[OPENIDM-11238] Address undocumented features in boot.properties Created: 10/Jul/18  Updated: 02/Nov/18  Resolved: 31/Jul/18

Status: Closed
Project: OpenIDM
Component/s: documentation
Affects Version/s: 6.5.0
Fix Version/s: 6.5.0

Type: Bug Priority: Major
Reporter: Mike Jang [X] (Inactive) Assignee: Mike Jang [X] (Inactive)
Resolution: Fixed Votes: 0
Labels: CLARK
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
is related to OPENIDM-11050 Mutual SSL authentication failure wit... Closed
is related to OPENIDM-11392 boot.properties: Modify script config... Closed
is related to OPENIDM-11396 Create documentation for secrets.json... Closed
Target Version/s:
Verified Version/s:
QA Assignee: Alexander Dracka
Story Points: 2
Sprint: OpenIDM Sprint 6.5-6


There are several options in boot.properties that are not documented, including:

openidm.script.javascript.sources=/Eclipse/workspace/External JavaScript Source/
% openidm.config.crypto.selfservice.sharedkey.alias=openidm-selfservice-key
% openidm.config.crypto.jwtsession.hmackey.alias=openidm-jwtsessionhmac-key
% openidm.config.crypto.opendj.localhost.cert=server-cert
openidm.workflow.enabled=true (ref OPENIDM-11237)

% Indirectly doc'd via the default encryption keys

Some of these options are implicitly doc'd in the comments to the file. But I don't think the comments are sufficient, e.g. I think we should discuss opeindm.bonecp.statistics.enabled in the discussion of the BoneCP connection pool library, in this JDBC section

As boot.properties is an important part of the IDM configuration process, I think it's important to explicitly document each feature in this file.

Comment by Brendan Miller [ 11/Jul/18 ]

Before we go wild documenting all of these, can we make sure they are all in-use? If they aren't or shouldn't be, maybe we can instead document their removal.

Comment by Mike Jang [X] (Inactive) [ 11/Jul/18 ]

That's fair. I've already filed OPENIDM-11237 for openidm.workflow.enabled, and I have suspicions on openidm.script.javascript.sources (i.e. is it dependent on the Eclipse debugger?) It's something that was added in 2011 IIRC).

I'll keep investigating and won't start this until I at least have answers.

Comment by Mike Jang [X] (Inactive) [ 25/Jul/18 ]

For the Eclipse Debugger – link from the docs to the following KB article: https://backstage.forgerock.com/knowledge/kb/article/a57312401

Comment by Mike Jang [X] (Inactive) [ 25/Jul/18 ]


  • config crypto alias for selfservice


  • JWT session HMAC signing key alias



  • From KeyStoreManagementServiceImpl
  • Regex to match a string with comma seperated keyvalue pairs. For example,
  • <pre>
  • "localhost=my-key-alias, service.forgerock.com=fr-client"
  • </pre>
Comment by Mike Jang [X] (Inactive) [ 25/Jul/18 ]

Based on ClusterManager:

openidm.cluster.remove.offline.node.state=true removes a node from a cluster, if that node is offline.

Comment by Mike Jang [X] (Inactive) [ 26/Jul/18 ]

Don't forget:

  1. openidm.cluster.remove.offline.node.state=true
Comment by Mike Jang [X] (Inactive) [ 26/Jul/18 ]

hold on including openidm.ssl.host.aliases, based on OPENIDM-11050. I'd like to see the explanation from that.

Comment by Mike Jang [X] (Inactive) [ 31/Jul/18 ]

PR: https://stash.forgerock.org/projects/OPENIDM/repos/openidm-docs/pull-requests/1944/overview

Doc changes:

new section here: https://ea.forgerock.com/docs/idm/integrators-guide/#cluster-container

Updated info in this section: https://ea.forgerock.com/docs/idm/integrators-guide/#display-keystore-over-rest

Comment by Alexander Dracka [ 02/Nov/18 ]


Verified within related docs chapters

Generated at Tue Nov 24 06:32:49 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.