SecuritySettingsV5
Information related to Security Settings.
{
"cert_auth_mapping": [
"x509:<I>%issuer_dn%<S>%subject_dn%<SKI>%subject_key_id%",
"x509:<I>%issuer_dn%<SR>%serial%"
],
"cert_auth_mapping_control": [
"CUSTOM",
"SID"
],
"cert_auth_mapping_names": [
"issuer_dn",
"subject_dn",
"san_dns"
],
"cluster_public_key": "3d43f005bfd5ade4c6853bd337f4d205e189c28793063087d1c0aeb58931e02c",
"cluster_public_key_id": "cluster key",
"crl_distribution_points": [
"http://www.cdpexample.com/file.crl",
"http://crls.pki.goog/gts1c3/file1.pem"
],
"crl_file_max_size_kb": 1024,
"crl_refresh_period_minutes": 100,
"data_recovery_password_configured": true,
"data_recovery_password_hint": "password hint",
"getdisallowEnhancedSecurityMode": true,
"message_security_mode": "ENABLED",
"message_security_status": "NOTSET",
"no_managed_certs": false,
"re_auth_secure_tunnel_after_interruption": true
}Indicates the certificate authentication mapping, which will be used to validate against (objectClass=user,altSecurityIdentities=) in Active directory.
Indicates the type of search for validating the smart card.
List of all supported certificate properties.
The Base 64 encoded public key of the cluster in PEM format.
Key Id to identify the cluster's active key pair.
List of CRL distribution point urls, from where CRLs will be fetched by crl prefetch service.
Maximum allowed size in kb for CRL file that can be downloaded by crl prefetch service.
Refresh time period in minutes for CRL prefetch.
Indicates whether the backup recovery password has been configured.
The data recovery password hint. This property has a maximum length of 128 characters.
If true, Enhanced message security mode is disallowed (FIPS mode only). If set when Enhanced message security mode is in force, this will cause an automatic transition to Enabled mode.
Determines if signing and verification of the JMS messages passed between Horizon components takes place.
- DISABLED: Message security mode is disabled.
- ENABLED: Message security mode is enabled. Unsigned messages are rejected by Horizon components.
- ENHANCED: Message Security mode is Enhanced. Message signing and validation is performed based on the current Security Level and desktop Message Security mode.
- MIXED: Message security mode is enabled but not enforced.
The status of the JMS message security. This tracks the application of changes to messageSecurityMode.
- NOTSET: The cluster is performing at the specified message security mode.
- ENHANCED: The Cluster is in Enhanced message security mode.
- WAITING_FOR_BUS_RESTARTS: The cluster is waiting for the bus restart The cluster is waiting for a bus restart to transition to ENHANCED messagesecurity mode or from ENHANCED message security mode .
- PENDING_ENHANCED: The cluster is propagating the change to ENHANCED message security mode to all nodes.
- LEAVING_ENHANCED: The cluster is leaving the ENHANCED message security mode.
- PREPARING_ENHANCED: The cluster is preparing to go in Enhanced mode.
- DISABLED: Message security mode is disabled.
- MIXED: Message security mode is enabled but not enforced.
- ENABLED: Message security mode is enabled. Unsigned messages are rejected by Horizon components.
Reserved for future use Default value: false
Determines if user credentials must be re-authenticated after a network interruption when Horizon clients use secure tunnel connections to Horizon resources. When you select this setting, if a secure tunnel connection ends during a session, Horizon Client requires the user to re-authenticate before reconnecting.