Property

Description

OTP Configurations

Defines configurations related to OTP generated by the ADSS SAM:

  • SAM_OTP_EXPIRY_TIME = 900 
    Time interval in seconds to define the expiry time of OTP sent to user device for authentication. Default value: 900
  • SAM_OTP_LENGTH = 6
    Number of digits to define the total length of OTP. Possible values: 4,6 and 9. Default value: 6.

Request expiry period

Time interval in seconds to define the expiry period of authorised pending request. Default value: 120 

  • SAM_REQUEST_EXPIRY_PERIOD = 120 

User authentication retries limit

This property is used to define the number of authentication attempts allowed on a user account for user password and OTPs. Default value: 5 

  • SAM_USER_AUTH_RETRIES_LIMIT = 5

User block period

Time interval in seconds for which a user will be blocked by the SAM after its login retries limit or OTP retry limit reaches. Default value: 100

  • SAM_USER_BLOCK_PERIOD = 100

SAD Format

Authorization request or SAD format while communicating with SAM Service. Possible values are JSON and XML. 
Default value: XML

  • SAD_FORMAT = JSON

Verify trust on certificate import

If enabled, the user certificate and its chain will be verified and must be trusted up to the Registered CA via the Trust Manager. Ensure that the Issuing CA is registered in the Trust Manager with CA purpose for successful trust building. Default value: FALSE.

  • VERIFY_TRUST_ON_CERT_IMPORT = FALSE

Note: Enabling this property will result in slow process of request because Certificate path validation and trust checking is an expensive process that’s why it will be disabled by default and will be used as per client needs.

Update Stats Interval

The SAM Service statistics are updated after the specified interval. During this process, all records from a particular month are consolidated into a single summary record, and the remaining detailed records are deleted. This helps minimize the number of records and reduces the overall database size. The default update interval is 7 days. To disable this feature, set the value to 0.

  • UPDATE_STATS_INTERVAL = 7

SAM record update interval

Specifies the time interval for updating the current log record ID for authorized requests in the SAM Service.

  • SAM_RECORD_UPDATE_INTERVAL = 15

SAM expired auth request thread pause time

Defines the pause interval for the clean-up thread responsible for deleting expired and signed authentication requests. The default batch size is 300.

  • SAM_EXPIRED_AUTH_REQUEST_THREAD_PAUSE_TIME = 300

SAM expired auth request batch size

Specifies the number of expired and signed authentication requests to be deleted in each batch. The default batch size is 50.

  • SAM_EXPIRED_AUTH_REQUEST_BATCH_SIZE = 50

SAM auth request fetching retries

Specifies the number of retry attempts for fetching the authorization request. This setting is mainly applicable when the SAM Service is running in Percona Cluster mode. The default value is 1.

  • SAM_AUTH_REQUEST_FETCHING_RETRIES = 1

SAM auth request fetching retry time interval

Specifies the time interval between consecutive retry attempts to fetch the authorization request. This setting is mainly applicable when the SAM Service is running in Percona Cluster mode. The default interval is 100 milliseconds.

  • SAM_AUTH_REQUEST_FETCHING_RETRY_TIME_INTERVAL = 100

SAM expired auth request thread batch time interval

Specifies the delay between batch intervals for the clean-up thread that deletes expired and signed authentication requests. The default value is 1 second.

  • SAM_EXPIRED_AUTH_REQUEST_THREAD_BATCH_TIME_INTERVAL = 1

Storing limited data into the database to minimize the database size

If your database size grows too quickly because a lot of SAM Service transactions are being logged, then the size of log information can be reduced by removing some data columns from the database logs. The following are the attributes which manages the logging of specified column:

  • TRANSACTION_LOG_COLUMNS = 100 = ResponseStatus, RequestTime, ResponseTime, Request, Response, UserId, RelyingPartyId, RelyingPartyIp, RelyingPartySslCert, ErrorCode

Transaction logs settings

Transactions can be stored either directly or delayed for better performance. The following properties are used for logging:

  • TRANSACTION_LOG_MODE = LAZY
    Used to decide whether the transactions are kept in memory before these are stored in the database (LAZY logging) or directly stored in the database (EAGER logging). Possible values: LAZY, EAGER
    In case of LAZY logging the transaction logs are kept in memory upto the number of seconds configured in TRANSACTION_LOG_LAZY_INTERVAL or number of transactions configured in TRANSACTION_LOG_LAZY_RECORD_COUNT whichever is reached first.
  • TRANSACTION_LOG_LAZY_INTERVAL = 2
    When LAZY logging is configured, transactions are kept in memory upto the configured time or if the configured TRANSACTION_LOG_LAZY_RECORD_COUNT is reached before it.
  • TRANSACTION_LOG_LAZY_RECORD_COUNT = 50
    When LAZY logging is configured, transactions are kept in memory until the configured number of transactions is reached or if the configured TRANSACTION_LOG_LAZY_INTERVAL is met before it.


See also

Signing Service

Verification Service
OCSP Service
Certification Service
CRL Monitor
TSA Service
GoSign Service
SAM Service
RAS Service
CSP Service
Unity Service