##########################################
# FME Server Common Config File Parameters
##########################################
#
# Changes to any parameter value in this file will take effect only upon
# subsequent restart of the FME Server.
#
# The following parameters must be present in the config file and named exactly
# as shown:
#
#--------------------------------------------------------------------------
# Connection Limits
#--------------------------------------------------------------------------
#
# MAX_PENDING_CONNECT_REQUESTS - Maximum number of pending connect requests to allow on the
# REQUEST_PORT. Connect requests after this number will be
# rejected, rather than queued up for later processing.
#
# CHANNEL_READ_BUFFER_SIZE - Size of channel buffer used to read in client requests. The default is
# 8192. A larger buffer size may increase the speed of reading larger
# client requests, however, excessively large buffer sizes may decrease
# the speed of reading smaller client requests.
#
#--------------------------------------------------------------------------
# Environment
#--------------------------------------------------------------------------
#
# LOCALE - The locale of the FME Server system.
#
# If no value, then the default system locale is used.
#
# If specified, the specified locale is used. The language, country and variant are separated by
# underscores. Language is always lower case, and country is always upper case.
# Examples: "en", "de_DE", "_GB", "en_US_WIN", "de__POSIX", "fr__MAC"
#
# ROOT_PATH - The root path under which FME Server system files can be found.
#
# SERVER_PATH - The root path under which Server files can be found on FME Server.
#
# RESOURCE_PATH - The root path under which FME Server system resources can be found. Resources
# include localisable log message files, system properties, system state files, etc.
#
#--------------------------------------------------------------------------
# Security Management
#--------------------------------------------------------------------------
#
# ENABLE_SECURITY - Can be true or false. If true, requests will be both
# authenticated and authorized. If false, no authentication
# and no authorization of requests will occur.
#
# SECURITY_HOME - The root path under which security modules reside.
#
# SECURITY_DEBUG - Can be true or false. If true, enables security debug messages to appear in
# log files. If false, no security debug messages will appear.
#
# SECURITY_SUPERUSER_ROLE - The security role that has the superuser privileges. By default, the role
# is defined to be fmesuperuser and in most cases will not need to be changed,
# but the directive can be used to give superuser privileges to an ActiveDirectory
# group for example.
#
#--------------------------------------
# Authentication
#--------------------------------------
# SECURITY_LOGIN_TYPE - Identifies the authentication (login) method to use:
# database, activedirectory, or custom.
#
#--------------------------------------
# Authentication - Active Directory
#--------------------------------------
# SECURITY_AD_SERVER_AUTODETECT - Required. Can be true or false. Controls whether or not FME Server
# should attempt to automatically detect Active Directory servers on
# the domain. If set to false, Active Directory servers must be
# specified through the combination of SECURITY_AD_SERVER_COUNT,
# SECURITY_AD_SERVER_HOSTn, and SECURITY_AD_SERVER_PORTn parameters.
#
# Technical Note: FME Server automatically detects for Active
# Directory servers by contacting the domain name system (DNS)
# server and querying for service (SRV) records pertaining to
# Lightweight Directory Access Protocol (LDAP) servers, of which
# Active Directory is one such server.
#
# SECURITY_AD_NT_DOMAIN - Optional. Specifies the default NT domain name to use when authenticating
# using Active Directory. If not specified, users must explicitly specify
# the domain name during login (e.g., domain\user vs. user).
#
# SECURITY_AD_SERVER_COUNT - Optional. This parameter is only used when
# SECURITY_AD_SERVER_AUTODETECT is set to false.
#
# When not using automatic detection of Active Directory servers,
# indicates the number of Active Directory servers that will be manually
# specified. A list of server hosts and ports must be specified when
# using this parameter. If SECURITY_AD_SERVER_COUNT > 1, each additional
# host is contacted for failover purposes if the previous one fails. All
# specified hosts must recognize the same security groups or user
# accounts that are granted role access in FME Server.
#
# For example, if SECURITY_AD_SERVER_COUNT is set to 3, then FME Server
# will look for the hosts and ports specified in the parameters:
#
# Server 1: SECURITY_AD_SERVER_HOST1 / SECURITY_AD_SERVER_PORT1
# Server 2: SECURITY_AD_SERVER_HOST2 / SECURITY_AD_SERVER_PORT2
# Server 3: SECURITY_AD_SERVER_HOST3 / SECURITY_AD_SERVER_PORT3
#
# Active Directory servers specified in this manner are accessed in a
# round-robin manner, with each server weighted equally. It is currently
# not possible to specify server access precedence, for use in, for
# example, a configuration requiring cascading failover.
#
# SECURITY_AD_SERVER_HOSTn - Optional. This parameter is only used when
# SECURITY_AD_SERVER_AUTODETECT is set to false.
#
# Specifies the nth server host address (n begins with 1).
#
# SECURITY_AD_SERVER_PORTn - Optional. This parameter is only used when
# SECURITY_AD_SERVER_AUTODETECT is set to false.
#
# Specifies the nth server communication port (n begins with 1).
# Typically, Active Directory uses port 389.
#
# SECURITY_AD_USE_SSL - Optional. Can be true or false. Controls whether or not to connect to
# Active Directory over secure sockets layer (SSL). If not specifed, SSL will
# be used when connecting using port 636, the default LDAPS port.
#
# SECURITY_AD_VERIFY_SSL_CERTIFICATES - Optional. Can be true or false. When connecting to Active
# Directory over secure sockets layer (SSL), controls whether
# or not SSL certificates are verified. If not specified, SSL
# certificate verification is enabled.
#
# Note: It is recommended that verification always be enabled
# in production environments.
#
# SECURITY_AD_NAMING_CONTEXT - Optional. Specifies the base context in which all Active Directory
# queries begin, in the form of a distinguished name. For example, if
# your domain name is mydomain.com, the naming context might be:
#
# DN=mydomain,DN=com
#
# Often, the domain-level object is sufficient as the naming context.
# However, for efficiency improvements in a larger Active Directory
# tree, you may consider setting the naming context to a lower-scoped
# object containing all relevent user accounts and security groups for
# the context of FME Server. If this parameter is not specified, the
# default naming context provided by the Active Directory will be used.
#
# Technical Note: The default naming context will be retrieved from the
# domain RootDSE's 'defaultNamingContext' attribute.
#
# SECURITY_AD_PREAUTH_USERNAME - Recommended. Specifies the user name of a pre-authenticated service
# account.
#
# When using with conjunction with single sign-on
# (SECURITY_AD_USE_SINGLE_SIGN_ON) and/or Simple Authentication
# Security Layer (SASL) (SECURITY_AD_USE_SASL_AUTHENTICATION),
# specify only the user name and not the domain name. For example,
# 'user' is correct and 'domain\user' is incorrect.
#
# A pre-authenticated service account ensures that all Active
# Directory queries will have the same read-access rights. If not
# specified, Active Directory queries will return results that the
# currently authenticated user has read-access to. Specifying a pre-
# authenticated service account ensures that regardless of the
# currently authenticated user, Active Directory queries will return
# results that the service account has read-access to.
#
# Note that a pre-authenticated service account is required for
# certain features of FME Server, including token authentication
# and single sign-on authentication.
#
# SECURITY_AD_PREAUTH_PASSWORD - Recommended. Specifies the password of a pre-authenticated service
# account.
#
# See SECURITY_AD_PREAUTH_USERNAME for a description of a pre-
# authenticated service account.
#
# SECURITY_AD_IMPLICIT_GROUP_MEMBERSHIP - Optional. Can be true or false. When true, specifies that
# when a user is a member of a group that, in turn, is a
# member of another group, the user is implicitly a member
# of both groups. When false or not specified, implicit
# group membership is disabled.
#
# This option is useful in the cases where groups are
# members of other groups and you wish to honour group
# membership configured in this way. Note that more requests
# to Active Directory are made with this option enabled.
#
# SECURITY_AD_USE_SINGLE_SIGN_ON - Optional. Can be true or false. Controls whether or not to allow
# users to automatically log in using the credentials stored on the
# client machine. When false or not specified, single sign-on is
# disabled.
#
# SECURITY_AD_USE_SASL_AUTHENTICATION - Optional. Can be true or false. Controls whether or not to
# authenticate users using Simple Authentication Security Layer
# (SASL). If true, a SASL mechanism must be specified via
# SECURITY_AD_SASL_OPTION_MECHANISM. When false or not
# specified, authentication will not use SASL.
#
# SECURITY_AD_SASL_OPTION_MECHANISM - Optional. Specifies the SASL mechanism to use. This parameter
# must be specified when using SASL authentication.
#
# Active Directory may be configured to authenticate via one or
# more SASL mechanisms -- ensure that the mechanism specified is
# one that is supported by your Active Directory server. The most
# commonly used SASL mechanism is 'GSSAPI', for Kerberos-based
# authentication.
#
# For certain SASL mechanisms, additional SASL option parameters
# may be required.
#
# Note that SECURITY_AD_USE_SASL_AUTHENTICATION must be set to
# true for this parameter to take effect.
#
# SECURITY_AD_SASL_OPTION_KDC_ADDRESS - Optional. Specifies the key distribution centre (KDC) address.
#
# This parameter is used only for authentication using the
# 'GSSAPI' SASL mechanism for Kerberos-based authentication.
# The KDC is typically located on the domain controller.
#
# If unspecified, FME Server will attempt to use the connected
# Active Directory server as the KDC address.
#
# SECURITY_AD_SASL_OPTION_REALM - Optional. Specifies the authentication realm.
#
# This parameter is used only for authentication using the 'GSSAPI'
# SASL mechanism for Kerberos-based authentication, and 'DIGEST-MD5'
# SASL mechanism. The authentication realm is typically a
# capitalized form of the domain name.
#
# If unspecified, FME Server will attempt to use the connected
# Active Directory server's capitalized domain name as the
# authentication realm.
#
#--------------------------------------
# Authorization
#--------------------------------------
# SECURITY_PUBPARM - The published parameter used to identify user roles
# wthin a workspace.
#
# SECURITY_FME_SERVER_HOST - The host name of FME Server. This is used to
# identify the FME Server host resource for
# authorization.
#
# SECURITY_FME_SERVER_REQUEST_PORT - The client port number of FME Server. This
# is used to identify the FME Server client
# port resource for authorization.
#
#-------------------------------------
# Distribution Management
#-------------------------------------
#
# NODE_CORE_ADMIN_PORT - The Core administration port used to manage SYSTEM processes.
#
#--------------------------------------------------------------------------
# Database Connection
#--------------------------------------------------------------------------
# DB_TYPE - Identifies specific database in use: postgresql, sqlserver, oracle.
#
# DB_DRIVER - JDBC driver name used for connecting to the Repository database.
#
# DB_JDBC_URL - JDBC url used for connecting to the Repository database.
#
# DB_USERNAME - Repository database user name
#
# DB_PASSWORD - Repository database user password
#
# DB_CONNECT_EXPIRY - Database connection expiry in seconds
#
# DB_SQLSTMTS_PATH - The path to the SQL statement resource bundle
#
# Examples:
#
# DB_TYPE=postgresql
# DB_DRIVER=org.postgresql.Driver
# DB_JDBC_URL=jdbc:postgresql://localhost:5432/fmeserver
# DB_USERNAME=fmeserver
# DB_PASSWORD=fmeserver
# DB_CONNECT_EXPIRY=60
# DB_SQLSTMTS_PATH=C:/Apps/FMEServer/Server/database
#
# DB_TYPE=sqlserver
# DB_DRIVER=com.microsoft.sqlserver.jdbc.SQLServerDriver
# DB_JDBC_URL=jdbc:sqlserver://localhost/SQLEXPRESS
# DB_USERNAME=fmeserver
# DB_PASSWORD=$FMEserver
# DB_CONNECT_EXPIRY=60
# DB_SQLSTMTS_PATH=C:/Apps/FMEServer/Server/database
#
# DB_TYPE=oracle
# DB_DRIVER=oracle.jdbc.driver.OracleDriver
# DB_JDBC_URL=jdbc:oracle:thin:@localhost:1521:orcl
# DB_USERNAME=fmeserver
# DB_PASSWORD=fmeserver
# DB_CONNECT_EXPIRY=60
# DB_SQLSTMTS_PATH=C:/Apps/FMEServer/Server/database
#
#--------------------------------------------------------------------------
# ************** FME SERVER SETTINGS START **************
#--------------------------------------------------------------------------
# Connection Limits
#--------------------------------------------------------------------------
MAX_PENDING_CONNECT_REQUESTS=500
CHANNEL_READ_BUFFER_SIZE=8192
#--------------------------------------------------------------------------
# Environment
#--------------------------------------------------------------------------
LOCALE=
ROOT_PATH={SAFE{installDir}}
SERVER_PATH={SAFE{serverDir}}
RESOURCE_PATH={SAFE{resourcesDir}}
#--------------------------------------------------------------------------
# Security Management
#--------------------------------------------------------------------------
ENABLE_SECURITY={SAFE{enableSecurity}}
SECURITY_HOME={SAFE{serverDir}}/security
SECURITY_DEBUG=false
SECURITY_SUPERUSER_ROLE=fmesuperuser
#--------------------------------------
# Deployment Management
#--------------------------------------
NODE_CORE_ADMIN_PORT={SAFE{processMonitorAdminPortCore}}
#--------------------------------------
# Authentication
#--------------------------------------
SECURITY_LOGIN_TYPE=database
#SECURITY_LOGIN_TYPE=activedirectory
#SECURITY_AD_SERVER_AUTODETECT=true
#SECURITY_AD_USE_SASL_AUTHENTICATION=true
#SECURITY_AD_SASL_OPTION_MECHANISM=GSSAPI
#SECURITY_AD_PREAUTH_USERNAME=
#SECURITY_AD_PREAUTH_PASSWORD=
#SECURITY_AD_NT_DOMAIN=
# For SSL connections to Active Directory
#SECURITY_AD_USE_SSL=true
#SECURITY_AD_VERIFY_SSL_CERTIFICATES=true
#--------------------------------------
# Authorization
#--------------------------------------
SECURITY_ROLES_PUBPARM=FME_SECURITY_ROLES
SECURITY_USER_PUBPARM=FME_SECURITY_USER
SECURITY_FME_SERVER_HOST={SAFE{fmeserverHostnameLocal}}
SECURITY_FME_SERVER_CLUSTER={SAFE{securityCluster}}
SECURITY_FME_SERVER_REQUEST_PORT=7071
#-------------------------------------------------------------------------------
# Database Connection
#-------------------------------------------------------------------------------
{SAFE{pgsqlComment}}DB_TYPE=postgresql
{SAFE{pgsqlComment}}DB_DRIVER=org.postgresql.Driver
{SAFE{pgsqlComment}}DB_JDBC_URL=jdbc:postgresql://{SAFE{pgsqlHostname}}:{SAFE{pgsqlPort}}/fmeserver
{SAFE{pgsqlComment}}DB_USERNAME=fmeserver
{SAFE{pgsqlComment}}DB_PASSWORD=fmeserver
{SAFE{pgsqlComment}}DB_CONNECT_EXPIRY=60
{SAFE{pgsqlComment}}DB_SQLSTMTS_PATH={SAFE{serverDir}}/database
{SAFE{sqlserverComment}}DB_TYPE=sqlserver
{SAFE{sqlserverComment}}DB_DRIVER=com.microsoft.sqlserver.jdbc.SQLServerDriver
{SAFE{sqlserverComment}}DB_JDBC_URL=jdbc:sqlserver://{SAFE{sqlserverHostname}}:{SAFE{sqlserverPort}};databaseName=fmeserver
{SAFE{sqlserverComment}}DB_USERNAME=fmeserver
{SAFE{sqlserverComment}}DB_PASSWORD=$FME$1ser$ver
{SAFE{sqlserverComment}}DB_CONNECT_EXPIRY=60
{SAFE{sqlserverComment}}DB_SQLSTMTS_PATH={SAFE{serverDir}}/database
{SAFE{oracleComment}}DB_TYPE=oracle
{SAFE{oracleComment}}DB_DRIVER=oracle.jdbc.driver.OracleDriver
{SAFE{oracleComment}}DB_JDBC_URL=jdbc:oracle:thin:@{SAFE{oracleHostname}}:{SAFE{oraclePort}}:{SAFE{oracleSID}}
{SAFE{oracleComment}}DB_USERNAME=fmeserver
{SAFE{oracleComment}}DB_PASSWORD=fmeserver
{SAFE{oracleComment}}DB_CONNECT_EXPIRY=60
{SAFE{oracleComment}}DB_SQLSTMTS_PATH={SAFE{serverDir}}/database
# ************** FME SERVER SETTINGS END **************