XTAM System Properties Reference Guide

Embedded database home folder

Backend database driver class

Backend database dialect

Backend database Password

Backend database URL

Backend database User

Main integrated LDAP user search filter

Main integrated LDAP base DN

Main integrated LDAP domain

Main integrated LDAP groups search query

Main integrated LDAP service account

Main integrated LDAP service account password

Main integrated LDAP base tree node for groups

Main integrated LDAP attribute name for a group name

Main integrated LDAP role search query

Main integrated LDAP root DN

Main integrated LDAP URL

Local user directory service account DN

Local user directory service account password

Local user directory URL

Local user directory group search query

Local user directory group base

Local user directory attribute for group name

Local user directory membership search query

Local user directory user base

Local user directory user search query

Duo MFA integration Duo Security API URL

Duo MFA integration application or secret key

Duo MFA integration API key

Duo MFA integration secret key

Duo MFA integration ID (mfa-duo)

Duo MFA integration name

Duo MFA integration rank

Duo MFA integration flag to enable trusted devices option

TOTP MFA number of digits in the code

TOTP MFA issuer

TOTP MFA database connection (usually java:comp/env/jdbc/PamDB)

TOTP MFA data source proxy

TOTP MFA database pre-creation option

TOTP MFA database dialect (usually {hibernate.dialect})

TOTP MFA database driver class (usually {hibernate.connection.driver_class})

TOTP MFA screen label

TOTP MFA time step size

TOTP MFA flag to enable trusted devices option

TOTP MFA window size

Global MFA provider

Radius MFA accounting port

Radius MFA authentication port

Radius MFA host name or IP address

Radius MFA secret

Radius MFA server protocol

Yubikey MFA client ID

Yubikey MFA data source name (usually java:comp/env/jdbc/PamDB)

Yubikey MFA data source proxy

Yubikey MFA database pre-creation option

Yubikey MFA database dialect (usually {hibernate.dialect})

Yubikey MFA database driver class (usually {hibernate.connection.driver_class})

Yubikey MFA integration name

Yubikey MFA secret key

HTTP Header for client address (X-Forwarded-For)

CAS audit data source name (usually java:comp/env/jdbc/PamDB)

CAS audit MFA data source proxy

CAS audit database pre-creation option

CAS audit database dialect (usually {hibernate.dialect})

CAS audit database driver class (usually {hibernate.connection.driver_class})

Hard coded users for authentication

Flag to enable using the password of the current user for system operations such as session connect

Flag to enable pass-through credentials capture

Flag to enable pass-through credential encryption

Pass-through credentials encryption key

Pass-through credentials sining key

Confirms CAS logout

Flag to enable service provider logout for SAML integrated providers

Application Access URL stem (https://xtam.company.com/

Managed path of CAS server URL (for example, https://xtam.company.com)

CAS URL for SAML integration (for example, https://xtam.company.com/xtam/)

Flag for CAS registry DB initialization

CAS service registry data source name (usually java:comp/env/jdbc/PamDB)

CAS service registry MFA data source proxy

CAS service registry database pre-creation option

CAS service registry database dialect (usually {hibernate.dialect})

CAS service registry database driver class (usually {hibernate.connection.driver_class})

Algorithm for CAS parameters encryption

Master password to encrypt CAS parameters

Flag to enable CAS TGC encryption

CAS TGC encryption key

CAS ticket granting signing key. SRF token signing key

CAS TGC signing key

CAS ticket registry cleaner schedule enable flag

CAS ticket registry cleaner repeat interval

CAS ticket registry cleaner start delay

CAS ticket registry encryption algorithm

Flag to enable CAS registry encryption

CAS ticket registry encryption key

CAS ticket registry encryption key size

CAS ticket registry signing key

CAS ticket registry signing key size

CAS ticket registry data source name (usually java:comp/env/jdbc/PamDB)

CAS ticket registry MFA data source proxy

CAS ticket registry MFA database pre-creation option

CAS ticket registry database dialect (usually {hibernate.dialect})

CAS ticket registry database driver class (usually {hibernate.connection.driver_class})

CAS ticket locking timeout

CAS ticket lock shared among nodes

Application Access URL such as https://xtam.company.com/xtam/

CAS weblow encryption key

CAS weblow signing key

Local user directory type

Local user directory URL

Local user directory SSL enabling

Local user directory StartTLS enabling

Local user directory connect timeout

Local user directory base DN

Local user directory filter to search users

Local user directory enable subtree search

Local user directory use password policy

Local user directory DN format pattern based on user entry

Local user directory attribute for user

Local user directory list of attributes to retrieve from the directory

Integrated LDAP user directory type (AUTHENTICATED|AD|DIRECT|ANONYMOUS)

Integrated LDAP user directory URL

Integrated LDAP user directory use SSL option

Integrated LDAP user directory use StartTLS option

Integrated LDAP user directory connection timeout

Integrated LDAP user directory base DN

Integrated LDAP user directory user query

Integrated LDAP user directory enable subtree search

Integrated LDAP user directory password policy use

Integrated LDAP user directory DN format pattern

Integrated LDAP user directory attribute for user name (for example, sAMAccountName or UserPrincipalName)

Integrated LDAP user directory list of attributes to retrieve from directory

SAML integration client name

SAML integration keystore password

SAML integration

SAML integration service provider entity ID

SAML integration URL to service provider metadata

SAML integration path to keystore

SAML integration path to provider metadata file

SAML integration maximum authentication lifetime

Flag to avoid 1-minute delay starting up worker processes

OS temporary folder

Flag to disable use of OS proxy configuration for HTTP queries such as check for latest version. False in OOB configuration.

Timeout in milliseconds for SMTP operations

Default language to initialize the system

Temporary folder base for the playback rendering

Flag to enable dynamic reference from local groups to external LDAP members to allow entry reorganization in the external user directory without breaking local groups membership. When set to False, the system will use entry DN to reference external entry instead of search

Flag to disable XSRF token verification

AWS STS Endpoint for temporary ticket generation. The value defaults to sts.amazonaws.com and could be overwritten by record field STSEndpoint.

AWS STS Region for temporary ticket generation. The value defaults to us-east-1 and could be overwritten by record field STSRegion.

Authentication token from CAS login process to XTAM granular MFA service

SQL statement for CAS registry

SQL Statement for CAS registry update

WEB Server SSL Certificate password

Path to WEB Server SSL Certificate

Flag to enable encryption of session recordings

WS-Management protocol delay in seconds between commands

WS-Management protocol timeout in seconds

Second node URL for node replication

Flag to enable HTTP Proxy in remote node to tunnel RDP, SSH and HTTP proxy connections from master node as a session manager

Port number overwrite for remote node HTTP Proxy serving as a session manager for master node proxy servers

Encryption algorithm for remote Proxy session manager communication for SSH, RDP, HTTPs proxies

Flag to enable enforcement of  unique record names in folder during import process

Overwrite for cas.authn.mfa.duo[0].duoApiHost

Overwrite for cas.authn.mfa.duo[0].duoIntegrationKey

Overwrite for cas.authn.mfa.duo[0].duoSecretKey

SMS integration Groovy script from script library

SMS integration URL

Service account password for ticketing system integration

Request reason pattern indicating a message to ticketing system (SN #)

Groovy script from the script library to integration with ticketing system

URL of ticketing system

Service account for ticketing system integration

Max length of form fields

Flag to use only credential fields for reference records

Flag enabling mock MFA controller (allow first time use, deny second time use)

Flag to log operating system attributes to performance logging

Flag to enable internal performance logging

File name for the internal performance logging if not redirected to system log

Level of the system log message for internal performance log

Flag to redirect internal performance logging to regular system logging instead of custom file perf.log

Period of internal performance logging

Flag to disable capability to pass MFA token with RDP, SSH proxy user attribute

XTAM Proxy host if different from cas.managed.path (for example, for geo-distributed systems)

Flag to enable HTTP Proxy to trust SSL Certificates of all endpoint WEB Portals

Flag to enforce RDP proxy startup

RDP Proxy port overwrite

Flag to enable tracing of credential capturing by the system

Flag to switch the node to remote node mode

Node name to overwrite default host name as a node name

Remote node user password

Remote node authentication token as an alternative to user and password

Remote master node URL

Remote node user to connect to master node

Signing key for node-to-node replication exchange

Hour for the daily report schedule

Day of the month for monthly report schedule

Day of the week for weekly report schedule

Flag to enable Secure-IDs

Flag to enable strict check for Secure-IDs

Time in milliseconds to wait before issuing blocking command (such as sudo) at the start of remote session

Flag to disable restriction to make reference, shadow and dynamic credential records in another vault

Flag to disable MFA for proxy sessions (SSH, RDP, HTTP). This parameter replaced now deprecated but still valid parameter xtam.ssh.proxy.mfa.disable with the same meaning.

Default idle timeout for SSH sessions

Flag to enable Bouncy Castle installed as a preferred security provider

Flag to enable business analytics processing

Flag to enable auto-creating guest accounts authenticated using external SSO services

Local group to add auto-created guest user

Expiration time in milliseconds (0 – infinite) for auto-created guest user

Flag to disable MFA for WEB Login (as oppose to Proxy Servers)

Number of times SSH Proxy will retry connecting to remote server

Number of times SSH Proxy will retry authenticating XTAM user

Number of seconds SSH Proxy waits before retrying to connect to remote server progressively increasing with each retry (10 seconds after first failed attempt, 20 seconds after seconds one, 30 seconds after third one)

Number of seconds SSH Proxy waits before retrying to authenticate XTAM user progressively increasing with each retry (10 seconds after first failed attempt, 20 seconds after seconds one, 30 seconds after third one)