/
Properties

Properties

Oct 25, 2023

Overview

Universal Controller contains three types of configurable properties:

Universal Controller Start-up Properties (uc.properties)

Universal Controller start-up properties are the default properties contained in the uc.properties file when the Controller is installed. These properties are required for Controller start-up and operation.
 
The values for these properties are set during the installation process. Some of the values are based on information that you provide during the installation.
 
You can reset these properties by stopping the Controller, editing uc.properties, and restarting the Controller. The changes will take effect after the restart (see Starting and Stopping Universal Controller).

Universal Controller System Properties

Universal Controller system properties define Controller system information and performance. They have their values set during installation.
 
You can reset these properties at any time, without having to stop the Controller, via the user interface.
 

Note

In a High Availability environment, all Universal Controller cluster nodes share the same database; therefore, updating Universal Controller System Properties for one cluster node applies to all cluster nodes.

Command Line Interface (CLI) Properties

CLI provides a sample configuration file, cmdtools.props , that you can use to pass CLI Global parameters to a CLI command.

Note

Properties for Universal Message Service (OMS) are installed as configuration file options when OMS is installed as a component of Universal Agent. The values for these options are set during the installation. There are several configuration methods available for changing these values.

Universal Controller Start-up Properties (uc.properties)

The uc.properties file is read by the Controller, which is started by Tomcat.

The uc.properties file resides here:

[tomcat directory]\conf

Note

The backslash character in a property value must be escaped as a double backslash.

For example:

example.path=c:\\stonebranch\\uc

Property Name

Description

Default

Property Name

Description

Default

For MySQL:

 

 

uc.db.mysql.character_encoding

Allows the retrieval of output with extended unicode characters. If the property is not set, character encoding will not be used in the JDBC URL.
 
Examples:

HTML

 

uc.db.rdbms=mysql

Database type. Specify this property if you are using a MySQL database.

 

uc.db.url=jdbc:mysql://localhost/

JDBC connect URL. Specify this property if you are using a MySQL database.

 

For SQLServer

 

 

uc.db.rdbms=sqlserver

Database type. Specify this property if you are using a SQLServer database.

 

uc.db.url=jdbc:sqlserver://localhost:1433;DatabaseName=uc

JDBC connect URL. Specify this property if you are using a SQLServer database.

 

For Oracle

 

 

uc.db.rdbms=oracle

Database type. Specify this property if you are using an Oracle database.

 

uc.db.url=jdbc:oracle:thin:@//localhost:1521/@oracle.db.name@

JDBC connect URL. Specify this property if you are using an Oracle database.

 

For All Databases

 

 

uc.db.name

IMPORTANT

If you specify a database name in this property and in uc.db.url, the names must be the same.

Name for the Controller database.

uc

uc.db.password

Database password that will be replaced by uc.db.password.encrypted in the uc.properties file upon start-up.

(none)

uc.db.password.encrypted

Encrypted version of uc.db.password that will replace uc.db.password in the uc.properties file upon start-up.

(none)

uc.db.pooler.connections

Sets the minimum number of idle connections to maintain in the Server connection pool, or zero to create none.
 
The Server connection pool is used by all internal database transactions.

1

uc.db.pooler.connections.Client

Sets the minimum number of idle connections to maintain in the Client connection pool, or zero to create none.
 
The Client connection pool is used by all user interface related database transactions.

1

uc.db.pooler.connections.max

Sets the maximum number of connections that can be allocated by the Server connection pool at a given time.
 
The Server connection pool is used by all internal database transactions.
 

Note

The installer overrides the default by configuring a maximum number of 40 in the uc.properties file.

30

uc.db.pooler.connections.max.Client

Sets the maximum number of connections that can be allocated by the Client connection pool at a given time.
 
The Client connection pool is used by all user interface related database transactions.

30

uc.db.pooler.connections.max.Reserved

Sets the maximum number of connections that can be allocated by the Reserved connection pool at a given time.
 
The Reserved connection pool is used by all critical internal database transactions.

30

uc.db.pooler.connections.Reserved

Sets the minimum number of idle connections to maintain in the Reserved connection pool, or zero to create none.
 
The Reserved connection pool is used by all critical internal database transactions.

1

uc.db.url.append.properties

Allows additional options to be appended to the JDBC URL generated by Universal Controller.
 
Example:
 

HTML

(none)

uc.db.user

Login ID that the Controller will use to log in to your database.

root

For LDAP:

 

 

uc.ldap.groups.filter_indirect

When this property is set to true, any Groups synchronized indirectly (that is, through a User's memberOf attribute) will honor the Group search filter and Group OU filters under the LDAP Advanced Settings section.
 

Note

The code default for this property, which is used if this property is not set, is false.

true

uc.ldap.groups.single_parent_per_child

IMPORTANT

This property should be set to true only if your Groups being synchronized from AD have at most one parent Group.

When synchronizing Groups, the default behavior in the Controller is to copy the members of a Sub Group into the Parent Group.
 
When this property is set to true, the Controller assumes that each Group has, at most, a single Parent Group and will use the Parent field on the Group definition to maintain the hierarchy instead of copying members.

false

uc.ldap.groups.update_members

IMPORTANT

This property should be set to false only when synchronizing Groups from AD, and the number of values for the member attribute exceeds the MaxValRange LDAP policy (and the MaxValRange cannot be increased).

When synchronizing Groups, the default behavior in the Controller is to use the multi-valued member attribute to update the members for a Group; however, AD limits the number of values returned for an attribute, which can result in Group members being removed unexpectedly. This limit is determined by the MaxValRange LDAP policy (typically 1,500).
 
When this property is set to false, the Controller will not use the member attribute values to update members when synchronizing Groups from AD. Group membership will continue to be updated based on the memberOf attribute values when synchronizing Users from AD.

true

uc.ldap.users.synchronize_by_range

IMPORTANT

This property should be set to false only if your LDAP server supports paged results.

 
When synchronizing Users, the default behaviour in the Controller is to search based on ranges, using a filter like (&(uid>=a)(uid<=b)). To use the <= or >= operators in a filter, an ordering rule must be defined for the attribute in the LDAP schema.
 
OpenLDAP's schema does not define an ordering rule for the User Id Attribute (for example, uid), so searches using filters like the above do not return any results.
 
When this property is set to false, the Controller will not search based on ranges when synchronizing Users.

true

uc.ldap.users.synchronize_indirect

IMPORTANT

This property should be set to true only if your LDAP server does not support the User Membership Attribute (for example, memberOf).

Synchronizes LDAP users indirectly based on group membership. This only applies to groups that users are direct members of.
 
When this property is set to true, the following will apply for the LDAP refresh (scheduled and server operations):

  • Users will not be synchronized directly based on the User Filter and User Target OU List.

  • Groups will continue to be synchronized directly based on the Group Filter and Group Target OU List.

  • For each matching group, the Group Member Attribute (for example, member) will be used to synchronize users matching the User Filter and User Target OU List

Note

The uc.ldap.groups.update_members property will be ignored when indirect user synchronization is enabled.

Note

There is currently no support for nested groups if the User Membership Attribute is not supported by the LDAP server.

false

uc.ldap.users.update_memberships_on_login

IMPORTANT

This property should not be set to true if group membership for users is static, since there is extra overhead to process the groups, which may impact login performance.

When this property is set to true, LDAP group memberships for existing LDAP users are updated upon successful login.

Note

When dynamically creating a new LDAP user at login, the user will be added only to groups that it is a direct member of. Likewise, when updating an existing LDAP user at login, the user will be removed from any groups that it is not a direct member of. Therefore, it is not recommended that you enable this property if a group hierarchy exists, since the user will be removed from any parent groups when logging in. (Group membership for the parent groups will be restored the next time the LDAP refresh runs; however, this can take up to 24 hours.)

false

For Single Sign-On:

 

 

saml.log.level

Configures the log level for the SAML framework: ALL, TRACE, DEBUG, INFO, WARN, or ERROR.

INFO

saml.maxAuthenticationAge

Specifies how long, in seconds, users can single sign-on after their initial authentication with the Identity Provider (based on value AuthInstance of the Authentication statement). Some Identity Providers allow users to stay authenticated for longer periods than this, so you might need to change the default value.

7200

Other Properties:

 

 

jdk.xml.entityExpansionLimit

Limits the number of XML entity expansions.
 
Valid values are any positive integer. A value equal to 0 indicates no limit.
 
If jdk.xml.entityExpansionLimit is not specified in uc.properties (or on start-up with -Djdk.xml.entityExpansionLimit=<limit>), Universal Controller will initialize it to a default value of 1.

  • If jdk.xml.entityExpansionLimit is specified on start-up with -Djdk.xml.entityExpansionLimit=<limit>, this takes precedence over the Universal Controller default value of 1.

  • If jdk.xml.entityExpansionLimit is specified in uc.properties, this takes precedence over specifying it on start-up with -Djdk.xml.entityExpansionLimit=<limit>.

1

uc.date.formats

Accepted input date formats for Date Functions and Stored Procedure parameters. For example: uc.date.formats=yyyy/MM/dd;dd/MM/yyyy. Formats can vary, but years must be defined with four digits (yyyy). Formats are used on a "first match" basis.

 

uc.email.attachments.local.path

Directory location from where files can be attached for a specific Cluster Node / Server. You must specify a location in this property in order for the Attach Local File field to display in the Email Task and Email Notifications Details.
 
The uc.properties file is refreshed every 10 minutes to accommodate changes to this property without requiring a restart. Every 10 minutes, uc.properties is read, and if this property value has changed, that new value then will be used within the Controller.
 

This property is local to the Cluster Node and must be specified on each Node based upon the path for that Node. Each Node can have a different path, but they should point to the same shared physical location in order to achieve the expected behavior. Best practices would be to use the same path in each Node.

 

uc.action.email_notification.attach_output.subscription.timeout_in_seconds

Number of seconds for Email Notification output timeout.

180

uc.keymanager.algorithm

Java key manager algorithm.

  • For IBM AIX, the value must be IbmX509.

  • For all other platforms, use the default value.

If no value is specified, the configured JVM default will be used.

 

uc.keymanager.client.alias

If multiple certificates reside in the keystore that could match the OMS server's certificate request, specifying an alias ensures that the intended client certificate is presented to the OMS server.

 

uc.keymanager.keystore

Location of the keystore which holds certificates and keys.

 

uc.keymanager.keystore.password

Password (if required) for the keystore that will be replaced by uc.keymanager.keystore.password.encrypted in the uc.properties file upon start-up.

 

uc.keymanager.provider

Java key manager provider.

  • For IBM AIX, the value must be IBMJSSE2.

  • For all other platforms, use the default value.

If no value is specified, the configured JVM default will be used.

 

uc.mbean.catalina.manager.name

The Controller uses the Catalina:type=Manager MBean for the User Sessions feature.
 
To determine the Manager MBean object name, the Controller dynamically determines the context. For example:
 
Catalina:type=Manager,context=/uc,host=localhost
 
If the following error appears in the Console while you are using the User Sessions feature, you may need to configure this property manually:
 
Universal Controller not configured for user session operations.
 
In the uc.log, you would see the following:
 
javax.management.InstanceNotFoundException: Catalina:type=Manager,context=/uc,host=localhost

 

uc.oms.service_timeout

Sets the OMS service timeout value specifying the number of seconds of inactivity before a timeout exception will be thrown.

For example, you will see the following in the uc.log:

Default (180 seconds)

2021-08-04-21:12:25:542 -0400 INFO [UC.OMS.Monitor.0] Created: OMSServerConnection [userName=null, clientId=ops.controller.f9a86ee2bd5e4928b3173b186e0feb3c, clientInstance=15296bc7-e994-49eb-a6cf-0ecbf72d5f2f, transportAddresses=OMSTransportAddress [[localhost/127.0.0.1:7878]], nft=true, socketTimeout=30, serviceTimeout=180, authenticateServer=false, serverAddress=null, nextSessionId=0, isClosing=false, connectionInstance=1]

uc.oms.service_timeout=300

OMSServerConnection [userName=null, clientId=ops.controller.f9a86ee2bd5e4928b3173b186e0feb3c, clientInstance=96e45eb5-c513-489a-8746-6223e962e901, transportAddresses=OMSTransportAddress [[localhost/127.0.0.1:7878]], nft=true, socketTimeout=30, serviceTimeout=300, authenticateServer=false, serverAddress=null, nextSessionId=0, isClosing=false, connectionInstance=1]

180 seconds

uc.overdue.timer.startup.threshold

Maximum number of days after which an overdue trigger is considered "stale/expired."

2

uc.servlet.port

Port number used by Tomcat.

8080

uc.trustmanager.algorithm

Java trust manager algorithm.

  • For IBM AIX, the value must be IbmX509.

  • For all other platforms, use the default value.

SunX509

uc.trustmanager.provider

Java trust manager provider.

  • For IBM AIX, the value must be IBMJSSE2.

  • For all other platforms, use the default value.

SunJSSE

uc.trustmanager.ssl.protocols

Comma-separated list of SSL/TLS protocols that can be used for Controller/OMS communications.
 

  • If the property does not contain a protocol list, a default SSL/TLS context will be referenced for building the SSL/TLS socket used for Controller/OMS communications.

  • If the property is used, only those protocols will be enabled for the Controller/OMS session.

  • If the property is not used, only the protocols specified in currently configured default SSL/TLS Context's default SSL/TLS protocol list will be enabled for the Controller/OMS session.

 

uc.trustmanager.truststore

Location of the keystore which holds certificates and keys.

properties/cacerts

uc.trustmanager.truststore.password

Password (if required) for the keystore that will be replaced by uc.trustmanager.truststore.password.encrypted in the uc.properties file upon start-up.

changeit

uc.trustmanager.truststore.password.encrypted

Encrypted version of uc.trustmanager.truststore.password that will replace uc.trustmanager.truststore.password in the uc.properties file upon start-up.