The Server connection pool is used by all internal database transactions. | 1 |
Panel |
---|
uc.db.pooler.connections.Client |
| Sets the minimum number of idle connections to maintain in the Client connection pool, or zero to create none. The Client connection pool is used by all user interface related database transactions. | 1 |
Panel |
---|
uc.db.pooler.connections.max |
| Sets the maximum number of connections that can be allocated by the Server connection pool at a given time. The Server connection pool is used by all internal database transactions. Note |
---|
| The installer overrides the default by configuring a maximum number of 40 in the uc.properties file. |
| 30 |
Panel |
---|
uc.db.pooler.connections.max.Client |
| Sets the maximum number of connections that can be allocated by the Client connection pool at a given time. The Client connection pool is used by all user interface related database transactions. | 30 |
Panel |
---|
uc.db.pooler.connections.max.Reserved |
| Sets the maximum number of connections that can be allocated by the Reserved connection pool at a given time. The Reserved connection pool is used by all critical internal database transactions. | 30 |
Panel |
---|
uc.db.pooler.connections.Reserved |
| Sets the minimum number of idle connections to maintain in the Reserved connection pool, or zero to create none. The Reserved connection pool is used by all critical internal database transactions. | 1 |
Panel |
---|
uc.db.url.append.properties |
| Allows additional options to be appended to the JDBC URL generated by Universal Controller. Example: Panel |
---|
Html bobswift |
---|
<pre>
uc.db.url.append.properties=&verifyServerCertificate=false&useSSL=true
</pre> |
|
| (none) |
| Login ID that the Controller will use to log in to your database. | root |
For LDAP: |
|
|
Anchor |
---|
| uc.ldap.groups.filter_indirect |
---|
| uc.ldap.groups.filter_indirect |
---|
|
Panel |
---|
uc.ldap.groups.filter_indirect |
| When this property is set to true, any Groups synchronized indirectly (that is, through a User's memberOf attribute) will honor the Group search filter and Group OU filters under the LDAP Advanced Settings section. Note |
---|
| The code default for this property, which is used if this property is not set, is false. |
| true |
Panel |
---|
uc.ldap.groups.single_parent_per_child |
|
Warning |
---|
| This property should be set to true only if your Groups being synchronized from AD have at most one parent Group. |
When synchronizing Groups, the default behavior in the Controller is to copy the members of a Sub Group into the Parent Group. When this property is set to true, the Controller assumes that each Group has, at most, a single Parent Group and will use the Parent field on the Group definition to maintain the hierarchy instead of copying members. | false |
Anchor |
---|
| uc.ldap.groups.update_members |
---|
| uc.ldap.groups.update_members |
---|
|
Panel |
---|
uc.ldap.groups.update_members |
|
Warning |
---|
| This property should be set to false only when synchronizing Groups from AD, and the number of values for the member attribute exceeds the MaxValRange LDAP policy (and the MaxValRange cannot be increased). |
When synchronizing Groups, the default behavior in the Controller is to use the multi-valued member attribute to update the members for a Group; however, AD limits the number of values returned for an attribute, which can result in Group members being removed unexpectedly. This limit is determined by the MaxValRange LDAP policy (typically 1,500). When this property is set to false, the Controller will not use the member attribute values to update members when synchronizing Groups from AD. Group membership will continue to be updated based on the memberOf attribute values when synchronizing Users from AD. | true |
Anchor |
---|
| uc.ldap.users.synchronize_by_range |
---|
| uc.ldap.users.synchronize_by_range |
---|
|
Panel |
---|
uc.ldap.users.synchronize_by_range |
|
Warning |
---|
| This property should be set to false only if your LDAP server supports paged results. |
When synchronizing Users, the default behaviour in the Controller is to search based on ranges, using a filter like (&(uid>=a)(uid<=b)). To use the <= or >= operators in a filter, an ordering rule must be defined for the attribute in the LDAP schema. OpenLDAP's schema does not define an ordering rule for the User Id Attribute (for example, uid), so searches using filters like the above do not return any results. When this property is set to false, the Controller will not search based on ranges when synchronizing Users. | true |
Anchor |
---|
| uc.ldap.users.synchronize_indirect |
---|
| uc.ldap.users.synchronize_indirect |
---|
|
Panel |
---|
uc.ldap.users.synchronize_indirect |
|
Warning |
---|
| This property should be set to true only if your LDAP server does not support the User Membership Attribute (for example, memberOf). |
Synchronizes LDAP users indirectly based on group membership. This only applies to groups that users are direct members of. When this property is set to true, the following will apply for the LDAP refresh (scheduled and server operations): - Users will not be synchronized directly based on the User Filter and User Target OU List.
- Groups will continue to be synchronized directly based on the Group Filter and Group Target OU List.
- For each matching group, the Group Member Attribute (for example, member) will be used to synchronize users matching the User Filter and User Target OU List
Note |
---|
| The uc .ldap.groups.update_members property will be ignored when indirect user synchronization is enabled. |
Note |
---|
| There is currently no support for nested groups if the User Membership Attribute is not supported by the LDAP server. |
| false |
Anchor |
---|
| uc.ldap.users.update_memberships_on_login |
---|
| uc.ldap.users.update_memberships_on_login |
---|
|
Panel |
---|
uc.ldap.users.update_memberships_on_login |
|
Warning |
---|
| This property should not be set to true if group membership for users is static, since there is extra overhead to process the groups, which may impact login performance. |
When this property is set to true, LDAP group memberships for existing LDAP users are updated upon successful login. Note |
---|
| When dynamically creating a new LDAP user at login, the user will be added only to groups that it is a direct member of. Likewise, when updating an existing LDAP user at login, the user will be removed from any groups that it is not a direct member of. Therefore, it is not recommended that you enable this property if a group hierarchy exists, since the user will be removed from any parent groups when logging in. (Group membership for the parent groups will be restored the next time the LDAP refresh runs; however, this can take up to 24 hours.) |
| false |
For Single Sign-On: |
|
|
Anchor |
---|
| saml.log.level |
---|
| saml.log.level |
---|
|
| Configures the log level for the SAML framework: ALL, TRACE, DEBUG, INFO, WARN, or ERROR. | INFO |
Anchor |
---|
| saml.maxAuthenticationAge |
---|
| saml.maxAuthenticationAge |
---|
|
Panel |
---|
saml.maxAuthenticationAge |
| Specifies how long, in seconds, users can single sign-on after their initial authentication with the Identity Provider (based on value AuthInstance of the Authentication statement). Some Identity Providers allow users to stay authenticated for longer periods than this, so you might need to change the default value. | 7200 |
Other Properties: |
|
|
Anchor |
---|
| jdk.xml.entityExpansionLimit |
---|
| jdk.xml.entityExpansionLimit |
---|
|
Panel |
---|
jdk.xml.entityExpansionLimit |
| Limits the number of XML entity expansions. Valid values are any positive integer. A value equal to 0 indicates no limit. If jdk.xml.entityExpansionLimit is not specified in uc.properties (or on start-up with -Djdk.xml.entityExpansionLimit=<limit> ), Universal Controller will initialize it to a default value of 1. - If
jdk.xml.entityExpansionLimit is specified on start-up with -Djdk.xml.entityExpansionLimit=<limit> , this takes precedence over the Universal Controller default value of 1. - If
jdk.xml.entityExpansionLimit is specified in uc.properties , this takes precedence over specifying it on start-up with -Djdk.xml.entityExpansionLimit=<limit> .
| 1 |
Anchor |
---|
| uc.date.formats |
---|
| uc.date.formats |
---|
|
| Accepted input date formats for Date Functions and Stored Procedure parameters. For example: uc.date.formats=yyyy/MM/dd;dd/MM/yyyy . Formats can vary, but years must be defined with four digits (yyyy). Formats are used on a "first match" basis. |
|
Anchor |
---|
| uc.email.attachments.local.path |
---|
| uc.email.attachments.local.path |
---|
|
Panel |
---|
uc.email.attachments.local.path |
| Directory location from where files can be attached for a specific Cluster Node / Server. You must specify a location in this property in order for the Attach Local File field to display in the Email Task and Email Notifications Details. The uc.properties file is refreshed every 10 minutes to accommodate changes to this property without requiring a restart. Every 10 minutes, uc.properties is read, and if this property value has changed, that new value then will be used within the Controller. Note |
---|
| This property is local to the Cluster Node and must be specified on each Node based upon the path for that Node. Each Node can have a different path, but they should point to the same shared physical location in order to achieve the expected behavior. Best practices would be to use the same path in each Node. |
|
|
Panel |
---|
uc.action.email_notification.attach_output.subscription.timeout_in_seconds |
| Number of seconds for Email Notification output timeout. | 180 |
Panel |
---|
uc.keymanager.algorithm |
| Java key manager algorithm. - For IBM AIX, the value must be IbmX509.
- For all other platforms, use the default value.
If no value is specified, the configured JVM default will be used. |
|
Anchor |
---|
| uc.keymanager.client.alias |
---|
| uc.keymanager.client.alias |
---|
|
Panel | html-bobswift |
---|
<pre> uc.keymanager.client.alias </pre> |
| If multiple certificates reside in the keystore that could match the OMS server's certificate request, specifying an alias ensures that the intended client certificate is presented to the OMS server. |
|
Anchor |
---|
| uc.keymanager.keystore |
---|
| uc.keymanager.keystore |
---|
|
Panel | html-bobswift |
---|
<pre> uc.keymanager.keystore </pre> |
| Location of the keystore which holds certificates and keys. |
|
Anchor |
---|
| uc.keymanager.keystore.password |
---|
| uc.keymanager.keystore.password |
---|
|
Panel | html-bobswift |
---|
<pre> uc.keymanager.keystore.password </pre> |
| Password (if required) for the keystore that will be replaced by uc.keymanager.keystore.password.encrypted in the uc.properties file upon start-up. |
|
Panel | html-bobswift |
---|
<pre> uc.keymanager.provider </pre> |
| Java key manager provider. - For IBM AIX, the value must be IBMJSSE2.
- For all other platforms, use the default value.
If no value is specified, the configured JVM default will be used. |
|
Panel | html-bobswift |
---|
<pre> uc.mbean.catalina.manager.name </pre> |
| The Controller uses the Catalina:type=Manager MBean for the User Sessions feature. To determine the Manager MBean object name, the Controller dynamically determines the context. For example:
Catalina:type=Manager,context=/uc,host=localhost If the following error appears in the Console while you are using the User Sessions feature, you may need to configure this property manually:
Universal Controller not configured for user session operations. In the uc.log, you would see the following:
javax.management.InstanceNotFoundException: Catalina:type=Manager,context=/uc,host=localhost |
|
Panel | html-bobswift |
---|
<pre> uc.oms.service_timeout </pre> |
| Sets the OMS service timeout value specifying the number of seconds of inactivity before a timeout exception will be thrown. For example, you will see the following in the uc.log: Default (180 seconds) Panel |
---|
2021-08-04-21:12:25:542 -0400 INFO [UC.OMS.Monitor.0] Created: OMSServerConnection [userName=null, clientId=ops.controller.f9a86ee2bd5e4928b3173b186e0feb3c, clientInstance=15296bc7-e994-49eb-a6cf-0ecbf72d5f2f, transportAddresses=OMSTransportAddress [[localhost/127.0.0.1:7878]], nft=true, socketTimeout=30, serviceTimeout=180, authenticateServer=false, serverAddress=null, nextSessionId=0, isClosing=false, connectionInstance=1] |
uc.oms.service_timeout=300 Panel |
---|
OMSServerConnection [userName=null, clientId=ops.controller.f9a86ee2bd5e4928b3173b186e0feb3c, clientInstance=96e45eb5-c513-489a-8746-6223e962e901, transportAddresses=OMSTransportAddress [[localhost/127.0.0.1:7878]], nft=true, socketTimeout=30, serviceTimeout=300, authenticateServer=false, serverAddress=null, nextSessionId=0, isClosing=false, connectionInstance=1] |
| 180 seconds |
Panel | html-bobswift |
---|
<pre> uc.overdue.timer.startup.threshold </pre> |
| Maximum number of days after which an overdue trigger is considered "stale/expired." | 2 |
Panel |
---|
Html bobswift | <pre> uc.servlet.port </pre> |
| Port number used by Tomcat. | 8080 |
Panel | html-bobswift |
---|
<pre> uc.trustmanager.algorithm </pre> |
| Java trust manager algorithm. - For IBM AIX, the value must be IbmX509.
- For all other platforms, use the default value.
| SunX509 |
Panel | html-bobswift |
---|
<pre> uc.trustmanager.provider </pre> |
| Java trust manager provider. - For IBM AIX, the value must be IBMJSSE2.
- For all other platforms, use the default value.
| SunJSSE |
Anchor |
---|
| uc.trustmanager.ssl.protocols |
---|
| uc.trustmanager.ssl.protocols |
---|
|
Panel |
---|
Html bobswift | <pre>ucuc.trustmanager.ssl.protocols </pre> |
| Comma-separated list of SSL/TLS protocols that can be used for Controller/OMS communications. - If the property does not contain a protocol list, a default SSL/TLS context will be referenced for building the SSL/TLS socket used for Controller/OMS communications.
- If the property is used, only those protocols will be enabled for the Controller/OMS session.
- If the property is not used, only the protocols specified in currently configured default SSL/TLS Context's default SSL/TLS protocol list will be enabled for the Controller/OMS session.
|
|
Anchor |
---|
| uc.trustmanager.truststore |
---|
| uc.trustmanager.truststore |
---|
|
Panel | html-bobswift |
---|
<pre> uc.trustmanager.truststore </pre> |
| Location of the keystore which holds certificates and keys. | properties/cacerts |
Anchor |
---|
| uc.trustmanager.truststore.password |
---|
| uc.trustmanager.truststore.password |
---|
|
Panel | html-bobswift |
---|
<pre> uc.trustmanager.truststore.password </pre> |
| Password (if required) for the keystore that will be replaced by uc.trustmanager.truststore.password.encrypted in the uc.properties file upon start-up. | changeit |
Anchor |
---|
| uc.trustmanager.truststore.password.encrypted |
---|
| uc.trustmanager.truststore.password.encrypted |
---|
|
Panel | html-bobswift |
---|
<pre> uc.trustmanager.truststore.password.encrypted </pre> |
| Encrypted version of uc.trustmanager.truststore.password that will replace uc.trustmanager.truststore.password in the uc.properties file upon start-up. |
|
Panel |
---|
Html bobswift | <pre> uc.ui.session_timeout </pre> |
| Default browser session timeout, in minutes. To use the Tomcat session configuration (default 30 minutes), set this property to 0. | 30 |
Anchor |
---|
| uc.web_service.httpclient.socket.keep_alive |
---|
| uc.web_service.httpclient.socket.keep_alive |
---|
|
Panel |
---|
Html bobswift | <pre>ucuc.web_service.httpclient.socket.keep_alive </pre> |
| Specifies (true or false) whether TCP socket keep-alive option is enabled for HTTP(S)/REST Web Service Tasks. | false |