Settings Group | Setting | Description | Allowed Values |
---|
Settings / Deployment Macros | |
---|
getCompositeCategory | Value returned by Action Language macro getCompositeCategory(). Initial value of this setting is the category specified in the service details (see Managing the Service Details). You can change this value here. | any string |
getCompositeName | Value returned by Action Language macro getCompositeName(). Initial value of this setting is the service name. You can change this value here. | any string |
getCompositeVersion | Value returned by Action Language macro getCompositeVersion(). Initial value of this setting is the service version in the service details (see Managing the Service Details). You can change this value here. | a version string |
|
---|
AuthenticatorEnabled | Specify whether users are allowed to identify themselves using an x-pas-user header instead of a bearer token. Note |
---|
For compatibility reasons true (x-pas-header allowed) is the default option but this is deprecated and may lead to security issues. If you do not rely on the x-pas-header, we recommend setting this option to false. |
| true | Allow using an x-pas-header or a bearer token for authentication (default). |
false | Authentication only by bearer token. |
AuthService::minimalAccessTokenLifeSpan | Define when a refresh token should be triggered. Default is 30 (if the token last less than 30 seconds it will be refreshed before it is used). Info |
---|
In general there is no need to change the default of 30 seconds. |
| any integer |
KeycloakInstance::clientId | Specify the clientId to use when authenticating the service. Default is keycloak-clientId. Info |
---|
The clientId is defined in Keycloak, it should be changed in production to define specific authorization for this service. |
| any string |
KeycloakInstance::clientSecret | Specify the clientSecret associated to the clientId. Default is keycloak-clientSecret. Info |
---|
The clientSecret is defined in Keycloak, it should be changed in production to define specific authorization for this service. |
| any string |
KeycloakAlias:Location:host | Specify the hostname (domain) of the Keycloak SSO system. Default is keycloak-host. | any string |
KeycloakAlias:Location:basePath | Specify the subpath of the Keycloak system. Default is keycloak-basePath. | any string |
KeycloakAlias:Location:port | Specify the port of the Keycloak system. Default cannot be changed. | 8080 |
KeycloakAlias:Location:protocol | Specify the protocol of the Keycloak system. Default cannot be changed. | http |
PasSecurityService::allowAnonymous | Specify whether anonymous users (no PAS users) should be allowed to send requests to the PAS BPMN service. In contrast to anonymous users, PAS users are identified by a bearer token or x-pas-user header). If this setting is set to false, requests of unauthenticated users will return HTTP error 401. Info |
---|
This setting does not disable any role configuration within the BPMN. If there are lanes configured in the BPMN, the service can only be accessed by authenticated users. |
| true | Allow anonymous access (default). |
false | Access for identified users only. |
|
---|
<service settings> | In your Designer service, you can define name-value pairs using the setting macro in an implementation. These values can be modified here. |
|