# Either basic or digest
security.server.deviceAuthentication=basic

# Choose whether to secure everything with https or allow http access.
#
# NOTE: changes also needed to:
# -- server.xml (Tomcat configuration file) to set up the secure channel
#
# issue 648 - REQUIRES_INSECURE_CHANNEL is now the default instead of ANY_CHANNEL
# there are various edge cases that have not been tested in the UI for
# allowing arbitrary accesses, as the session cookie and authentication
# do get set for a specific http: or https: scheme and are not transferrable.
#
# should be REQUIRES_SECURE_CHANNEL but can't unless SSL is available.
security.server.secureChannelType=REQUIRES_SECURE_CHANNEL

# either REQUIRES_INSECURE_CHANNEL to secure nothing
# or REQUIRES_SECURE_CHANNEL to secure everything
# or perhaps ANY_CHANNEL when running through a proxy server
security.server.channelType=ANY_CHANNEL

# When running under Tomcat, you need to set the hostname and port for
# the server so that the background tasks can generate properly-constructed
# links in their documents and in their publications to the
# external services.
#
# This is configured during install.  If blank, discovers an IP address
security.server.hostname=
security.server.port=80
security.server.securePort=443

wink.handlersFactoryClass=org.opendatakit.aggregate.odktables.impl.api.wink.AppEngineHandlersFactory

# e-mail of designated superuser. This must be a user that has an OAuth2
# login hosted by a remote server (i.e., this must be a gmail account).
# this should be of the form: 'mailto:user@gmail.com'
security.server.superUser=

# Define a superUserUsername to insert an OPENDATAKIT Aggregate username that can
# access the server.  The initial password for this username is 'aggregate'
security.server.superUserUsername=${OPENDATAKIT_ADMIN_USER}

# realm definition
# realmString -- what should be sent to users when BasicAuth or DigestAuth is done
security.server.realm.realmString=${OPENDATAKIT_ADMIN_REALM}