--- title: Embedded Jetty configuration description: In IDM 8.0, jetty.xml is no longer supported. component: pingidm version: 8.1 page_id: pingidm:install-guide:appendix-jetty canonical_url: https://docs.pingidentity.com/pingidm/8.1/install-guide/appendix-jetty.html keywords: ["Installation", "Jetty", "Configuration"] section_ids: jetty-key-store-trust-store: Jetty key store and trust store understanding-jetty-config-apache-felix: Understanding Jetty configuration and Apache Felix --- # Embedded Jetty configuration | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | In IDM 8.0, `jetty.xml` is no longer supported.When serving SSL requests, Jetty 12 checks that the incoming host header matches the server certificate's subject and returns a `400 Bad Request` error on a mismatch. If you're upgrading to IDM 8.0, you must ensure your IDM server certificate subject matches the host name used by your deployment.Learn more in [Jetty 12 support](../release-notes/whats-new.html#jetty_12_support). | PingIDM includes an embedded Jetty web server. The Jetty web server configuration is included in IDM's configuration service, allowing for Jetty properties to be modified at runtime. The configuration includes: * A `webserver.json` that contains the global Jetty settings * A `webserver.listener-*.json` that configures a Jetty connector to listen on a specific port | | | | - | ---------------------------------------------------------------------------------------- | | | At least one `webserver.listener-*.json` must be defined and enabled for Jetty to start. | Learn more about the configuration properties for `webserver.json` and `webserver.listener-*.json` in [Jetty configuration properties](idm-config-properties-jetty.html). ## Jetty key store and trust store Jetty depends on IDM to supply the `mainKeyStore` and `mainTrustStore` configured in `secrets.json`. If the `mainTrustStore` is not defined, the `mainKeyStore` is used as Jetty's trust store. ## Understanding Jetty configuration and Apache Felix IDM runs in the [Apache Felix](https://felix.apache.org/documentation/index.html) framework, which allows the Jetty configuration to be specified and managed through [OSGI](https://www.osgi.org/resources/what-is-osgi/) components. If there is a change to the Jetty configuration in `webserver.json`, Apache Felix rebuilds the Jetty instance. Learn more about OSGI and Apache Felix in the [Architectural overview](../setup-guide/chap-overview.html). | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | Changes to `webserver.listener-*.json` files don't cause Jetty to restart. Only the Jetty connector configured by the changed file is restarted or removed if the file is deleted or disabled. |