Authentication Server configuration files
The Authentication Server has two configuration files
(/etc/dcv-access-console-auth-server/access-console-auth-server.properties
and /etc/dcv-access-console-auth-server/access-console-auth-server-secrets.properties
)
that include parameters that can be configured to customize the Amazon DCV Access Console functionality connecting to different components.
Note
The property files contains sensitive data. By default, its write access is restricted to root and its read access is restricted to root and to the user running the
Authentication Server. By default, this is the dcvaccessconsole
user.
The following tables list the parameters in the Authentication Server configuration files.
For the /etc/dcv-access-console-auth-server/access-console-auth-server.properties
configuration:
Parameter name | Required | Default Value | Description |
---|---|---|---|
|
Yes |
9000 |
Specifies the port the Authentication Server listens. |
|
Either |
username |
Specifies the header name in the request to use as the userid. |
|
Either |
|
Specifies the full path of the |
|
Only required if |
dcv |
Specify 'dcv' if |
|
Only required if |
False |
Enables or disables the debug logging for the |
|
Only required if |
10 |
Specifies the number of seconds to wait for the |
|
No |
False |
Enables or disables the use of |
|
No |
id -u -nr |
Specifies the command to use to normalize the username to a userid. |
|
Yes |
Specifies the call back url of the Web Client. It should be of the format
|
|
|
Yes |
Specifies the url of the Web Client to redirect to after logout. It should be of the
format |
|
|
Yes |
Specifies the url of the Authentication Server. It should be of the format
|
|
|
No |
50 |
Specifies the bucket maximum capacity of the token bucket throttle algorithm. |
|
No |
2 |
Specifies the bucket refill rate of the token bucket throttle algorithm. |
|
No |
1 |
Specifies the period in seconds for the bucket refill rate of the token bucket throttle algorithm. |
|
No |
10 |
Specifies the bucket maximum capacity of the token bucket throttle algorithm for the
|
|
No |
10 |
Specifies the bucket refill rate of the token bucket throttle algorithm for the
|
|
No |
3600 |
Specifies the period in seconds for the bucket refill rate of the token bucket
throttle algorithm for the |
|
No |
1000 |
Specifies the number unique IP address to track for throttling. |
|
No |
20 |
Specifies the number minutes to track an IP address for throttling. |
|
No |
30s |
Specifies the time to live for the access token. |
|
No |
2h |
Specifies the time to live for the refresh token. It should be greater than the
|
|
No |
FALSE |
Enables or disables if a link to a privacy disclaimer shows on the sign in page. |
|
No |
Specifies the link your users will be directed to for the privacy disclaimer. If you
set |
|
|
No |
FALSE |
Enables or disables if a link to a privacy disclaimer shows on the sign in page. |
|
No |
Specifies the link your users will be directed to for the privacy disclaimer. If you
set |
For the /etc/dcv-access-console-auth-server/access-console-auth-server-secrets.properties
configuration:
Parameter name | Required | Default Value | Description |
---|---|---|---|
|
No |
False |
Enables SSL in Authentication Server. |
|
No |
PKCS12 |
Specifies the type of the Java Keystore file. |
|
No |
Specifies the path to the Java Keystore file. |
|
|
No |
Specifies the password to the Java Keystore file. |
|
|
No |
|
Specifies the client id for the Web Client. It should be the same in the Web Client properties. |
|
No |
Specifies the secret for the Web Client. It should be the same in the Web Client properties. |