Appsettings.json File

The appsettings.json configuration file allows you to view or change select installation configuration settings for the CA ConnectorClosed The Keyfactor CA Connector is installed in the customer environment to provide a connection between a CA and Keyfactor Command when a direct connection is not possible. It is supported on both Windows and Linux and has versions for Microsoft (Windows only) or EJBCA CAs. Client.

Installations on Windows

To update the appsettings.json file:

  1. Navigate to the installation folder on your server, located by default at:

    C:\Program Files\Keyfactor\Keyfactor CA Connector

  2. Browse to open the appsettings.json file in a text editor (e.g. Notepad) and adjust the values as needed (see Configuration Settings).

    Copy
    Configured Appsettings.json File
    {
        "SignalR":  {
                        "TransportTypes":  "WebSockets, LongPolling",
                        "SkipNegotiation":  false
                    },
        "OAuthServer":  {
                            "Scope":  "",
                            "Audience":  "",
                            "ClientId":  "RabbitMQ",
                            "Address":  "https://appsrvr187.keyexample.com:5443/realms/Keyfactor/protocol/openid-connect/token"
                        },
        "CAConfigCacheExpirationMinutes":  15,
        "ServerURL":  "https://command188.keyexample.com/KeyfactorCAConnectors/",
        "Name":  "websrvr21.keyexample.com"
    }
  3. Save the files.
Installations on Linux

To update the appsettings.json file:

  1. Navigate to the installation folder on your server, located by default at:

    /opt/keyfactor/ca-connector

  2. Browse to open the appsettings.json file in a text editor (e.g. nano) and adjust the values as needed (see Configuration Settings).

    Copy
    Configured Appsettings.json File
    {
      "ServerURL": "https://command188.keyexample.com/KeyfactorCAConnectors",
      "OAuthServer": {
        "Address": "https://appsrvr187.keyexample.com:5443/realms/Keyfactor/protocol/openid-connect/token",
        "ClientId": "RabbitMQ",
        "Scope": "",
        "Audience": ""
      },
      "Name": "appsrvr162.keyexample.com",
      "SignalR": {
        "TransportTypes": "WebSockets, LongPolling",
        "SkipNegotiation": false
      },
      "CAConfigCacheExpirationMinutes": "12"
    }
  3. Save the files.
Configuration Settings

The following table shows the configuration settings for the settings available in the appsettings.json file.

Table 1034: Appsetting.json File Parameters - CA Connector Client

Setting Description
SignalR

Settings controlling communication between the CA Connector Client and the CA Connector API on the Keyfactor Command server.

Setting Description
TransportTypes

Both WebSockets and LongPolling are supported as transport protocols for real-time communication between the CA Connector Client and the CA Connector API on the Keyfactor Command server. WebSockets enable full-duplex, low-latency connections ideal for high-frequency data exchanges. LongPolling simulates real-time interaction by repeatedly making HTTP requests, offering broader compatibility but with higher overhead. By default, both WebSockets and LongPolling are configured and either may be used when the protocol is negotiated (see SkipNegotiation). If you need to use a specific protocol, configure just that protocol in this setting.

Tip:  While not required for operation, WebSockets may be used as the transport protocol between the CA Connector Client and the CA Connector API on the Keyfactor Command server (for Keyfactor Command installations on Windows under IIS). To leverage WebSockets, this feature must be installed in IIS on the Keyfactor Command server. This can be done via Server Manager under Add Roles > Web Server (IIS) > Web Server > Application Development > WebSocket Protocol. If the WebSockets feature is not enabled, HTTP LongPolling will be used as the transport protocol from the CA Connector Client. If desired, the CA Connector Client can be configured to force the transport protocol to WebSockets or LongPolling.
SkipNegotiation A Boolean indicating whether the negotiation step should be skipped when establishing a connection. This step is part of the process where the client and server determine which transport protocol (WebSockets or LongPolling) to use. By default, SkipNegotiation is false, meaning SignalR will perform a negotiation to determine the optimal transport protocol. SkipNegotiation may be set to true when using WebSockets directly, as WebSockets does not require negotiation. SkipNegotiation should be set to false if the only TransportType configured is LongPolling to allow the connection to be established. Long Polling relies on negotiation to function correctly.
OAuthServer

OAuth authentication settings.

Setting Description
Scope

The scopes that should be included in token requests to the identity provider. If multiple scopes are desired, they should be separated by spaces.

The OAuth mechanism in use in your Keyfactor Command environment may or may not require this.
Audience

The audience that should be included in token requests to the identity provider.

The OAuth mechanism in use in your Keyfactor Command environment may or may not require this.
ClientId A string issued by the authentication provider that identifies the application authenticating.
Address The token URL to the service providing OAuth authentication
CAConfigCacheExpirationMinutes The number of minutes that the CA configuration will be cached before being cleared. The default is 10 minutes.
ServerURL

The URL to the CA connector application on the Keyfactor Command server. SSL is required to connect to the Keyfactor Command server. For example:

https://kyf101.keyfactorpki.com/KeyfactorCAConnectors
Name The name the CA Connector Client uses when registering as a CA connector in Keyfactor Command. The name it uses must match the name used when creating a CA connector record in Keyfactor Command.