Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

There are some general security settings that you can configure in the application as a part of the best practices. The following properties' settings can help you have a secure application environment.

Changes in the WebRunner microservice properties

To change the settings,  

  1. Go to Account Settings.
  2. Click to expand Microservice Settings.
  3. Select WebRunner.
  4. Expand the Application Security category, and change the value for the property abpm.application.security to true.
  5. Expand the GUIError category, and change the value for the property abpm.gui.error.message.enable to false.
  6. Expand the Server Side Validation category, and change the value for the property abpm.server.side.entity.validation.

    Warning
    titleMandatory step
    Each time you update the value for a property, press Enter to retain the updated value in the field.


  7. Click Update to save the settings.

Changes in Common properties

You can set the time duration for which you want the session to be active by following the steps given below.

  1. Go to Account > Settings.
  2. Click to expand Application Settings.
  3. Select Common.
  4. Expand the JWT Configuration category, and set the value for the properties, to set the duration for which you want the session to be active. For example, if you want your session to be active for 1 hour, set the properties and app.connect.jwt.token.expire.timeunit to HOURS.
  5. Click Update to save the settings.

SAML Strict Signature Validation Settings

You can configure the system to check a message coming from the Identity Provider (IdP) for a valid signature. To do this, you can set the value for SAML_SSO_PROFILE_CONSUMER_STRICT_MESSAGE_SIGNATURE_VALIDATION environment variable in the values.yaml file to True. When this variable set to True, and the message coming from the IdP doesn't contain a valid signature, the system throws an error. In case its value is set to False, the system doesn't show any error if the message from the IdP doesn't contain a valid signature. 

...