/
Properties

Properties

Overview

Universal Controller contains three types of configurable properties:

Universal Controller Start-up Properties (uc.properties)

Universal Controller start-up properties are the default properties contained in the uc.properties file when the Controller is installed. These properties are required for Controller start-up and operation.
 
The values for these properties are set during the installation process. Some of the values are based on information that you provide during the installation.
 
You can reset these properties by stopping the Controller, editing uc.properties, and restarting the Controller. The changes will take effect after the restart (see Starting and Stopping Universal Controller).

Universal Controller System Properties

Universal Controller system properties define Controller system information and performance. They have their values set during installation.
 
You can reset these properties at any time, without having to stop the Controller, via the user interface.
 

Note

In a High Availability environment, all Universal Controller cluster nodes share the same database; therefore, updating Universal Controller System Properties for one cluster node applies to all cluster nodes.

Command Line Interface (CLI) Properties

CLI provides a sample configuration file, cmdtools.props , that you can use to pass CLI Global parameters to a CLI command.

Note

Properties for Universal Message Service (OMS) are installed as configuration file options when OMS is installed as a component of Universal Agent. The values for these options are set during the installation. There are several configuration methods available for changing these values.

Universal Controller Start-up Properties (uc.properties)

The uc.properties file is read by the Controller, which is started by Tomcat.

The uc.properties file resides here:

[tomcat directory]\conf

Note

The backslash character in a property value must be escaped as a double backslash.

For example:

example.path=c:\\stonebranch\\uc

Property Name

Description

Default

For MySQL:



uc.db.mysql.character_encoding

Allows the retrieval of output with extended unicode characters. If the property is not set, character encoding will not be used in the JDBC URL.
 
Examples:

uc.db.mysql.character_encoding=US-ASCII
uc.db.mysql.character_encoding=Cp1252
uc.db.mysql.character_encoding=UTF-8


uc.db.rdbms=mysql

Database type. Specify this property if you are using a MySQL database.


uc.db.url=jdbc:mysql://localhost/

JDBC connect URL. Specify this property if you are using a MySQL database.


For SQLServer



uc.db.rdbms=sqlserver

Database type. Specify this property if you are using a SQLServer database.


uc.db.url=jdbc:sqlserver://localhost:1433;DatabaseName=uc

JDBC connect URL. Specify this property if you are using a SQLServer database.


For Oracle



uc.db.rdbms=oracle

Database type. Specify this property if you are using an Oracle database.


uc.db.url=jdbc:oracle:thin:@//localhost:1521/@oracle.db.name@

JDBC connect URL. Specify this property if you are using an Oracle database.


For All Databases



uc.db.name

IMPORTANT

If you specify a database name in this property and in uc.db.url, the names must be the same.

Name for the Controller database.

uc

uc.db.password

Database password that will be replaced by uc.db.password.encrypted in the uc.properties file upon start-up.

The uc.properties file is refreshed every 5 minutes to accommodate changes to this property without requiring a restart. Every 5 minutes, uc.properties is read, and if this property value has changed, then that new value will be used within the Controller.

(none)

uc.db.password.encrypted

Encrypted version of uc.db.password that will replace uc.db.password in the uc.properties file upon start-up.

(none)

uc.db.pooler.connections

Sets the minimum number of idle connections to maintain in the Server connection pool, or zero to create none.
 
The Server connection pool is used by all internal database transactions.

1

uc.db.pooler.connections.Client

Sets the minimum number of idle connections to maintain in the Client connection pool, or zero to create none.
 
The Client connection pool is used by all user interface related database transactions.

1

uc.db.pooler.connections.max

Sets the maximum number of connections that can be allocated by the Server connection pool at a given time.
 
The Server connection pool is used by all internal database transactions.
 

Note

The installer overrides the default by configuring a maximum number of 40 in the uc.properties file.

30

uc.db.pooler.connections.max.Client

Sets the maximum number of connections that can be allocated by the Client connection pool at a given time.
 
The Client connection pool is used by all user interface related database transactions.

30

uc.db.pooler.connections.max.Reserved

Sets the maximum number of connections that can be allocated by the Reserved connection pool at a given time.
 
The Reserved connection pool is used by all critical internal database transactions.

30

uc.db.pooler.connections.Reserved

Sets the minimum number of idle connections to maintain in the Reserved connection pool, or zero to create none.
 
The Reserved connection pool is used by all critical internal database transactions.

1

uc.db.secrets_provider

Specifies which secrets provider to use for the password.

If left unspecified, Universal Controller is assumed to be the provider, and the controller will continue to load the password from the uc.properties using one of the following properties.

Note

Property uc.db.password is immediately saved back as uc.db.password.encrypted with an encrypted value.

If property uc.db.secrets_provider is specified, it must be one of the following values, otherwise, a failure will be logged and uc.properties must be refreshed.

The controller will then load all the properties associated with the specified provider.

See Secrets Provider Properties for the properties associated with each provider.

(none)

uc.db.url.append.properties

Allows additional options to be appended to the JDBC URL generated by Universal Controller.
 
Example:
 

(none)

uc.db.user

Login ID that the Controller will use to log in to your database.

The uc.properties file is refreshed every 5 minutes to accommodate changes to this property without requiring a restart. Every 5 minutes, uc.properties is read, and if this property value has changed, then that new value will be used within the Controller.

root

For LDAP:



uc.ldap.groups.filter_indirect

When this property is set to true, any Groups synchronized indirectly (that is, through a User's memberOf attribute) will honor the Group search filter and Group OU filters under the LDAP Advanced Settings section.
 

Note

The code default for this property, which is used if this property is not set, is false.

true

uc.ldap.groups.single_parent_per_child

IMPORTANT

This property should be set to true only if your Groups being synchronized from AD have at most one parent Group.

When synchronizing Groups, the default behavior in the Controller is to copy the members of a Sub Group into the Parent Group.
 
When this property is set to true, the Controller assumes that each Group has, at most, a single Parent Group and will use the Parent field on the Group definition to maintain the hierarchy instead of copying members.

false

uc.ldap.groups.update_members

IMPORTANT

This property should be set to false only when synchronizing Groups from AD, and the number of values for the member attribute exceeds the MaxValRange LDAP policy (and the MaxValRange cannot be increased).

When synchronizing Groups, the default behavior in the Controller is to use the multi-valued member attribute to update the members for a Group; however, AD limits the number of values returned for an attribute, which can result in Group members being removed unexpectedly. This limit is determined by the MaxValRange LDAP policy (typically 1,500).
 
When this property is set to false, the Controller will not use the member attribute values to update members when synchronizing Groups from AD. Group membership will continue to be updated based on the memberOf attribute values when synchronizing Users from AD.

true

uc.ldap.users.synchronize_by_range

IMPORTANT

This property should be set to false only if your LDAP server supports paged results.

 
When synchronizing Users, the default behaviour in the Controller is to search based on ranges, using a filter like (&(uid>=a)(uid<=b)). To use the <= or >= operators in a filter, an ordering rule must be defined for the attribute in the LDAP schema.
 
OpenLDAP's schema does not define an ordering rule for the User Id Attribute (for example, uid), so searches using filters like the above do not return any results.
 
When this property is set to false, the Controller will not search based on ranges when synchronizing Users.

true

uc.ldap.users.synchronize_indirect

IMPORTANT

This property should be set to true only if your LDAP server does not support the User Membership Attribute (for example, memberOf).

Synchronizes LDAP users indirectly based on group membership. This only applies to groups that users are direct members of.
 
When this property is set to true, the following will apply for the LDAP refresh (scheduled and server operations):

  • Users will not be synchronized directly based on the User Filter and User Target OU List.
  • Groups will continue to be synchronized directly based on the Group Filter and Group Target OU List.
  • For each matching group, the Group Member Attribute (for example, member) will be used to synchronize users matching the User Filter and User Target OU List

Note

The uc.ldap.groups.update_members property will be ignored when indirect user synchronization is enabled.

Note

There is currently no support for nested groups if the User Membership Attribute is not supported by the LDAP server.

false

uc.ldap.users.update_memberships_on_login

IMPORTANT

This property should not be set to true if group membership for users is static, since there is extra overhead to process the groups, which may impact login performance.

When this property is set to true, LDAP group memberships for existing LDAP users are updated upon successful login.

Note

When dynamically creating a new LDAP user at login, the user will be added only to groups that it is a direct member of. Likewise, when updating an existing LDAP user at login, the user will be removed from any groups that it is not a direct member of. Therefore, it is not recommended that you enable this property if a group hierarchy exists, since the user will be removed from any parent groups when logging in. (Group membership for the parent groups will be restored the next time the LDAP refresh runs; however, this can take up to 24 hours.)

false

For Single Sign-On:



uc.saml.log.level

Configures the log level for the Spring SAML2 Service Provider framework. Options are

  • ALL
  • TRACE
  • DEBUG
  • INFO
  • WARN
  • ERROR


For backwards compatibility, property saml.log.level is still supported when property uc.saml.log.level is not specified.

INFO

uc.saml.metadata.refresh_interval

The Identity Provider Metadata refresh interval in milliseconds; minimum = 30000, maximum = 2147483647.120000

uc.saml.signature_algorithm_uri

By default, the saml2:AuthnRequest will be signed using rsa-sha256, though some Identity Providers will require a different algorithm.

To configure the algorithm automatically based on the Identity Provider’s metadata, do not specify this property.

Alternatively, you can manually override the default configuration by specifying this property.

http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 or as specified by the Identity Provider’s metadata.

uc.saml.authn_request.force_authn

Specifies (true of false) whether the Identity Provider should force the user to reauthenticate.false

uc.saml.authn_request.want_signed

Set the WantAuthnRequestsSigned setting, indicating (true or false) the Identity Provider's preference that Service Providers should sign the AuthnRequest before sending.

To configure the setting automatically based on the Identity Provider’s metadata, do not specify the property.

Specified by the Identity Provider’s metadata.

For TrustStore:



uc.trustmanager.truststore

Location of the keystore which holds certificates and keys.

properties/cacerts

uc.trustmanager.truststore.type

The default TrustStore type. The following case-insensitive values are supported:

  • JKS

  • PKCS12

KeyStore.getDefaultType() (PKCS12 as of Java 8)

uc.trustmanager.truststore.provider

The default TrustStore provider.(none)

uc.trustmanager.truststore.password

Password (if required) for the keystore that will be replaced by uc.trustmanager.truststore.password.encrypted in the uc.properties file upon start-up.

changeit

uc.trustmanager.truststore.password.encrypted

Encrypted version of uc.trustmanager.truststore.password that will replace uc.trustmanager.truststore.password in the uc.properties file upon start-up.

(none)

For OpenTelemetry:

To configure all of your OpenTelemetry settings in the uc.properties, but disable the feature until required, you can add the following property.

uc.otel.sdk.disabled=true

To enable the feature while the controller is running, you only need to set the uc.otel.sdk.disabled to false by updating the uc.properties, or by using the Server Operation > Temporary Property Change from the user interface.

If you choose to update the uc.properties, the controller refreshes the property file at a 10 minute interval.

You can increase this interval by adding the following property to the uc.properties.

uc.property.refresh_interval_in_seconds=60

The update from Server Operation > Temporary Property Change initiates the reconfiguration immediately.



uc.otel.sdk.disabled

If true, disable the OpenTelemetry SDK.false

uc.otel.traces.exporter

If none, no traces exporter configured.otlp

uc.otel.metrics.exporter

If noneno metrics exporter configured.otlp

uc.otel.exporter.otlp.service.name

Specifies a custom logical name for the service.

If left unspecified, the service name is controller.

controller

uc.otel.exporter.otlp.protocol

The transport protocol to use on OTLP trace, and metric requests. Options include grpc and http/protobuf. grpc

uc.otel.exporter.otlp.traces.protocol

The transport protocol to use on OTLP trace requests. Options include grpc and http/protobuf.grpc

uc.otel.exporter.otlp.metrics.protocol

The transport protocol to use on OTLP metric requests. Options include grpc and http/protobuf.grpc

uc.otel.exporter.otlp.endpoint

The OTLP traces, and metrics endpoint to connect to. Must be a URL with a scheme of either http or https based on the use of TLS. If protocol is http/protobuf the version and signal will be appended to the path (e.g. v1/traces, or v1/metrics).

For example, http://localhost:4317 when protocol is grpc, and http://localhost:4318/v1/{signal} when protocol is http/protobuf.

(none)

uc.otel.exporter.otlp.traces.endpoint

The OTLP traces endpoint to connect to. Must be a URL with a scheme of either http or https based on the use of TLS.

For example, http://localhost:4317 when protocol is grpc, and http://localhost:4318/v1/traces when protocol is http/protobuf.

(none)

uc.otel.exporter.otlp.metrics.endpoint

The OTLP metrics endpoint to connect to. Must be a URL with a scheme of either http or https based on the use of TLS.

For example, http://localhost:4317 when protocol is grpc, and http://localhost:4318/v1/metrics when protocol is http/protobuf.

(none)

uc.otel.exporter.otlp.certificate

The path to the file containing trusted certificates to use when verifying an OTLP trace, or metric server's TLS credentials. The file should contain one or more X.509 certificates in PEM format. By default, the host platform's trusted root certificates are used.

uc.otel.exporter.otlp.traces.certificate

The path to the file containing trusted certificates to use when verifying an OTLP trace server's TLS credentials. The file should contain one or more X.509 certificates in PEM format. 

By default, the host platform's trusted root certificates are used.

uc.otel.exporter.otlp.metrics.certificate

The path to the file containing trusted certificates to use when verifying an OTLP metric server's TLS credentials. The file should contain one or more X.509 certificates in PEM format. By default, the host platform's trusted root certificates are used.

uc.otel.exporter.otlp.client.key

The path to the file containing private client key to use when verifying an OTLP trace, or metric client's TLS credentials. The file should contain one private key PKCS8 PEM format. By default, no client key is used.

uc.otel.exporter.otlp.traces.client.key

The path to the file containing private client key to use when verifying an OTLP trace client's TLS credentials. The file should contain one private key PKCS8 PEM format. By default, no client key file is used.

uc.otel.exporter.otlp.metrics.client.key

The path to the file containing private client key to use when verifying an OTLP metric client's TLS credentials. The file should contain one private key PKCS8 PEM format. By default, no client key file is used.

uc.otel.exporter.otlp.client.certificate

The path to the file containing trusted certificates to use when verifying an OTLP trace, or metric client's TLS credentials. The file should contain one or more X.509 certificates in PEM format. 

By default, no chain file is used.

uc.otel.exporter.otlp.traces.client.certificate

The path to the file containing trusted certificates to use when verifying an OTLP trace server's TLS credentials. The file should contain one or more X.509 certificates in PEM format. By default, no chain file is used.

uc.otel.exporter.otlp.metrics.client.certificate

The path to the file containing trusted certificates to use when verifying an OTLP metric server's TLS credentials. The file should contain one or more X.509 certificates in PEM format. By default, no chain file is used.

uc.otel.exporter.otlp.headers

Key-value pairs separated by commas to pass as request headers on OTLP trace, or metric requests.(none)

uc.otel.exporter.otlp.traces.headers

Key-value pairs separated by commas to pass as request headers on OTLP trace requests.(none)

uc.otel.exporter.otlp.metrics.headers

Key-value pairs separated by commas to pass as request headers on OTLP metrics requests.(none)

uc.otel.exporter.otlp.compression

The compression type to use on OTLP trace, and metric requests. Options include gzipBy default, no compression will be used.

uc.otel.exporter.otlp.traces.compression

The compression type to use on OTLP trace requests. Options include gzip. By default, no compression will be used.

uc.otel.exporter.otlp.metrics.compression

The compression type to use on OTLP metric requests. Options include gzipBy default, no compression will be used.

uc.otel.exporter.otlp.timeout

The maximum waiting time, in milliseconds, allowed to send each OTLP trace, and metric batch. 

10000

uc.otel.exporter.otlp.traces.timeout

The maximum waiting time, in milliseconds, allowed to send each OTLP trace batch. 10000

uc.otel.exporter.otlp.metrics.timeout

The maximum waiting time, in milliseconds, allowed to send each OTLP metric batch.10000

uc.otel.exporter.otlp.metrics.temporality.preference

The preferred output aggregation temporality. Options include DELTA, LOWMEMORY, and CUMULATIVE. If CUMULATIVE, all instruments will have cumulative temporality. If DELTA, counter (sync and async) and histograms will be delta, up down counters (sync and async) will be cumulative. If LOWMEMORY, sync counter and histograms will be delta, async counter and up down counters (sync and async) will be cumulative. CUMULATIVE

uc.otel.exporter.otlp.metrics.default.histogram.aggregation

The preferred default histogram aggregation. Options are:

  • BASE2_EXPONENTIAL_BUCKET_HISTOGRAM
  • EXPLICIT_BUCKET_HISTOGRAM.
EXPLICIT_BUCKET_HISTOGRAM
For Prometheus Metrics:

uc.prometheus.metrics.uc_history_total.optional_labels

Specifies optional labels for uc_history_total metric. The property value is specified as comma-delimited list of optional labels. Options are:

  • agent_id
  • task_name
  • security_business_services
  • task_instance_exit_code

For example:

uc.prometheus.metrics.uc_history_total.optional_labels=agent_id,task_name

(none)

uc.prometheus.metrics.uc_task_instance_duration_seconds.optional_labels

Specifies optional labels for uc_task_instance_duration_seconds metric. The property value is specified as comma-delimited list of optional labels. Options are:

  • agent_id
  • task_name
  • security_business_services

For example:

uc.prometheus.metrics.uc_task_instance_duration_seconds.optional_labels=agent_id,task_name

(none)

uc.prometheus.metrics.uc_task_instance_early_finish_total.optional_labels

Specifies optional labels for uc_task_instance_early_finish_total metric. The property value is specified as comma-delimited list of optional labels. Options are:

  • agent_id
  • task_name
  • security_business_services

For example:

uc.prometheus.metrics.uc_task_instance_early_finish_total.optional_labels=agent_id,task_name

(none)

uc.prometheus.metrics.uc_task_instance_late_finish_total.optional_labels

Specifies optional labels for uc_task_instance_late_finish_total metric. The property value is specified as comma-delimited list of optional labels. Options are:

  • agent_id
  • task_name
  • security_business_services

For example:

uc.prometheus.metrics.uc_task_instance_late_finish_total.optional_labels=agent_id,task_name

(none)

uc.prometheus.metrics.uc_task_instance_late_start_total.optional_labels

Specifies optional labels for uc_task_instance_late_start_total metric. The property value is specified as comma-delimited list of optional labels. Options are:

  • agent_id
  • task_name
  • security_business_services

For example:

uc.prometheus.metrics.uc_task_instance_late_start_total.optional_labels=agent_id,task_name

(none)

uc.prometheus.metrics.uc_task_instance_launch_total.optional_labels

Specifies optional labels for metrics.uc_task_instance_launch_total metric. The property value is specified as comma-delimited list of optional labels. Options are:

  • agent_id
  • task_name
  • security_business_services

For example:

uc.prometheus.metrics.uc_task_instance_launch_total.optional_labels=agent_id,task_name

(none)

uc.prometheus.metrics.uc_universal_event_total.optional_labels

Specifies optional labels for uc_universal_event metric. The property value is specified as comma-delimited list of optional labels. Options are:

  • agent_id
  • task_name
  • security_business_services

For example:

uc.prometheus.metrics.uc_universal_event_total.optional_labels=agent_id,task_name

(none)

uc.prometheus.metrics.uc_task_instance_duration_seconds.buckets

Specifies the buckets to use for the uc_task_instance_duration_seconds histogram.
The property value is specified as comma-delimited list of double or integer values.
 
For example:
 
uc.prometheus.metrics.uc_task_instance_duration_seconds.buckets=
1,2.5,5,10,15,30,45,60,150,300,600,900,1800,2700,3600
(none)

Other Properties:



jdk.xml.entityExpansionLimit

Limits the number of XML entity expansions.
 
Valid values are any positive integer. A value equal to 0 indicates no limit.
 
If jdk.xml.entityExpansionLimit is not specified in uc.properties (or on start-up with -Djdk.xml.entityExpansionLimit=<limit>), Universal Controller will initialize it to a default value of 1.

  • If jdk.xml.entityExpansionLimit is specified on start-up with -Djdk.xml.entityExpansionLimit=<limit>, this takes precedence over the Universal Controller default value of 1.
  • If jdk.xml.entityExpansionLimit is specified in uc.properties, this takes precedence over specifying it on start-up with -Djdk.xml.entityExpansionLimit=<limit>.

1

uc.date.formats

Accepted input date formats for Date Functions and Stored Procedure parameters. For example: uc.date.formats=yyyy/MM/dd;dd/MM/yyyy. Formats can vary, but years must be defined with four digits (yyyy). Formats are used on a "first match" basis.


uc.email.attachments.local.path

Directory location from where files can be attached for a specific Cluster Node / Server. You must specify a location in this property in order for the Attach Local File field to display in the Email Task and Email Notifications Details.
 
The uc.properties file is refreshed every 5 minutes to accommodate changes to this property without requiring a restart. Every 5 minutes, uc.properties is read, and if this property value has changed, that new value then will be used within the Controller.
 

This property is local to the Cluster Node and must be specified on each Node based upon the path for that Node. Each Node can have a different path, but they should point to the same shared physical location in order to achieve the expected behavior. Best practices would be to use the same path in each Node.


uc.action.email_notification.attach_output.subscription.timeout_in_seconds

Number of seconds for Email Notification output timeout.180

uc.keymanager.algorithm

Java key manager algorithm.

  • For IBM AIX, the value must be IbmX509.
  • For all other platforms, use the default value.

If no value is specified, the configured JVM default will be used.


uc.keymanager.client.alias

If multiple certificates reside in the keystore that could match the OMS server's certificate request, specifying an alias ensures that the intended client certificate is presented to the OMS server.


uc.keymanager.keystore

Location of the keystore which holds certificates and keys.


uc.keymanager.keystore.password

Password (if required) for the keystore that will be replaced by uc.keymanager.keystore.password.encrypted in the uc.properties file upon start-up.


uc.keymanager.provider

Java key manager provider.

  • For IBM AIX, the value must be IBMJSSE2.
  • For all other platforms, use the default value.

If no value is specified, the configured JVM default will be used.


uc.logging.appenders

Location of STDOUT file logging. The property value is specified as comma-delimited list of optional labels. Options are:

  • console

  • file

  • none

The default value when not configured will be file in order to behave the same as previous releases and would be the same as specifying the following:

uc.logging.appenders=file

For containers, or any situation that does not want logging to go to a rolling file, that want the logging strictly to the console (stdout), the following should be specified in the uc.properties file:

uc.logging.appenders=console

If no logging is required, then the following would be specified in the uc.properties file:

uc.logging.appenders=none

If the property is specified, but no valid entries above are in the property value, then the default value of file is used.

file

uc.mbean.catalina.manager.name

The Controller uses the Catalina:type=Manager MBean for the User Sessions feature.
 
To determine the Manager MBean object name, the Controller dynamically determines the context. For example:
 
Catalina:type=Manager,context=/uc,host=localhost
 
If the following error appears in the Console while you are using the User Sessions feature, you may need to configure this property manually:
 
Universal Controller not configured for user session operations.
 
In the uc.log, you would see the following:
 
javax.management.InstanceNotFoundException: Catalina:type=Manager,context=/uc,host=localhost


uc.node.transient

Specifies (true or false) if the node is a transient Cluster Node.false

uc.oms.service_timeout

Sets the OMS service timeout value specifying the number of seconds of inactivity before a timeout exception will be thrown.

For example, you will see the following in the uc.log:

Default (180 seconds)

2021-08-04-21:12:25:542 -0400 INFO [UC.OMS.Monitor.0] Created: OMSServerConnection [userName=null, clientId=ops.controller.f9a86ee2bd5e4928b3173b186e0feb3c, clientInstance=15296bc7-e994-49eb-a6cf-0ecbf72d5f2f, transportAddresses=OMSTransportAddress [[localhost/127.0.0.1:7878]], nft=true, socketTimeout=30, serviceTimeout=180, authenticateServer=false, serverAddress=null, nextSessionId=0, isClosing=false, connectionInstance=1]

uc.oms.service_timeout=300

OMSServerConnection [userName=null, clientId=ops.controller.f9a86ee2bd5e4928b3173b186e0feb3c, clientInstance=96e45eb5-c513-489a-8746-6223e962e901, transportAddresses=OMSTransportAddress [[localhost/127.0.0.1:7878]], nft=true, socketTimeout=30, serviceTimeout=300, authenticateServer=false, serverAddress=null, nextSessionId=0, isClosing=false, connectionInstance=1]
180

uc.overdue.timer.startup.threshold

Maximum number of days after which an overdue trigger is considered "stale/expired."

2

uc.servlet.port

Port number used by Tomcat.

8080

uc.task.sap.rpc.timeout

Sets the timeout value in seconds for the SAP RPC calls.120

uc.task.zos.view_edit_jcl.timeout

Sets the JCL service timeout value specifying the number of seconds to wait for the agent response before a timeout exception will be thrown.60

uc.trustmanager.algorithm

Java trust manager algorithm.

  • For IBM AIX, the value must be IbmX509.
  • For all other platforms, use the default value.

SunX509

uc.trustmanager.provider

Java trust manager provider.

  • For IBM AIX, the value must be IBMJSSE2.
  • For all other platforms, use the default value.

SunJSSE

uc.trustmanager.ssl.protocols

Comma-separated list of SSL/TLS protocols that can be used for Controller/OMS communications.
 

  • If the property does not contain a protocol list, a default SSL/TLS context will be referenced for building the SSL/TLS socket used for Controller/OMS communications.
  • If the property is used, only those protocols will be enabled for the Controller/OMS session.
  • If the property is not used, only the protocols specified in currently configured default SSL/TLS Context's default SSL/TLS protocol list will be enabled for the Controller/OMS session.


uc.ui.session_timeout

Default browser session timeout, in minutes. To use the Tomcat session configuration (default 30 minutes), set this property to 0.

30

uc.web_service.allow_unknown_properties

Specifies (true or false) whether web service APIs will fail if the request payload contains unknown properties.false

uc.web_service.httpclient.socket.keep_alive

Specifies (true or false) whether TCP socket keep-alive option is enabled for HTTP(S)/REST Web Service Tasks.

false

Secrets Provider Properties

The uc.db.secrets_provider property specifies which secrets provider the controller will use for the database password.

The controller will then load all the properties associated with the specified provider.

The properties that will be loaded by the controller for each provider are listed below. 

AWS Secrets Manager

Property Name

Required

Description

uc.db.secrets_provider.aws_secrets_manager.access_key_id

true

The AWS access key, used to identify the user interacting with AWS.

uc.db.secrets_provider.aws_secrets_manager.secret_access_key

true

The AWS secret access key, used to authenticate the user interacting with AWS.

uc.db.secrets_provider.aws_secrets_manager.region

true

The region name (e.g., us-east-1).

uc.db.secrets_provider.aws_secrets_manager.secret_id

true

The ARN or name of the secret to retrieve.

uc.db.secrets_provider.aws_secrets_manager.secret_password_key

false

If this secret was created by using the console, then Secrets Manager stores the information as a JSON structure of key/value pairs.

Specifies the key for the password in the JSON structure.

  • If left unspecified, the password will evaluate to the entire secret value.

uc.db.secrets_provider.aws_secrets_manager.secret_passphrase_key

false

Specifies the key for the passphrase in the JSON structure.

  • If left unspecified, the passphrase will be undefined.

uc.db.secrets_provider.aws_secrets_manager.secret_token_key

false

Specifies the key for the token in the JSON structure.

  • If left unspecified, the token will be undefined.

uc.db.secrets_provider.aws_secrets_manager.cache_ttl

false

The TTL (Time To Live), in seconds, for the cached secret before a new request to the provider is made. (default 3600 seconds / 1 hour)

Azure Key Vault

Property Name

Required

Description

uc.db.secrets_provider.azure_key_vault.key_vault_name

true

The name of the Key Vault used to build the vault URL to send HTTP requests to.

  • https://<your-key-vault-name>.vault.azure.net

uc.db.secrets_provider.azure_key_vault.secret_name

true

The name of the secret.

uc.db.secrets_provider.azure_key_vault.client_id

true

The client (application) ID.

uc.db.secrets_provider.azure_key_vault.tenant_id

true

The Azure Active Directory tenant (directory) Id.

uc.db.secrets_provider.azure_key_vault.client_secret



The client secret used to authenticate.

  • Only one of CLIENT_SECRET, CLIENT_ASSERTION, PEM_CERTIFICATE, or PFX_CERTIFICATE can be specified.

uc.db.secrets_provider.azure_key_vault.client_assertion



The client assertion used to authenticate.

  • Only one of CLIENT_SECRET, CLIENT_ASSERTION, PEM_CERTIFICATE, or PFX_CERTIFICATE can be specified.

uc.db.secrets_provider.azure_key_vault.pem_certificate



The path of the PEM certificate used for authenticating.

  • Only one of CLIENT_SECRET, CLIENT_ASSERTION, PEM_CERTIFICATE, or PFX_CERTIFICATE can be specified.

uc.db.secrets_provider.azure_key_vault.pfx_certificate



The path of the PFX certificate used for authenticating.

  • Only one of CLIENT_SECRET, CLIENT_ASSERTION, PEM_CERTIFICATE, or PFX_CERTIFICATE can be specified.

uc.db.secrets_provider.azure_key_vault.pfx_certificate_password


The password for the PFX certificate.

  • Required if the PFX_CERTIFICATE is specified.

uc.db.secrets_provider.azure_key_vault.cache_ttl

false

The TTL (Time To Live), in seconds, for the cached secret before a new request to the provider is made. (default 28800 seconds / 8 hours)

CyberArk Credential Provider

Property Name

Required

Description

uc.db.secrets_provider.cyberark_credential_provider.application_id

true

The unique ID of the application issuing the password request.

uc.db.secrets_provider.cyberark_credential_provider.safe

true

The name of the Safe where the password is stored.

uc.db.secrets_provider.cyberark_credential_provider.folder

true

The name of the folder where the password is stored.

uc.db.secrets_provider.cyberark_credential_provider.object

true

The name of the password object to retrieve.

uc.db.secrets_provider.cyberark_credential_provider.reason

false

The reason for retrieving the password.

uc.db.secrets_provider.cyberark_credential_provider.cache_ttl

false

The TTL (Time To Live), in seconds, for the cached secret before a new request to the provider is made. (default 5 seconds)

CyberArk Central Credential Provider

Property Name

Required

Description

uc.db.secrets_provider.cyberark_central_credential_provider.host

true

The hostname of the Central Credential Provider.

uc.db.secrets_provider.cyberark_central_credential_provider.port

true

The port of the Central Credential Provider.

uc.db.secrets_provider.cyberark_central_credential_provider.application_id

true

The unique ID of the application issuing the password request.

uc.db.secrets_provider.cyberark_central_credential_provider.safe

true

The name of the Safe where the password is stored.

uc.db.secrets_provider.cyberark_central_credential_provider.folder

true

The name of the folder where the password is stored.

uc.db.secrets_provider.cyberark_central_credential_provider.object

true

The name of the password object to retrieve.

uc.db.secrets_provider.cyberark_central_credential_provider.keystore

true

The path of the keystore containing the client certificate used for authenticating.

uc.db.secrets_provider.cyberark_central_credential_provider.keystore_password

false

The password used to unlock the keystore.

uc.db.secrets_provider.cyberark_central_credential_provider.keystore_type

false

The type of keystore. (default PKCS12)

  • JKS

    • The proprietary keystore implementation provided by the SUN provider.

  • PKCS12

    • The transfer syntax for personal identity information as defined in PKCS #12.

uc.db.secrets_provider.cyberark_central_credential_provider.keystore_alias

false

The name of a specific entry in the keystore to use.

uc.db.secrets_provider.cyberark_central_credential_provider.cache_ttl


false

The TTL (Time To Live), in seconds, for the cached secret before a new request to the provider is made. (default 5 seconds)


Sample uc.properties File

# DB
uc.db.rdbms=mysql
uc.db.url=jdbc:mysql://localhost/
# MYSQL
# uc.db.mysql.character_encoding=UTF-8
# uc.db.rdbms=mysql
# uc.db.url=jdbc:mysql://localhost/
# MS SQLSERVER
# uc.db.rdbms=sqlserver
# uc.db.url=jdbc:sqlserver://localhost:1433;DatabaseName=uc
# ORACLE
# uc.db.rdbms=oracle
# uc.db.url=jdbc:oracle:thin:@//localhost:1521/@oracle.db.name@
#
# COMMON
#
# trust manager algorithm & provider
# uc.trustmanager.algorithm=SunX509
# uc.trustmanager.provider=SunJSSE
# uc.trustmanager.ssl.protocols=TLSv1,TLSv1.1,TLSv1.2
#
uc.db.user=root
uc.db.password=pswd
uc.db.name=uc
uc.servlet.port=8080
uc.ui.session_timeout=30

Universal Controller System Properties

Properties for your Universal Controller system are set (in the Controller database) during Controller installation. These properties let you define Controller system information and performance.

Universal Controller system properties do not reside in a properties file; they are available only via the user interface.

Although you can reset these properties any time after the Controller is in operation without having to stop and restart the Controller, you should click the Reload current page icon in your browser taskbar after resetting a property.
 

Note

You must be assigned the ops_admin role in order to reset these properties.

Step 1

From the Available Services, select Administration > Properties. The Properties list displays.

Step 2

If you want to change the value of a property, click a its Value field and select/enter a new value.

Step 3

To filter the list of displayed properties, enter appropriate characters (not case-sensitive) in the empty fields above the Name and/or Value columns.
 
For example, to display only properties elated to promotion, enter promotion (or PROMOTION, promo, etc.) in the empty field above the Name column.


The following table describes the Universal Controller system properties:

Name
(Property Name)

Description

Default

Administrator Email Address
(uc.admin.email_addr)

System administrator email address(es) specified as the recipient(s) for System Notifications. Addresses for multiple administrators should be specified in a comma-separated list.

(none)

Agent Address Information Restricted
(uc.agent.address_info_restricted)

Specification (true or false) for whether or not to hide the IP address of an Agent from non-Administrator (ops_admin) users.

If the property is set to true and the user is a non-Administrator, the IP Address field of Agents will display ***** instead of the actual value for that user.

true

Agent Cache Retention Period in Days
(uc.agent.cache.retention)

Number of days that cache files (stdout, stderr) are retained by the system.

7

Agent Cluster Network Alias Cache Retention In Minutes
(uc.agent_cluster.network_alias.cache_retention_in_minutes)

Amount of time (in minutes) that a resolved Network Alias will be used before attempting to resolve it again.

30

Agent Cluster Network Alias Retry Interval In Minutes
(uc.agent_cluster.network_alias.retry_interval_in_minutes)

Amount of time (in minutes) before automatically retrying the Network Alias resolution upon failure.

5

Agent Cluster Network Alias Uquery Port
(uc.agent_cluster.network_alias.uquery_port)

Default port for an Agent Cluster with a Distribution method of Network Alias if no Agent Port is specified.

7887

Agent Credentials Required
(uc.agent.credentials.required)

Specification (true or false) for whether or not Credentials are required for agent-based tasks and Application Resources.

false

Agent Credentials Required On Registration
(uc.agent.credentials.required.registration)

Specification (Windows, Linux/Unix, z/OS) for whether the agent has to use the credentials or not.

(none)

Agent Heartbeat Grace Period in Seconds
(uc.agent.heartbeat.grace_period_in_seconds)

Grace period in seconds (minimum 30, maximum 600) that the Controller will allow for a delayed heartbeat message.

60

Agent Heartbeat Interval in Seconds
(uc.agent.heartbeat.interval.in.seconds)

Number of seconds between each heartbeat message sent by the agent to the Controller.

120

Agent Notification Disabled If Suspended
(uc.agent.notification.disable_if_suspended)