Client Manager Properties

JMX

Parameter	Description
JmxRmiPath (ClientManager)	The path in the RMI registry where the JMX Agent is registered.

ActiveMQ

Tuning for DSP to a User's Browser Session Message Traffic (per Browser Session)

ClientSession.MinSessionPoolSize (4)
ClientSession.MaxSessionPoolSize (8)
ClientSession.MaxConcurrentMessages (8)

Tuning for a User's Browser Session to DSP Message Traffic (All Browser Sessions)

DataSource.MinSessionPoolSize (4)
DataSource.MaxSessionPoolSize (8)
DataSource.MaxConcurrentMessages (8)

Security

Parameter	Description
Security.Authentication (LDAP)	The method to use for authenticating users. Can be Light-weight Directory Access Protocol (LDAP) or Active Directory (AD).
These parameters are applicable for Security.Authentication = Active Directory:
ActiveDirectory.Host	The hostname or IP address of AD server. By default, this field value is blank.
ActiveDirectory.Port	The port number of AD server. The default value is 389.
ActiveDirectory.AuthenticationMethod	The authentication method required to connect to the directory to perform a directory lookup in an AD server. Set to none if the directory can be looked up anonymously. Set to simple if the user and password are required to connect to the directory to perform a directory lookup. The default value is simple.
ActiveDirectory.UserSearchPrefix	The location/prefix of AD node containing user records. The Client Manager (CM) scans these records when authenticating a user. By default, this field value is blank.
ActiveDirectory.GroupSearchPrefix	The location/prefix of AD node containing group records. The CM scans these records when determining the groups a user belongs to. By default, this field value is blank.
ActiveDirectory.BindUser	The user that binds with Active Directory when the login user does not have permission to perform a user search.
ActiveDirectory.BindPassword	The password for ActiveDirectory.BindUser.
ActiveDirectory.DefaultDomain	The Active Directory domain name to be prefixed to the username such that users can enter the username without a domain string when signing in to Tidal Automation.
These parameters are applicable for Security.Authentication = LDAP:
LDAP.HostName	The hostname or IP address of LDAP server. The default value is localhost.
LDAP.Port	The port number of LDAP server. The default value is 389.
LDAP.ContextFactory	The context factory used when creating contexts in the LDAP server. The default value is com.sun.jndi.ldap.LdapCtxFactory.
LDAP.AuthenticationMethod	The authentication method required to connect to the directory to perform a directory lookup in an LDAP server. Set to none if you want the directory to be looked up anonymously. Set to simple if the user and password are required to perform a directory lookup. The default value is simple.
LDAP.UserIdentifierType	The value specified in this parameter is used in conjunction with the value specified in LDAP.BindDN User DN (Distinguished Name) when the: LDAP.AuthenticationMethod=simple. LDAP.BindUser and LDAP.BindPassword parameter values are not specified. When the LDAP.BindUser value is specified, the value specified in LDAP.UserIdentifierType is used in conjunction with the value specified in LDAP.BindDN to construct the Bind User's DN. The value of the LDAP.UserIdentifierType parameter indicates which LDAP attribute is used in a user's DN. Possible values are: uid, cn, sn, and mail. The default value is uid.
LDAP.BindDN	The Relative Distinguished Name (RDN) that should be used in conjunction with the value of LDAP.UserIdentifierType to construct the Distinguished Name (DN) of the users that will authenticate with TA. By default, LDAP.UserIdentifierType has the value uid. Therefore, for example, if the RDN is ou=people,dc=example,dc=com, the DN of the user becomes uid=<TA logon user’s name>,ou=people,dc=example,dc=com.
LDAP.UserBindDN	The RDN (starting from the root of the tree) in LDAP server that contains user entries.
LDAP.GroupBindDN	The RDN (starting from the root of the tree) in LDAP server that contains group entries.
LDAP.BindUser	The user that is used to bind with LDAP when login user does not have permission to do a user search.
LDAP.BindPassword	The password for LDAP.BindUser.
LDAP.UserSearchAttribute	The value specified in this parameter is used in conjunction with the value specified in LDAP.UserBindDN to lookup a user in LDAP. Example: When LDAP.UserSearchAttribute=mail and LDAP.UserBindDN=dc=example,dc=com, TA looks up a user entry in LDAP under the search tree dc=example,dc=com that has an attribute mail=<TA logon user's name>. The LDAP.UserIdentifierType and LDAP.UserSearchAttribute parameters are not interchangeable even if the parameters use uid as the default value.
LDAP.UserObjectClass	A valid object class for the user. Only users that possess one or more of these object classes will be permitted to authenticate to TA.
Security.Log	This flag, which is enabled (set to Y) by default, adds security logs for user sessions in the log directory of the Client Manager. The value can be either Y or N. Example: Security.Log=Y.
SessionSecurityLog	Indicates the logging level of session security. The output will show the session security log messages at the log level. The default value is INFO. The other supported types are SEVERE, FINE, FINER, and FINEST. Example: SessionSecurityLog=FINE.
Security.AuthPolicy.attributeNames	Specifies a comma-separated list of case-sensitive attribute names from your LDAP or AD server. When a user logs into TA, these attribute names and their values are retrieved from the AD/LDAP server and populated in the Attributes field of Authorization Policy Definition > LDAP Rules and Authorization Policy Definition > Workgroup Rules tabs. For more information about the LDAP attributes, see LDAP Rules Tab and Workgroup Rules Tab in the Users chapter. Example: Security.AuthPolicy.attributeNames=applicationID,businessCategory A new sysval configuration SYSVAL_IMPORT_USER_ATTRIBUTES (196) has been added to the sysval table to include or exclude the user attributes when a user is imported from your AD/LDAP server to TA. This sysval is enabled by default (set to Y). These attributes such as email, phone number, and so on are stored in the user record. Authorization policies also allow you to extract values from LDAP group attributes and store them in variables. You can use those variables in workgroups and shared owner rules to make the rule more flexible and dynamic. Before using LDAP attributes, the Tidal Administrator must define which AD/LDAP attributes to make available to authorization policies. The login session extracts values from AD/LDAP attributes that contain ASCII values; binary values and any encoded characters are not supported.

Status Check

Parameter	Description
enable.statuscheck	Allows users to perform a status check of the Client Manager (CM) when the status check URL http(s)://<cm-server>:<port>/statuscheck is accessed. Here, <cm-server> is the IP address of the CM from where the status check URL is accessed and <port> is the port number of the CM. This parameter is disabled (set to N) by default
statuscheck.monitor.ip.list	Specifies a comma-separated list of remote/local IP addresses from where the statis check URL can be accessed. When no values are specified, the status check URL is accessible from any client machine or IP address. When accessing the status check URL, one of these may happen: When the HTTP code 204 is returned, it indicates that the CM is not active. When the HTTP response body as well as the HTTP response header X-TA-CM-STATUS show the text ACTIVE-STANDALONE, it indicates that while the CM is initialized and accessible, it is not connected to the TA Master. When the HTTP response body as well as the HTTP response header X-TA-CM-STATUS show the text ACTIVE, it indicates that the CM is accessible and also connected to the Master. When the Client Manager login page is displayed, it indicates that the status check is not enabled.

Parameter

Description

enable.statuscheck

Allows users to perform a status check of the Client Manager (CM) when the status check URL http(s)://<cm-server>:<port>/statuscheck is accessed. Here, <cm-server> is the IP address of the CM from where the status check URL is accessed and <port> is the port number of the CM. This parameter is disabled (set to N) by default

statuscheck.monitor.ip.list

Specifies a comma-separated list of remote/local IP addresses from where the statis check URL can be accessed. When no values are specified, the status check URL is accessible from any client machine or IP address.

When accessing the status check URL, one of these may happen:

When the HTTP code 204 is returned, it indicates that the CM is not active.
When the HTTP response body as well as the HTTP response header X-TA-CM-STATUS show the text ACTIVE-STANDALONE, it indicates that while the CM is initialized and accessible, it is not connected to the TA Master.
When the HTTP response body as well as the HTTP response header X-TA-CM-STATUS show the text ACTIVE, it indicates that the CM is accessible and also connected to the Master.
When the Client Manager login page is displayed, it indicates that the status check is not enabled.