Parameters | Description |
---|---|
Server , timezone properties | |
pi.webgui.server.port | WebGUI sever port number. The default value is 8030. Note: You can specify the port number as 443 to run WebGUI on HTTPS.
This option is only available if WebGUI
start.sh is executed by root user. |
pi.webgui.server.timezone | The timezone configuration for WebGUI. Valid values are local
or utc . The default value is
utc . |
Log level, authentication mode properties | |
pi.webgui.admin.log.level |
The applicable log levels. Valid values are : all, trace, debug, info, warn, error,fatal, off. The values are not case sensitive. |
pi.webgui.server.authentication-mode | The authentication mode. Valid values are native
or sso . |
Session properties | |
pi.webgui.session.max-age |
The maximum allowed duration for a session. After max-age duration, user will be asked to re-authenticate. The allowed format is <duration number>m (minutes) or <duration number> h (hours) or <duration number>d (days). For example, 20m or 20h or 20d. Note: The duration value must be greater than zero.
|
pi.webgui.session.expiry-time |
The maximum duration allowed for a session to remain inactive. The value should be provided in minutes. After inactivity period, user will be asked to re-authenticate. |
pi.webgui.session.max-active-sessions | The maximum number of active sessions allowed. The default value is 50. |
SSL properties | |
pi.webgui.server.ssl.enabled-protocols |
The supported SSL enabled protocols. For more information, see https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html#sslcontext-algorithms. For multiple SSL protocols use comma separated list. For example, TLSv1.1,TLSv1.2. |
pi.webgui.server.ssl.ciphers | The supported ssl ciphers. For the list of valid cipher names, see https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html#jsse-cipher-suite-names. For multiple cipher names use comma separated list. For example, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256. |
pi.webgui.server.ssl.key-store | The SSL server keystore location value. For JKS keystore, keystore password and private key password should be same when you generate a JKS keystore. |
pi.webgui.server.ssl.key-store-type | The SSL keystore type. The default value is
jks . |
pi.webgui.server.ssl.key-store-password | The password credentials to SSL keystore. |
pi.webgui.server.ssl.key-alias | Alias for SSL key. Default value is
PingIntelligence . |
ABS properties | |
pi.webgui.abs.url | ABS URL |
pi.webgui.abs.access-key | ABS access key. |
pi.webgui.abs.secret-key | ABS secret key. |
pi.webgui.abs.api-service-url | Host URL for the API Publish service. The default port number is 8020. |
ASE properties | |
pi.webgui.ase.url | ASE Management URL value. Note: The ASE management URL is an
optional parameter. |
pi.webgui.ase.mode | ASE deployment mode. Valid values are inline or
sideband . When PingIntelligence is deployed on
cloud, the default value is inline . |
pi.webgui.ase.access-key | ASE access key. |
pi.webgui.ase.secret-key | ASE secret key. |
Kibana properties | |
pi.webgui.dashboard.url | The Kibana URL. |
pi.webgui.dashboard.username | The Kibana username credentials. |
pi.webgui.dashboard.password | The Kibana password credentials. |
Elasticsearch properties | |
pi.webgui.elasticsearch.url | Elasticsearch URL. |
pi.webgui.elasticsearch.username | The username credential to Elasticsearch. |
pi.webgui.elasticsearch.password | The password credentials to Elasticsearch. |
pi.webgui.elasticsearch.distro-type | Elasticsearch distribution type. Valid values are
default and aws . |
API discovery properties | |
pi.webgui.discovery.source | Source for API discovery. Valid values are abs, axway, and pingaccess. |
Indicators of Attack (IoA) listing properties | |
pi.webgui.ioclisting.fetchsize | The limit of documents that can be pulled from Elasticsearch. The default value is 2000. The upper limit is 10000. |
h2 database properties | |
pi.webgui.datasource.url | h2 database URL. The database is started on default port number 9092.Total number of documents that can be fetched in an Elasticsearch search query to list IoAs for different client identifier types. |
pi.webgui.datasource.username | Username credentials to h2 database. |
pi.webgui.datasource.password | Password to h2 database. |
pi.webgui.datasource.encryption-password | Password to encrypt h2 database. |
Note:
The h2 database will use the properties when it is first started. If you want to change them, stop webgui server and delete data/h2 directory and start again. When you delete data/h2 directory, WebGUI is reset. The login passwords,login sessions, and api state information is lost when the WebGUI is reset. |
|
Connection timeout properties | |
pi.webgui.http-client.timeout | Total number of documents that can be fetched in an Elasticsearch TCP connection timeout value in milliseconds. Timeout after which TCP connection to ABS, ASE,Dashboard, ElasticSearch is closed by the WebGUI. |
pi.webgui.http-client.socket-timeout | Socket timeout value in milliseconds. Timeout after which socket to ABS, ASE,Dashboard, ElasticSearch is closed by the WebGUI. |
JDK truststore properties | |
pi.webgui.jdk.truststore | The location of JDK truststore. The default value is $JAVA_HOME/lib/security/cacerts. |
pi.webgui.jdk.truststore-password | The password to JDK truststore. |
Note: Configure the values of JDK trustore and its password only if
the defaults don't match.
|
|
HTTP client connection properties | |
pi.webgui.http-client.max-connections | Maximum allowed HTTP connections |
pi.webgui.http-client.request-timeout | Request timeout for the HTTP clients. |
pi.webgui.http-client.keep-alive-time | Connection keep-alive time |
pi.webgui.http-client.idle-time | HTTP client idle time |
#### PingIntelligence WebGUI properties file
# This is in standard java properties file format
# comments are denoted by number sign (#) as the first non blank character
# multiline values are ended with '\' as end of line
### server listening port
# server listens on 0.0.0.0 ( all interfaces )
# server enables only https(ssl) on this port
pi.webgui.server.port=8030
### Timezone configuration
# valid values: local, utc
pi.webgui.server.timezone=utc
### log level
# valid values: ALL, TRACE, DEBUG, INFO, WARN, ERROR, FATAL, OFF
# filtering sequence: ALL > TRACE > DEBUG > INFO > WARN > ERROR > FATAL > OFF
# higher level in the sequence will allow all the lower level log messages
# case insensitive
pi.webgui.admin.log.level=INFO
### Authentication mode
# valid values: native, sso
pi.webgui.server.authentication-mode=native
### ui login session
# maximum duration of a session
# after max-age duration, user will be asked to re-authenticate
# format: <duration>m (minutes) /h (hours) /d (days)
# duration should be > 5 minutes
pi.webgui.session.max-age=6h
# maximum session inactivity duration( No requests from the session ). In minutes
# after inactivity period, user will be asked to re-authenticate
pi.webgui.session.expiry-time=30
# maximum active sessions allowed
pi.webgui.session.max-active-sessions=50
### server ssl properties
# ssl enabled protocols ( https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html#sslcontext-algorithms)
# for multiple SSL protocols use comma separated list. e.g TLSv1.1,TLSv1.2
pi.webgui.server.ssl.enabled-protocols=TLSv1.2
# supported ssl ciphers
# valid cipher names: https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html#jsse-cipher-suite-names
# for multiple cipher names use comma separated list. e.g TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
pi.webgui.server.ssl.ciphers=TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA, \
TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, \
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, \
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA, \
TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, \
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, \
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
## server ssl keystore
# for JKS keystore, keystore password and private key password should be same when you generate a jks keystore.
pi.webgui.server.ssl.key-store=config/webgui.jks
pi.webgui.server.ssl.key-store-type=JKS
pi.webgui.server.ssl.key-store-password=OBF:AES:NOp0PNQvc/RLUN5rbvZLtTPghqVZzD9V:+ZGHbhpY4HENYYqJ4wn50AmoO6CZ3OcfjqTYQCfgBgc=
pi.webgui.server.ssl.key-alias=PingIntelligence
### abs properties
pi.webgui.abs.url=https://localhost:8080
pi.webgui.abs.access-key=OBF:AES:NuBmDdIhJM7KOB3BbXr4db5DfGJcrA==:hUsqFeTUmH5cOjiUPyws9WwTPYw9yAg0C1X1HSmSI30=
pi.webgui.abs.secret-key=OBF:AES:NuBmDcAhXgsQu8qzJgIo1Mq97B/PVw==:7GpDn83ZAU6GRKYsZe86x0gdnYOZfTbi8rUimDW100o=
### ase properties
# ASE management url
pi.webgui.ase.url=https://localhost:8010
# ASE mode: valid values: inline or sideband
pi.webgui.ase.mode=inline
pi.webgui.ase.access-key=OBF:AES:NuZ4O93cWBKyKDFOZFINHeBew8sQ:eu//E2CIObNNGvFOfHrLuAuec4WvN4yZsThAea4iBLA=
pi.webgui.ase.secret-key=OBF:AES:NuZ4O93cWBKyKDFOZFINHeBew8sQ:eu//E2CIObNNGvFOfHrLuAuec4WvN4yZsThAea4iBLA=
### kibana rendering ( dashboard ) properties
pi.webgui.dashboard.url=https://localhost:5601
pi.webgui.dashboard.username=ping_user
pi.webgui.dashboard.password=OBF:AES:NOp0PNQvc/RLUN5rbvZLtTPghqVZzD9V:+ZGHbhpY4HENYYqJ4wn50AmoO6CZ3OcfjqTYQCfgBgc=
### elasticsearch properties
pi.webgui.elasticsearch.url=https://localhost:9200
pi.webgui.elasticsearch.username=elastic
pi.webgui.elasticsearch.password=OBF:AES:NOp0PNQvc/RLUN5rbvZLtTPghqVZzD9V:+ZGHbhpY4HENYYqJ4wn50AmoO6CZ3OcfjqTYQCfgBgc=
# ES distribution type
# valid values: default, aws
pi.webgui.elasticsearch.distro-type=default
### api discovery properties
# discovery source
# valid values: abs, axway and pingaccess
# for axway and pingaccess, see config/discovery.properties
pi.webgui.discovery.source=abs
### ioc listing properties
# total number of documents that can be fetched in an elasticsearch search
# query to list iocs for different client identifier types.
pi.webgui.ioclisting.fetchsize=2000
### server internal configurations
## local h2 db datasource properties
# h2 db is started on default port 9092
pi.webgui.datasource.url=jdbc:h2:ssl://localhost/webgui_data;CIPHER=AES
# h2 db will use following properties when it is first started. There is no way to change it afterwards
# If you want to change it, you should stop webgui server and delete data/h2 directory and start again.
# when you delete data/h2 directory, webgui is reset. you will loose login passwords/login sessions/api state info.
pi.webgui.datasource.username=sa
pi.webgui.datasource.password=OBF:AES:NOp0PNQvc/RLUN5rbvZLtTPghqVZzD9V:+ZGHbhpY4HENYYqJ4wn50AmoO6CZ3OcfjqTYQCfgBgc=
pi.webgui.datasource.encryption-password=OBF:AES:NOp0PNQvc/RLUN5rbvZLtTPghqVZzD9V:+ZGHbhpY4HENYYqJ4wn50AmoO6CZ3OcfjqTYQCfgBgc=
### server to abs/ase/dashboard http connection properties
# tcp connect timeout in milliseconds
pi.webgui.http-client.timeout=15000
# timeout after which socket to abs/ase/dashboard/elasticsearch is closed by the webgui
pi.webgui.http-client.socket-timeout=120000
## http client connection pool configurations
pi.webgui.http-client.max-connections=256
pi.webgui.http-client.request-timeout=30000
pi.webgui.http-client.keep-alive-time=120000
pi.webgui.http-client.idle-time=120000