2018-03-16 16:08:18 +01:00
|
|
|
# Either basic or digest
|
|
|
|
security.server.deviceAuthentication=basic
|
|
|
|
|
|
|
|
# Choose whether to secure everything with https or allow http access.
|
|
|
|
#
|
|
|
|
# NOTE: changes also needed to:
|
|
|
|
# -- server.xml (Tomcat configuration file) to set up the secure channel
|
|
|
|
#
|
|
|
|
# issue 648 - REQUIRES_INSECURE_CHANNEL is now the default instead of ANY_CHANNEL
|
|
|
|
# there are various edge cases that have not been tested in the UI for
|
|
|
|
# allowing arbitrary accesses, as the session cookie and authentication
|
|
|
|
# do get set for a specific http: or https: scheme and are not transferrable.
|
|
|
|
#
|
|
|
|
# should be REQUIRES_SECURE_CHANNEL but can't unless SSL is available.
|
2018-03-16 21:35:35 +01:00
|
|
|
security.server.secureChannelType=REQUIRES_SECURE_CHANNEL
|
2018-03-16 16:08:18 +01:00
|
|
|
|
|
|
|
# either REQUIRES_INSECURE_CHANNEL to secure nothing
|
|
|
|
# or REQUIRES_SECURE_CHANNEL to secure everything
|
|
|
|
# or perhaps ANY_CHANNEL when running through a proxy server
|
2018-03-17 16:13:16 +01:00
|
|
|
security.server.channelType=ANY_CHANNEL
|
2018-03-16 16:08:18 +01:00
|
|
|
|
|
|
|
# When running under Tomcat, you need to set the hostname and port for
|
|
|
|
# the server so that the background tasks can generate properly-constructed
|
|
|
|
# links in their documents and in their publications to the
|
|
|
|
# external services.
|
|
|
|
#
|
|
|
|
# This is configured during install. If blank, discovers an IP address
|
|
|
|
security.server.hostname=
|
2018-03-25 23:14:56 +02:00
|
|
|
security.server.port=80
|
|
|
|
security.server.securePort=443
|
2018-03-16 16:08:18 +01:00
|
|
|
|
|
|
|
wink.handlersFactoryClass=org.opendatakit.aggregate.odktables.impl.api.wink.AppEngineHandlersFactory
|
|
|
|
|
|
|
|
# e-mail of designated superuser. This must be a user that has an OAuth2
|
|
|
|
# login hosted by a remote server (i.e., this must be a gmail account).
|
|
|
|
# this should be of the form: 'mailto:user@gmail.com'
|
|
|
|
security.server.superUser=
|
|
|
|
|
|
|
|
# Define a superUserUsername to insert an ODK Aggregate username that can
|
|
|
|
# access the server. The initial password for this username is 'aggregate'
|
2018-03-25 14:37:57 +02:00
|
|
|
security.server.superUserUsername=${ODK_ADMIN_USER}
|
2018-03-16 16:08:18 +01:00
|
|
|
|
|
|
|
# realm definition
|
|
|
|
# realmString -- what should be sent to users when BasicAuth or DigestAuth is done
|
2018-03-25 14:37:57 +02:00
|
|
|
security.server.realm.realmString=${ODK_ADMIN_REALM}
|