Table of Contents

MibAuthorizationServerConfig

Introduction

This configuration is intended for Authorization service.

Default Section

The main configuration options for the authorization server.

Keys

UseNewLoginUi

Type: boolean
Description: Enables the new Login UI. Set to false to use the old UI.
Default value: false

FrontendAppRootUrl

Type: string
Description: Specifies the URL where the SPA (Single Page Application) for the Auth UI is served.
Default value: empty

Note: The Auth UI app is served by default under the base path /auth. Set this value accordingly.

SecurePassword

Type: boolean
Description: Enables secure password requirements.
Default value: false

PasswordExpiration

Type: integer
Description: Number of days before a password expires.
Default value: 7

AuthCodeExpiration

Type: integer
Description: Expiration time (in minutes) for authentication codes.
Default value: 60

RootUrl

Type: string
Description: Base URL for the authorization server.
Default value: empty

DefaultLanguage

Type: string
Description: Default language for the UI.
Default value: en-us

CookieName

Type: string
Description: Name of the authentication cookie.
Default value: empty

CookieExpireTimeSpan

Type: string
Description: Expiration timespan for the authentication cookie.
Default value: TimeSpan.MinValue

CookieSlidingExpiration

Type: boolean
Description: Enables sliding expiration for the authentication cookie.
Default value: false

Language

Type: string
Description: Language for the UI.
Default value: empty

TokenEndpoint

Type: string
Description: Path for the token endpoint.
Default value: empty

AuthorizeEndpoint

Type: string
Description: Path for the authorize endpoint.
Default value: empty

LoginEndpoint

Type: string
Description: Path for the login endpoint.
Default value: empty

LogoutEndpoint

Type: string
Description: Path for the logout endpoint.
Default value: empty

AllowInsecureHttp

Type: boolean
Description: Allows HTTP (not recommended for production).
Default value: false

AuthorizationCodeSeconds

Type: integer
Description: Expiration time (in seconds) for authorization codes.
Default value: 0

AccessTokenMinutes

Type: integer
Description: Expiration time (in minutes) for access tokens.
Default value: 0

RefreshTokenHours

Type: integer
Description: Expiration time (in hours) for refresh tokens.
Default value: 0

ClientId

Type: string
Description: OAuth client ID.
Default value: empty

ClientSecret

Type: string
Description: OAuth client secret.
Default value: empty

WorkflowAssembly

Type: string
Description: Workflow assembly name.
Default value: empty

WorkflowFactory

Type: string
Description: Workflow factory class.
Default value: empty

ProfileImages

Type: string
Description: Path for profile images.
Default value: profileimages

TemProfileImages

Type: string
Description: Path for temporary profile images.
Default value: temprofileimages

EmailFromToMessages

Type: string
Description: Path for email templates.
Default value: temprofileimages

DefaultSkin

Type: string
Description: Default UI skin.
Default value: empty

ProfileImageExtensions

Type: string
Description: Allowed extensions for profile images.
Default value: jpg;jpeg;png

CustomCaptchaFontsFolder

Type: string
Description: Path for custom captcha fonts.
Default value: empty

ContactUsUri

Type: string
Description: URI for the contact us page.
Default value: #

CorsHeaders

Type: string
Description: Allowed CORS headers.
Default value: *

CorsMethods

Type: string
Description: Allowed CORS methods.
Default value: *

CorsOrigins

Type: string
Description: Allowed CORS origins.
Default value: RootUrl configured

CorsAllowCredentials

Type: boolean
Description: Allows credentials in CORS requests. (Enabling this configuration in Production environment is discouraged)
Default value: false

AllowUseOfMeInAnonymousMode

Type: boolean
Description: Allows use of the /me endpoint in anonymous mode.
Default value: false

ShowFullDebugPage

Type: boolean
Description: Enables full debug page.
Default value: false

StorageTypeForUserProfileImage

Type: string
Description: Storage type for user profile images.
Default value: disk

Theme Section

The configurations for the login UI.

Keys

Type: string
Description: URI for the logo image. Can be a relative or absolute URI.
Default value: /ux/img/logo/agile-full-logo.png

ColorPrimary

Type: string
Description: Primary color for the theme (hex code).
Default value: #15C993

ColorSecondary

Type: string
Description: Secondary color for the theme (hex code).
Default value: #17316C

Examples

MIBAUTHORIZATIONSERVERCONFIG_THEME_LOGO=https://cdn.com/logo.png
MIBAUTHORIZATIONSERVERCONFIG_THEME_COLORPRIMARY=#15C993
MIBAUTHORIZATIONSERVERCONFIG_THEME_COLORSECONDARY=#17316C

DataProtection Section

Configuration for data protection and key management.

Keys

Type

Type: string
Description: Data protection type.
Default value: empty

Directory

Type: string
Description: Directory for data protection keys.
Default value: empty

DisableAutomaticKeyGeneration

Type: boolean
Description: Disables automatic key generation.
Default value: false

KeyLifetime

Type: integer
Description: Lifetime of data protection keys.
Default value: 0

AuthenticationSecurityRules Section

Rules for user authentication and account security.

Keys

BlockUserWhoDoesNotChangePasswordWithinACertainPeriodOfDays

Type: integer
Description: Number of days before a user who does not change their password is blocked.
Default value: 0

BlockInactiveUserAccountsInADefinedPeriodOfDays

Type: integer
Description: Number of days before inactive user accounts are blocked.
Default value: 0

LockServer Section

Configuration for lock server integration.

Keys

Enabled

Type: boolean
Description: Indicates whether the service is enabled for MIB users.
Default value: false

Type

Type: enum
Description: Available options: Latch.
Default value: empty

Url

Type: string
Description: Base URL for accessing the chosen integration service.
Default value: empty

ApplicationId

Type: string
Description: Application ID configured in the integration service.
Default value: empty

ApplicationSecret

Type: string
Description: Application secret code configured in the integration service.
Default value: empty

ProxyEnabled

Type: boolean
Description: Indicates whether the requests made by the service should use a proxy.
Default value: false

ProxyUrl

Type: string
Description: Proxy URL.
Default value: empty

ProxyUserName

Type: string
Description: Proxy user name.
Default value: empty

ProxyPassword

Type: string
Description: Proxy password.
Default value: empty

ServiceWebSite

Type: string
Description: URL for the service website.
Default value: empty

ServiceUrlLogotipo

Type: string
Description: URL for the service logo. If the 'Type' is 'Latch', there is already a logo in the assets. However, it is possible to change the logo via URL if preferred.
Default value: empty
Default: ux/img/logo/latch.jpg

serviceLogotipoStyle

Type: string
Description: CSS style for custom logotipo. If the 'Type' is 'Latch', there is already a CSS style for the logo. However, it is possible to change the style if preferred.
Default value: empty
Default: width: 90px; height: 38px; cursor: pointer;

Operations

Type: string[]
Description: List of operations, identifier, and status configured in the integration service application. This information will be used to reference internal operations in the MIB and must follow this writing pattern: OperationName:OperationId:OperationStatus(true or false). To configure multiple sets of operations, use the ; separator. Example: OperationName1:OperationId1:OperationStatus1;OperationName2:OperationId2:OperationStatus2.
Default value: empty

Note

Understanding the configuration pattern Operations: OperationName1:OperationId1:OperationStatus1
OperationName1 -> Name of the operation, used for identification.
OperationId1 -> Id related to the operation, retrieved by the server. Each application may contain a different Id.
OperationStatus1 -> true or false, enables or disables the operation. Validation will also be performed with the integration.

latch-operation-example 

MIBAUTHORIZATIONSERVERCONFIG_LOCKSERVER_OPERATIONS=UserChangePassword:4kykYaJ7dNJYEF3mxWRe:true

Who uses this configuration?

  • MibAuthorizationServer

Examples

MIBAUTHORIZATIONSERVERCONFIG_DEFAULT_SECUREPASSWORD=false
MIBAUTHORIZATIONSERVERCONFIG_DEFAULT_ROOTURL=https://auth.com
MIBAUTHORIZATIONSERVERCONFIG_DEFAULT_LANGUAGE=pt-br
MIBAUTHORIZATIONSERVERCONFIG_DATAPROTECTION_KEYLIFETIME=0
MIBAUTHORIZATIONSERVERCONFIG_AUTHENTICATIONSECURITYRULES_BLOCKUSERWHODOESNOTCHANGEPASSWORDWITHINACERTAINPERIODOFDAYS=0
MIBAUTHORIZATIONSERVERCONFIG_LOCKSERVER_ENABLED=true
MIBAUTHORIZATIONSERVERCONFIG_LOCKSERVER_URL=https://mylockserver.com
Edit this page