Get Security Settings V4
All the listed privileges are required -
Privileges | Description |
---|---|
GLOBAL_CONFIG_VIEW | Caller should have permission to this privilege, to read settings. |
OK
{
"cert_auth_mapping": [
"x509:<I>%issuer_dn%<S>%subject_dn%<SKI>%subject_key_id%",
"x509:<I>%issuer_dn%<SR>%serial%"
],
"cert_auth_mapping_control": [
"CUSTOM",
"SID"
],
"cert_auth_mapping_names": [
"issuer_dn",
"subject_dn",
"san_dns"
],
"cluster_public_key": "3d43f005bfd5ade4c6853bd337f4d205e189c28793063087d1c0aeb58931e02c",
"cluster_public_key_id": "cluster key",
"crl_distribution_points": [
"http://www.cdpexample.com/file.crl",
"http://crls.pki.goog/gts1c3/file1.pem"
],
"crl_file_max_size_kb": 1024,
"crl_refresh_period_minutes": 100,
"data_recovery_password_configured": true,
"getdisallowEnhancedSecurityMode": true,
"message_security_mode": "ENABLED",
"message_security_status": "NOTSET",
"re_auth_secure_tunnel_after_interruption": true
}
Indicates the certificate authentication mapping, which will be used to validate against (objectClass=user,altSecurityIdentities=) in Active directory.
Indicates the type of search for validating the smart card.
List of all supported certificate properties.
The Base 64 encoded public key of the cluster in PEM format.
Key Id to identify the cluster's active key pair.
List of CRL distribution point urls, from where CRLs will be fetched by crl prefetch service.
Maximum allowed size in kb for CRL file that can be downloaded by crl prefetch service.
Refresh time period in minutes for CRL prefetch.
Indicates whether the backup recovery password has been configured.
If true, Enhanced message security mode is disallowed (FIPS mode only). If set when Enhanced message security mode is in force, this will cause an automatic transition to Enabled mode.
Determines if signing and verification of the JMS messages passed between Horizon components takes place.
- DISABLED: Message security mode is disabled.
- ENABLED: Message security mode is enabled. Unsigned messages are rejected by Horizon components.
- ENHANCED: Message Security mode is Enhanced. Message signing and validation is performed based on the current Security Level and desktop Message Security mode.
- MIXED: Message security mode is enabled but not enforced.
The status of the JMS message security. This tracks the application of changes to messageSecurityMode.
- NOTSET: The cluster is performing at the specified message security mode.
- ENHANCED: The Cluster is in Enhanced message security mode.
- WAITING_FOR_BUS_RESTARTS: The cluster is waiting for the bus restart The cluster is waiting for a bus restart to transition to ENHANCED messagesecurity mode or from ENHANCED message security mode .
- PENDING_ENHANCED: The cluster is propagating the change to ENHANCED message security mode to all nodes.
- LEAVING_ENHANCED: The cluster is leaving the ENHANCED message security mode.
- PREPARING_ENHANCED: The cluster is preparing to go in Enhanced mode.
- DISABLED: Message security mode is disabled.
- MIXED: Message security mode is enabled but not enforced.
- ENABLED: Message security mode is enabled. Unsigned messages are rejected by Horizon components.
Determines if user credentials must be re-authenticated after a network interruption when Horizon clients use secure tunnel connections to Horizon resources. When you select this setting, if a secure tunnel connection ends during a session, Horizon Client requires the user to re-authenticate before reconnecting.
User is not authenticated
Access to the resource is forbidden