Appsettings.json File

Note:  These instructions apply only to Windows installations. Some of the below-referenced settings can be configured in the container values file as well (see Values File Settings for Containers Under Kubernetes).

Access to some configuration options after you have installed the AnyCAGateway REST are available in the appsettings.json file.

To update the appsettings.json file:

  1. Navigate to the install directory, by default at:

    C:\Program Files\Keyfactor\Keyfactor AnyCA Gateway\AnyGatewayREST\net8.0\Configuration
  2. Open the appsettings.json file in a text editor such as Notepad and adjust the values as needed.

  3. Save the file.

Copy 

{
"BasePath":  "AnyGatewayREST",
"NLogConfigFile":  "configuration/nlog.config",
"AllowedHosts":  "*",
"CheckClientCertCRL":  "true",
"LockTimeoutMilliseconds":  5000,
"ExtensionsDirectory":  "Extensions",
"SqlRetryConfiguration":  {
                "MaxTimeInterval":  "00:02:00",
                "DeltaTime":  "00:00:00.5",
                "NumberOfTries":  "5"
                },
"Cache":  {
                "CertificateValidationCacheExpirationMinutes":  10,
                "CAConfigurationCacheExpirationMinutes":  10,
                "RoleClaimsCacheExpirationMinutes":  10
                },
"LockHoldTimeoutMilliseconds":  900000,
"LockHeartbeatIntervalMilliseconds":  60000,
"Authentication":  {
                "DefaultIdentityProviderAuthScheme":  "",
                "SuperAdmin":  {
                    "Description":  "SuperAdmin",
                    "Type":  "X509Certificate_Thumbprint",
                    "Value":  "ef27ac4f350764966e8ac5b08c07d7cd1c2d01c9"
                },
                "UseOAuth":  "false",
                "AuthCAs":  {
                    "RootCA":  {
                        "FilePath":  "C:\\Program Files\\Keyfactor\\v25AnyCA\\AnyGatewayREST\\net8.0\\configuration\\rootca.crt"
                }
                },
                "CookieExpirationMinutes":  "",
                "SessionExpirationMinutes":  ""
    }
}                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
            

Table 1072: Appsettings.json File Settings

Setting Description
Allowed Hosts

A Microsoft setting for host filtering. For more information, see:

https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel/host-filtering?view=aspnetcore-8.0&preserve-view=true
BasePath The virtual directory for the new IIS application. This will be used in the base path for the AnyCAGateway REST portal in the browser.
Authentication
Setting Description
Session Expiration Minutes

The default is 60.
Cookie Expiration Minutes

The default is 0.
AuthCAs The CA (default name RootCA ) and the file path to the corresponding certificate.
Default Identity Provider Auth Scheme A required OAuth parameter for the name given the OAuth provider to default to upon login. Non-default providers can be set a login with the IdP hint Query Parameter in the portal URL to specify which IdP to redirect to.
SuperAdmin Description, Type and Value of the superadmin certificate
UseOAuth A Boolean indicating whether OAuth token authentication is used for the gateway (true) or client certificate authentication is used for the gateway (false). See -UseOAuth.
Cache
Setting Description Values
CA Configuration Cache Expiration Minutes

An integer that sets the time between which modifications or additions to the CA configuration (in minutes) will be available to the AnyCAGateway REST portal. Any changes to the CA configuration will not appear in the portal for this amount of time, but caching may improve performance during CA sync and enrollment.

The default is 10 minutes. Set to zero (0) to turn off caching.
Certificate Validation Cache Expiration Minutes An integer that sets intervals between validation runs against the CRL for the client certificate used to authenticate to the AnyCAGateway REST portal. A longer value will allow the gateway to avoid having to check the client authentication certificate validation each time you enroll. However, it’s possible a certificate could expire or be revoked in the meantime and would continue to be used to enroll certificates until the next cache interval. The default is 10 minutes. Set to zero (0) to turn off caching.
Role Claims Cache Expiration Minutes

An integer that sets the time between when modification to Roles on the Claims page will be available on the AnyCAGateway REST portal.

 The default is 10 minutes. Set to zero (0) to turn off caching.
Check Client Cert CRL A Boolean that indicates whether the CRL will be checked against the client authentication certificate that authenticated to the portal true/false (see Login Claim for Client Certificate Authentication).
Extension Directory

The name of the directory where third-party integration artifacts will be installed. This defaults to Extensions, installed by default at:

C:\Program Files\Keyfactor\Keyfactor AnyCA Gateway\AnyGatewayREST\net8.0\Extensions
Kestrel> Certificates > Default > Path A string identifying the path to the local server authentication certificate. See Install AnyCAGateway REST on Windows under IIS. Only for Kestrel installs.
Kestrel > Endpoints > HttpsCC > Url A string identifying the URL, with the port number referenced by the -ServerPort parameter, assigned to this instance of the AnyCAGateway REST implementation. See Install AnyCAGateway REST on Windows under IIS. Only for Kestrel installs.
Lock Timeout Milliseconds

In the case of a High Availability implementation, the three Lock settings will set the lockout intervals (in milliseconds) during CA sync so multiple CA syncs are not running at the same time. It is unlikely these would need to be modified.

The default for this is 5000 milliseconds.
Lock Hold Timeout Milliseconds The default for this is 900000 milliseconds.

Lock Heartbeat Interval Milliseconds

 The default for this is 60000 milliseconds.
NLog Config File Optional. A string overriding the default location of the nlog.config file.
SqlRetryConfiguration The MaxTimeInverval, DeltaTime, and NumberofTries settting for the SQL connection.