Page Comparison

Table of Contents

...

Please configure the FIXICC H2 according to the instance of the local.app.properties in your FIXICC H2 package, and set the following properties:

Name	Example value	Default Value	Description
`*cuba.dbmsType`	`postgres`	`-`	Type of the RDBMS
`cuba.dataSourceProvider`	`application`	`application`	The value indicates that the data source must be configured using application properties
`*cuba.dataSource.username`	`C##CUBA`	`-`	The username for the database
`*cuba.dataSource.password`	`cuba`	`-`	The password for the database
`*cuba.dataSource.dbName`	`PTGSDB`	`-`	The database name
`*cuba.dataSource.host`	`10.68.21.182`	`-`	Host for the database
`*cuba.dataSource.port`	`1521`	`-`	Port for the database
`fixicch2.consul.encrypted_connection`	`true`	`false`	This property enables the use of HTTPS
`fixicch2.consul.port`	`8501`	`8500`	The number of the port configured for the Consul
`fixicch2.consul.insecure_connection_enabled`	`false`	`false`	Allows accepting the Consul's insecure certificate. Is not recommended to set "true" in production mode.
`fixicch2.fixServerType`	`FIXEdge CPP`	`all`	Configures the type of the server to work with. Allowed values: FIXEdge CPP, FIXEdge Java, any other value means two types of supported servers.
`*` - marks the mandatory parameter

Code Block

language	bash
title	The FIXICC H2 properties file example
collapse	true

cuba.dbmsType = postgres
cuba.dataSourceProvider = application
cuba.dataSource.username = C##CUBA
cuba.dataSource.password =cuba
cuba.dataSource.dbName = PTGSDB 
cuba.dataSource.host = 10.68.21.182
cuba.dataSource.port =1521
fixicch2.consul.encrypted_connection =true
fixicch2.consul.port =8501
fixicch2.consul.insecure_connection_enabled =false
fixicch2.fixServerType = FIXEdge CPP

...

The following parameters can also be configurated through the "Application Properties" page on FIXICC H2:

Name	Example value	Default Value	Description
`fixicch2.fixServerType`	`FIXEdge CPP`	`all`	Configures the type of server to work with. Allowed values: FIXEdge CPP, FIXEdge Java, any other value means two types of supported servers.
`fixicch2.maxTimeToWaitServerStatusUpdate`	`10`	`10`	Configures (in minutes) the max time slot for updating the server status from the Consul. If there were no events during the period, the Consul sends the response. The maximum value is 10 minutes.
`fixicch2.metricsUpdatePeriod`	`1`	`1`	Configures (in seconds) the period for requesting metrics from FIXEdge
`fixicch2.mode`	`production`	`production`	Marks the instance of the FIXICC H2
`fixicch2.notificationTimeZone`	`UTC`	`UTC`	Specifies the time zone to display the time of the notification
`fixicch2.pauseToReconnect`	`2000`	`2000`	Specifies the pause between reconnection attempts

Info
Notice: If the parameters from the table above were configured in the local.app.properties file, values from the file would be applied despite values changed through the "Application Properties" page

...

To run FIXICC H2 with HTTPS enabled, you need to provide the following parameters:

Name	Example value	Where	Description
fixicch2.secure_http_port	8443	Java system property	HTTPS port to listen
fixicch2.key_store_path	keystore.jks	Java system property	Path to key store (jks file)
fixicch2.trust_store_path	keystore.jks	Java system property	Path to trust store (jks file). This is used if validating client certificates and is typically set to the same path as the keystore
FIXICC_H2_KEY_STORE_PASSWORD	fixicch2	Environment variable	Key store password in plain text
FIXICC_H2_KEY_MANAGER_PASSWORD	fixicch2	Environment variable	Key Manager password
FIXICC_H2_TRUST_STORE_PASSWORD	fixicch2	Environment variable	Trust store password

For details on these paramters please refer to the Jetty 9 Documentation on parameters keyStorePath , keyStorePassword , keyManagerPassword , trustStorePath , and trustStorePassword .

...

Deploy the LDAP server

Set the following properties in the local.app.properties file:

Name	Example value	Default value	Description
`ldap.contextSourceUrl`	`ldap://localhost:389`	`ldap://localhost:10389`	Defines a URL for reaching the LDAP server
`ldap.contextSourceUserName`	`cn=admin,dc=epm-bfix,dc=local`	`uid=admin,ou=system`	Indicates a username (principal) used for authentication. This is normally the distinguished name of the admin user.
`ldap.contextSourceBase`	`dc=epm-bfix,dc=local`	`dc=springframework,dc=org`	Defines a base DN. If configured, all operations on contexts retrieved from ContextSource will be relative to this DN. By default, an empty name is set (i.e. all operations are related to the directory root).
`ldap.contextSourcePassword`	`ADMIN_PASSWORD`	`secret`	Defines a password used for authentication. Login with default parameters for the first time. Then you can change the password in env docker-compose.
`ldap.referral`	`follow`	`follow`	Defines the strategy to handle referrals, as described in this documentation
`ldap.sessionExpiringPeriodSec`	`120`	`30`	Indicates a period in seconds after which the system terminates a user session if you deactivate the user or assign a new access group/matching rules to them
`ldap.userSynchronizationBatchSize`	`100`	`100`	Defines the number of users that can be synchronized during the execution of the `synchronizeUsersFromLdap()` scheduled task
`ldap.userSynchronizationOnlyActiveProperty`	`true`	`true`	If set to `true`, the `synchronizeUsersFromLdap()` scheduled task updates only the value of the Active attribute. Otherwise, the system updates all user details.
`ldap.cubaGroupForSynchronization`	`Company`	`Company`	Defines access groups that are checked when the system executes the `synchronizeUsersFromLdap()` scheduled task.
`ldap.cubaGroupForSynchronizationInverse`	`false`	`false`	If set to `true`, the system checks all groups when executing the `synchronizeUsersFromLdap()` scheduled task (except for the ones specified in `ldap.cubaGroupForSynchronization`)
`ldap.synchronizeCommonInfoFromLdap`	`true`	`true`	If set to `true`, the `synchronizeUsersFromLdap()` scheduled task updates the values of the following user attributes in accordance with their state on the LDAP server side: Email, Name, First name, Last name, Middle name, Position, Language)
`cuba.web.standardAuthenticationUsers`	`admin, anonymous`	`admin, anonymous`	Defines users that can log in to the system using standard CUBA credentials
`ldap.expiringSessionNotificationCron`	`/10 * * * *`	`/10 * * * *`	Defines the cron expression for retrieving expired sessions from the middleware layer
`ldap.addonEnabled`	`true`	`false`	If set to `true`, the LDAP add-on is enabled
`ldap.expiringSessionsEnable`	`true`	`true`	If set to `true`, the system sends notifications to inform the user that their session is about to expire

If the group and user weren't set earlier you should create a posix group and a user in LDAP
Start the FIXICC H2
Select Administration > LDAP > LDAP Config in the menu on the left-side (items 1→2→3 in the figure below)
Check the connection by clicking Test Connection (item 4 in the figure below)
Figure. The "Test Connection" button.
If the connection is successful, the FIXICC H2 will show the following message:

Figure. The successful LDAP connection.
Go to the LDAP Matching Rules page by clicking LDAP Matching Rules
Select the default rule in the table and click Edit or press Enter on your keyboard to edit the default rule
Figure. The "LDAP Matching Rules" page.
Add the Role - system-full-access or your own role (in this case, the role's permissions must provide access to Allow all screens):
Click Add (see below):
Figure. The "Add" button for adding the permissions.
Select the Role in the table (item 1 in the figure above)
Confirm your choice by clicking Select (item 2 in the figure above)
Logout by clicking the arrow at the bottom of the left-side menu (see below)

Figure. The "Logout" button.
Login with the user's data whose role was added to the LDAP Matching Rules

Versions Compared

Old Version 3

New Version 4

Key