Privacera Platform master publication

Portal

:

The following table contains the list of custom properties that can be configured for the Portal service. To use a custom property from the table, just add it to the following YML file in the custom-vars folder configured as per your environment:

vars.portal.yml

Property

Description

Values

Default Value

PORTAL_ENABLE

PORTAL_INSTALL

PORTAL_IMAGE_NAME

PORTAL_IMAGE_TAG

PORTAL_SERVER_MODE

PORTAL_SSL_ENABLE

PORTAL_SSL_SELF_SIGNED

PORTAL_UI_SSO_ENABLE

AAD_SSO_ENABLE

PORTAL_LIQUIBASE_ENABLE

PORTAL_PORT

PORTAL_PROTOCOL

PORTAL_PROTOCOL_URL

PORTAL_PORT_EXTERNAL

Property to change the default port number for Portal.

6868

PORTAL_SERVICE_NAME

PORTAL_HOST_NAME

PORTAL_SVC_IP

PORTAL_INGRESS_IP

PORTAL_EXTERNAL_HOST

PORTAL_URL

PORTAL_EXTERNAL_URL

PORTAL_INGRESS_URL

PORTAL_URL_IP

SAML_ENTITY_ID

SAML_BASE_URL

SAML_METADATA_FILEPATH

SAML_GLOBAL_LOGOUT

Enabled by default. The global logout for SAML is enabled. Once a logout is initiated, all the sessions you've accessed from the browser would be terminated from the Identity Provider (IDP).

true, false

true

SAML_EMAIL_ATTRIBUTE

Property to customize the email assertion attribute of SAML.

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

SAML_USERNAME_ATTRIBUTE

Property to customize the username assertion attribute of SAML.

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

SAML_LASTNAME_ATTRIBUTE

Property to customize the lastname assertion attribute of SAML.

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

SAML_FIRSTNAME_ATTRIBUTE

Property to customize the firstname assertion attribute of SAML.

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

PRIVACERA_PORTAL_DATASOURCE_URL

PRIVACERA_PORTAL_DATASOURCE_USERNAME

PRIVACERA_PORTAL_DATASOURCE_PASSWORD

PRIVACERA_PORTAL_DATASOURCE_DRIVER_CLASS_NAME

PRIVACERA_PORTAL_DATASOURCE_DIALECT

PRIVACERA_PORTAL_KEYSTORE_ALIAS

PRIVACERA_PORTAL_KEYSTORE_PASSWORD

PRIVACERA_PORTAL_TRUSTSTORE_PASSWORD

PRIVACERA_PORTAL_RANGER_ADMIN_TRUST_STORE

PRIVACERA_PORTAL_SSL_TRUSTSTORE

PRIVACERA_PORTAL_SSL_TRUSTORETYPE

PRIVACERA_PORTAL_SSL_KEYSTORETYPE

PRIVACERA_PORTAL_KEYSTORE_FILENAME

PRIVACERA_PORTAL_SSL_KEY_STORE

PRIVACERA_PORTAL_RANGER_USER_PASSWORD

PRIVACERA_PORTAL_TOPIC_DYNAMIC_PREFIX

PRIVACERA_PORTAL_SSL_SIGNED_PEM_FULL_CHAIN

PRIVACERA_PORTAL_SSL_SIGNED_PEM_PRIVATE_KEY

PRIVACERA_PORTAL_SSL_PKCS12_PASSWORD

PRIVACERA_PORTAL_SSL_SIGNED_CERT_FORMAT

PRIVACERA_PORTAL_SSL_SIGNED_PKCS12_ALIAS

PRIVACERA_PORTAL_SSL_SIGNED_PKCS12_FILE

PORTAL_PADMIN_DEFAULT_PASSWORD

PORTAL_PADMIN_PASSWORD

PRIVACERA_PORTAL_HIVE_USER_PASSWORD

PRIVACERA_PORTAL_AUTH_TOKEN

PRIVACERA_PORTAL_ATLAS_USER_PASSWORD

PRIVACERA_PORTAL_HOST_HEADER_PREVENTION_ENABLE

Set the property to true to enable Privacera Portal host header prevention.

true

PRIVACERA_PORTAL_WHITELIST_HOST

Use this property to add the comma-separated list of allowed hosts.

<HOST_IP>, <HOST_NAME>

DATASERVER_SVC_IP

DATASERVER_ENDPOINT_HOSTNAME

PORTAL_LDAP_BIND_PASSWORD

PORTAL_LDAP_ENABLE

PORTAL_LDAP_SSL_ENABLED

PORTAL_LDAP_ADD_ETCHOST

PORTAL_LDAP_IP

PORTAL_LDAP_HOST

PORTAL_LDAP_SSL_PM_GEN_TS

PORTAL_LDAP_SSL_TRUSTSTORE_FILE

PORTAL_LDAP_SSL_TRUSTSTORE_TYPE

PORTAL_LDAP_SSL_TRUSTSTORE_PASSWORD

PORTAL_LDAP_SSL_AUTO_GEN_TRUSTSTORE_FILE

Privacera Manager can create a certificate automatically with a certain name. In this property, give a name for the certificate.

client_ldaps_truststore.cer OR client_ldaps_truststore.jks OR client_ldaps_truststore.p12

client_ldaps_truststore.cer

PORTAL_LDAP_SSL_AUTO_GEN_TRUSTSTORE_TYPE

Privacera Manager can create a certificate automatically of a specific type. In this property, give a type for the certificate.

cer, jks, p12

cer

PORTAL_SOLR_BASIC_AUTH_ENABLED

PORTAL_SOLR_BASIC_AUTH_USER

PORTAL_SOLR_BASIC_AUTH_PASSWORD

PRIVACERA_ACCESS_REQUEST_MANAGER_PASSWORD

PRIVACERA_ACCESS_REQUEST_MANAGER_USER

PRIVACERA_PORTAL_SECRETS_FILE

PORTAL_ENCRYPT_SECRETS

PRIVACERA_PORTAL_SECRETS_KEYSTORE_PASSWORD

PORTAL_ENCRYPT_PROPS_LIST

AWS_PORTAL_LB_CERTIFICATE_ARN

PORTAL_LB_SSL_CERT

PORTAL_LB_SSL_PORT

PORTAL_LB_TARGET_PORT

PORTAL_LB_BACKEND_PROTOCOL

PORTAL_K8S_PVC_NAME

PORTAL_K8S_PVC_STORAGE_SIZE_MB

PORTAL_K8S_PVC_STORAGE_SIZE

PORTAL_K8S_LOADBALANCER_EXTERNAL

PORTAL_K8S_ANNOTATION_LOADBALANCER_ANNOTATION

PORTAL_K8S_STORAGE_PROVISIONER

PORTAL_K8S_SC_NAME

PORTAL_K8S_PV_ENCRYPTED

PORTAL_K8S_PV_KEY

PORTAL_K8S_CPU_REQUESTS

PORTAL_K8S_CPU_LIMITS

PORTAL_K8S_REPLICAS

PORTAL_HELM_CHART_VERSION

PRIVACERA_PORTAL_DATASERVER_ENABLE_APP_DAO_CREATE

PRIVACERA_PORTAL_DATASERVER_ENABLE

PRIVACERA_PORTAL_DATASERVER_PROXY_HOST

PRIVACERA_PORTAL_DATASERVER_PROXY_PORT

PRIVACERA_PORTAL_DATASERVER_PROXY_PROTOCOL

PRIVACERA_PORTAL_DATASERVER_EXPLORER_PROTOCOL

PRIVACERA_PORTAL_DATASERVER_ADLS_STORAGE_TYPE

PRIVACERA_PORTAL_RANGER_SERVICE_NAME

PRIVACERA_PORTAL_RANGER_CLUSTER_NAME

PRIVACERA_ACCESS_REQUEST_MANAGER_ENABLE

PRIVACERA_ACCESS_REQUEST_MANAGER_PROCESS_KEY

PRIVACERA_ACCESS_REQUEST_MANAGER_PROJECT_ROLES_FILE

PRIVACERA_PORTAL_K8S_HA_ENABLE

PRIVACERA_PORTAL_ELECTION_NODE_PATH

PRIVACERA_PORTAL_ZK_CONNECTION_STRING

PRIVACERA_PORTAL_ELECTION_ZK_RETRY

PRIVACERA_PORTAL_ELECTION_ZK_RETRY_SLEEP_IN_MS

PRIVACERA_PORTAL_ELECTION_RETRY_COUNT

PRIVACERA_PORTAL_ELECTION_RETRY_SLEEP_INTERVAL_SEC

PORTAL_K8S_READINESS_PROBE_DELAY_SECS

Time in seconds to delay the Kubernetes readiness probe for the Portal pod.

120

PORTAL_K8S_READINESS_PROBE_FAILURE_THRESHOLD

Failure threshold is the number of times Kubernetes will try to perform the readiness probe for the Portal pod.

6

PORTAL_K8S_READINESS_PROBE_PERIOD_SECS

Time in seconds to perform the Kubernetes readiness probe for the Portal pod.

30

PORTAL_K8S_LIVENESS_PROBE_DELAY_SECS

Time in seconds to delay the Kubernetes liveness probe for the Portal pod.

400

PORTAL_K8S_LIVENESS_PROBE_PERIOD_SECS

Time in seconds to perform the Kubernetes liveness probe for the Portal pod.

30

PORTAL_K8S_LIVENESS_PROBE_FAILURE_THRESHOLD

Failure threshold is the number of times Kubernetes will try to perform the liveness probe for the Portal pod.

3

PORTAL_K8S_STARTUP_PROBE_ENABLED

Enable the startup probe for the Portal pod.

true, false

false

PORTAL_K8S_STARTUP_PROBE_PERIOD_SECS

Time in seconds to perform the Kubernetes startup probe for the Portal pod.

30

PORTAL_K8S_STARTUP_PROBE_DELAY_SECS

Time in seconds to delay the Kubernetes startup probe for the Portal pod.

400

PORTAL_K8S_STARTUP_PROBE_FAILURE_THRESHOLD

Failure threshold is the number of times Kubernetes will try to perform the startup probe for the Portal pod.

3

PORTAL_K8S_NETWORKING_LOADBALANCER_IP

PORTAL_K8S_NETWORKING_LOADBALANCER_SOURCE_RANGES

PORTAL_TOPOLOGIES

PORTAL_K8S_SERVICE_ACCOUNT

PORTAL_DATABRICKS_REPORT_ENABLE

Property to enable/disable offline reporting in Databricks.

Note: Do not set this property, if a Discovery service is already running in your environment.

true,false

false

SAML_MAX_AUTH_AGE_SEC

it is the maximum time in seconds that a users is allowed by IDP to be logged in since his initial authentication. The default time is 7889400 seconds (3 months).

7889400

SAML_RESPONSE_SKEW_SEC

It is the maximum difference between local time and time of the assertion creation which still allows messages to be processed. It determines the maximum difference between the clocks of the IDP and SP machines.

600

SAML_FORCE_AUTHN

When the property is set to true, IDP is required to re-authenticate a user even if the user has an existing session and not rely on any previous authentication events.

true,false

true

Memory Variables

PORTAL_HEAP_MIN_MEMORY_MB

Minimum Java Heap memory in MB used by Privacera Portal. For example, PORTAL_HEAP_MIN_MEMORY_MB: "1024"

PORTAL_HEAP_MIN_MEMORY

Minimum Java Heap memory used by Privacera Portal. Setting this value will override PORTAL_HEAP_MIN_MEMORY_MB. For example, PORTAL_HEAP_MIN_MEMORY: "1g"

PORTAL_HEAP_MAX_MEMORY_MB

Maximum Java Heap memory in MB used by Privacera Portal. For example, PORTAL_HEAP_MAX_MEMORY_MB: "1024"

PORTAL_HEAP_MAX_MEMORY

Maximum Java Heap memory used by Privacera Portal. Setting this value will override PORTAL_HEAP_MAX_MEMORY_MB. For example, PORTAL_HEAP_MAX_MEMORY: "1g"

PORTAL_K8S_MEM_REQUESTS_MB

Minimum amount of kubernetes memory in MB to be requested by Privacera Portal. For example, PORTAL_K8S_MEM_REQUESTS_MB: "1024"

PORTAL_K8S_MEM_REQUESTS

Minimum amount of kubernetes memory to be used by Privacera Portal. Setting this value will override PORTAL_K8S_MEM_REQUESTS_MB. For example, PORTAL_K8S_MEM_REQUESTS: "1G"

PORTAL_K8S_MEM_LIMITS_MB

Maximum amount of kubernetes memory in MB to be requested by Privacera Portal. For example, PORTAL_K8S_MEM_LIMITS_MB: "1024"

PORTAL_K8S_MEM_LIMITS

Maximum amount of kubernetes memory to be used by Privacera Portal. Setting this value will override PORTAL_K8S_MEM_LIMITS_MB. For example, PORTAL_K8S_MEM_LIMITS: "1G"

PORTAL_CPU_MIN

Minimum amount of kubernetes CPU to be requested by Privacera Portal. For example, PORTAL_CPU_MIN: "0.5"

PORTAL_CPU_MAX

Maximum amount of kubernetes CPU to be used by Privacera Portal. For example, PORTAL_CPU_MAX: "0.5"