Appsettings.json File

Note:  These instructions apply only to Windows installations. Some of the below-referenced settings can be configured in the container values file as well (see Values File Settings for Containers Under Kubernetes).

Access to some configuration options after you have installed the AnyCAGateway REST are available in the appsettings.json file.

To update the appsettings.json file:

  1. Navigate to the install directory, by default at:

    C:\Program Files\Keyfactor\Keyfactor AnyCA Gateway\AnyGatewayREST\net8.0\Configuration
  2. Open the appsettings.json file in a text editor such as Notepad and adjust the values as needed.

  3. Save the file.

    Copy 

    {
        "Cache": {
            "CertificateValidationCacheExpirationMinutes": 10,
            "CAConfigurationCacheExpirationMinutes": 10,
            "RoleClaimsCacheExpirationMinutes": 10
        },
        "Kestrel": {
            "Certificates": {
                "Default": {
                    "Path": "C:\\Program Files\\Keyfactor\\Keyfactor AnyCA Gateway\\AnyGatewayREST\\net8.0\\configuration\\Gatewaythcms.pfx"
                }
            },
            "Endpoints": {
                "HttpsCC": {
                    "Url": "https://*:8443"
                }
            }
        },
        "ExtensionsDirectory": "Extensions",
        "Authentication": {
            "SessionExpirationMinutes": 60,
            "CookieExpirationMinutes": 5,
            "DefaultIdentityProviderAuthScheme": "Keycloak",
            "UseOAuth": "true"
        },
        "AllowedHosts": "*",
        "CheckClientCertCRL": "True",
        "LockTimeoutMilliseconds": 5000,
        "LockHeartbeatIntervalMilliseconds": 60000,
        "LockHoldTimeoutMilliseconds": 900000,
        "NLogConfigFile":  "configuration/nlog.config",
        "BasePath": "AnyGatewayREST"
    }
                    

Table 959: Appsettings.json File Settings

Setting Description
Allowed Hosts

A Microsoft setting for host filtering. For more information, see:

https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel/host-filtering?view=aspnetcore-8.0&preserve-view=true
BasePath For IIS hosting, this parameter is required. It should match the virtual directory per your installation (see IIS Hosting). When using OAuth, the SSL settings for the application should be set to Ignore client certificates.
Authentication
Setting Description
Session Expiration Minutes

The default is 60.
Cookie Expiration Minutes

The default is 0.
Default Identity Provider Auth Scheme A required OAuth parameter for the name given the OAuth provider to default to upon login. Non-default providers can be set a login with the IdP hint Query Parameter in the portal URL to specify which IdP to redirect to.
UseOAuth A Boolean indicating whether OAuth token authentication is used for the gateway (true) or client certificate authentication is used for the gateway (false). See -Use OAuth.
Cache
Setting Description Values
CA Configuration Cache Expiration Minutes

An integer that sets the time between which modifications or additions to the CA configuration (in minutes) will be available to the AnyCAGateway REST portal. Any changes to the CA configuration will not appear in the portal for this amount of time, but caching may improve performance during CA sync and enrollment.

The default is 10 minutes. Set to zero (0) to turn off caching.
Certificate Validation Cache Expiration Minutes An integer that sets intervals between validation runs against the CRL for the client certificate used to authenticate to the AnyCAGateway REST portal. A longer value will allow the gateway to avoid having to check the client authentication certificate validation each time you enroll. However, it’s possible a certificate could expire or be revoked in the meantime and would continue to be used to enroll certificates until the next cache interval. The default is 10 minutes. Set to zero (0) to turn off caching.
Role Claims Cache Expiration Minutes

An integer that sets the time between when modification to Roles on the Claims page will be available on the AnyCAGateway REST portal.

 The default is 10 minutes. Set to zero (0) to turn off caching.
Check Client Cert CRL A Boolean that indicates whether the CRL will be checked against the client authentication certificate that authenticated to the portal true/false (see Login Claim for Client Certificate Authentication).
Extension Directory

The name of the directory where third-party integration artifacts will be installed. This defaults to Extensions, installed by default at:

C:\Program Files\Keyfactor\Keyfactor AnyCA Gateway\AnyGatewayREST\net8.0\Extensions
Kestrel> Certificates > Default > Path A string identifying the path to the local server authentication certificate. See -Server Certificate Path.
Kestrel > Endpoints > HttpsCC > Url A string identifying the URL, with the port number referenced by the -ServerPort parameter, assigned to this instance of the AnyCAGateway REST implementation. See -Server Port.
Lock Timeout Milliseconds

In the case of a High Availability implementation, the three Lock settings will set the lockout intervals (in milliseconds) during CA sync so multiple CA syncs are not running at the same time. It is unlikely these would need to be modified.

The default for this is 5000 milliseconds.
Lock Hold Timeout Milliseconds The default for this is 900000 milliseconds.

Lock Heartbeat Interval Milliseconds

 The default for this is 60000 milliseconds.
NLog Config File Optional. A string overriding the default location of the nlog.config file.