Table Properties#
Portal#
LDAP/LDAP-S#
Expand
| Property | Description | Example |
|---|---|---|
| PORTAL_LDAP_URL | Add value as "LDAP_HOST: LDAP_PORT | xxx.example.com:983 |
| PORTAL_LDAP_BIND_DN | CN=Bind User,OU=example,DC=ad,DC=example,DC=com | |
| PORTAL_LDAP_BIND_PASSWORD | Add the password for LDAP | |
| PORTAL_LDAP_SEARCH_BASE | ou=example,dc=ad,dc=example,dc=com | |
| PORTAL_LDAP_USER_SEARCH_BASE | ou=example,dc=ad,dc=example,dc=com | |
| PORTAL_LDAP_GROUP_SEARCH_BASE | OU=example_services,OU=example,DC=ad,DC=example,DC=com | |
| PORTAL_LDAP_USERNAME_ATTRIBUTE | sAMAccountName | |
| PORTAL_LDAP_DN_ATTRIBUTE | PORTAL_LDAP_DN_ATTRIBUTE: dc | |
| PORTAL_LDAP_SSL_ENABLED | For SSL enabled LDAP server, set this value to true. | true |
| PORTAL_LDAP_SSL_PM_GEN_TS |
Set this to true if you want Privacera Manager to generate the truststore for your ldaps server. Set this to false if you want to manually provide the truststore certificate. To learn how to upload SSL certificates, click here. |
true |
OKTA#
Expand
| Property | Description | Example |
|---|---|---|
| OAUTH_CLIENT_CLIENTSECRET | Get it from the Prerequisites section above. | OAUTH_CLIENT_CLIENTSECRET: "4hb88P9UZmxxxxxxxxm1WtqsaQRv1FZDZiaOT0Gm" |
| OAUTH_CLIENT_CLIENTID | Get it from the Prerequisites section above. | 0oa63edjkaoNHGYTS357 |
| OAUTH_CLIENT_TOKEN_URI | Get it from the Prerequisites section above. | https://dev-396511.okta.com/oauth2/default/v1/token |
| OAUTH_CLIENT_AUTH_URI | Get it from the Prerequisites section above. | https://dev-396511.okta.com/oauth2/default/v1/authorize |
| OAUTH_RESOURCE_USER_INFO_URI | Get it from the Prerequisites section above. | https://dev-396511.okta.com/oauth2/default/v1/userinfo |
| PORTAL_UI_SSO_ENABLE | Property to enable/disable OKTA | true |
SAML#
Expand
| Property | Description | Example |
|---|---|---|
| AAD_SSO_ENABLE | Enabled by default. | |
| SAML_ENTITY_ID | Get the value from the Prerequisites section. | privacera-portal |
| SAML_BASE_URL | https://{{app_hostname}}:6868 | |
| PORTAL_UI_SSO_BUTTON_LABEL | Azure AD Login | |
| PORTAL_UI_SSO_URL | saml/login | |
| SAML_GLOBAL_LOGOUT |
Enabled by default. The global logout for SAML is enabled. Once a logout is initiated, all the sessions you've accessed from the browser would be terminated from the Identity Provider (IDP).
|
|
| META_DATA_XML | Browse and select the Federation Metadata XML, which you downloaded in the Prerequisites section. |
AuditServer#
Expand
| Property | Description | Example |
|---|---|---|
| AUDITSERVER_AUTH_TYPE |
Set this property to enable basic authentication. Value: None/Basic |
basic |
|
AUDITSERVER_AUTH_USER AUDITSERVER_AUTH_PASSWORD |
If the above authentication type is set to basic, assign a username and password. You can assign any user credentials. Value: True/False |
AUDITSERVER_AUTH_USER: "padmin" AUDITSERVER_AUTH_PASSWORD: "padmin" |
| AUDITSERVER_SOLR_DESTINATION | Enable if the audit destination in Solr. | |
| AUDITSERVER_KAFKA_DESTINATION | Set to true if audit destination is kafka | |
| AUDITSERVER_KAFKA_BROKER_LIST | A list of host/port pairs to use for establishing the initial connection to the Kafka cluster. This list should be in the form host1:port1,host2:port2,.... Since these servers are just used for the initial connection to discover the full cluster membership (which may change dynamically), this list need not contain the full set of servers (you may want more than one, though, in case a server is down). | 10.xxx.xx.xxx:9093 |
| AUDITSERVER_KAFKA_TOPIC_NAME | Topic name to which audits are to be sent | topic-name |
| AUDITSERVER_KAFKA_SECURITY_PROTOCOL | Protocol used to communicate with brokers. Valid values are: PLAINTEXT, SSL, SASL_PLAINTEXT, SASL_SSL. |
SASL_SSL |
| AUDITSERVER_KAFKA_SSL_KEYSTORE_LOCATION | The location of the key store file. Make sure key is copied in config/ssl folder. Provide name of the file. |
kafka.server.keystore |
| AUDITSERVER_KAFKA_SSL_KEYSTORE_PASSWORD | The store password for the key store file.This is optional and only needed if AUDITSERVER_KAFKA_SSL_KEYSTORE_LOCATION is configured. | privacera |
| AUDITSERVER_KAFKA_SSL_KEY_PASSWORD | The password of the private key in the key store file. This is optional. | privacera |
| AUDITSERVER_KAFKA_SSL_TRUSTSTORE_LOCATION | The location of the trust store file. Make sure the key is copied in config/ssl folder. Provide name of the file. | kafka.server.truststore |
| AUDITSERVER_KAFKA_SSL_TRUSTSTORE_PASSWORD | The password for the trust store file. | privacera |
| AUDITSERVER_KAFKA_SASL_JAAS_CONFIG | Kafka uses the Java Authentication and Authorization Service (JAAS) for SASL configuration. You must provide JAAS configurations for all SASL authentication mechanisms. E.g "org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required ;" if AUDITSERVER_KAFKA_SASL_MECHANISM is "OAUTHBEARER |
org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required ; |
| AUDITSERVER_KAFKA_SASL_MECHANISM | SASL mechanism used for connections. This may be any mechanism for which a security provider is available. GSSAPI is the default mechanism. | OAUTHBEARER |
| AUDITSERVER_KAFKA_SASL_LOGIN_CALLBACK_HANDLER_CLASS | The LoginModule for the selected SASL_MECHANISM E.g "io.strimzi.kafka.oauth.client.JaasClientOauthLoginCallbackHandler" if AUDITSERVER_KAFKA_SASL_MECHANISM is "OAUTHBEARER |
io.strimzi.kafka.oauth.client.JaasClientOauthLoginCallbackHandler |
| AUDITSERVER_KAFKA_OAUTH_TOKEN_ENDPOINT_URI | OAUTH Token endpoint URL used by the application in order to get an access token or a refresh token | http://10.211.93.140:4444/oauth2/token |
| AUDITSERVER_KAFKA_OAUTH_WITH_SSL | Set to true if SSL is applied on OAUTH. | |
| AUDITSERVER_OAUTH_ACCEPT_UNSECURE_SERVER | Set to true if OAUTH accept unsecure server. | |
| AUDITSERVER_OAUTH_LOGIN_GRANT_TYPE | The authorization server needs to know which grant type the application wants to use since it affects the kind of credential it will issue e.g client_credentials |
client_credentials |
| AUDITSERVER_KAFKA_OAUTH_CLIENT_ID | The ID of the application that asks for authorization. | broker-kafka |
| AUDITSERVER_KAFKA_OAUTH_CLIENT_SECRET | The secret of the application that asks for authorization. | broker-kafka |
| AUDITSERVER_KAFKA_BATCH_FILESPOOL_DIR | If audit framework detects that an audit destination is down then it buffers the audit messages in memory. Once memory buffer fills up then it can be configured to spool the unsent messages to disk files to prevent or minimize the loss of audit messages. Local disk directory where spool files would be kept. This value must be specified. Default location is "/workdir/privacera-audit-server/kafka-spool |
/workdir/privacera-audit-server/kafka-spool |
Aurora DB#
PostgreSQL#
Expand
| Property | Description |
|---|---|
|
EXTERNAL_DB_HOST EXTERNAL_DB_NAME |
Enter the hostname of the PostgreSQL server, and the name of the database you want to connect to. |
|
EXTERNAL_DB_USER EXTERNAL_DB_PASSWORD |
Enter the credentials of the user who has access to the database. |
MySQL#
Expand
| Property | Description |
|---|---|
|
EXTERNAL_DB_HOST EXTERNAL_DB_NAME |
Enter the hostname of the PostgreSQL server, and the name of the database you want to connect to. |
|
EXTERNAL_DB_USER EXTERNAL_DB_PASSWORD |
Enter the credentials of the user who has access to the database. |
Solr#
Expand
| Property | Description |
|---|---|
| SOLR_BASIC_AUTH_ENABLED | Set this property to true to enable the basic authentication. |
|
SOLR_BASIC_AUTH_USER SOLR_BASIC_AUTH_PASSWORD |
Assign the user credentials for the Solr authentication. |