Skip to content

Table Properties#

Portal#

LDAP/LDAP-S#

Expand

Property Description Example
PORTAL_LDAP_URL Add value as "LDAP_HOST: LDAP_PORT xxx.example.com:983
PORTAL_LDAP_BIND_DN   CN=Bind User,OU=example,DC=ad,DC=example,DC=com
PORTAL_LDAP_BIND_PASSWORD Add the password for LDAP  
PORTAL_LDAP_SEARCH_BASE   ou=example,dc=ad,dc=example,dc=com
PORTAL_LDAP_USER_SEARCH_BASE   ou=example,dc=ad,dc=example,dc=com
PORTAL_LDAP_GROUP_SEARCH_BASE   OU=example_services,OU=example,DC=ad,DC=example,DC=com
PORTAL_LDAP_USERNAME_ATTRIBUTE   sAMAccountName
PORTAL_LDAP_DN_ATTRIBUTE   PORTAL_LDAP_DN_ATTRIBUTE: dc
PORTAL_LDAP_SSL_ENABLED For SSL enabled LDAP server, set this value to true. true
PORTAL_LDAP_SSL_PM_GEN_TS

Set this to true if you want Privacera Manager to generate the truststore for your ldaps server.

Set this to false if you want to manually provide the truststore certificate. To learn how to upload SSL certificates, click here.

true

OKTA#

Expand

Property Description Example
OAUTH_CLIENT_CLIENTSECRET Get it from the Prerequisites section above. OAUTH_CLIENT_CLIENTSECRET: "4hb88P9UZmxxxxxxxxm1WtqsaQRv1FZDZiaOT0Gm"        
OAUTH_CLIENT_CLIENTID Get it from the Prerequisites section above. 0oa63edjkaoNHGYTS357
OAUTH_CLIENT_TOKEN_URI Get it from the Prerequisites section above. https://dev-396511.okta.com/oauth2/default/v1/token
OAUTH_CLIENT_AUTH_URI Get it from the Prerequisites section above. https://dev-396511.okta.com/oauth2/default/v1/authorize
OAUTH_RESOURCE_USER_INFO_URI Get it from the Prerequisites section above. https://dev-396511.okta.com/oauth2/default/v1/userinfo
PORTAL_UI_SSO_ENABLE Property to enable/disable OKTA true

SAML#

Expand

Property Description Example
AAD_SSO_ENABLE Enabled by default.  
SAML_ENTITY_ID Get the value from the Prerequisites section. privacera-portal
SAML_BASE_URL   https://{{app_hostname}}:6868
PORTAL_UI_SSO_BUTTON_LABEL   Azure AD Login
PORTAL_UI_SSO_URL   saml/login
SAML_GLOBAL_LOGOUT
Enabled by default. The global logout for SAML is enabled. Once a logout is initiated, all the sessions you've accessed from the browser would be terminated from the Identity Provider (IDP).
 
META_DATA_XML Browse and select the Federation Metadata XML, which you downloaded in the Prerequisites section.   

AuditServer#

Expand

Property Description Example
AUDITSERVER_AUTH_TYPE

Set this property to enable basic authentication.

Value: None/Basic

basic

AUDITSERVER_AUTH_USER

AUDITSERVER_AUTH_PASSWORD

If the above authentication type is set to basic, assign a username and password. You can assign any user credentials.

Value: True/False

AUDITSERVER_AUTH_USER: "padmin"

AUDITSERVER_AUTH_PASSWORD: "padmin"

AUDITSERVER_SOLR_DESTINATION Enable if the audit destination in Solr.
AUDITSERVER_KAFKA_DESTINATION Set to true if audit destination is kafka
AUDITSERVER_KAFKA_BROKER_LIST A list of host/port pairs to use for establishing the initial connection to the Kafka cluster. This list should be in the form host1:port1,host2:port2,.... Since these servers are just used for the initial connection to discover the full cluster membership (which may change dynamically), this list need not contain the full set of servers (you may want more than one, though, in case a server is down). 10.xxx.xx.xxx:9093
AUDITSERVER_KAFKA_TOPIC_NAME Topic name to which audits are to be sent topic-name
AUDITSERVER_KAFKA_SECURITY_PROTOCOL Protocol used to communicate with brokers.

Valid values are: PLAINTEXT, SSL, SASL_PLAINTEXT, SASL_SSL.
SASL_SSL
AUDITSERVER_KAFKA_SSL_KEYSTORE_LOCATION The location of the key store file.
Make sure key is copied in config/ssl folder. Provide name of the file.
kafka.server.keystore
AUDITSERVER_KAFKA_SSL_KEYSTORE_PASSWORD The store password for the key store file.This is optional and only needed if AUDITSERVER_KAFKA_SSL_KEYSTORE_LOCATION is configured. privacera
AUDITSERVER_KAFKA_SSL_KEY_PASSWORD The password of the private key in the key store file. This is optional. privacera
AUDITSERVER_KAFKA_SSL_TRUSTSTORE_LOCATION The location of the trust store file. Make sure the key is copied in config/ssl folder. Provide name of the file. kafka.server.truststore
AUDITSERVER_KAFKA_SSL_TRUSTSTORE_PASSWORD The password for the trust store file. privacera
AUDITSERVER_KAFKA_SASL_JAAS_CONFIG Kafka uses the Java Authentication and Authorization Service (JAAS) for SASL configuration. You must provide JAAS configurations for all SASL authentication mechanisms.
E.g "org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required ;" if AUDITSERVER_KAFKA_SASL_MECHANISM is "OAUTHBEARER
org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required ;
AUDITSERVER_KAFKA_SASL_MECHANISM SASL mechanism used for connections. This may be any mechanism for which a security provider is available. GSSAPI is the default mechanism. OAUTHBEARER
AUDITSERVER_KAFKA_SASL_LOGIN_CALLBACK_HANDLER_CLASS The LoginModule for the selected SASL_MECHANISM
E.g "io.strimzi.kafka.oauth.client.JaasClientOauthLoginCallbackHandler" if AUDITSERVER_KAFKA_SASL_MECHANISM is "OAUTHBEARER
io.strimzi.kafka.oauth.client.JaasClientOauthLoginCallbackHandler
AUDITSERVER_KAFKA_OAUTH_TOKEN_ENDPOINT_URI OAUTH Token endpoint URL used by the application in order to get an access token or a refresh token http://10.211.93.140:4444/oauth2/token
AUDITSERVER_KAFKA_OAUTH_WITH_SSL Set to true if SSL is applied on OAUTH.
AUDITSERVER_OAUTH_ACCEPT_UNSECURE_SERVER Set to true if OAUTH accept unsecure server.
AUDITSERVER_OAUTH_LOGIN_GRANT_TYPE The authorization server needs to know which grant type the application wants to use since it affects the kind of credential it will issue
e.g client_credentials
client_credentials
AUDITSERVER_KAFKA_OAUTH_CLIENT_ID The ID of the application that asks for authorization. broker-kafka
AUDITSERVER_KAFKA_OAUTH_CLIENT_SECRET The secret of the application that asks for authorization. broker-kafka
AUDITSERVER_KAFKA_BATCH_FILESPOOL_DIR If audit framework detects that an audit destination is down then it buffers the audit messages in memory. Once memory buffer fills up then it can be configured to spool the unsent messages to disk files to prevent or minimize the loss of audit messages. Local disk directory where spool files would be kept. This value must be specified.
Default location is "/workdir/privacera-audit-server/kafka-spool
/workdir/privacera-audit-server/kafka-spool

Aurora DB#

PostgreSQL#

Expand

Property Description

EXTERNAL_DB_HOST

EXTERNAL_DB_NAME

Enter the hostname of the PostgreSQL server, and the name of the database you want to connect to.

EXTERNAL_DB_USER

EXTERNAL_DB_PASSWORD

Enter the credentials of the user who has access to the database.

MySQL#

Expand

Property Description

EXTERNAL_DB_HOST

EXTERNAL_DB_NAME

Enter the hostname of the PostgreSQL server, and the name of the database you want to connect to.

EXTERNAL_DB_USER

EXTERNAL_DB_PASSWORD

Enter the credentials of the user who has access to the database.

Solr#

Expand

Property Description
SOLR_BASIC_AUTH_ENABLED Set this property to true to enable the basic authentication. 

SOLR_BASIC_AUTH_USER

SOLR_BASIC_AUTH_PASSWORD 

Assign the user credentials for the Solr authentication.


Last update: July 23, 2021