kevdoran · August 5, 2020 15:28
diff --git a/one-way-tls.efm.properties b/one-way-tls.efm.properties
 # Example EFM Config
 # One-way TLS with server authentication only (no client authentication)
 # This uses a work-around by running a reverse proxy that always passes "Anonymous" as an authenticated identity
 # Any client that can access the EFM server through the reverse proxy will have full access 

 # Web Server TLS Properties
 efm.server.ssl.enabled=true
 efm.server.ssl.keyStore=./conf/keystore.jks
 efm.server.ssl.keyStoreType=jks
 efm.server.ssl.keyStorePassword=yourKeyStorePasswordHere
 efm.server.ssl.keyPassword=yourKeyPasswordHere
 efm.server.ssl.trustStore=./conf/truststore.jks
 efm.server.ssl.trustStoreType=jks
 efm.server.ssl.trustStorePassword=yourTrustStorePasswordHere
 efm.server.ssl.clientAuth=NONE

 # Possible values for clientAuth are NONE, WANT, NEED
 #  - NONE: Client never provides a certificate and is not authenticated.
 #  - WANT: Server will ask for a client certificate, but will accept connections from clients without certificates.
 #  - NEED: Server will require a client certificate, and will refuse connections for clients without trusted certificates.

 # User Authentication Properties
 # authentication via TLS mutual auth with client certificates
 efm.security.user.certificate.enabled=false
 # authentication via Knox SSO token passed in a cookie header
 efm.security.user.knox.enabled=false
 efm.security.user.knox.url=
 efm.security.user.knox.publicKey=
 efm.security.user.knox.cookieName=
 efm.security.user.knox.audiences=
 # authentication via generic reverse proxy with user passed in a header
 efm.security.user.proxy.enabled=true
 efm.security.user.proxy.headerName=X-WEBAUTH-USER
 #efm.security.user.proxy.ipWhitelist=
 #efm.security.user.proxy.dnWhitelist[0]=
 # Configure the reverse proxy to always pass the following HTTP header:
 # X-WEBAUTH-USER: Anonymous
	# Example EFM Config
	# One-way TLS with server authentication only (no client authentication)
	# This uses a work-around by running a reverse proxy that always passes "Anonymous" as an authenticated identity
	# Any client that can access the EFM server through the reverse proxy will have full access

	# Web Server TLS Properties
	efm.server.ssl.enabled=true
	efm.server.ssl.keyStore=./conf/keystore.jks
	efm.server.ssl.keyStoreType=jks
	efm.server.ssl.keyStorePassword=yourKeyStorePasswordHere
	efm.server.ssl.keyPassword=yourKeyPasswordHere
	efm.server.ssl.trustStore=./conf/truststore.jks
	efm.server.ssl.trustStoreType=jks
	efm.server.ssl.trustStorePassword=yourTrustStorePasswordHere
	efm.server.ssl.clientAuth=NONE

	# Possible values for clientAuth are NONE, WANT, NEED
	# - NONE: Client never provides a certificate and is not authenticated.
	# - WANT: Server will ask for a client certificate, but will accept connections from clients without certificates.
	# - NEED: Server will require a client certificate, and will refuse connections for clients without trusted certificates.

	# User Authentication Properties
	# authentication via TLS mutual auth with client certificates
	efm.security.user.certificate.enabled=false
	# authentication via Knox SSO token passed in a cookie header
	efm.security.user.knox.enabled=false
	efm.security.user.knox.url=
	efm.security.user.knox.publicKey=
	efm.security.user.knox.cookieName=
	efm.security.user.knox.audiences=
	# authentication via generic reverse proxy with user passed in a header
	efm.security.user.proxy.enabled=true
	efm.security.user.proxy.headerName=X-WEBAUTH-USER
	#efm.security.user.proxy.ipWhitelist=
	#efm.security.user.proxy.dnWhitelist[0]=
	# Configure the reverse proxy to always pass the following HTTP header:
	# X-WEBAUTH-USER: Anonymous