The ClaimsProxy appsettings.json configuration file allows you to view or modify the configuration settings for the Claims Proxy service.
Windows Installations Under IIS
To update the appsettings.json file:
-
Navigate to the ClaimsProxy\Configuration folder on your server, located by default at:
C:\Program Files\Keyfactor\Keyfactor Platform\ClaimsProxy\Configuration - Browse to open the appsettings.json file in Notepad++ and adjust the values as needed as per Table 90: Appsetting.json File Parameters - ClaimsProxy.
- Save the file.
Figure 457: Sample ClaimsProxy Appsettings.json File
Container Installations Under Kubernetes
The configurations from the appsettings.json file can be updated in one of two ways for container installations:
-
To update one or two settings, set an environment variable in your custom values file.
-
To update a large number of settings or the entire contents of the appsettings.json file, create a config map containing the appsettings.json file contents and mount it as a volume to replace the existing appsettings.json file.
To set an environment variable for one or two configuration values:
-
On your Kubernetes server, edit your values file to add an additionalEnvironmentVariables section (if one does not already exist) and environment variable name(s) and value(s) for the setting(s) to change. For example, the following shows a portion of the example values file (see Install Keyfactor Command in Containers Under Kubernetes) with the ExtensionsDirectory value set to ext.
additionalEnvironmentVariables: - name: ExtensionsDirectory value: 'ext' volumes: - name: root-cas configMap: name: ca-roots items: - key: ca-certificates.crt path: ca-certificates.crt volumeMounts: - name: root-cas mountPath: /etc/ssl/certs/ca-certificates.crt subPath: ca-certificates.crtNote: Parameters are referenced by full name, including parent parameter
A parameter or argument is a value that is passed into a function in an application. name, if applicable. A SQL retry configuration setting would be, for example, SqlRetryConfiguration_NumberOfTries. -
Load the new values, referencing the deployment name, namespace, your customized values file, the helm chart, and version. For example:
sudo helm upgrade Helm_Deployment_Name --namespace keyfactor-command --values values-local.yaml oci://repo.keyfactor.com/charts/command --version 1.0.0
To provide the appsettings.json file as a config map:
-
On your Kubernetes server, create an appsettings.json file with the full contents of the file, including the updates you wish to make. For example:
Copy{
"NLogConfigFile": "Configuration/NLog_ClaimsProxy.config",
"ExtensionsDirectory": "ext",
"SqlRetryConfiguration": {
"NumberOfTries": "5",
"DeltaTime": "00:00:00.5",
"MaxTimeInterval": "00:02:00"
},
"ReverseProxy": {
"Routes": {
"catch-all-ingress": {
"ClusterId": "api-cluster",
"AuthorizationPolicy": "RequireAuthenticatedUserPolicy",
"Match": {
"Path": "{**catch-all}"
},
"AllowAnonymous": false
},
"catch-login": {
"ClusterId": "api-cluster",
"AuthorizationPolicy": "Anonymous",
"Match": {
"Path": "/Login/Signin"
},
"AllowAnonymous": true
}
},
"Clusters": {
"api-cluster": {
"Destinations": {
"api-node-1": {
"Address": ""
}
},
"HttpRequest": {
"ActivityTimeout": "00:05:00"
}
}
}
}
} -
On your Kubernetes server, create a config map containing the appsettings.json file. For example:
sudo kubectl create configmap appsettings-claimsproxy --namespace keyfactor-command --from-file=/opt/kyf_command/appsettings.json -
Edit your values file to add a volume and volumeMount for the config map of the appsettings.json file. For example, the following values file section shows the example root trusts volume (see Install Keyfactor Command in Containers Under Kubernetes) and the appsettings volume.
volumes: - name: root-cas configMap: name: ca-roots items: - key: ca-certificates.crt path: ca-certificates.crt - name: appsettings-claimsproxy-volume configMap: name: appsettings-claimsproxy volumeMounts: - name: root-cas mountPath: /etc/ssl/certs/ca-certificates.crt subPath: ca-certificates.crt - name: appsettings-claimsproxy-volume mountPath: /app/Configuration/appsettings.json subPath: appsettings.json -
Load the new values, referencing the deployment name, namespace, your customized values file, the helm chart, and version. For example:
sudo helm upgrade Helm_Deployment_Name --namespace keyfactor-command --values values-local.yaml oci://repo.keyfactor.com/charts/command --version 1.0.0
Configuration Settings
The following table shows the configuration settings for the Keyfactor Command ClaimsProxy application available in the appsettings.json file.
Table 90: Appsetting.json File Parameters - ClaimsProxy
| Setting | Description |
|---|---|
| NLog Config File |
Enter the file path to the NLog_ClaimsProxy.config file as a subdirectory of the ClaimsProxy directory. The default is: Configuration\\NLog_ClaimsProxy.config
This translates to, for example: C:\Program Files\Keyfactor\Keyfactor Platform\ClaimsProxy\Configuration\NLog_ClaimsProxy.config
This value is not used for container installations under Kubernetes. |
| Extensions Directory |
Enter the file path to the extensions to be loaded by the extension loader (for registration handler, workflow step, etc... support). For Windows installations under IIS, this is a subdirectory of the ClaimsProxy directory. The default value is Extensions. This translates to, for example, for Windows installations under IIS: C:\Program Files\Keyfactor\Keyfactor Platform\ClaimsProxy\Extensions
Container installations under Kubernetes: /app/Configuration/Extensions
|
| Sql Retry Configuration | SQL retry settings (seeKeyfactor Command Changing SQL Retry Settings for more information). |
| Reverse Proxy | The reverse proxy Routes and Clusters settings should only be changed on advice and guidance from Keyfactor Support. Changes may need to be made if you are migrating from Active Directory to an OAuth identity provider. |