kevdoran/one-way-tls.efm.properties

## one-way-tls.efm.properties
# Example EFM Config
# One-way TLS with server authentication only (no client authentication)
# This uses a work-around by running a reverse proxy that always passes "Anonymous" as an authenticated identity
# Any client that can access the EFM server through the reverse proxy will have full access

# Web Server TLS Properties
efm.server.ssl.enabled=true
efm.server.ssl.keyStore=./conf/keystore.jks
efm.server.ssl.keyStoreType=jks
efm.server.ssl.keyStorePassword=yourKeyStorePasswordHere
efm.server.ssl.keyPassword=yourKeyPasswordHere
efm.server.ssl.trustStore=./conf/truststore.jks
efm.server.ssl.trustStoreType=jks
efm.server.ssl.trustStorePassword=yourTrustStorePasswordHere
efm.server.ssl.clientAuth=NONE

# Possible values for clientAuth are NONE, WANT, NEED
#  - NONE: Client never provides a certificate and is not authenticated.
#  - WANT: Server will ask for a client certificate, but will accept connections from clients without certificates.
#  - NEED: Server will require a client certificate, and will refuse connections for clients without trusted certificates.

# User Authentication Properties
# authentication via TLS mutual auth with client certificates
efm.security.user.certificate.enabled=false
# authentication via Knox SSO token passed in a cookie header
efm.security.user.knox.enabled=false
efm.security.user.knox.url=
efm.security.user.knox.publicKey=
efm.security.user.knox.cookieName=
efm.security.user.knox.audiences=
# authentication via generic reverse proxy with user passed in a header
efm.security.user.proxy.enabled=true
efm.security.user.proxy.headerName=X-WEBAUTH-USER
#efm.security.user.proxy.ipWhitelist=
#efm.security.user.proxy.dnWhitelist[0]=
# Configure the reverse proxy to always pass the following HTTP header:
# X-WEBAUTH-USER: Anonymous
	# Example EFM Config
	# One-way TLS with server authentication only (no client authentication)
	# This uses a work-around by running a reverse proxy that always passes "Anonymous" as an authenticated identity
	# Any client that can access the EFM server through the reverse proxy will have full access

	# Web Server TLS Properties
	efm.server.ssl.enabled=true
	efm.server.ssl.keyStore=./conf/keystore.jks
	efm.server.ssl.keyStoreType=jks
	efm.server.ssl.keyStorePassword=yourKeyStorePasswordHere
	efm.server.ssl.keyPassword=yourKeyPasswordHere
	efm.server.ssl.trustStore=./conf/truststore.jks
	efm.server.ssl.trustStoreType=jks
	efm.server.ssl.trustStorePassword=yourTrustStorePasswordHere
	efm.server.ssl.clientAuth=NONE

	# Possible values for clientAuth are NONE, WANT, NEED
	# - NONE: Client never provides a certificate and is not authenticated.
	# - WANT: Server will ask for a client certificate, but will accept connections from clients without certificates.
	# - NEED: Server will require a client certificate, and will refuse connections for clients without trusted certificates.

	# User Authentication Properties
	# authentication via TLS mutual auth with client certificates
	efm.security.user.certificate.enabled=false
	# authentication via Knox SSO token passed in a cookie header
	efm.security.user.knox.enabled=false
	efm.security.user.knox.url=
	efm.security.user.knox.publicKey=
	efm.security.user.knox.cookieName=
	efm.security.user.knox.audiences=
	# authentication via generic reverse proxy with user passed in a header
	efm.security.user.proxy.enabled=true
	efm.security.user.proxy.headerName=X-WEBAUTH-USER
	#efm.security.user.proxy.ipWhitelist=
	#efm.security.user.proxy.dnWhitelist[0]=
	# Configure the reverse proxy to always pass the following HTTP header:
	# X-WEBAUTH-USER: Anonymous