Appsettings.json File

Note: These instructions apply only to Windows installations. Some of the below-referenced settings can be configured in the container values file as well (see Values File Settings for Containers Under Kubernetes).

Access to some configuration options after you have installed the AnyCAGateway REST are available in the appsettings.json file.

To update the appsettings.json file:

Navigate to the install directory, by default at:

C:\Program Files\Keyfactor\Keyfactor AnyCA Gateway\AnyGatewayREST\net10.0\Configuration
Open the appsettings.json file in a text editor such as Notepad and adjust the values as needed.
Save the file.

Copy

{
   "BasePath":  "AnyGatewayREST",
   "NLogConfigFile":  "configuration/nlog.config",
   "AllowedHosts":  "*",
   "CheckClientCertCRL":  "true",
   "LockTimeoutMilliseconds":  5000,
   "ExtensionsDirectory":  "Extensions",
   "SqlRetryConfiguration":  {
      "MaxTimeInterval":  "00:02:00",
      "DeltaTime":  "00:00:00.5",
      "NumberOfTries":  "5"
   },
   "Cache":  {
      "CertificateValidationCacheExpirationMinutes":  10,
      "CAConfigurationCacheExpirationMinutes":  10,
      "RoleClaimsCacheExpirationMinutes":  10
   },
   "LockHoldTimeoutMilliseconds":  900000,
   "LockHeartbeatIntervalMilliseconds":  60000,
   "Authentication":  {
      "DefaultIdentityProviderAuthScheme":  "",
      "SuperAdmin":  {
         "Description":  "SuperAdmin",
         "Type":  "X509Certificate_Thumbprint",
         "Value":  "ef27ac4f350764966e8ac5b08c07d7cd1c2d01c9"
      },
      "UseOAuth":  "false",
      "AuthCAs":  {
         "RootCA":  {
            "FilePath":  "C:\\Program Files\\Keyfactor\\Keyfactor AnyCA Gateway\\AnyGatewayREST\\net10.0\\configuration\\rootca.crt"
         }
      },
      "CookieExpirationMinutes":  "",
      "SessionExpirationMinutes":  ""
   }
}

Table 1217: Appsettings.json File Settings Using Client Certificate Authentication

Setting Description

Allowed Hosts

A Microsoft setting for host filtering. For more information, see:

https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel/host-filtering?view=aspnetcore-10.0&preserve-view=true

Authentication

Setting	Description
Session Expiration Minutes	The SessionExpirationMinutes value determines the length of time a browser session in the AnyCAGateway REST Portal will remain logged in before the user is prompted to re-authenticate regardless of whether the session is idle or in active use. The default is 60. Used for OAuth authentication only.
Cookie Expiration Minutes	The CookieExpirationMinutes value determines the length of time the authentication cookie for the AnyCAGateway REST Portal browser session is considered valid. After half of the setting's duration, the AnyCAGateway REST will attempt to use a refresh token to update the cookie. If this fails, the user's session will be terminated. The cookie renewal is seamless from the user’s perspective (there is no prompt for credentials). The default is 5. Used for OAuth authentication only.
AuthCAs	Defines one or more trusted root CA certificates and the file paths to the certificates used for client certificate authentication. For example: Copy `"AuthCAs": { "RootCA": { "FilePath": "C:\\Program Files\\Keyfactor\\Keyfactor AnyCA Gateway\\AnyGatewayREST\\net10.0\\configuration\\auth-root-ca.pem" } }` Used for client certificate authentication only.
Default Identity Provider Auth Scheme	A required OAuth parameter that specifies the name of the identity provider to use by default for user login. Non-default providers can be selected by supplying an IdP hint query parameter in the portal URL. Used for OAuth authentication only.
SuperAdmin	Defines the client certificate used to authenticate SuperAdmin access, including its description, type, and value. Used for client certificate authentication only.
UseOAuth	A Boolean indicating whether OAuth token authentication is used for the gateway (true) or client certificate authentication is used for the gateway (false). See -UseOAuth.

BasePath The virtual directory for the IIS application. This value is used as part of the base path for the AnyCAGateway REST portal in the browser.

Cache

Setting

Description

CA Configuration Cache Expiration Minutes

An integer that sets the time between which modifications or additions to the CA configuration (in minutes) will be available to the AnyCAGateway REST portal. Any changes to the CA configuration will not appear in the portal for this amount of time, but caching may improve performance during CA sync and enrollment.

The default is 10. Set to zero (0) to turn off caching.

Certificate Validation Cache Expiration Minutes

An integer that sets intervals between validation runs against the CRL for the client certificate used to authenticate to the AnyCAGateway REST portal. A longer value will allow the gateway to avoid having to check the client authentication certificate validation each time you enroll. However, it’s possible a certificate could expire or be revoked in the meantime and would continue to be used to enroll certificates until the next cache interval.

The default is 10. Set to zero (0) to turn off caching.

Role Claims Cache Expiration Minutes

An integer that sets the time between when modification to Roles on the Claims page will be available on the AnyCAGateway REST portal.

The default is 10. Set to zero (0) to turn off caching.

Check Client Cert CRL

A Boolean that indicates whether the CRL will be checked against the client authentication certificate that authenticated to the portal true/false (see Login Claim for Client Certificate Authentication).

Tip: The AnyCAGateway REST checks the client certificate's revocation status when the user attempts to authenticate with their client certificate. To turn that setting off, set the CheckClientCertCRL appsetting.json setting to False.

Extension Directory

The name of the directory where third-party integration artifacts will be installed. This defaults to Extensions, installed by default at:

C:\Program Files\Keyfactor\Keyfactor AnyCA Gateway\AnyGatewayREST\net10.0\Extensions

Kestrel > Endpoints > HttpsCC > Url

A string identifying the URL, with the port number referenced by the -ServerPort parameter, assigned to this instance of the AnyCAGateway REST implementation. See Install AnyCAGateway REST on Windows under IIS.

Used for Kestrel installs only.

Kestrel> Certificates > Default > Path

A string identifying the path to the local server authentication certificate. See Install AnyCAGateway REST on Windows under IIS.

Used for Kestrel installs only.

Lock Heartbeat Interval Milliseconds

The default is 60000.

Lock Hold Timeout Milliseconds The default is 900000.

Lock Timeout Milliseconds

In the case of a High Availability implementation, the three Lock settings will set the lockout intervals (in milliseconds) during CA sync so multiple CA syncs are not running at the same time. It is unlikely these would need to be modified.

The default is 5000.

NLog Config File Optional. A string overriding the default location of the nlog.config file.

SqlRetryConfiguration The MaxTimeInverval, DeltaTime, and NumberofTries settings for the SQL connection.

Was this page helpful? Provide Feedback

Version v25.5

On this page: