DDF Reference Guide

Admin Configuration Policy

org.codice.ddf.admin.config.policy.AdminConfigPolicy

Admin Configuration Policy configurations.

Admin UI

org.codice.admin.ui.configuration

Admin UI configurations.

Feature and App Permissions

featurePolicies

String

When enabled, the desired features or apps will only be modifiable and viewable to users with the set attributes. The entry should be the format of: feature name/app name = "user attribute name=user attribute value"

false

Configuration Permissions

servicePolicies

String

When enabled, the desired service will only be modifiable and viewable to users with the set attributes. The entry should be the format of: configuration ID = "user attribute name=user attribute value"

null

false

Enable System Usage message

systemUsageEnabled

Boolean

Turns on a system usage message, which is shown when the Admin Application is opened.

false

true

System Usage Message Title

systemUsageTitle

String

A title for the system usage message when the application is opened.

true

System Usage Message

systemUsageMessage

String

A system usage message to be displayed to the user each time the user opens the application.

true

Show System Usage Message once per session

systemUsageOncePerSession

Boolean

With this selected,the system usage message will be shown once for each browser session. Uncheck this to have the usage message appear every time the admin page is opened or refreshed.

true

true

Ignored Installer Applications

disabledInstallerApps

String

Comma delimited list (appName, appName2, …​appNameN) of applications that will be disabled in the installer.

admin-app,platform-app

null

Catalog Federation Strategy

ddf.catalog.federation.impl.CachingFederationStrategy

Catalog Federation Strategy.

Catalog Backup Plugin

ddf.catalog.backup.CatalogBackupPlugin

Catalog Backup Plugin configurations.

Catalog Standard Framework

ddf.catalog.CatalogFrameworkImpl

Catalog Standard Framework configurations.

Confluence Federated Source

Confluence_Federated_Source

Confluence Federated Source.

Content Directory Monitor

org.codice.ddf.catalog.content.monitor.ContentDirectoryMonitor

Content Directory Monitor configurations.

Content File System Storage Provider

org.codice.ddf.catalog.content.impl.FileSystemStorageProvider

Content File System Storage Provider.

CSW Connected Source

Csw_Connected_Source

CSW Connected Source.

Expiration Date Pre-Ingest Plugin

org.codice.ddf.catalog.plugin.expiration.ExpirationDatePlugin

Catalog pre-ingest plugin to set an expiration date on metacards.

Historian

ddf.catalog.history.Historian

Enables versioning of both metacards and content.

Metacard Attribute Security Policy Plugin

org.codice.ddf.catalog.security.policy.metacard.MetacardAttributeSecurityPolicyPlugin

Metacard Attribute Security Policy Plugin.

Catalog Metacard Ingest Network Plugin

org.codice.ddf.catalog.plugin.metacard.MetacardIngestNetworkPlugin

Catalog Metacard Ingest Network Plugin.

Metacard Validation Filter Plugin

ddf.catalog.metacard.validation.MetacardValidityFilterPlugin

Metacard Validation Filter Plugin.

Metacard Validation Marker Plugin

ddf.catalog.metacard.validation.MetacardValidityMarkerPlugin

Metacard Validation Marker Plugin.

Metacard Backup File Storage Provider

Metacard_File_Storage_Route

Enable data backup of metacards using a configurable transformer.

Resource Download Settings

Metacard_S3_Storage_Route

Resource Download Configuration.

Catalog OpenSearch Federated Source

OpenSearchSource

Catalog OpenSearch Federated Source.

Resource Download Settings

ddf.catalog.resource.download.ReliableResourceDownloadManager

Resource Download configurations.

Schematron Validation Services

ddf.services.schematron.SchematronValidationService

Schematron Validation Services configurations.

Security Audit Plugin

org.codice.ddf.catalog.plugin.security.audit.SecurityAuditPlugin

Security Audit Plugin.

Tika Input Transformer

ddf.catalog.transformer.input.tika.TikaInputTransformer

Tika Input Transformer.

URL Resource Reader

ddf.catalog.resource.impl.URLResourceReader

URL Resource Reader

Video Thumbnail Plugin

org.codice.ddf.catalog.content.plugin.video.VideoThumbnailPlugin

Video Thumbnail Plugin.

XML Attribute Security Policy Plugin

org.codice.ddf.catalog.security.policy.xml.XmlAttributeSecurityPolicyPlugin

XML Attribute Security Policy Plugin.

Xml Query Transformer

ddf.catalog.transformer.xml.XmlResponseQueueTransformer

Xml Response Query Transformer.

PDF Input Transformer

ddf.catalog.transformer.input.pdf.PdfInputTransformer

PDF Input Transformer configurations.

Catalog Preview

org.codice.ddf.transformer.preview

Allow Preview to be Extracted From Metadata.

Catalog Policy Plugin

org.codice.ddf.catalog.security.CatalogPolicy

Catalog Policy Plugin.

Resource URI Policy Plugin

org.codice.ddf.catalog.security.ResourceUriPolicy

Resource URI Policy Plugin.

Status Source Poller Runner

org.codice.ddf.catalog.sourcepoller.StatusSourcePollerRunner

Status Source Poller Runner.

Maximum start index

maxStartIndex

Integer

Sets a limit on the number of results this sorted federation strategy can handle from each federated source. A large start index in conjunction with several federated sources could yield a large result set, which the sorted federation strategy has a limited ability to do. The admin can make a rough calculation to decide what maximum start index to use based on the amount of memory in the system, the amount of federated sources, the number of threads, and the expected amount of query results requested ( (average # of threads) * (maximum # of federated sources) * (maxStartIndex + maximumQueryResults) ) must fit into the allocated memory of the running distribution. This field will be removed when sorted federation strategy has the ability to sort a larger amount of results.

50000

true

Expiration Interval

expirationIntervalInMinutes

Long

Interval that Solr Cache checks for expired documents to remove.

10

true

Expiration Age

expirationAgeInMinutes

Long

The number of minutes a document will remain in the cache before it will expire. Default is 7 days.

10080

true

Query Result Cache Strategy

cacheStrategy

String

Strategy for caching query results. Valid entries are ALL, FEDERATED, and NONE.

ALL

true

Cache Remote Ingests

cacheRemoteIngests

Boolean

Cache remote ingest results

false

true

Root backup directory path

rootBackupDir

String

Root backup directory for Metacards. A relative path is relative to <DDF_HOME>.

data/backup

true

Subdirectory levels

subDirLevels

Integer

Number of subdirectory levels to create. Two characters from the ID will be used to name each subdirectory level.

2

true

Enable Fanout Proxy

fanoutEnabled

Boolean

When enabled the Framework acts as a proxy, federating requests to all available sources. All requests are executed as federated queries and resource retrievals, allowing the framework to be the sole component exposing the functionality of all of its Federated Sources.

false

true

Enable Notifications

notificationEnabled

Boolean

Check to enable notifications.

true

false

Fanout tag blacklist

fanoutTagBlacklist

String

Ingest operations with tags in this list will be rejected.

true

Source Name

shortname

String

Yes

Confluence Rest URL

endpointUrl

String

The Confluence Rest API endpoint URL. Example: https://{FQDN}:{PORT}/rest/api/content

Yes

Authentication Type

authenticationType

String

The Discovery URL where the metadata of the OAuth Provider protecting the source is hosted. Required if OAuth 2.0 authentication type is selected.

saml

true

Username

username

String

Username for WFS Service. Required if basic authentication type is selected.

null

false

Password

password

Password

Password for WFS Service. Required if basic authentication type is selected.

null

false

Include Page Contents In Results

includePageContent

Boolean

Flag indicating if Confluence page contents should be included in the returned results.

false

No

Include Archived Spaces

includeArchivedSpaces

Boolean

Flag indicating if archived confluence spaces should be included in search results.

false

No

Exclude Confluence Spaces

excludeSpaces

Boolean

Flag indicating if the list of Confluence Spaces should be excluded from searches instead of included.

false

No

Confluence Spaces

confluenceSpaces

String cardinality=1000

The confluence spaces to include/exclude from searches. If no spaces are specified, all visible spaces will be searched.

No

Attribute Overrides

additionalAttributes

String cardinality=100

Attribute Overrides - Optional: Metacard attribute overrides (Key-Value pairs) that can be set on the results comming from this source. If an attribute is specified here, it will overwrite the metacard’s attribute that was created from the Confluence source. The format should be 'key=value'. The maximum allowed size of an attribute override is 65,535 bytes. All attributes in the catalog taxonomy tables are injected into all metacards by default and can be overridden.

No

Availability Poll Interval

availabilityPollInterval

Long

Availability polling interval in milliseconds.

60000

No

Directory Path

monitoredDirectoryPath

String

"Specifies the directory to be monitored, can be a filesystem path or webdav address (only supported for Monitor in place)"

false

true

Maximum Concurrent Files

numThreads

Integer

Specifies the maximum number of concurrent files to be processed within a directory (maximum of 8). If this number exceeds 8, 8 will be used in order to preserve system resources. Make sure that your system has enough memory to support the number of concurrent processing threads across all directory monitors.

1

true

ReadLock Time Interval

readLockIntervalMilliseconds

Integer

Specifies the time to wait (in milliseconds) before acquiring a lock on a file in the monitored directory. This interval is used for sleeping between attempts to acquire the read lock on a file to be ingested. The default value of 100 milliseconds is recommended.

100

true

Processing Mechanism

processingMechanism

String

Choose what happens to the content item after it is ingested. Delete will remove the original file after storing it in the content store. Move will store the item in the content store, and a copy under ./ingested, then remove the original file. (NOTE: this will double the amount of disk space used.) Monitor in place will index the file and serve it from its original location. If in place is used, then the URLResourceReader root resource directories configuration must be updated to allow downloading from the monitored directory (See URL Resource Reader).

in_place

false

Attribute Overrides

attributeOverrides

String

Optional: Metacard attribute overrides (Key-Value pairs) that can be set on the content monitor. If an attribute is specified here, it will overwrite the metacard’s attribute that was created from the content directory. The format should be 'key=value'. The maximum allowed size of an attribute override is 65,535 bytes. All attributes in the catalog taxonomy tables are injected into all metacards by default and can be overridden.

null

false

Content Repository File Path

baseContentDirectory

String

Specifies the directory to use for the content repository. A shutdown of the server is necessary for this property to take effect. If a filepath is provided with directories that don’t exist, File System Provider will attempt to create them.

<DDF_HOME>/data/content/store

true

Source ID

id

String

The unique name of the Source.

CSW

true

CSW URL

cswUrl

String

URL to the endpoint implementing the Catalogue Service for Web (CSW) spec.

null

true

Event Service Address

eventServiceAddress

String

DDF Event Service endpoint. Do NOT include .wsdl or ?wsdl.

null

false

Register for Events

registerForEvents

Boolean

Check to register for events from this connected source.

false

false

Authentication Type

authenticationType

String

Authentication type to use when federating.

saml

true

Username

username

String

Username for CSW Service. Required if basic authentication type is selected.

null

false

Password

password

String

Password for CSW Service. Required if basic authentication type is selected.

null

false

Disable CN Check

disableCnCheck

Boolean

Disable CN check for the server certificate. This should only be used when testing.

false

true

Force Longitude/Latitude coordinate order

isLonLatOrder

Boolean

Force Longitude/Latitude coordinate order.

false

true

Use posList in LinearRing

usePosList

Boolean

Use a <posList> element rather than a series of <pos> elements when issuing geospatial queries containing a LinearRing.

false

false

Metacard Mappings

metacardMappings

String

Mapping of the Metacard Attribute names to their CSW property names. The format should be 'title=dc:title'.

effective=created, created=dateSubmitted, modified=modified, thumbnail=references, content-type=type, id=identifier, resource-uri=source

false

Poll Interval

pollInterval

Integer

Poll Interval to Check if the Source is available (in minutes - minimum 1).

5

true

Connection Timeout

connectionTimeout

Integer

Amount of time to attempt to establish a connection before timing out, in milliseconds.

30000

true

Receive Timeout

receiveTimeout

Integer

Amount of time to wait for a response before timing out, in milliseconds.

60000

true

Output Schema

outputSchema

String

Output Schema

http://www.opengis.net/cat/csw/2.0.2

true

Query Type Name

queryTypeName

String

Qualified Name for the Query Type used in the CSW GetRecords request.

csw:Record

true

Query Type Namespace

queryTypeNamespace

String

Namespace prefix for the Query Type used in the CSW GetRecords request.

http://www.opengis.net/cat/csw/2.0.2

true

Force CQL Text as the Query Language

isCqlForced

Boolean

Force CQL Text.

false

true

Forced Spatial Filter Type

forceSpatialFilter

String

Force only the selected Spatial Filter Type as the only available Spatial Filter.

NO_FILTER

false

Overwrite If Empty

overwriteIfBlank

Boolean

If this is checked, overwrite all blank expiration dates in metacards. If this is not checked, leave metacards with blank expiration dates as-is.

false

true

Overwrite If Exists

overwriteIfExists

Boolean

If this is checked, overwrite all existing non-empty expiration dates in metacards with a new date. If this is not checked, leave metacards with an existing expiration date.

false

true

Offset from Created Date (in days)

offsetFromCreatedDate

Integer

A metacard’s new expiration date is calculated by adding this value (in days) to its created date.

30

true

Enable Versioning

historyEnabled

Boolean

Enables versioning of both metacards and content.

true

true

Metacard Intersect Attributes:

intersectMetacardAttributes

List of rules

Each line item in the configuration is a rule. The format of a rule is the name of a single source attribute, followed by an equals sign, followed by the destination attribute. For example: source_attribute1=destination_attribute. The plugin gathers the source attributes that have a common destination. It takes the combined values of the source attributes and makes them the values of a (new) metacard attribute, the destination attribute. The strategy for combining the values is intersection, which means only the values common to all source attribute are added to the destination attribute. Note: Do not use the same destination attributes in both the Intersect and Union rule sets. The plugin will behave unpredictably.

none

false

Metacard Union Attributes:

unionMetacardAttributes

List of rules

Each line item in the configuration is a rule. The format of a rule is the name of a single source attribute, followed by an equals sign, followed by the destination attribute. For example: source_attribute1=destination_attribute. The plugin gathers the source attributes that have a common destination. It takes the combined values of the source attributes and makes them the values of a (new) metacard attribute, the destination attribute. The strategy for combining the values is union, which means only all the values of the source attribute are added to the destination attribute (excluding duplicates) Note: Do not use the same destination attributes in both the Intersect and Union rule sets. The plugin will behave unpredictably.

none

false

criteriaKey

String

Specifies the criteria for the test of equality; which value will be tested? IP Address? Hostname?

true

Expected Value

expectedValue

String

The value that the criteria must equate to for the attribute overrides to occur.

New Attributes

newAttributes

String"

Attribute map

attributeMap

String

Mapping of Metacard SECURITY attribute to user attribute. Users with this role will always receive metacards with errors and/or warnings.

invalid-state=localhost-data-manager

false

Filter errors

filterErrors

Boolean

Sets whether metacards with validation errors are filtered for users without the configured user attribute.

true

false

Filter warnings

filterWarnings

Boolean

Sets whether metacards with validation warnings are filtered for users without the configured user attribute.

false

false

Enforced Validators

enforcedMetacardValidators

String

ID of Metacard Validator to enforce. Metacards that fail these validators will NOT be ingested.

false

Enforce errors

enforceErrors

Boolean

Sets whether validation errors are enforced. This prevents ingest if errors are present.

true

true

Enforce warnings

Keep Deleted Metacard

keepDeletedMetacards

Boolean

Should backups for deleted metacards be kept or removed.

false

true

Metacard Transformer Id

metacardTransformerId

String

ID of the metacard transformer to use to serialize metacard for backup.

metacard

true

Backup Invalid Metacards

keepDeletedMetacards

Boolean

Keep backups for metacards that fail validation with warnings or errors.

true

true

Metacard Backup Output Provider(s)

metacardOutputProviderIds

Comma delimited list of metacard output provider IDs.

Metacard Backup Provider IDs to use for this backup plugin.

fileStorageProvider

true

Keep Deleted Metacard

keepDeletedMetacards

Boolean

Should backups for deleted metacards be kept or removed.

false

true

Metacard Transformer Id

metacardTransformerId

String

ID of the metacard transformer to use to serialize metacard for backup.

metacard

true

Backup Invalid Metacards

keepDeletedMetacards

Boolean

Keep backups for metacards that fail validation with warnings or errors.

true

true

Metacard Tags

backupMetacardTags

String

Backup only metacards with one of the tags specified.

resource

true

S3 Access Key

s3AccessKey

String

The access key to use for S3. Leave blank if on an EC2 host with roles assigned.

""

true

S3 Secret Key

s3SecretKey

Password

The secret key to use for S3. Leave blank if on an EC2 host with roles assigned.

true

S3 Bucket

s3Bucket

String

The S3 Bucket in which to store the backed up metacard data.

true

S3 Endpoint

s3Endpoint

String

The endpoint for the region in which the bucket is located.

true

Object Template

objectTemplate

String

Template specifying the S3 object key for the metacard data. The template uses handlebars syntax.

Use [] to reference dotted attributes e.g. {{[attribute.name]}}.

If you wish to include date, you would use {{dateFormat created yyyy-MM-dd}}

data/backup/metacard/{{substring id 0 3}}/{{substring id 3 6}}/{Metacard_S3_Storage_Route}.xml

true

Source Name

shortname

String

null

DDF-OS

true

OpenSearch service URL

endpointUrl

String

The OpenSearch endpoint URL or DDF’s OpenSearch endpoint (https://{FQDN}:{PORT}/services/catalog/query)

${org.codice.ddf.system.protocol}${org.codice.ddf.system.hostname}:${org.codice.ddf.system.port}${org.codice.ddf.system.rootContext}/catalog/query

true

Authentication Type

authenticationType

String

Authentication type to use when federating.

saml

true

Username

username

String

Username to use with HTTP Basic Authentication. Required if basic authentication type is selected.

false

Password

password

Password

Password to use with HTTP Basic Authentication. Required if basic authentication type is selected.

false

OAuth Discovery Url

oauthDiscoveryUrl

String

The Discovery URL where the metadata of the OAuth Provider protecting the source is hosted. Required if OAuth 2.0 authentication type is selected.

https://localhost:8443/auth/realms/master/.well-known/openid-configuration

false

OAuth Client ID

oauthClientId

String

Client ID registered with the OAuth provider. Required if OAuth 2.0 authentication type is selected.

ddf-client

false

OAuth Client Secret

oauthClientSecret

String

Client Secret registered with the OAuth provider. Required if OAuth 2.0 authentication type is selected.

secret

false

OAuth Flow

oauthFlow

String

The OAuth flow to use when federating. Required if OAuth 2.0 authentication type is selected.

code

false

OpenSearch query parameters

parameters

String

Query parameters to use with the OpenSearch connection.

q,src,mr,start,count,mt,dn,lat,lon,radius,bbox,geometry,polygon,dtstart,dtend,dateName,filter,sort

true

Always perform local query

localQueryOnly

Boolean

When federating with other DDFs, keep this checked. If checked, this source performs a local query on the remote site (by setting src=local in endpoint URL), as opposed to an enterprise search.

true

true

Convert to BBox

Boolean

Converts Polygon and Point-Radius searches to a Bounding Box for compatibility with older interfaces. Generated bounding box is a very rough representation of the input geometry.

true

true

Multi Point-Radius polygon approximation vertices

Integer

When performing a multi point-radius search, increase this value for more accurate polygon approximation. Minimum value is 4, maximum value is 32.

32

true

Point radius polygon simplification distance tolerance

Integer

The maximum distance (in meters) from the original vertices a reduced vertex may lie on a simplified circular polygon.

1

true

Disable CN Check

Boolean

Disable CN check for the server certificate. This should only be used when testing.

false

true

Connection Timeout

Integer

Amount of time to attempt to establish a connection before timing out, in milliseconds.

30000

true

Receive Timeout

Integer

Amount of time to wait for a response before timing out, in milliseconds.

60000

true

Entry XML Element

String

XML Element from the Response Entry to transform into a Metacard.

false

Product Cache Directory

productCacheDirectory

String

Directory where retrieved products will be cached for faster, future retrieval. If a directory path is specified with directories that do not exist, Product Download feature will attempt to create those directories. Without configuration, the product cache directory is <DDF_HOME>/data/product-cache. If a relative path is provided it will be relative to the <DDF_HOME>. It is recommended to enter an absolute directory path such as /opt/product-cache in Linux or C:\product-cache in Windows.

false

Enable Product Caching

cacheEnabled

Boolean

Check to enable caching of retrieved products.

true

false

Delay (in seconds) between product retrieval retry attempts

delayBetweenRetryAttempts

Integer

The time to wait (in seconds) between attempting to retry retrieving a product.

10

false

Max product retrieval retry attempts

maxRetryAttempts

Integer

The maximum number of attempts to retry retrieving a product.

3

false

Product Retrieval Monitor Period

retrievalMonitorPeriod

Integer

How many seconds to wait and not receive product data before retrying to retrieve a product.

5

false

Always Cache Product

cacheWhenCanceled

Boolean

Check to enable caching of retrieved products even if client cancels the download. Note: this has no effect if product caching is disabled.

false

false

Ruleset Name

id

String

Give this ruleset a name

null

true

Root Namespace

namespace

String

The root namespace of the XML

null

true

Schematron File Names

schematronFileNames

String

Names of schematron files (*.sch) against which to validate metadata ingested into the Catalog. Absolute paths or relative paths may be specified. Relative paths are assumed to be relative to <DDF_HOME>/schematron.

null

true

Security attributes to audit

auditAttributes

String

List of security attributes to audit when modified

security.access-groups,security.access-individuals

true

Use Resource Title

useResourceTitleAsTitle

Boolean

Use the resource’s metadata to determine the metacard title. If this is not enabled, the metacard title will be the file name.

false

true

Follow Server Redirects

followRedirects

Boolean

Check the box if you want the Resource Reader to automatically follow server issued redirects (HTTP Response Code 300 series).

true

Root Resource Directories

rootResourceDirectories

String

List of root resource directories. A relative path is relative to <DDF_HOME>. Specifies the only directories the URLResourceReader has access to when attempting to download resources linked using file-based URLs.

data/products

Maximum video file size to process (Megabytes)

maxFileSizeMB

Long

Maximum video file size in Megabytes for which to create a thumbnail. Default is 120 Megabytes. Processing large videos may affect system performance.

120

false

XML Elements:

xmlElements

String

XML elements within the metadata that will be searched for security attributes. If these elements contain matching attributes, the values of the attributes will be combined.

true

Security Attributes (union):

securityAttributeUnions

String

Security Attributes. These attributes, if they exist on any of the XML elements listed above, will have their values extracted and the union of all of the values will be saved to the metacard. For example: if element1 and element2 both contain the attribute 'attr' and that attribute has values X,Y and X,Z, respectively, then the final result will be the union of those values: X,Y,Z. The X,Y,Z value will be the value that is placed within the security attribute on the metacard.

false

Security Attributes (intersection):

securityAttributeIntersections

String

Security Attributes. These attributes, if they exist on any of the XML elements listed above, will have their values extracted and the intersection of all of the values will be saved to the metacard. For example: if element1 and element2 both contain the attribute 'attr' and that attribute has values X,Y and X,Z, respectively, then the final result will be the intersection of those values: X. The X value will be the value that is placed within the security attribute on the metacard.

null

false

Parallel Marhsalling Threshold

threshold

Integer

Response size threshold above which marshalling is run in parallel

50

true

Use PDF Title

usePdfTitleAsTitle

Boolean

Use the PDF’s metadata to determine the metacard title. If this is not enabled, the metacard title will be the file name.

false

true

Maximum text extraction length (bytes)

previewMaxLength

Integer

The maximum length of text to be extracted.

30000

true

Maximum xml metadata length (bytes)

metadataMaxLength

Integer

The maximum length of xml metadata to be extracted.

5000000

true

Preview From Metadata

previewFromMetadata

Boolean

Allow Preview to be Extracted From Metadata.

false

true

Element Names to Preview

previewElements

String

Specify element names to preview from XML. Will take the text content of the first available element for preview. Note: This list will not be used unless Preview From Metadata is enabled.

text,TEXT

true

Create Required Attributes

createPermissions

String

Roles/attributes required for the create operations. Example: role=role1,role2

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role=guest

true

Update Required Attributes

updatePermissions

String

Roles/attributes required for the update operation. Example: role=role1,role2

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role=guest

true

Delete Required Attributes

deletePermissions

String

Roles/attributes required for the delete operation. Example: role=role1,role2

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role=guest

true

Read Required Attributes

readPermissions

String

Roles/attributes required for the read operations (query and resource). Example: role=role1,role2

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role=guest

true

Permit Resource URI on Creation

createPermissions

String

Allow users to provide a resource URI when creating a metacard

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role=guest

true

Permit Resource URI on Update

updatePermissions

String

Allow users to provide a resource URI when updating a metacard

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role=guest

true

Poll Interval (minutes)

pollIntervalMinutes

Integer

The interval (in minutes) at which to recheck the availability of all sources. Must be at least 1 minute.

WARNING: There is a maximum delay of 2*pollIntervalMinutes for the Source Poller to be updated after the availability of a source changes or a source is created/modified/deleted. Currently the Standard Catalog Framework and the Catalog REST Endpoint use the Source Poller to get source availabilities. The pollIntervalMinutes should not be set to value a which results in an unacceptable maximum delay.

1

true

MIME Custom Types

DDF_Custom_Mime_Type_Resolver

DDF Custom Mime Types.

Logging Service

org.codice.ddf.platform.logging.LoggingService

Logging Service configurations.

HTTP Response Security

org.codice.ddf.security.response.filter.ResponseHeaderConfig

HTTP Response Security response configurations.

Email Service

org.codice.ddf.platform.email.impl.SmtpClientImpl

Email Service configurations.

Landing Page

org.codice.ddf.distribution.landingpage.properties

Starting page for users to interact with DDF.

Platform UI

ddf.platform.ui.config

Platform UI configurations.

Platform Command Scheduler

ddf.platform.scheduler.Command

Platform Command Scheduler.

Resolver Name

name

String

null

DDF Custom Resolver

false

Priority

priority

Integer

null

10

true

File Extensions to Mime Types

customMimeTypes

String

List of key/value pairs where key is the file extension and value is the mime type, e.g., nitf=image/nitf

null

true

Max Log Events

maxLogEvents

Integer

The maximum number of log events stored for display in the Admin Console. This must be greater than 0 and must not exceed 5000.

500

true

Content Security Policy

xContentSecurityPolicy

String

Instructions for the client browser detailing which location and/or which type of resources may be loaded.

true

X-Frame-Options

xFrameOptions

String

The X-Frame-Options HTTP response header can be used to indicate whether or not a browser may render a page in a frame, iframe or object.

true

X-XSS-Protection

xXssProtection

String

The HTTP X-XSS-Protection response header is a feature that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.

true

Host

hostName

String

Mail server hostname (must be resolvable by DNS) or IP address.

Yes

Port

portNumber

Integer

Mail server port number.

25

Yes

User Name

userName

String

Mail server user name used only for authenticated connections over TLS.

No

Password

password

Password

Mail server password used only for authenticated connections over TLS.

No

Description

description

String

Specifies the description to display on the landing page.

As a common data layer, DDF provides secure enterprise-wide data access for both users and systems.

true

Phone Number

phone

String

Specifies the phone number to display on the landing page.

true

Email Address

email

String

Specifies the email address to display on the landing page.

true

External Web Site

externalUrl

String

Specifies the external web site URL to display on the landing page.

true

Announcements

announcements

String

Announcements that will be displayed on the landing page.

null

true

Branding Background

background

String

Specifies the landing page background color. Use html css colors or #rrggbb.

true

Branding Foreground

foreground

String

Specifies the landing page foreground color. Use html css colors or #rrggbb.

true

Branding Logo

logo

String

Specifies the landing page logo. Use a base64 encoded image.

true

Additional Links

links

String

Additional links to be displayed on the landing page. Use the format <text>,<link> (e.g. example, http://www.example.com). Empty entries are ignored.

yes

Enable System Usage Message

systemUsageEnabled

Boolean

Turns on a system usage message, which is shown when the Search Application is opened.

false

true

System Usage Message Title

systemUsageTitle

String

A title for the system usage Message when the application is opened.

false

System Usage Message

systemUsageMessage

String

A system usage message to be displayed to the user each time the user opens the application.

false

Show System Usage Message once per session

systemUsageOncePerSession

Boolean

With this selected, the system usage message will be shown once for each browser session. Uncheck this to have the usage message appear every time the search window is opened or refreshed.

true

true

Header

header

String

Specifies the header text to be rendered on all pages.

false

Footer

footer

String

Specifies the footer text to be rendered on all pages.

false

Text Color

color

String

Specifies the Text Color of the Header and Footer. Use html css colors or #rrggbb.

false

Background Color

background

String

Specifies the Background Color of the Header and Footer. Use html css colors or #rrggbb.

false

Session Timeout

timeout

Integer

Specifies the length of inactivity (in minutes) that will cause a user to be logged out automatically. This value must be 2 minutes or greater, as users are warned when only 1 minute remains. If a value of less than 2 minutes is used, the timeout is set to the default time of 15 minutes.

15

true

Command

command

String

Shell command to be used within the container. For example, log:set DEBUG">

true

Interval

intervalString

String

The Interval String for each execution. Based on the Interval Type, this will either be a Cron String or a Second Interval. (e.x. '0 0 0 1/1 * ? *' or '12')

true

Interval Type

intervalType

String

Interval Type

cronString

true

Security STS LDAP and Roles Claims Handler

Claims_Handler_Manager

STS Ldap and Roles Claims Handler Configuration.

Security SOAP Guest Interceptor

org.codice.ddf.security.interceptor.GuestInterceptor

Security SOAP Guest Interceptor.

IdP Client

org.codice.ddf.security.idp.client.IdpMetadata

IdP Client configurations.

Logout Page

org.codice.ddf.security.idp.client.LogoutRequestService

Logout Page configurations.

OIDC Handler

org.codice.ddf.security.handler.oidc.OidcHandler

OIDC Handler configurations.

Web Context Policy Manager

org.codice.ddf.security.policy.context.impl.PolicyManager

Web Context Security Policies.

File Based Claims Handler

org.codice.ddf.security.sts.claims.property.PropertyFileClaimsHandler

File Based Claims Handler.

Session

org.codice.ddf.security.filter.login.Session

Session configurations.

SAML Handler

org.codice.ddf.security.idp.client.IdpHandler

IdP Handler configurations.

Security AuthZ Realm

ddf.security.pdp.realm.AuthzRealm

AuthZ Security configurations.

SAML NameID Policy

ddf.security.service.SecurityManager

SAML NameID Policy.

Security STS Server

ddf.security.sts

STS configurations.

Security STS Client

ddf.security.sts.client.configuration

STS Client configurations.

Guest Claims Configuration

ddf.security.guest.realm

Guest Claims configurations.

Security STS PKI Token Validator

org.codice.ddf.security.validator.pki

STS PKI Token Validator configurations.

LDAP URL

url

String

true

ldaps://${org.codice.ddf.system.hostname}:1636

LDAP or LDAPS server and port

StartTLS

startTls

Boolean

Determines whether or not to use StartTLS when connecting via the ldap protocol. This setting is ignored if the URL uses ldaps.

false

true

LDAP Bind User DN

ldapBindUserDn

String

DN of the user to bind with LDAP. This user should have the ability to verify passwords and read attributes for any user.

cn=admin

true

LDAP Bind User Password

password

Password

Password used to bind user with LDAP.

secret

true

LDAP Group User Membership Attribute

membershipUserAttribute

String

Attribute used as the membership attribute for the user in the group. Usually this is uid, cn, or something similar.

uid

true

LDAP User Login Attribute

loginUserAttribute

String

Attribute used as the login username. Usually this is uid, cn, or something similar.

uid

true

LDAP Base User DN

userBaseDn

String

Full LDAP path to where users can be found.

ou=users\,dc=example\,dc=com

true

Override User Certificate DN

overrideCertDn

Boolean

When checked, this setting will ignore the DN of a user and instead use the LDAP Base User DN value.

false

true

LDAP Group ObjectClass

objectClass

String

ObjectClass that defines structure for group membership in LDAP. Usually this is groupOfNames or groupOfUniqueNames.

groupOfNames

true

LDAP Membership Attribute

memberNameAttribute

String

Attribute used to designate the user’s name as a member of the group in LDAP. Usually this is member or uniqueMember.

member

true

LDAP Base Group DN

groupBaseDn

String

Full LDAP path to where groups can be found.

ou=groups\,dc=example\,dc=com

true

Attribute Map File

propertyFileLocation

String

Location of the file which contains user attribute maps to use.

<INSTALL_HOME>/etc/ws-security/attributeMap.properties

true

Deny Guest Access

guestAccessDenied

Boolean

If set to true, no guest access will be allowed via this guest interceptor. If set to false, this interceptor will generate guest tokens for incoming requests that lack a WS-Security header.

false

false

IdP Metadata

metadata

String

(https://)

https://${org.codice.ddf.system.hostname}:${org.codice.ddf.system.httpsPort}/services/idp/login/metadata

Perform User-Agent Check

userAgentCheck

Boolean

If selected, this will allow clients that do not support ECP and are not browsers to fall back to PKI, BASIC, and potentially GUEST authentication, if enabled.

true

Logout Page Time Out

logOutPageTimeOut

Long

This is the time limit that the SAML client will wait for a user to click log out on the logout page. Any requests that take longer than this time for the user to submit will be rejected."/>

3600000

IdP Type

idpType

String

IdP type to use.

Keycloak

Client ID

clientId

String

Unique ID for the client, this may be provided by the Identity Provider.

ddf-client

Realm/Tenant

realm

String

Realm to use for a multi-tenant environment. This is required for Keycloak or Azure.

master

Secret

secret

String

This value must match the value set on the Identity Provider.

secret

Discovery URI

discoveryUri

String

Discovery URI for fetching OP metadata (http://openid.net/specs/openid-connect-discovery-1_0.html).

http://localhost:8080/auth/realms/master/.well-known/openid-configuration

Base URI

baseUri

String

Base URI for IdP. Do not fill out both this and the Discovery URI. Only one is needed depending on the IdP in use.

http://localhost:8080/auth

Logout URI

logoutUri

String

URI directing to single logout service of the IdP in use.

http://localhost:8080/auth/realms/master/protocol/openid-connect/logout

Scope

scope

String

OIDC scopes.

openid profile email resource.read

Use Nonce

useNonce

Boolean

Whether or not to use nonce in JWT.

true

Response Type

responseType

String

Response type to use.

code

Mode

responseMode

String

Mode. Leave blank if you are unsure of the value to use.

form_post

Context Traversal Depth

traversalDepth

Integer

Depth to which paths will be traversed. Any value greater than 500 will be set to 500.

20

true

Allow Guest Access

guestAccess

Boolean

Allow guest access to all web contexts. Required attributes can be used to restrict access to contexts from guest users.

true

true

Allow Session Storage

sessionAccess

Boolean

Allow for session cookies to be used. Note that the SAML and OIDC authentication types require session storage to be enabled.

true

true

Authentication Types for Web Pages

webAuthenticationTypes

String

List of authentication types required for all web pages (these are all context paths except /services). List of valid authentication types are: BASIC, PKI, SAML, and OIDC. Example: AUTH1

AUTH2

AUTH3

PKI

BASIC

true

Authentication Types for Endpoints

endpointAuthenticationTypes

String

List of authentication types required for all endpoints (these are context paths that start with /services). List of valid authentication types are: BASIC, PKI, SAML, and OIDC. Example: AUTH1

AUTH2

AUTH3

PKI

BASIC

true

Required Attributes

requiredAttributes

String

List of attributes required for each Web Context. Example: /context={role=role1;type=type1}

/=,/admin={http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role=system-admin},/system={http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role=system-admin},/security-config={http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role=system-admin}

true

White Listed Contexts

whiteListContexts

String

List of contexts that will not use security. Note that sub-contexts to ones listed here will also skip security, unless authentication types are provided for it. For example: if /foo is listed here, then /foo/bar will also not require any sort of authentication. However, if /foo is listed and /foo/bar has authentication types provided in the 'Authentication Types' field, then that more specific policy will be used.

${org.codice.ddf.system.rootContext}/SecurityTokenService,${org.codice.ddf.system.rootContext}/internal/metrics,/proxy,${org.codice.ddf.system.rootContext}/saml,${org.codice.ddf.system.rootContext}/idp,/idp,${org.codice.ddf.system.rootContext}/platform/config/ui,/logout

true

Role Claim Type

roleClaimType

String

Role claim URI.

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role

true

ID Claim Type

idClaimType

String

ID claim URI.

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier

true

User Role File

propertyFileLocation

String

Location of the file which maps roles to users.

etc/users.properties

true

User Attribute File

usersAttributesFileLocation

String

Location of the file which maps attributes to users.

etc/users.attributes

true

Session Timeout (in minutes)

expirationTime

Integer

Specifies the length of inactivity (in minutes) between client requests before the servlet container will invalidate the session (this applies to all client sessions). This value must be 2 minutes or greater, as users are warned when only 1 minute remains. If a value of less than 2 minutes is used, the timeout is set to the default time of 31 minutes.

See also: Platform UI Config.

31

true

Authentication Context Class

authContextClasses

String

Authentication Context Classes that are considered acceptable means of authentication by the SAML handler.

urn:oasis:names:tc:SAML:2.0:ac:classes:Password,urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,urn:oasis:names:tc:SAML:2.0:ac:classes:X509,urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI,urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI,urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI,urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient

Match-All Mappings

matchAllMappings

String

List of 'Match-All' subject attribute to Metacard attribute mapping. All values of this metacard key must be present in the corresponding subject key values. Format is subjectAttrName=metacardAttrName.

false

Match-One Mappings

matchOneMappings

String

List of 'Match-One' subject attribute to Metacard attribute mapping. One value of this metacard key must be present in the corresponding subject key values. Format is subjectAttrName=metacardAttrName.

false

Environment Attributes

environmentAttributes

String

List of environment attributes to pass to the XACML engine. Format is attributeId=attributeValue1,attributeValue2.

false

SAML NameID Policy

usernameAttributeList

String

List of attributes that are considered for replacing the username of the logged in user. If any of these attributes match any of the attributes within the SecurityAssertion, the value of the first matching attribute will be used as the username. (Does not apply when NameIDFormat is of the following: X509, persistent, kerberos or unspecified, and the username is not empty).

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier, uid

true

SAML Assertion Lifetime

lifetime

Long

Set the number of seconds that an issued SAML assertion will be good for.

1800

true

Token Issuer

issuer

String

The name of the server issuing tokens. Generally this is unique identifier of this IdP.

https://${org.codice.ddf.system.hostname}:${org.codice.ddf.system.httpsPort}${org.codice.ddf.system.rootContext}/idp/login

true

Signature Username

signatureUsername

String

Alias of the private key in the STS Server’s keystore used to sign messages.

${org.codice.ddf.system.hostname}

true

Encryption Username

encryptionUsername

String

Alias of the private key in the STS Server’s keystore used to encrypt messages.

${org.codice.ddf.system.hostname}

true

SAML Assertion Type

assertionType

String

The version of SAML to use. Most services require SAML v2.0. Changing this value from the default could cause services to stop responding.

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0

true

SAML Key Type

keyType

String

The key type to use with SAML. Most services require Bearer. Changing this value from the default could cause services to stop responding.

http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer

true

SAML Key Size

keySize

String

The key size to use with SAML. The default key size is 256 and this is fine for most applications. Changing this value from the default could cause services to stop responding.

256

true

Use Key

useKey

Boolean

Signals whether or not the STS Client should supply a public key to embed as the proof key. Changing this value from the default could cause services to stop responding.

true

true

STS WSDL Address

address

String

STS WSDL Address

${org.codice.ddf.system.protocol}${org.codice.ddf.system.hostname}:${org.codice.ddf.system.port}${org.codice.ddf.system.rootContext}/SecurityTokenService?wsdl

true

STS Endpoint Name

endpointName

String

STS Endpoint Name.

{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}STS_Port

false

STS Service Name

serviceName

String

STS Service Name.

{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService

false

Signature Properties

signatureProperties

String

Path to Signature crypto properties. This path can be part of the classpath, relative to <DDF_HOME>, or an absolute path on the system.

etc/ws-security/server/signature.properties

true

Encryption Properties

encryptionProperties

String

Path to Encryption crypto properties file. This path can be part of the classpath, relative to <DDF_HOME>, or an absolute path on the system.

etc/ws-security/server/encryption.properties

true

STS Properties

tokenProperties

String

Path to STS crypto properties file. This path can be part of the classpath, relative to <DDF_HOME>, or an absolute path on the system.

etc/ws-security/server/signature.properties

true

Claims

claims

String

List of claims that should be requested by the STS Client.

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier,http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress,http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname,http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname,http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role

true

Attributes

attributes

String

The attributes to be returned for any Guest user.

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier=guest,http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role=guest

true

Realms

realms

String

The realms to be validated by this validator.

karaf

true

Do Full Path Validation

pathValidation

Boolean

Validate the full certificate path. Uncheck to only validate the subject cert. (RFC5280 6.1)

true

true

Solr Catalog Provider

ddf.catalog.solr.provider.SolrCatalogProvider

Solr Catalog Provider.

Force Auto Commit

forceAutoCommit

Boolean

WARNING: Performance Impact. Only in special cases should auto-commit be forced. Forcing auto-commit makes the search results visible immediately.

false

true

CSW Specification Profile Federated Source

Csw_Federated_Source

CSW Specification Profile Federated Source should be used when federating to an external CSW service.

CSW Federation Profile Source

Csw_Federation_Profile_Source

DDF’s full-fidelity CSW Federation Profile. Use this when federating to a DDF-based system.

CSW Transactional Profile Federated Source

Csw_Transactional_Federated_Source

CSW Federated Source that supports transactions (create, update, delete).

GeoCoder Plugin

org.codice.ddf.spatial.geocoding.plugin.GeoCoderPlugin

GeoCoder Plugin.

GMD CSW ISO Federated Source

Gmd_Csw_Federated_Source

CSW Federated Source using the Geographic MetaData (GMD) format (ISO 19115:2003).

Spatial KML Endpoint

org.codice.ddf.spatial.kml.endpoint.KmlEndpoint

Spatial KML Endpoint.

Metacard to WFS Feature Map

org.codice.ddf.spatial.ogc.wfs.catalog.mapper.MetacardMapper

Metacard to WFS Feature Map.

WFS 1.1.0 Federated Source

Wfs_v1_1_0_Federated_Source

WFS 1.1.0 Federated Source.

WFS 2.0.0 Connected Source

Wfs_v2_0_0_Connected_Source

WFS 2.0.0 Connected Source.

WFS 2.0.0 Federated Source

Wfs_v2_0_0_Federated_Source

WFS 2.0.0 Federated Source.

Spatial KML Style Map Entry

org.codice.ddf.spatial.kml.style

Spatial KML Style Map Entry.

Source ID

id

String

The unique name of the Source

null

true

CSW URL

cswUrl

String

URL to the endpoint implementing the Catalogue Service for Web (CSW) spec

${org.codice.ddf.external.protocol}${org.codice.ddf.external.hostname}:${org.codice.ddf.external.port}${org.codice.ddf.external.context}${org.codice.ddf.system.rootContext}/csw

true

Event Service Address

eventServiceAddress

String

DDF Event Service endpoint.

${org.codice.ddf.external.protocol}${org.codice.ddf.external.hostname}:${org.codice.ddf.external.port}${org.codice.ddf.external.context}${org.codice.ddf.system.rootContext}/csw/subscription

false

Register for Events

registerForEvents

Boolean

Check to register for events from this source.

false

false

Authentication Type

authenticationType

String

Authentication type to use when federating.

saml

true

Username

username

String

Username for CSW Service. Required if basic authentication type is selected.

null

false

Password

password

Password

Password for CSW Service. Required if basic authentication type is selected.

null

false

OAuth Discovery Url

oauthDiscoveryUrl

String

The Discovery URL where the metadata of the OAuth Provider protecting the source is hosted. Required if OAuth 2.0 authentication type is selected.

https://localhost:8443/auth/realms/master/.well-known/openid-configuration

false

OAuth Client ID

oauthClientId

String

Client ID registered with the OAuth provider. Required if OAuth 2.0 authentication type is selected.

ddf-client

false

OAuth Client Secret

oauthClientSecret

String

Client Secret registered with the OAuth provider. Required if OAuth 2.0 authentication type is selected.

secret

false

OAuth Flow

oauthFlow

String

The OAuth flow to use when federating. Required if OAuth 2.0 authentication type is selected.

code

false

Disable CN Check

disableCnCheck

Boolean

Disable CN check for the server certificate. This should only be used when testing.

false

true

Coordinate Order

coordinateOrder

String

Coordinate order that remote source expects and returns spatial data in

LON_LAT

true

Use posList in LinearRing

usePosList

Boolean

Use a <posList> element rather than a series of <pos> elements when issuing geospatial queries containing a LinearRing

false

false

Metacard Mappings

metacardMappings

String

Mapping of the Metacard Attribute names to their CSW property names. The format should be 'title=dc:title'.

effective=created,created=dateSubmitted,modified=modified,thumbnail=references,content-type=type,id=identifier,resource-uri=source

false

Poll Interval

pollInterval

Integer

Poll Interval to Check if the Source is available (in minutes - minimum 1).

5

true

Connection Timeout

connectionTimeout

Integer

Amount of time to attempt to establish a connection before timing out,in milliseconds.

30000

true

Receive Timeout

receiveTimeout

Integer

Amount of time to wait for a response before timing out,in milliseconds.

60000

true

Output Schema

outputSchema

String

Output Schema

http://www.opengis.net/cat/csw/2.0.2

true

Query Type Name

queryTypeName

String

Qualified Name for the Query Type used in the CSW GetRecords request

csw:Record

true

Query Type Namespace

queryTypeNamespace

String

Namespace for the Query Type used in the CSW GetRecords request

http://www.opengis.net/cat/csw/2.0.2

true

Force CQL Text as the Query Language

isCqlForced

Boolean

Force CQL Text

false

true

Forced Spatial Filter Type

forceSpatialFilter

String

Force only the selected Spatial Filter Type as the only available Spatial Filter.

NO_FILTER

false

Security Attributes

securityAttributeStrings

String

Security attributes for this source

null

true

Source ID

id

String

The unique name of the Source

CSW

true

CSW URL

cswUrl

String

URL to the endpoint implementing the Catalogue Service for Web (CSW) spec

${org.codice.ddf.external.protocol}${org.codice.ddf.external.hostname}:${org.codice.ddf.external.port}${org.codice.ddf.external.context}${org.codice.ddf.system.rootContext}/csw

true

CSW Event Service Address

eventServiceAddress

String

CSW Event Service endpoint.

${org.codice.ddf.external.protocol}${org.codice.ddf.external.hostname}:${org.codice.ddf.external.port}${org.codice.ddf.external.context}${org.codice.ddf.system.rootContext}/csw/subscription

false

Register for Events

registerForEvents

Boolean

Check to register for events from this connected source.

false

false

Authentication Type

authenticationType

String

Authentication type to use when federating.

saml

true

Username

username

String

Username for CSW Service. Required if basic authentication type is selected.

null

false

Password

password

String

Password for CSW Service. Required if basic authentication type is selected.

null

false

OAuth Discovery Url

oauthDiscoveryUrl

String

The Discovery URL where the metadata of the OAuth Provider protecting the source is hosted. Required if OAuth 2.0 authentication type is selected.

https://localhost:8443/auth/realms/master/.well-known/openid-configuration

false

OAuth Client ID

oauthClientId

String

Client ID registered with the OAuth provider. Required if OAuth 2.0 authentication type is selected.

ddf-client

false

OAuth Client Secret

oauthClientSecret

String

Client Secret registered with the OAuth provider. Required if OAuth 2.0 authentication type is selected.

secret

false

OAuth Flow

oauthFlow

String

The OAuth flow to use when federating. Required if OAuth 2.0 authentication type is selected.

code

false

Connection Timeout

connectionTimeout

Integer

Amount of time to attempt to establish a connection before timing out,in milliseconds.

30000

true

Receive Timeout

receiveTimeout

Integer

Amount of time to wait for a response before timing out,in milliseconds.

60000

true

Source ID

id

String

The unique name of the Source

true

CSW URL

cswUrl

String

URL to the endpoint implementing the Catalogue Service for Web (CSW) spec

${variable-name}org.codice.ddf.system.protocol}${variable-name}org.codice.ddf.system.hostname}:${variable-name}org.codice.ddf.system.port}${variable-name}org.codice.ddf.system.rootContext}/csw

true

Event Service Address

eventServiceAddress

String

Event Service endpoint.

${variable-name}org.codice.ddf.system.protocol}${variable-name}org.codice.ddf.system.hostname}:${variable-name}org.codice.ddf.system.port}${variable-name}org.codice.ddf.system.rootContext}/csw/subscription

false

Register for Events

registerForEvents

Boolean

Check to register for events from this source.

false

false

Authentication Type

authenticationType

String

Authentication type to use when federating.

saml

true

Username

username

String

Username for CSW Service. Required if basic authentication type is selected.

false

Password

password

Password

Password for CSW Service. Required if basic authentication type is selected.

false

OAuth Discovery Url

oauthDiscoveryUrl

String

The Discovery URL where the metadata of the OAuth Provider protecting the source is hosted. Required if OAuth 2.0 authentication type is selected.

https://localhost:8443/auth/realms/master/.well-known/openid-configuration

false

OAuth Client ID

oauthClientId

String

Client ID registered with the OAuth provider. Required if OAuth 2.0 authentication type is selected.

ddf-client

false

OAuth Client Secret

oauthClientSecret

String

Client Secret registered with the OAuth provider. Required if OAuth 2.0 authentication type is selected.

secret

false

OAuth Flow

oauthFlow

String

The OAuth flow to use when federating. Required if OAuth 2.0 authentication type is selected.

code

false

Disable CN Check

disableCnCheck

Boolean

Disable CN check for the server certificate. This should only be used when testing.

false

true

Coordinate Order

coordinateOrder

String

Coordinate order expected and returned by remote source

LON_LAT

true

Use posList in LinearRing

usePosList

Boolean

Use a <posList> element rather than a series of <pos> elements when issuing geospatial queries containing a LinearRing

false

false

Metacard Mappings

metacardMappings

String

Mapping of the Metacard Attribute names to their CSW property names. The format should be 'title=dc:title'.

effective=created,created=dateSubmitted,modified=modified,thumbnail=references,content-type=type,id=identifier,resource-uri=source

false

Poll Interval

pollInterval

Integer

Poll Interval to Check if the Source is available (in minutes - minimum 1).

5

true

Connection Timeout

connectionTimeout

Integer

Amount of time to attempt to establish a connection before timing out, in milliseconds.

30000

true

Receive Timeout

receiveTimeout

Integer

Amount of time to wait for a response before timing out, in milliseconds.

60000

true

Output Schema

outputSchema

String

Output Schema

urn:catalog:metacard

true

Query Type Name

queryTypeName

String

Qualified Name for the Query Type used in the CSW GetRecords request

csw:Record

true

Query Type Namespace

queryTypeNamespace

String

Namespace for the Query Type used in the CSW GetRecords request

http://www.opengis.net/cat/csw/2.0.2

true

Force CQL Text

isCqlForced

Boolean

Force CQL Text as the Query Language

false

true

Forced Spatial Filter Type

forceSpatialFilter

String

Force only the selected Spatial Filter Type as the only available Spatial Filter.

NO_FILTER

false

Security Attributes

securityAttributeStrings

String

Security attributes for this source

true

Radius

radiusInKm

Integer

10

Source ID

id

String

The unique name of the Source

true

CSW URL

cswUrl

String

URL to the endpoint implementing the Catalogue Service for Web (CSW) spec

true

Authentication Type

authenticationType

String

Authentication type to use when federating.

saml

true

Username

username

String

Username for CSW Service. Required if basic authentication type is selected.

false

Password

password

Password

Password for CSW Service. Required if basic authentication type is selected.

false

OAuth Discovery Url

oauthDiscoveryUrl

String

The Discovery URL where the metadata of the OAuth Provider protecting the source is hosted. Required if OAuth 2.0 authentication type is selected.

https://localhost:8443/auth/realms/master/.well-known/openid-configuration

false

OAuth Client ID

oauthClientId

String

Client ID registered with the OAuth provider. Required if OAuth 2.0 authentication type is selected.

ddf-client

false

OAuth Client Secret

oauthClientSecret

String

Client Secret registered with the OAuth provider. Required if OAuth 2.0 authentication type is selected.

secret

false

OAuth Flow

oauthFlow

String

The OAuth flow to use when federating. Required if OAuth 2.0 authentication type is selected.

code

false

Disable CN Check

disableCnCheck

Boolean

Disable CN check for the server certificate. This should only be used when testing.

false

true

Coordinate Order

coordinateOrder

String

Coordinate order expected and returned by remote source

LON_LAT

true

Use posList in LinearRing

usePosList

Boolean

Use a <posList> element rather than a series of <pos> elements when issuing geospatial queries containing a LinearRing

false

false

Metacard Mappings

metacardMappings

String

Mapping of the Metacard Attribute names to their CSW property names. The format should be 'title=dc:title'.

id=apiso:Identifier,effective=apiso:PublicationDate,created=apiso:CreationDate,modified=apiso:RevisionDate,title=apiso:AlternateTitle,AnyText=apiso:AnyText,ows:BoundingBox=apiso:BoundingBox,language=apiso:Language,language=apiso:ResourceLanguage,datatype=apiso:Type,description=apiso:Abstract,contact.point-of-contact-name=apiso:OrganisationName,topic.keyword=apiso:Subject,media.format=apiso:Format,modified=apiso:Modified

false

Poll Interval

pollInterval

Integer

Poll Interval to Check if the Source is available (in minutes - minimum 1).

5

true

Connection Timeout

connectionTimeout

Integer

Amount of time to attempt to establish a connection before timing out, in milliseconds.

30000

true

Receive Timeout

receiveTimeout

Integer

Amount of time to wait for a response before timing out, in milliseconds.

60000

true

Output Schema

outputSchema

String

Output Schema

http://www.isotc211.org/2005/gmd

true

Query Type Name

queryTypeName

String

Qualified Name for the Query Type used in the CSW GetRecords request

gmd:MD_Metadata

true

Query Type Namespace

queryTypeNamespace

String

Namespace for the Query Type used in the CSW GetRecords request

http://www.isotc211.org/2005/gmd

true

Force CQL Text

isCqlForced

Boolean

Force CQL Text as the Query Language

false

true

Forced Spatial Filter Type

forceSpatialFilter

String

Force only the selected Spatial Filter Type as the only available Spatial Filter.

NO_FILTER

false

Security Attributes

securityAttributeStrings

String

Security attributes for this source

true

Style Document

styleUrl

String

KML Document containing custom styling. This will be served up by the KmlEndpoint. (e.g. file:///path/to/kml/style/doc.kml)

false

Icons Location

iconLoc

String

Location of icons for the KML endpoint

false

Description

description

String

Description of this NetworkLink. Enter a short description of what this NetworkLink provides.

false

Web Site

webSite

String

URL of the web site to be displayed in the description.

false

Logo

logo

String

URL to the logo to be displayed in the description.

false

Visible By Default

visibleByDefault

Boolean

Check if the source NetworkLinks should be visible by default.

false

false

Max Number of Results

maxResults

Integer

The maximum number of results that should be returned from each layer.

100

false

Feature Type

featureType

String

Feature Type. Format is {URI}local-name

true

Metacard Title to WFS Feature Property Mapping

titleMapping

String

Metacard Title to WFS Feature Property Mapping

false

Metacard Created Date to WFS Feature Property Mapping

createdDateMapping

String

Metacard Created Date to WFS Feature Property Mapping

false

Metacard Modified Date to WFS Feature Property Mapping

modifiedDateMapping

String

Metacard Modified Date to WFS Feature Property Mapping

false

Metacard Effective Date to WFS Feature Property Mapping

effectiveDateMapping

String

Metacard Effective Date to WFS Feature Property Mapping

false

Metacard Expiration Date to WFS Feature Property Mapping

expirationDateMapping

String

Metacard Expiration Date to WFS Feature Property Mapping

false

Metacard Resource URI to WFS Feature Property Mapping

resourceUriMapping

String

Metacard Resource URI to WFS Feature Property Mapping

false

Metacard Resource Size to WFS Feature Property Mapping

resourceSizeMapping

String

Metacard Resource Size to WFS Feature Property Mapping

false

The Units of the Feature Property that corresponds to the Metacard Resource Size

dataUnit

String

The Units of the Feature Property that corresponds to the Metacard Resource Size

B

true

Metacard Thumbnail to WFS Feature Property Mapping

thumbnailMapping

String

Metacard Thumbnail to WFS Feature Property Mapping

false

Metacard Geography to WFS Feature Property Mapping

geographyMapping

String

Metacard Geography to WFS Feature Property Mapping

false

Temporal Sort By Feature Property

sortByTemporalFeatureProperty

String

When Sorting Temporally, Sort By This Feature Property.

false

Relevance Sort By Feature Property

sortByRelevanceFeatureProperty

String

When Sorting By Relevance, Sort By This Feature Property.

false

Distance Sort By Feature Property

sortByDistanceFeatureProperty

String

When Sorting By Distance, Sort By This Feature Property.

false

Source ID

id

String

The unique name of the Source

WFS

true

WFS URL

wfsUrl

String

URL to the endpoint implementing the Web Feature Service (WFS) spec

null

true

Disable CN Check

disableCnCheck

Boolean

Disable CN check for the server certificate. This should only be used when testing.

false

true

Coordinate Order

coordinateOrder

String

Coordinate order that remote source expects and returns spatial data in

LAT_LON

true

Forced Feature Type

forcedFeatureType

String

Force only a specific FeatureType to be queried instead of all featureTypes

null

false

Authentication Type

authenticationType

String

The Discovery URL where the metadata of the OAuth Provider protecting the source is hosted. Required if OAuth 2.0 authentication type is selected.

saml

true

Username

username

String

Username for WFS Service. Required if basic authentication type is selected.

null

false

Password

password

Password

Password for WFS Service. Required if basic authentication type is selected.

null

false

Non Queryable Properties

nonQueryableProperties

String

Properties listed here will NOT be queryable and any attempt to filter on these properties will result in an exception.

null

false

Poll Interval

pollInterval

Integer

Poll Interval to Check if the Source is available (in minutes - minimum 1).

5

true

Forced Spatial Filter Type

forceSpatialFilter

String

Force only the selected Spatial Filter Type as the only available Spatial Filter.

NO_FILTER

false

Connection Timeout

connectionTimeout

Integer

Amount of time to attempt to establish a connection before timing out, in milliseconds.

30000

true

Receive Timeout

receiveTimeout

Integer

Amount of time to wait for a response before timing out, in milliseconds.

60000

true

SRS Name

srsName

String

SRS Name to use in outbound GetFeature requests. The SRS Name parameter is used to assert the specific CRS transformation to be applied to the geometries of the features returned in a response document.

EPSG:4326

false

Source ID

id

String

The unique name of the Source

WFS

true

WFS URL

wfsUrl

String

URL to the endpoint implementing the Web Feature Service (WFS) 2.0.0 spec

null

true

Disable CN Check

disableCnCheck

Boolean

Disable CN check for the server certificate. This should only be used when testing.

false

true

Force Longitude/Latitude coordinate order

isLonLatOrder

Boolean

Force Longitude/Latitude coordinate order

false

true

Disable Sorting

disableSorting

Boolean

When selected, the system will not specify sort criteria with the query. This should only be used if the remote source is unable to handle sorting even when the capabilities states 'ImplementsSorting' is supported.

false

true

Authentication Type

authenticationType

String

The Discovery URL where the metadata of the OAuth Provider protecting the source is hosted. Required if OAuth 2.0 authentication type is selected.

saml

true

Username

username

String

Username for WFS Service. Required if basic authentication type is selected.

null

false

Password

password

Password

Password for WFS Service. Required if basic authentication type is selected.

null

false

Non Queryable Properties

nonQueryableProperties

String

Properties listed here will NOT be queryable and any attempt to filter on these properties will result in an exception.

null

false

Poll Interval

pollInterval

Integer

Poll Interval to Check if the Source is available (in minutes - minimum 1).

5

true

Forced Spatial Filter Type

forceSpatialFilter

String

Force only the selected Spatial Filter Type as the only available Spatial Filter.

NO_FILTER

false

Connection Timeout

connectionTimeout

Integer

Amount of time to attempt to establish a connection before timing out, in milliseconds.

30000

true

Receive Timeout

receiveTimeout

Integer

Amount of time to wait for a response before timing out, in milliseconds.

60000

true

Source ID

id

String

The unique name of the Source

WFS_v2_0_0

true

WFS URL

wfsUrl

String

URL to the endpoint implementing the Web Feature Service (WFS) 2.0.0 spec

null

true

Disable CN Check

disableCnCheck

Boolean

Disable CN check for the server certificate. This should only be used when testing.

false

true

Coordinate Order

coordinateOrder

String

Coordinate order that remote source expects and returns spatial data in

LAT_LON

true

Forced Feature Type

forcedFeatureType

String

Force only a specific FeatureType to be queried instead of all featureTypes

null

false

Disable Sorting

disableSorting

Boolean

When selected, the system will not specify sort criteria with the query. This should only be used if the remote source is unable to handle sorting even when the capabilities states 'ImplementsSorting' is supported.

false

true

Authentication Type

authenticationType

String

The Discovery URL where the metadata of the OAuth Provider protecting the source is hosted. Required if OAuth 2.0 authentication type is selected.

saml

true

Username

username

String

Username for the WFS Service. Required if basic authentication type is selected.

null

false

Password

password

Password

Password for the WFS Service. Required if basic authentication type is selected.

null

false

Non Queryable Properties

nonQueryableProperties

String

Properties listed here will NOT be queryable and any attempt to filter on these properties will result in an exception.

null

false

Poll Interval

pollInterval

Integer

Poll Interval to Check if the Source is available (in minutes - minimum 1).

5

true

Forced Spatial Filter Type

forceSpatialFilter

String

Force only the selected Spatial Filter Type as the only available Spatial Filter.

NO_FILTER

false

Connection Timeout

connectionTimeout

Integer

Amount of time to attempt to establish a connection before timing out, in milliseconds.

30000

true

Receive Timeout

receiveTimeout

Integer

Amount of time to wait for a response before timing out, in milliseconds.

60000

true

Attribute Name

attributeName

String

The name of the Metacard Attribute to match against. e.g. title, metadata-content-type, etc

null

true

Attribute Value

attributeValue

String

The value of the Metacard Attribute.

null

true

Style URL

styleUrl

String

The full qualified URL to the KML Style. e.g. http://example.com/styles#myStyle

null

true

Email Notifier

org.codice.ddf.catalog.ui.query.monitor.email.EmailNotifier

Email Notifier.

Facet Attribute Whitelist

org.codice.ddf.catalog.plugin.facetattributeaccess.facetwhitelist

Facet Attribute Whitelist

Search UI Redirect

org.codice.ddf.ui.searchui.filter.RedirectServlet

Search UI redirect.

Catalog UI Search Transformer Blacklists

org.codice.ddf.catalog.ui.transformer.TransformerDescriptors

Catalog UI Search Transformer Blacklists.

Catalog UI Search Workspace Query Monitor

org.codice.ddf.catalog.ui.query.monitor.impl.WorkspaceQueryService

Catalog UI Search Workspace Query Monitor.

Catalog UI Search Workspace Service

org.codice.ddf.catalog.ui.query.monitor.impl.WorkspaceServiceImpl

Catalog UI Search Workspace Service.

Catalog UI Search Workspace Security

org.codice.ddf.catalog.ui.security

Catalog UI Search Workspace Security.

Subject

subjectTemplate

String

Set the subject line template.

Workspace '%[attribute=title]' notification

true

Body

bodyTemplate

String

Set the body template.

The workspace '%[attribute=title]' contains up to %[hitCount] results. Log in to see results https://{FQDN}:{PORT}/search/catalog/#workspaces/%attribute=id.

true

From Address

fromEmail

String

Set the 'from' email address.

donotreply@example.com

true

Facet Attribute Whitelist

facetAttributeWhitelist

String

Attributes that can be faceted against through the catalog framework. Caution: Suggestion values are not protected by any security. Only choose attributes whose values will be safe for all users to view.

false

Redirect URI

defaultUri

String

Specifies the redirect URI to use when accessing the /search URI.

${org.codice.ddf.external.context}/search/simple/

true

Metacard Transformer Blacklist

blackListedMetacardTransformerIds

String

The IDs of all Metacard Transformers services that will not show up as export actions in the UI. Every ID in this set will remove that transformer as an export option in the UI.

[]

false

Query Response Transformer Blacklist

blackListedQueryResponseTransformerIds

String

The IDs of all Query Response Transformers services that will not show up as export actions in the UI. Every ID in this set will remove that transformer as an export option in the UI.

[zipCompression]

false

Query Timeout

queryTimeoutMinutes

Long

Set the number of minutes to wait for query to complete.

5

true

Notification Time Interval

queryTimeInterval

Integer

Set the Relative Time Search (past X minutes up to 24 hours). Note: This will query for results from the interval to the time the query is sent out.

1440

true

Maximum Subscriptions

maxSubscriptions

Integer

Specifies the maximum number of workspace subscriptions that may be queried for email notifications.

100

true