The WebGUI configuration file (WebGUI.properties) is located in the <pi_install_dir>/webgui/config/ directory. The following table explains the parameters and provides recommended values.
Parameters Description
Server , timezone properties
pi.webgui.server.port WebGUI sever port number. The default value is 8030.
Note: You can specify the port number as 443 to run WebGUI on HTTPS. This option is only available if WebGUI start.sh is executed by root user.
pi.webgui.server.timezone The timezone configuration for WebGUI. Valid values are local or utc. The default value is utc.
Log level, authentication mode properties
pi.webgui.admin.log.level

The applicable log levels. Valid values are : all, trace, debug, info, warn, error,fatal, off. The values are not case sensitive.

pi.webgui.server.authentication-mode The authentication mode. Valid values are native or sso.
Session properties
pi.webgui.session.max-age

The maximum allowed duration for a session. After max-age duration, user will be asked to re-authenticate. The allowed format is <duration number>m (minutes) or <duration number> h (hours) or <duration number>d (days). For example, 20m or 20h or 20d.

Note: The duration value must be greater than zero.
pi.webgui.session.expiry-time

The maximum duration allowed for a session to remain inactive. The value should be provided in minutes. After inactivity period, user will be asked to re-authenticate.

pi.webgui.session.max-active-sessions The maximum number of active sessions allowed. The default value is 50.
SSL properties
pi.webgui.server.ssl.enabled-protocols

The supported SSL enabled protocols. For more information, see https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html#sslcontext-algorithms. For multiple SSL protocols use comma separated list. For example, TLSv1.1,TLSv1.2.

pi.webgui.server.ssl.ciphers The supported ssl ciphers. For the list of valid cipher names, see https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html#jsse-cipher-suite-names. For multiple cipher names use comma separated list. For example, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256.
pi.webgui.server.ssl.key-store The SSL server keystore location value. For JKS keystore, keystore password and private key password should be same when you generate a JKS keystore.
pi.webgui.server.ssl.key-store-type The SSL keystore type. The default value is jks.
pi.webgui.server.ssl.key-store-password The password credentials to SSL keystore.
pi.webgui.server.ssl.key-alias Alias for SSL key. Default value is PingIntelligence.
ABS properties
pi.webgui.abs.url ABS URL
pi.webgui.abs.access-key ABS access key.
pi.webgui.abs.secret-key ABS secret key.
pi.webgui.abs.api-service-url Host URL for the API Publish service. The default port number is 8020.
ASE properties
pi.webgui.ase.url ASE Management URL value.
Note: The ASE management URL is an optional parameter.
pi.webgui.ase.mode ASE deployment mode. Valid values are inline or sideband. When PingIntelligence is deployed on cloud, the default value is inline.
pi.webgui.ase.access-key ASE access key.
pi.webgui.ase.secret-key ASE secret key.
Kibana properties
pi.webgui.dashboard.url The Kibana URL.
pi.webgui.dashboard.username The Kibana username credentials.
pi.webgui.dashboard.password The Kibana password credentials.
Elasticsearch properties
pi.webgui.elasticsearch.url Elasticsearch URL.
pi.webgui.elasticsearch.username The username credential to Elasticsearch.
pi.webgui.elasticsearch.password The password credentials to Elasticsearch.
pi.webgui.elasticsearch.distro-type Elasticsearch distribution type. Valid values are default and aws.
API discovery properties
pi.webgui.discovery.source Source for API discovery. Valid values are abs, axway, and pingaccess.
Indicators of Attack (IoA) listing properties
pi.webgui.ioclisting.fetchsize The limit of documents that can be pulled from Elasticsearch. The default value is 2000. The upper limit is 10000.
h2 database properties
pi.webgui.datasource.url h2 database URL. The database is started on default port number 9092.Total number of documents that can be fetched in an Elasticsearch search query to list IoAs for different client identifier types.
pi.webgui.datasource.username Username credentials to h2 database.
pi.webgui.datasource.password Password to h2 database.
pi.webgui.datasource.encryption-password Password to encrypt h2 database.
Note:

The h2 database will use the properties when it is first started. If you want to change them, stop webgui server and delete data/h2 directory and start again. When you delete data/h2 directory, WebGUI is reset. The login passwords,login sessions, and api state information is lost when the WebGUI is reset.

Connection timeout properties
pi.webgui.http-client.timeout Total number of documents that can be fetched in an Elasticsearch TCP connection timeout value in milliseconds. Timeout after which TCP connection to ABS, ASE,Dashboard, ElasticSearch is closed by the WebGUI.
pi.webgui.http-client.socket-timeout Socket timeout value in milliseconds. Timeout after which socket to ABS, ASE,Dashboard, ElasticSearch is closed by the WebGUI.
JDK truststore properties
pi.webgui.jdk.truststore The location of JDK truststore. The default value is $JAVA_HOME/lib/security/cacerts.
pi.webgui.jdk.truststore-password The password to JDK truststore.
Note: Configure the values of JDK trustore and its password only if the defaults don't match.
HTTP client connection properties
pi.webgui.http-client.max-connections Maximum allowed HTTP connections
pi.webgui.http-client.request-timeout Request timeout for the HTTP clients.
pi.webgui.http-client.keep-alive-time Connection keep-alive time
pi.webgui.http-client.idle-time HTTP client idle time
A sample webgui.properties file is displayed here.
#### PingIntelligence WebGUI properties file
# This is in standard java properties file format
# comments are denoted by number sign (#) as the first non blank character
# multiline values are ended with '\' as end of line

### server listening port
# server listens on 0.0.0.0 ( all interfaces )
# server enables only https(ssl) on this port
pi.webgui.server.port=8030

### Timezone configuration
# valid values: local, utc
pi.webgui.server.timezone=utc

### log level
# valid values: ALL, TRACE, DEBUG, INFO, WARN, ERROR, FATAL, OFF
# filtering sequence: ALL > TRACE > DEBUG > INFO > WARN > ERROR > FATAL > OFF
# higher level in the sequence will allow all the lower level log messages
# case insensitive
pi.webgui.admin.log.level=INFO

### Authentication mode
# valid values: native, sso
pi.webgui.server.authentication-mode=native

### ui login session
# maximum duration of a session
# after max-age duration, user will be asked to re-authenticate
# format: <duration>m (minutes) /h (hours) /d (days)
# duration should be > 5 minutes
pi.webgui.session.max-age=6h

# maximum session inactivity duration( No requests from the session ). In minutes
# after inactivity period, user will be asked to re-authenticate
pi.webgui.session.expiry-time=30

# maximum active sessions allowed
pi.webgui.session.max-active-sessions=50

### server ssl properties
# ssl enabled protocols ( https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html#sslcontext-algorithms)
# for multiple SSL protocols use comma separated list. e.g TLSv1.1,TLSv1.2
pi.webgui.server.ssl.enabled-protocols=TLSv1.2

# supported ssl ciphers
# valid cipher names: https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html#jsse-cipher-suite-names
# for multiple cipher names use comma separated list. e.g TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
pi.webgui.server.ssl.ciphers=TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA, \
TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, \
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, \
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA, \
TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, \
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, \
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA

## server ssl keystore
# for JKS keystore, keystore password and private key password should be same when you generate a jks keystore.
pi.webgui.server.ssl.key-store=config/webgui.jks
pi.webgui.server.ssl.key-store-type=JKS
pi.webgui.server.ssl.key-store-password=OBF:AES:NOp0PNQvc/RLUN5rbvZLtTPghqVZzD9V:+ZGHbhpY4HENYYqJ4wn50AmoO6CZ3OcfjqTYQCfgBgc=
pi.webgui.server.ssl.key-alias=PingIntelligence

### abs properties
pi.webgui.abs.url=https://localhost:8080
pi.webgui.abs.access-key=OBF:AES:NuBmDdIhJM7KOB3BbXr4db5DfGJcrA==:hUsqFeTUmH5cOjiUPyws9WwTPYw9yAg0C1X1HSmSI30=
pi.webgui.abs.secret-key=OBF:AES:NuBmDcAhXgsQu8qzJgIo1Mq97B/PVw==:7GpDn83ZAU6GRKYsZe86x0gdnYOZfTbi8rUimDW100o=

### ase properties
# ASE management url
pi.webgui.ase.url=https://localhost:8010
# ASE mode: valid values: inline or sideband
pi.webgui.ase.mode=inline
pi.webgui.ase.access-key=OBF:AES:NuZ4O93cWBKyKDFOZFINHeBew8sQ:eu//E2CIObNNGvFOfHrLuAuec4WvN4yZsThAea4iBLA=
pi.webgui.ase.secret-key=OBF:AES:NuZ4O93cWBKyKDFOZFINHeBew8sQ:eu//E2CIObNNGvFOfHrLuAuec4WvN4yZsThAea4iBLA=

### kibana rendering ( dashboard ) properties
pi.webgui.dashboard.url=https://localhost:5601
pi.webgui.dashboard.username=ping_user
pi.webgui.dashboard.password=OBF:AES:NOp0PNQvc/RLUN5rbvZLtTPghqVZzD9V:+ZGHbhpY4HENYYqJ4wn50AmoO6CZ3OcfjqTYQCfgBgc=

### elasticsearch properties
pi.webgui.elasticsearch.url=https://localhost:9200
pi.webgui.elasticsearch.username=elastic
pi.webgui.elasticsearch.password=OBF:AES:NOp0PNQvc/RLUN5rbvZLtTPghqVZzD9V:+ZGHbhpY4HENYYqJ4wn50AmoO6CZ3OcfjqTYQCfgBgc=
# ES distribution type
# valid values: default, aws
pi.webgui.elasticsearch.distro-type=default

### api discovery properties
# discovery source
# valid values: abs, axway and pingaccess
# for axway and pingaccess, see config/discovery.properties
pi.webgui.discovery.source=abs

### ioc listing properties
# total number of documents that can be fetched in an elasticsearch search
# query to list iocs for different client identifier types.
pi.webgui.ioclisting.fetchsize=2000

### server internal configurations

## local h2 db datasource properties
# h2 db is started on default port 9092
pi.webgui.datasource.url=jdbc:h2:ssl://localhost/webgui_data;CIPHER=AES

# h2 db will use following properties when it is first started. There is no way to change it afterwards
# If you want to change it, you should stop webgui server and delete data/h2 directory and start again.
# when you delete data/h2 directory, webgui is reset. you will loose login passwords/login sessions/api state info.
pi.webgui.datasource.username=sa
pi.webgui.datasource.password=OBF:AES:NOp0PNQvc/RLUN5rbvZLtTPghqVZzD9V:+ZGHbhpY4HENYYqJ4wn50AmoO6CZ3OcfjqTYQCfgBgc=
pi.webgui.datasource.encryption-password=OBF:AES:NOp0PNQvc/RLUN5rbvZLtTPghqVZzD9V:+ZGHbhpY4HENYYqJ4wn50AmoO6CZ3OcfjqTYQCfgBgc=

### server to abs/ase/dashboard http connection properties
# tcp connect timeout in milliseconds
pi.webgui.http-client.timeout=15000
# timeout after which socket to abs/ase/dashboard/elasticsearch is closed by the webgui
pi.webgui.http-client.socket-timeout=120000

## http client connection pool configurations
pi.webgui.http-client.max-connections=256
pi.webgui.http-client.request-timeout=30000
pi.webgui.http-client.keep-alive-time=120000
pi.webgui.http-client.idle-time=120000