SecuritySettingsV4

SecuritySettingsV4
SecuritySettingsV4

Information related to Security Settings.

JSON Example
{
    "cert_auth_mapping": [
        "x509:<I>%issuer_dn%<S>%subject_dn%<SKI>%subject_key_id%",
        "x509:<I>%issuer_dn%<SR>%serial%"
    ],
    "cert_auth_mapping_control": [
        "CUSTOM",
        "SID"
    ],
    "cert_auth_mapping_names": [
        "issuer_dn",
        "subject_dn",
        "san_dns"
    ],
    "cluster_public_key": "3d43f005bfd5ade4c6853bd337f4d205e189c28793063087d1c0aeb58931e02c",
    "cluster_public_key_id": "cluster key",
    "crl_distribution_points": [
        "http://www.cdpexample.com/file.crl",
        "http://crls.pki.goog/gts1c3/file1.pem"
    ],
    "crl_file_max_size_kb": 1024,
    "crl_refresh_period_minutes": 100,
    "data_recovery_password_configured": true,
    "getdisallowEnhancedSecurityMode": true,
    "message_security_mode": "ENABLED",
    "message_security_status": "NOTSET",
    "re_auth_secure_tunnel_after_interruption": true
}
array of string
cert_auth_mapping
Optional

Indicates the certificate authentication mapping, which will be used to validate against (objectClass=user,altSecurityIdentities=) in Active directory.

array of string
cert_auth_mapping_control
Optional

Indicates the type of search for validating the smart card.

Possible values are : SID, CUSTOM, LEGACY,
array of string
cert_auth_mapping_names
Optional

List of all supported certificate properties.

string
cluster_public_key
Optional

The Base 64 encoded public key of the cluster in PEM format.

string
cluster_public_key_id
Optional

Key Id to identify the cluster's active key pair.

array of string
crl_distribution_points
Optional

List of CRL distribution point urls, from where CRLs will be fetched by crl prefetch service.

integer As int32 As int32
crl_file_max_size_kb
Optional

Maximum allowed size in kb for CRL file that can be downloaded by crl prefetch service.

integer As int32 As int32
crl_refresh_period_minutes
Optional

Refresh time period in minutes for CRL prefetch.

boolean
data_recovery_password_configured
Optional

Indicates whether the backup recovery password has been configured.

boolean
getdisallowEnhancedSecurityMode
Optional

If true, Enhanced message security mode is disallowed (FIPS mode only). If set when Enhanced message security mode is in force, this will cause an automatic transition to Enabled mode.

string
message_security_mode
Optional

Determines if signing and verification of the JMS messages passed between Horizon components takes place.

  • DISABLED: Message security mode is disabled.
  • ENABLED: Message security mode is enabled. Unsigned messages are rejected by Horizon components.
  • ENHANCED: Message Security mode is Enhanced. Message signing and validation is performed based on the current Security Level and desktop Message Security mode.
  • MIXED: Message security mode is enabled but not enforced.
Possible values are : DISABLED, ENABLED, ENHANCED, MIXED,
string
message_security_status
Optional

The status of the JMS message security. This tracks the application of changes to messageSecurityMode.

  • NOTSET: The cluster is performing at the specified message security mode.
  • ENHANCED: The Cluster is in Enhanced message security mode.
  • WAITING_FOR_BUS_RESTARTS: The cluster is waiting for the bus restart The cluster is waiting for a bus restart to transition to ENHANCED messagesecurity mode or from ENHANCED message security mode .
  • PENDING_ENHANCED: The cluster is propagating the change to ENHANCED message security mode to all nodes.
  • LEAVING_ENHANCED: The cluster is leaving the ENHANCED message security mode.
  • PREPARING_ENHANCED: The cluster is preparing to go in Enhanced mode.
  • DISABLED: Message security mode is disabled.
  • MIXED: Message security mode is enabled but not enforced.
  • ENABLED: Message security mode is enabled. Unsigned messages are rejected by Horizon components.
Possible values are : NOTSET, ENHANCED, WAITING_FOR_BUS_RESTARTS, PENDING_ENHANCED, LEAVING_ENHANCED, PREPARING_ENHANCED, DISABLED, MIXED, ENABLED,
boolean
re_auth_secure_tunnel_after_interruption
Optional

Determines if user credentials must be re-authenticated after a network interruption when Horizon clients use secure tunnel connections to Horizon resources. When you select this setting, if a secure tunnel connection ends during a session, Horizon Client requires the user to re-authenticate before reconnecting.