SecuritySettingsUpdateSpecV4

SecuritySettingsUpdateSpecV4
SecuritySettingsUpdateSpecV4

Security settings object to be updated.

JSON Example
{
    "cert_auth_mapping": [
        "x509:<I>%issuer_dn%<S>%subject_dn%<SKI>%subject_key_id%",
        "x509:<I>%issuer_dn%<SR>%serial%"
    ],
    "cert_auth_mapping_control": [
        "CUSTOM",
        "SID"
    ],
    "crl_distribution_points": [
        "http://www.cdpexample.com/file.crl",
        "http://crls.pki.goog/gts1c3/file1.pem"
    ],
    "crl_file_max_size_kb": 1024,
    "crl_refresh_period_minutes": 100,
    "data_recovery_password_hash": [
        "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8"
    ],
    "data_recovery_password_hint": "password hint",
    "message_security_mode": "ENABLED",
    "re_auth_secure_tunnel_after_interruption": true
}
array of string
cert_auth_mapping
Optional

Indicates the certificate authentication mapping, which will be used to validate against (objectClass=user,altSecurityIdentities=) in Active directory.

array of string
cert_auth_mapping_control
Optional

Indicates the type of search for validating the Smart card.

Possible values are : SID, CUSTOM, LEGACY,
array of string
crl_distribution_points
Optional

List of CRL distribution point urls, from where CRLs will be fetched by crl prefetch service.It supports only http url and .crl and .pem file type.

integer As int32 As int32
crl_file_max_size_kb
Optional

Maximum allowed size in kb for CRL file that can be downloaded by crl prefetch service. This property has a default value of 1024.

integer As int32 As int32
crl_refresh_period_minutes
Optional

Refresh time period in minutes for CRL prefetch. This property has a default value of 60.

array of string
data_recovery_password_hash
Optional

The SHA-256 hash of the (UTF-8) data recovery password.

string
data_recovery_password_hint
Optional

The data recovery password hint. This property has a maximum length of 128 characters.

string
message_security_mode
Required

Determines if signing and verification of the JMS messages passed between Horizon components takes place.

  • DISABLED: Message security mode is disabled.
  • ENABLED: Message security mode is enabled. Unsigned messages are rejected by Horizon components.
  • ENHANCED: Message Security mode is Enhanced. Message signing and validation is performed based on the current Security Level and desktop Message Security mode.
  • MIXED: Message security mode is enabled but not enforced.
Possible values are : DISABLED, ENABLED, ENHANCED, MIXED,
boolean
re_auth_secure_tunnel_after_interruption
Optional

Determines if user credentials must be re-authenticated after a network interruption when Horizon clients use secure tunnel connections to Horizon resources. When you select this setting, if a secure tunnel connection ends during a session, Horizon Client requires the user to re-authenticate before reconnecting.