MDM Server Application Properties
This article is intended to serve as a reference point for MDM server configuration.
As such, it provides an overview of the available properties and, when applicable, refers users to more comprehensive sources.
The properties described here are defined in the mdm-server/etc/application.properties
file.
For each property, you will find information about the required data type, its default value, and a short description.
The Mandatory column specifies whether a property is required for the application to run and function as expected.
MDM Solution Configuration
The following properties point to files containing additional MDM settings.
The paths are relative to the mdm.serverConfig
file.
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
String |
|
Yes |
The path to the MDM Web App configuration file (see MDM Web App Backend). |
|
String |
|
Yes |
The path to the MDM Engine configuration file (see MDM Engine Configuration File). |
User Settings Configuration
You can configure how and where MDM Web App user settings are stored. User settings include, for example, which columns users have chosen not to display, filter settings, column width settings, and others.
Name | Data Type | Default Value | Mandatory | Description | ||
---|---|---|---|---|---|---|
|
String |
|
Yes |
|
||
|
String |
|
Yes |
The name of the database. |
||
|
String |
|
Yes |
The tables created by the server have this prefix to distinguish them from other tables in the database. |
Task Configuration
Use the follownig properties to configure tasks.
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
String |
|
Yes |
The name of the database that is used for storing tasks and drafts. |
|
String |
|
Yes |
The prefix that is used for tables created while working with tasks. |
|
Boolean |
|
No |
Enables automatic task creation. |
|
String |
|
No |
The name of the database that is used for storing events related to automatic tasks. |
|
String |
|
No |
The prefix that is used for tables created while working with automatic tasks. |
MDM Features
Use these properties to configure specific MDM features and specify links to other applications.
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
Boolean |
|
No |
Enables AI Matching in MDM Web App. |
|
String |
|
No |
The IP address or the hostname of the server where AI Matching microservices are running. |
|
String |
|
No |
The number of the AI Matching gRPC port. |
|
Boolean |
|
No |
Enables the communication between MDM and Metadata Management Module (MMM).
If set to |
|
String |
No |
The URL for MMM ( |
|
|
String |
No |
The URL to the ONE Web Application (accessible from the left navigation panel). |
|
|
String |
|
No |
Defines how often the MMM node structure is updated.
Accepted units: |
|
Number |
|
No |
The URL shown as the RDM link in the MDM Web App navigation. |
|
Boolean |
|
No |
Enables MDM notifications. |
|
String |
|
No |
Path from where the license file can be loaded (in addition to the user home folder). Relative to the MDM Server folder. |
|
Boolean |
|
Yes |
Enables the possibility to reset the environment from the new Admin Center (for user roles defined by the |
|
String |
/ |
No |
Comma separated list of folders, files in which are deleted when the environment is reset. |
|
String |
|
No |
Specifies if the
|
Keycloak Configuration
The following properties configure Keycloak. See Encrypt Passwords for information about how to encrypt passwords.
Name | Data type | Default Value | Mandatory | Description | ||
---|---|---|---|---|---|---|
|
String |
|
Yes |
The name of the Keycloak realm. |
||
|
String |
Yes |
The Keycloak base URL.
|
|||
|
String |
|
Yes |
The URL of the server where Keycloak is running. |
||
|
String |
|
Yes |
The client identifier used to verify the admin user authorization token. |
||
|
String |
|
Yes |
The secret key of the client identifier for the admin account.
Secret keys can be generated using Keycloak.
Used by |
||
|
String |
|
Yes |
The client identifier. Used to verify a user authorization token and to log in a user. |
||
|
String |
|
Yes |
The secret key of the client.
Secret keys can be generated using Keycloak.
Used by |
||
|
String |
|
Yes |
Specifies the issuer of the JWT token. Typically, Keycloak uses the URL of the realm as the token issuer. |
SSL
Use these properties to set up SSL.
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
Boolean |
|
No |
Enables SSL. |
|
String |
/ |
No |
The full path to the keystore. |
|
String |
/ |
No The password for decrypting the keystore. Used if the keystore is encrypted (recommended). |
|
String |
/ |
No |
The password for the private key. Used if the private key is encrypted. |
|
String |
/ |
No |
The full path to the truststore. |
|
Logging
The following properties configure logging.
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
String |
|
No |
The root logging level.
Available values are |
|
String |
|
No |
The logging level for |
|
String |
|
No |
The path to the logging file. |
|
String |
|
No |
The path to the custom logback configuration file. |
|
Boolean |
|
No |
If set to |
|
Boolean |
|
No |
If set to |
|
Boolean |
|
No |
If set to |
|
Boolean |
|
No |
If set to |
|
Boolean |
|
No |
Enables SQL logging. |
|
String |
|
No |
The minimum duration of a logged SQL request.
Shorter requests are excluded from the log.
Accepted units: |
|
Boolean |
|
No |
If set to |
|
String |
|
No |
Defines the logging level:
|
Logging Filters
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
Boolean |
|
No |
To log requests made to MDM Server endpoints, set to |
|
String |
/ |
No |
Used to filter logs by URL. If set to a specific endpoint, only traffic for that endpoint will be logged. |
|
Boolean |
|
No |
Defines if logs for MDM Server endpoints store the request’s HTTP headers.
To log headers, set the value to |
|
Boolean |
|
No |
Defines if logs for MDM Server endpoints store the request’s payload.
To log payloads, set the value to |
|
Number |
|
No |
Sets the maximum length of the request’s payload expressed in characters. When the request’s payload exceeds this number, the payload is truncated and logs store only the characters within the limit. |
|
Boolean |
|
No |
Defines if logs for MDM Server endpoints store the query string parameters sent with the request.
To log all string parameters, set the value to |
|
Boolean |
|
No |
Defines if logs for MDM Server endpoints store information about the client that made the request.
To log client information, set the value to |
|
String |
|
No |
A list of HTTP headers that are masked in the logs. This is used to prevent leaking sensitive data, such as authentication tokens. |
|
String |
/ |
No |
A list of HTTP headers that will be logged (other headers will not be logged).
Cannot be used together with |
|
String |
/ |
No |
A list of HTTP headers that will not be logged (other headers will be logged).
Cannot be used together with |
Endpoints for Monitoring
To set up monitoring for MDM, specify the following properties. For more information, see Monitoring Configuration.
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
Boolean |
|
No |
Enables all actuator endpoints.
If set to |
|
Boolean |
|
No |
Enables`/info` monitoring endpoint. |
|
Boolean |
|
No |
Enables |
|
Boolean |
|
No |
Enables |
|
String |
|
No |
A comma-separated list of exposed actuator endpoints that should provide information about the application. These endpoints track the following:
|
|
String |
|
No |
Specifies how much information is provided by the
|
|
String |
|
No |
Specifies how much detail the
|
|
String |
|
No |
A comma-separated list that determines how the |
|
String |
|
No |
Configures how much information the |
|
Boolean |
|
No |
Enables |
|
String |
|
No |
Defines which components are covered by the liveness probe.
These components are a subset of |
|
String |
|
No |
Defines which components are covered by the readiness probe.
These components are a subset of |
|
String |
/ |
No |
Specifies restricted endpoints that cannot be accessed. Accepts a list of URL patterns as a value. |
|
String |
|
No |
Specifies public endpoints that are excluded from authentication.
Accepts a list of URL patterns as a value.
The |
|
String |
|
No |
Specifies ACL-secured endpoints.
Accepts a list of URL patterns as a value (in version 14.5.2 and earlier, only URL strings are accepted).
The |
|
String |
|
No |
A comma-separated list of user roles allowed to access the ACL-secured endpoints.
The |
|
Boolean |
|
No |
Enables timing metrics to all Spring endpoints. |
MDM Admin Center Permissions
The following properties configure MDM Admin Center permissions.
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
String |
|
No |
A comma-separated list of roles with read-only permissions to the MDM Admin Center. |
|
Boolean |
|
No |
Specifies if read-only access is given to any user in case the list of roles with read-only permissions is empty. |
|
String |
|
No |
Specifies roles with full access to the MDM Admin Center. |
|
Boolean |
|
No |
Specifies if full access is given to any user in case the list of roles with full access is empty. |
|
String |
|
No |
Specifies roles with manager access to the MDM Admin Center. |
|
Boolean |
|
No |
Specifies if manager access is given to any user in case the list of roles with manager access is empty. |
MDM HTTP Server
The following properties configure the MDM HTTP server.
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
Number |
|
Yes |
The number of the default server port. |
|
String |
/ |
No |
Specifies the paths that are not available on the defined listener port. |
|
String |
/ |
No |
Specifies the paths available on the defined port (for example, HA Admin Console, see HA Admin Console, or REST API, see REST API). |
|
Number |
/ |
No |
Defines the port for other added custom listener. |
MDM Auditing
Use the following properties to configure auditing.
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
Boolean |
|
No |
Enables the event log. |
|
String |
|
No |
A comma-separated list of audit writers.
Permitted values are |
|
String |
|
No |
The name of the event log table.
It is prefixed with the |
|
String |
|
No |
The name of the ID generator sequence. |
|
String |
|
No |
The name of the event log entry ID field. It is generated automatically. |
|
String |
|
No |
The name of the event log |
|
String |
|
No |
The name of the event log |
|
String |
|
No |
The name of the event log |
|
String |
|
No |
The name of the event log |
|
String |
|
No |
The name of the event log |
|
String |
|
No |
The name of the event log |
|
String |
|
No |
The name of the event log |
-
Default value used if no
mapping
properties are defined.
HA Configuration
To enable high availability (HA) mode, specify the following properties. For more information about HA, see High Availability Overview.
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
String |
|
No |
The HA implementation setting.
The default value selects the database locking.
Setting the value to |
|
String |
|
No |
Specifies the timeout in the case of disconnection from the cloud.
Can be used only if the |
|
String |
|
No |
Defines the maximum time interval that the safety watchdog waits for switching from active to passive state of |
|
Number |
|
No |
The number of the port where the HA load balancer is running. |
|
String |
|
No |
The name of the server where the MDM server instance is running. |
|
String |
|
No |
The name of the port where the MDM server instance is running. |
|
String |
|
No |
The name of the server where the MDM server instance is running. |
|
Boolean |
|
No |
Enables the Disconnect button in the HA console. |
|
String |
|
No |
The IP address of the server where HA load balancer is running. |
|
String |
|
No |
Visible in the HA console.
Overrides the |
|
String |
|
No |
The name of the HA database. |
|
String |
|
No |
The table prefix for Lock and HA node. |
|
String |
|
No |
The key for the HA leader instance. |
|
Number |
|
No |
Specifies how often the HA tables are updated.
Accepted units: |
|
Number |
|
No |
Defines the time interval after which expired entries are removed from the HA tables.
Accepted units: |
|
Number |
|
No |
Defines the time interval after which entries are marked as expired.
Accepted units: |
|
Number |
|
No |
Defines the time interval after which the leadership election workflow is called.
Accepted units: |
|
String |
|
No |
Specifies the start delay of the leadership election workflow.
Expressed in |
|
Number |
|
No |
Specifies the additional delay in the case of switching from passive mode to active.
The whole delay is |
|
Number |
|
No |
Specifies the delay before HA is closed.
Accepted units: |
AI Matching
If you want to generate a new key, you need to provide new sets of keys for both Matching Manager microservice and Matching Worker microservice, and the Matching Worker microservice has to be connected to the MDM Server. If you are not using AI Matching, remove or comment out the properties.
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
String |
|
Yes |
The number of the port where AI Matching microservices are running. |
|
String |
|
Yes |
The name of the module type. |
|
String |
|
Yes |
The name of the environment. |
|
String |
|
Yes |
The name of the public key. |
|
String |
/ |
Yes |
The key identifier ( |
|
String |
/ |
Yes |
The value of the public key. Must use JSON syntax and be provided on a single line. |
|
Boolean |
|
Yes |
Specifies if the public key is valid.
If set to |
|
String |
|
Yes |
The user role used to create the service identity during authentication. |
DPM Setup
If your product suite includes ONE, configure DPM using the following properties.
The JWT secret and the accompanying properties for DPM that are used for communication with ONE can be found in the /opt/ataccama/one/mmm-backend/etc/application.properties
configuration file.
If you want to generate a new key for the connection between DPM and MDM, follow the instructions in How to Generate JWT Keys.
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
String |
No |
The number of the port where DPM is running. |
|
|
String |
|
No |
The name of the module type. |
|
String |
|
No |
The name of the environment. |
|
String |
|
No |
The name of the public key. |
|
String |
/ |
No |
The key identifier ( |
|
String |
/ |
No |
The value of the public key. The value must use JSON syntax and be provided on a single line. |
|
Boolean |
|
No |
Specifies if the public key is valid. If set to |
|
String |
|
No |
The user role used to create the service identity during authentication. |
MDM gRPC Server
The following property configures the MDM gRPC server.
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
Number |
|
Yes |
The number of the port where the gRPC server is running. Authentication depends on the Keycloak configuration. |
Configuration Service
The following property sets whether the Configuration Service is used.
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
String |
|
Yes |
Enables using the Configuration Service.
Valid values: |
Service Private Key
Provide the service private key for MDM using the following property. The key must be set if your instance uses any of the following modules: Configuration Service, AI Matching, ONE Platform.
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
String |
/ |
No |
The key generated for internal JWT authentication. |
GraphQL and CORS
Set these properties if you use GraphQL and CORS. Otherwise, you can remove or comment them out.
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
Boolean |
|
No |
If set to |
|
String |
|
No |
MDM uses the custom servlet mapping |
|
Boolean |
|
No |
If set to |
|
Boolean |
|
No |
Enables asynchronous mode.
Must be set to |
|
String |
|
No |
Specifies all origins allowed for all GraphQL tools. |
|
String |
|
No |
Specifies all headers allowed ( |
|
Boolean |
|
No |
If set to`true`, the GraphQL metric is exposed to the actuator. |
|
String |
|
No |
Specifies all origins allowed for the management endpoint. |
|
String |
|
No |
Specifies all headers allowed. |
|
String |
|
No |
Specifies the HTTP methods allowed. |
External Drivers Folder
You can specify the location of external drivers using the following property.
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
String |
|
No |
A comma-separated list of paths to the directories with additional, non-standard drivers (relative to |
Client Security Headers
You can configure MDM Server security by adding response headers (security headers) to HTTP responses from the server.
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
String |
|
No |
Specifies allowed connections. We strongly recommend using the default value. |
|
String |
|
No |
Specifies allowed script sources. We strongly recommend using the default value. |
|
String |
|
No |
Specifies allowed image sources. We strongly recommend using the default value. |
|
String |
|
No |
Protects against clickjacking.
If set to |
|
String |
|
No |
Specifies if cross-domain requests from Flash and PDF documents are allowed. |
|
String |
|
No |
Defines how much referrer information (sent with the Referer header) should be included with requests.
If set to |
|
String |
|
No |
Protects against cross-site scripting attacks.
If set to |
|
String |
|
No |
Protects against MIME sniffing. |
Request Response Time Logging
Use the following properties to log the response time of the MDM Server.
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
Boolean |
|
No |
To log request response time, set to |
|
String |
/ |
No |
Name of the logger that will appear in the log. |
|
String |
|
No |
Defines the logging level:
|
|
String |
/ |
No |
Comma-separated list of sub-elements containing HTTP header names that will be printed together with the log message. |
|
Boolean |
|
No |
If set to |
|
String |
/ |
No |
List of URL patterns where the filter will be registered. |
Reply with Headers
Use the following properties to include additional HTTP headers from the request in the server response.
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
Boolean |
|
No |
If set to |
|
String |
No |
Comma-separated list of additional headers to be included in the response. |
|
|
String |
No |
List of URL patterns where the filter will be registered. |
Retry Connection Functionality
Use the following properties to configure repeated attempts for initial connection to critical components.
Retry Default Configuration
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
Number |
|
Yes |
The maximum number of attempts (including the initial call as the first attempt). |
|
Number |
|
Yes |
A fixed wait duration between retry attempts (in milliseconds). |
|
String |
|
Yes |
Configures a list of Throwable classes that are recorded as a failure and thus are retried. |
MDM-MMM Retry Setup
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
Number |
|
Yes |
The maximum number of attempts (including the initial call as the first attempt). |
|
Number |
|
Yes |
A fixed wait duration between retry attempts (in milliseconds). |
|
String |
|
Yes |
Configures a list of Throwable classes that are recorded as a failure and thus are retried. |
MDM-AI Retry Setup
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
Number |
|
Yes |
The maximum number of attempts (including the initial call as the first attempt). |
|
Number |
|
Yes |
A fixed wait duration between retry attempts (in milliseconds). |
|
String |
|
Yes |
Configures a list of Throwable classes that are recorded as a failure and thus are retried. |
MDM-Keycloak Retry Setup
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
Number |
|
Yes |
The maximum number of attempts (including the initial call as the first attempt). |
|
Number |
|
Yes |
A fixed wait duration between retry attempts (in milliseconds). |
|
String |
|
Yes |
Configures a list of Throwable classes that are recorded as a failure and thus are retried. |
Retry Instances
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
String |
` mdm-mmm` |
Yes |
Internal reference to MMM resilience4j setup. Not user-configurable. |
|
String |
|
Yes |
Internal reference to AI resilience4j setup. Not user-configurable. |
|
String |
|
Yes |
Internal reference to Keycloak resilience4j setup. Not user-configurable. |
Data Source Configuration
The following properties define the internal data source configuration. See Data Sources Connection.
Note that a data source can be defined either here, or in the mdm.runtimeConfig
, not in both places at once.
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
String |
|
No |
URL for the MDM persistence database connection. |
|
String |
|
No |
Timeout for reconnection attempts to the MDM persistence database (in minutes). |
|
String |
|
No |
Interval for reconnection attempts to the MDM persistence database (in seconds). |
|
String |
|
No |
Username for the MDM persistence database connection. |
|
String |
|
No |
Password for the MDM persistence database connection. |
|
String |
No |
URL for additional data source connections. |
|
|
String |
No |
Timeout for reconnection attempts (in minutes). |
|
|
String |
No |
Interval for reconnection attempts (in seconds). |
|
|
String |
No |
Username for additional data source connections. |
|
|
String |
No |
Password for additional data source connections. |
API Endpoint Required Role Configuration
You can configure required roles for MDM API endpoints by adding the following properties. For more information about how to authenticate API requests, see API Requests Authentication.
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
String |
/ |
No |
|
|
String |
/ |
No |
|
Version Check
Name | Data Type | Default value | Mandatory | Description |
---|---|---|---|---|
|
Boolean |
|
No |
When set to |
Rate Limiter
Available in version 14.5.2-patch2 and later. |
For example configuration and more details, see Rate Limiter.
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
Boolean |
|
No |
If set to |
|
String |
No |
Comma-separated list of URL prefixes. Can also contain the HTTP method. The most precise rate limiter is used and in case there are multiple matches, the HTTP method is taken into consideration as well. |
Resilience4j
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
Number |
No |
The maximum allowed number of operations within a defined time period.
For example, if you set the value to |
|
|
String |
No |
The time period after which the limit for the number of operations is refreshed.
For example, if you set the value to |
|
|
String |
No |
Specifies how long to wait for a request to be processed before it’s considered a failure. If this period elapses, the request is considered unsuccessful. |
|
|
Boolean |
No |
Determines whether to register a health indicator for the specified rate limiter.
If set to |
Database Performance
Available in version 14.5.3 and later. |
Applies only to PostgreSQL databases. |
Name | Data Type | Default Value | Mandatory | Description |
---|---|---|---|---|
|
Number |
|
No |
Specifies the |
|
Number |
|
No |
Specifies the |
Was this page useful?