Server config 6.8

ControlCenterConfigBean

PropertyDescriptionDefault valueSince version
hypr.cc.serviceAccountUsername β˜… Service username used to first log into to CC post install or in recover mode HYPR 6.8
hypr.cc.serviceAccountPassword β˜… Service password used to first log into to CC post install or in recover mode 6.8
hypr.cc.licenseKeyV4 License key for HYPR. Upload via CC UI 6.8
hypr.cc.licenseFileName File name of the License upload via CC UI. Tracked for convenience 6.8
hypr.cc.defaultAppName Default web application created on first startup. May be used for trial. Do NOT use in production HYPRDefaultApplication 6.8
hypr.cc.defaultWorkstationAppName Default workstation application created on first startup. May be used for trial. Do NOT use in production HYPRDefaultWorkstationApplication 6.8
hypr.cc.showRfcErrorDetails Include extra error details in error msgs. Useful for development. Do NOT enable in production false 6.8
hypr.cc.swaggerEnabled Enable API docs at /swagger-ui.html. Do NOT enable in production false 6.8
hypr.cc.facetUrl HYPRDefaultApplication 6.8
hypr.cc.licenseKey License key used to communicate directly to the License server. This is needed for the V3 API and will have be requested from HYPR 6.8

EventConfigBean

PropertyDescriptionDefault valueSince version
hypr.event.eventsRetentionCheckInterval Time in hours. Interval at which event retention check in done 1 6.8
hypr.event.eventsRetention Time in hours. After this interval an event is deleted from the DB to keep disk space requirements within bounds 720 6.8
hypr.event.eventsLevel Log level of the events. Set to DEBUG for more detailed logging. Not recommended for Production INFO 6.8
hypr.event.jasyptPassword β˜… Encryption key for the DB changeMe 6.8
hypr.event.hibernateConnectionUrl β˜… Java JDBC connection URL. See: https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-reference-jdbc-url-format.html 6.8
hypr.event.hibernateConnectionUsername β˜… DB connection username 6.8
hypr.event.hibernateConnectionPassword β˜… DB connection password 6.8
hypr.event.hibernateConnectionDriver Fully-qualified Java class name of the JDBC driverClass com.mysql.jdbc.Driver 6.8
hypr.event.hibernateDialect β˜… Hibernate dialect to match the type/version of the DB org.hibernate.dialect.MySQL8Dialect 6.8
hypr.event.isHibernateShowSql Log the SQL queries in HYPR log files false 6.8
hypr.event.hibernateHbm2dllAuto Hibernate schema management mode
See: https://docs.jboss.org/hibernate/orm/5.2/userguide/html_single/Hibernate_User_Guide.html#configurations-hbmddl
update 6.8
hypr.event.hibernateC3P0MinSize Minimum number of Connections a pool will maintain at any given time 20 6.8
hypr.event.hibernateC3P0MaxSize Maximum number of Connections a pool will maintain at any given time 500 6.8
hypr.event.hibernateC3P0MaxStmts The size of c3p0's global PreparedStatement cache
See: https://www.mchange.com/projects/c3p0/#maxStatements
1000 6.8
hypr.event.hibernateC3P0InitialSize Number of Connections a pool will try to acquire upon startup. Should be between minPoolSize and maxPoolSize 20 6.8
hypr.event.hibernateC3P0CheckoutTimeoutInMillis Milliseconds, limits how long a client will wait for a Connection 15000 6.8
hypr.event.hibernateC3P0MaxConnectionAgeInSecs Seconds, conn TTL. A Connection older than maxConnectionAge will be destroyed and purged from the pool 1800 6.8
hypr.event.hibernateC3P0MaxIdleTimeInSecs Seconds a Connection can remain pooled but unused before being discarded 30 6.8
hypr.event.hibernateC3P0TestConnOnCheckout Test all idle, pooled but unchecked-out connections, every this number of seconds true 6.8
hypr.event.hibernateC3P0IdleTestPeriodInSecs Seconds, pooled but unchecked-out connections, every this number of seconds 30 6.8
hypr.event.hibernateC3P0UnreturnedConnectionTimeoutInSecs Seconds, defines a limit (in seconds) to how long a Connection may remain checked out 60 6.8

Fido2ConfigBean

PropertyDescriptionDefault valueSince version
hypr.fido2.detailedApiErrorMsgs Include extra error details in error msgs. Useful for development. Do NOT enable in production false 6.8
hypr.fido2.defaultMetadataStatementsDir Dir to scan on server startup and load extra metadata from metadataStatements 6.8
hypr.fido2.defaultServerOrigin http://localhost 6.8
hypr.fido2.defaultAppId localhost 6.8
hypr.fido2.certificateRevocationCheckEnabled Extracts the CRL distribution points from the certificate (if available) and checks the certificate revocation
status against the CRLs coming from the distribution points. Supports HTTP, HTTPS, FTP and LDAP based URLs
true 6.8
hypr.fido2.jasyptPassword β˜… Encryption key for the DB 6.8
hypr.fido2.hibernateConnectionUrl β˜… Java JDBC connection URL. See: https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-reference-jdbc-url-format.html 6.8
hypr.fido2.hibernateConnectionUsername β˜… DB connection username 6.8
hypr.fido2.hibernateConnectionPassword β˜… DB connection password 6.8
hypr.fido2.hibernateConnectionDriver Fully-qualified Java class name of the JDBC driverClass com.mysql.jdbc.Driver 6.8
hypr.fido2.hibernateDialect β˜… Hibernate dialect to match the type/version of the DB 6.8
hypr.fido2.isHibernateShowSql Log the SQL queries in HYPR log files false 6.8
hypr.fido2.hibernateHbm2dllAuto Hibernate schema management mode
See: https://docs.jboss.org/hibernate/orm/5.2/userguide/html_single/Hibernate_User_Guide.html#configurations-hbmddl
update 6.8
hypr.fido2.hibernateC3P0MinSize Minimum number of Connections a pool will maintain at any given time 20 6.8
hypr.fido2.hibernateC3P0MaxSize Maximum number of Connections a pool will maintain at any given time 100 6.8
hypr.fido2.hibernateC3P0MaxStmts The size of c3p0's global PreparedStatement cache
See: https://www.mchange.com/projects/c3p0/#maxStatements
250 6.8
hypr.fido2.hibernateC3P0InitialSize Number of Connections a pool will try to acquire upon startup. Should be between minPoolSize and maxPoolSize 20 6.8
hypr.fido2.hibernateC3P0CheckoutTimeoutInMillis Milliseconds, limits how long a client will wait for a Connection 15000 6.8
hypr.fido2.hibernateC3P0MaxConnectionAgeInSecs Seconds, conn TTL. A Connection older than maxConnectionAge will be destroyed and purged from the pool 1800 6.8
hypr.fido2.hibernateC3P0MaxIdleTimeInSecs Seconds a Connection can remain pooled but unused before being discarded 30 6.8
hypr.fido2.hibernateC3P0TestConnOnCheckout Test all idle, pooled but unchecked-out connections, every this number of seconds true 6.8
hypr.fido2.hibernateC3P0IdleTestPeriodInSecs Seconds, pooled but unchecked-out connections, every this number of seconds 30 6.8
hypr.fido2.hibernateC3P0UnreturnedConnectionTimeoutInSecs Seconds, defines a limit (in seconds) to how long a Connection may remain checked out 60 6.8

RPConfigBean

PropertyDescriptionDefault valueSince version
hypr.rp.corsAllowedOriginsRegex β˜… CSV of CORS allowed origins patterns
Example: "https://.*\.main\.com$" matches "https://sub.main.com"
6.8
hypr.rp.rpappSetupWhitelist Whitelist of apps that dont need SecurityContext for registration. Only applies to non-prod demo scenarios 6.8
hypr.rp.sslCerts SSL certs to be used for SSL pining. Generally easier to upload from CC UI [] 6.8
hypr.rp.sslPrimaryCertSerialNum Serial number of the primary SSL cert to be used for SSL pining 6.8
hypr.rp.sslPinningEnabled false 6.8
hypr.rp.reddisonConfig β˜… Redis connection configuration for the Redisson library
Redisson is to be deprecated in favor of the Lettuce library
For now, both Redisson and Lettuce config is needed
The config depends on the type of Redis setup:
- Single: https://github.com/redisson/redisson/wiki/2.-Configuration#26-single-instance-mode
- Multi-node with sentinels: https://github.com/redisson/redisson/wiki/2.-Configuration#27-sentinel-mode
- Master/slave replication (AWS elastic cache) : https://github.com/redisson/redisson/wiki/2.-Configuration#25-replicated-mode
6.8
springLettuceConfig β˜… Redis connection configuration for the Lettuce library
Use one of the following, depending on your Redis setup

# ************ Single Redis node config (Lettuce) ***************************************
spring.redis.host=REDIS_MASTER_HOST
spring.redis.port=REDIS_PORT
spring.redis.password=REDIS_PASSWORD

# ************ Redis cluster: Master/slave replicated with sentinels (Lettuce) **********
spring.redis.clientName=hypr-fido2
spring.redis.sentinel.master=hypr-master
spring.redis.password=REDIS_PASSWORD
spring.redis.sentinel.nodes=SENTINEL_NODE_1_IP:REDIS_SENTINEL_PORT, SENTINEL_NODE_2_IP:REDIS_SENTINEL_PORT, SENTINEL_NODE_3_IP:REDIS_SENTINEL_PORT

# ************ AWS elastic cache nodes (Master/Slave replicas) (Lettuce) ****************
spring.redis.clientName=hypr-master
spring.redis.replicated.read.from=any
spring.redis.replicated.nodes=AWS_NODE_1:REDIS_PORT, AWS_NODE_2:REDIS_PORT, AWS_NODE_3:REDIS_PORT

spring.redis.lettuce.pool.maxActive=50
spring.redis.lettuce.pool.maxIdle=25
spring.redis.lettuce.pool.maxWait=1000ms
spring.redis.lettuce.pool.minIdle=10
6.8
hypr.rp.cacheNamespace β˜… Suffix added to the Redis cache keys. Allows multiple CC instances to use the same Redis cache instance - by making key names unique to each CC instance 6.8
hypr.rp.fido2EnabledByDefault Enable FIDO2 by default on newly created RP apps false 6.8
hypr.rp.fido2DefaultOrigin Default FIDO2 origin on newly created RP apps. Can be modified in CC UI http://localhost 6.8
hypr.rp.publicFullyQualifiedDomainName β˜… Fully qualified domain name of the RelyingParty server. Typically the public DNS name
Example: sub.mycorp.com
6.8
hypr.rp.jasyptPassword β˜… Encryption key for the DB 6.8
hypr.rp.hibernateConnectionUrl β˜… Java JDBC connection URL. See: https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-reference-jdbc-url-format.html 6.8
hypr.rp.hibernateConnectionUsername β˜… DB connection username 6.8
hypr.rp.hibernateConnectionPassword β˜… DB connection password 6.8
hypr.rp.hibernateConnectionDriver Fully-qualified Java class name of the JDBC driverClass com.mysql.jdbc.Driver 6.8
hypr.rp.hibernateDialect β˜… Hibernate dialect to match the type/version of the DB 6.8
hypr.rp.isHibernateShowSql Log the SQL queries in HYPR log files false 6.8
hypr.rp.hibernateHbm2dllAuto Hibernate schema management mode
See: https://docs.jboss.org/hibernate/orm/5.2/userguide/html_single/Hibernate_User_Guide.html#configurations-hbmddl
validate 6.8
hypr.rp.hibernateC3P0MinSize Minimum number of Connections a pool will maintain at any given time 20 6.8
hypr.rp.hibernateC3P0MaxSize Maximum number of Connections a pool will maintain at any given time 100 6.8
hypr.rp.hibernateC3P0MaxStmts The size of c3p0's global PreparedStatement cache
See: https://www.mchange.com/projects/c3p0/#maxStatements
250 6.8
hypr.rp.hibernateC3P0InitialSize Number of Connections a pool will try to acquire upon startup. Should be between minPoolSize and maxPoolSize 20 6.8
hypr.rp.hibernateC3P0CheckoutTimeoutInMillis Milliseconds, limits how long a client will wait for a Connection 15000 6.8
hypr.rp.hibernateC3P0MaxConnectionAgeInSecs Seconds, conn TTL. A Connection older than maxConnectionAge will be destroyed and purged from the pool 1800 6.8
hypr.rp.hibernateC3P0MaxIdleTimeInSecs Seconds a Connection can remain pooled but unused before being discarded 30 6.8
hypr.rp.hibernateC3P0TestConnOnCheckout Test all idle, pooled but unchecked-out connections, every this number of seconds true 6.8
hypr.rp.hibernateC3P0IdleTestPeriodInSecs Seconds, pooled but unchecked-out connections, every this number of seconds 30 6.8
hypr.rp.hibernateC3P0UnreturnedConnectionTimeoutInSecs Seconds, defines a limit (in seconds) to how long a Connection may remain checked out 60 6.8

RPLicenseServerConfig

PropertyDescriptionDefault valueSince version
hypr.rp.license.baseUrl HYPR License server URL https://licensing.hypr.com/ 6.8
hypr.rp.license.httpClientTimeout HTTP connection timeout in secs 30000 6.8
hypr.rp.license.httpProxyEnable Use Proxy config while connecting to the License server false 6.8
hypr.rp.license.sslCertsPublicKeys If supplied, SSL pinning will done against the License server endpoint
Public key on the Cert must match one of these
[] 6.8

RPPushConfigBean

PropertyDescriptionDefault valueSince version
hypr.rp.push.fbDbURL 6.8
hypr.rp.push.fbCredentials 6.8

RPProxyConfigBean

PropertyDescriptionDefault valueSince version
hypr.rp.proxy.port 6.8
hypr.rp.proxy.protocol http or https 6.8
hypr.rp.proxy.host Example: corp.proxy.com 6.8
hypr.rp.proxy.connectTimeoutMillis The time to establish the connection with the proxy 10000 6.8
hypr.rp.proxy.readTimeoutMillis The time waiting for data; after establishing the connection; maximum time of inactivity between two data packets 10000 6.8
hypr.rp.proxy.connectionKeepAliveMillis Drop persistent connections after a this period of inactivity 0 6.8
hypr.rp.proxy.user 6.8
hypr.rp.proxy.pass 6.8
hypr.rp.proxy.testUrl Test proxy config - by connecting to this URL with Proxy settings applied https://google.com 6.8
hypr.rp.proxy.trustSelfSignedCert Accept a self signed cert from the proxy server true 6.8

RPSessionTimeConfigBean

PropertyDescriptionDefault valueSince version
hypr.rp.session.clientSetupDeviceWaitSecs Once the client makes a setup request, it waits this long for the device response before timing out 60 6.8
hypr.rp.session.clientRegStartPollSecs Client (workstation|browser) polls for this length of time when waiting for device to start reg after Pin match 10 6.8
hypr.rp.session.clientRegCompletePollSecs Client (browser|workstation) polls for this length of time for the device to confirm reg finish once its done with its part 60 6.8
hypr.rp.session.deviceOOBRegComplete Device (mobile) polls for this length of time when waiting for an registration request/response from the client (workstation|browser) 60 6.8
hypr.rp.session.deviceWSRegComplete Device (mobile) polls for this length of time when waiting for an registration request/response from the client (workstation|browser) 180 6.8
hypr.rp.session.clientRegCancelWaitSecs If a reg is cancelled, wait this long for the client to pickup a cancel from its Mailbox 1 6.8
hypr.rp.session.oobAuthSessionTimeoutSecs Timeout in seconds 60 6.8
hypr.rp.session.clientAuthPollSecs Client (workstation) wait for device response to /rp/versioned/client/authorize/unlock 20 6.8
hypr.rp.session.clientAuthCompletePollSecs Client (workstation) wait for device response to /rp/versioned/device/authorize/ws/complete/{sessionId} call 20 6.8
hypr.rp.session.deviceAuthPollSecs Device (mobile) wait for client response to /rp/versioned/device/authorize/ws/unlock. This is where we wait for the response to the unlock request over the web socket 60 6.8
hypr.rp.session.deviceAuthCompletePollSecs Device (mobile) wait for client response to /rp/versioned/client/authorization/complete/{sessionId} 30 6.8
hypr.rp.session.deviceVerifyCompletePollSecs Device (mobile) wait for client response to /rp/versioned/client/verification/complete/{sessionId} 80 6.8
hypr.rp.session.deviceCancelUnlockPollSecs When a request is made to cancel unlock on a workstation, the device waits for this length of time for a response from the workstation 3 6.8
hypr.rp.session.deviceDeRegPollSecs When a request is made to deregister a device from a workstation, the device waits for this length of time for a response from the workstation 10 6.8
hypr.rp.session.deviceWorkstationLockPollSecs When a request is made to lock a workstation from a device, the device waits for this length of time for a response from the workstation. 10 6.8
hypr.rp.session.deviceWorkstationWebLoginPollSecs When a request is made to launch the web login on a workstation from a device, the device waits for this length of time for a response from the workstation. 10 6.8
hypr.rp.session.deviceWorkstationWebLoginTokenExpirySecs When a request is made to launch the web login on a workstation from a device, this is how long the session will be varid for on the RP before it's purged from the cache. 30 6.8
hypr.rp.session.workstationStatusExpiryTimeSecs Workstation only reports status when in changes i.e lock/unlock. Hold a long session 604800 6.8
hypr.rp.session.workstationMaxIdleTimeSecs Timeout in seconds If a web socket Ping is missed from a workstation for this long, it's considered disconnected This must be greater than the ping interval on the WorkStation Note that if the WorkStation closes web socket connection cleanly, its disconnected immediately 60 6.8

RPWorkstationConfigBean

PropertyDescriptionDefault valueSince version
hypr.rp.workstation.loginEnabledByDefault true 6.8
hypr.rp.workstation.enforcesUserPresenceByDefault false 6.8
hypr.rp.workstation.smartkeysEnabledByDefault true 6.8
hypr.rp.workstation.offlineEnabledByDefault true 6.8
hypr.rp.workstation.recoveryEnabledByDefault false 6.8
hypr.rp.workstation.vdiDisabledByDefault false 6.8
hypr.rp.workstation.recoveryMinPinLength 6 6.8
hypr.rp.workstation.recoveryMaxPinLength 13 6.8
hypr.rp.workstation.recoveryDefaultPinLength 8 6.8
hypr.rp.workstation.recoveryMinPinCount 1 6.8
hypr.rp.workstation.recoveryMaxPinCount 10 6.8
hypr.rp.workstation.recoveryDefaultPinCount 5 6.8
hypr.rp.workstation.recoveryMinCodeAccessHours 24 6.8
hypr.rp.workstation.recoveryMaxCodeAccessHours 72 6.8
hypr.rp.workstation.recoveryDefaultCodeAccessHours 72 6.8
hypr.rp.workstation.offlineMinTokenLength 6 6.8
hypr.rp.workstation.offlineMaxTokenLength 13 6.8
hypr.rp.workstation.offlineDefaultTokenLength 8 6.8
hypr.rp.workstation.offlineMinTokenCount 1 6.8
hypr.rp.workstation.offlineMaxTokenCount 100 6.8
hypr.rp.workstation.offlineDefaultTokenCount 25 6.8
hypr.rp.workstation.offlineMinTokenEntryTimeoutSecs 30 6.8
hypr.rp.workstation.offlineMaxTokenEntryTimeoutSecs 300 6.8
hypr.rp.workstation.offlineDefaultTokenEntryTimeoutSecs 180 6.8
hypr.rp.workstation.offlineMinTokenExpiryDays 7 6.8
hypr.rp.workstation.offlineMaxTokenExpiryDays 90 6.8
hypr.rp.workstation.offlineDefaultTokenExpiryDays 30 6.8
hypr.rp.workstation.offlineMinTokenLowWarningThresholdInPercentage 10 6.8
hypr.rp.workstation.offlineMaxTokenLowWarningThresholdInPercentage 100 6.8
hypr.rp.workstation.offlineDefaultTokenLowWarningThresholdInPercentage 20 6.8

ServerConfigBean

PropertyDescriptionDefault valueSince version
hypr.server.cookieName Name of the cookie generated for CC UI and DeviceManager.
Session cookies are deleted when the current browser session ends
SESSION 6.8
hypr.server.cookieMaxAgeInSecs Max age of the cookie generated for CC UI and DeviceManager -1 6.8
hypr.server.sessionTimeoutInSecs Web session timeout for CC UI and DeviceManager 600 6.8
hypr.server.tomcatAcceptorThreadCount The number of threads to be used to accept connections. See: https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#NIO_specific_configuration 1 6.8
hypr.server.tomcatAcceptorThreadPriority The priority of the acceptor threads 5 6.8
hypr.server.tomcatPollerThreadCount The number of threads to be used to run for the polling events. See: https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#NIO_specific_configuration 1 6.8
hypr.server.tomcatPollerThreadPriority The priority of the poller threads 5 6.8
hypr.server.tomcatAcceptCount The maximum queue length for incoming connection requests when all possible request processing threads are in use. See: https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#NIO_specific_configuration 20000 6.8
hypr.server.tomcatMaxConnections The maximum number of connections that the server will accept and process at any given time. See: https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#NIO_specific_configuration 20000 6.8
hypr.server.tomcatMaxThread The maximum number of request processing threads to be created by this Connector, which therefore determines the maximum number of simultaneous requests that can be handled. See: https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#NIO_specific_configuration 5000 6.8
hypr.server.workstationStatusUpdateWorkerCount Fixed thread pool size used to asynchronously update the Workstation status in the DB 3 6.8
hypr.server.flywayEnabled Run the Flyway schema migration for the DB true 6.8