Security-server Configuration

MigrationProperties

Name Default value Type Description

rsa.migration.enable

true

boolean

Flag to be used in case of unit and integration tests for disabling migration check on first boot.

rsa.migration.ui-data-path

/backup/var/lib/netwitness/uax

string

The location of 10.x SA UI data

PasswordPolicyProperties

Name Default value Type Description

rsa.security.account.password-policy.cannot-include-id

false

boolean

Can the password include the account identifier in it?

rsa.security.account.password-policy.min-chars

8

integer

The minimum number of characters the password must have.

rsa.security.account.password-policy.min-lower-chars

0

integer

The minimum number of lower-case characters the password must have.

rsa.security.account.password-policy.min-non-latin-chars

0

integer

The minimum number of non-latin characters a password must have

rsa.security.account.password-policy.min-numeric-chars

0

integer

The minimum number of numeric characters the password must have.

rsa.security.account.password-policy.min-special-chars

0

integer

The minimum number of special characters the password must have.

rsa.security.account.password-policy.min-upper-chars

0

integer

The minimum number of upper-case characters the password must have.

rsa.security.account.password-policy.passwords-expire-after

30

seconds

The maximum time an account password is valid before it must be changed.

rsa.security.account.password-policy.special-chars

~!@#$%^&*_-+=`$|(){}[]:;'"<>,.?/

string

The characters that are considered "special"

PkiAuthenticationProperties

Name Default value Type Description

rsa.security.authentication.pki.enabled

false

boolean

This property controls if the PKI authentication feature is enabled

rsa.security.authentication.pki.retry-interval

1

seconds

This property controls how long to wait before retrying an initialization task.

AuthenticationPolicyProperties

Name Default value Type Description

rsa.security.authentication.policy.account-lockout

20

seconds

Account lockout interval

rsa.security.authentication.policy.auto-create-external-users

true

boolean

Automatically create user profiles for external accounts

rsa.security.authentication.policy.case-sensitive

true

boolean

Case sensitivity of account identifiers

rsa.security.authentication.policy.max-successive-failures-before-lockout

5

integer

Accounts are locked after successive failures

rsa.security.authentication.policy.must-have-a-role

true

boolean

Require role mapping for external users

DeploymentProperties

Name Default value Type Description

rsa.security.deployment.bootstrap-retry-interval

30

seconds

The amount of time to wait before retrying a failed bootstrap attempt.

SamlUserAccountProperties

Name Default value Type Description

rsa.security.saml.account.user-account-type

accounttype

Account type of the users authenticated by SAML