When you configure MobileFirst Server administration service and MobileFirst Operations Console for your application server, you set optional or mandatory JNDI properties, in particular for Java™ Management Extensions (JMX).
The following properties can be set on the administration service web application mfp-admin-service.war.
| Property | Optional or mandatory | Description | Restrictions |
|---|---|---|---|
| mfp.admin.jmx.connector | Optional | The Java Management
Extensions (JMX) connector type. The possible values are SOAP and RMI. The default value is SOAP. |
WebSphere® Application Server only. |
| mfp.admin.jmx.host | Optional | Host name for the JMX REST connection. | Liberty profile only. |
| mfp.admin.jmx.port | Optional | Port for the JMX REST connection. | Liberty profile only. |
| mfp.admin.jmx.user | Mandatory for the Liberty profile and for WebSphere Application Server farm, optional otherwise | User name for the JMX REST connection. | WebSphere Application Server Liberty profile:
The user name for the JMX REST connection. WebSphere Application Server farm: the user name for the SOAP connection. WebSphere Application Server Network Deployment: the user name of the WebSphere administrator if the virtual host mapped to the MobileFirst server administration application is not the default host. Liberty collective: the user name of the controller administrator that is defined in the <administrator-role> element of the server.xml file of the Liberty controller. |
| mfp.admin.jmx.pwd | Mandatory for the Liberty profile and for WebSphere Application Server farm, optional otherwise | User password for the JMX REST connection. | WebSphere Application Server Liberty profile:
the user password for the JMX REST connection. WebSphere Application Server farm: the user password for the SOAP connection. WebSphere Application Server Network Deployment: the user password of the WebSphere administrator if the virtual host that is mapped to the MobileFirst Server server administration application is not the default host. Liberty collective: the password of the controller administrator that is defined in the <administrator-role> element of the server.xml file of the Liberty controller. |
| mfp.admin.rmi.registryPort | Optional | RMI registry port for the JMX connection through a firewall. | Tomcat only. |
| mfp.admin.rmi.serverPort | Optional | RMI server port for the JMX connection through a firewall. | Tomcat only. |
| mfp.admin.jmx.dmgr.host | Mandatory | Deployment manager host name. | WebSphere Application Server Network Deployment only. |
| mfp.admin.jmx.dmgr.port | Mandatory | Deployment manager RMI or SOAP port. | WebSphere Application Server Network Deployment only. |
| Property | Optional or mandatory | Description |
|---|---|---|
| mfp.admin.actions.prepareTimeout | Optional | Timeout in milliseconds to transfer data from
the adminstration service to the runtime during a deployment transaction.
If the runtime cannot be reached within this time, an error is raised
and the deployment transaction ends. Default value: 1800000 ms (30 min) |
| mfp.admin.actions.commitRejectTimeout | Optional | Timeout in milliseconds, when a runtime is contacted,
to commit or reject a deployment transaction. If the runtime cannot
be reached within this time, an error is raised and the deployment
transaction ends. Default value: 120000 ms (2 min) |
| mfp.admin.lockTimeoutInMillis | Optional | Timeout in milliseconds for obtaining the transaction
lock. Because deployment transactions run sequentially, they use a
lock. Therefore, a transaction must wait until a previous transaction
is finished. This timeout is the maximal time during which a transaction
waits. Default value: 1200000 ms (20 min) |
| mfp.admin.maxLockTimeInMillis | Optional | The maximal time during which a process can
take the transaction lock. Because deployment transactions run sequentially,
they use a lock. If the application server fails while a lock is taken,
it can happen in rare situations that the lock is not released at
the next restart of the application server. In this case, the lock
is released automatically after the maximum lock time so that the
server is not blocked forever. Set a time that is longer than a normal
transaction. Default value: 1800000 (30 min) |
| Property | Optional or mandatory | Description |
|---|---|---|
| mfp.admin.logging.formatjson | Optional | Set this property to true to
enable pretty formatting (extra blank space) of JSON objects in responses
and log messages. Setting this property is helpful when you debug
the server. Default value: false. |
| mfp.admin.logging.tosystemerror | Optional | Specifies whether all logging messages are also directed to System.Error. Setting this property is helpful when you debug the server. |
| Property | Optional or mandatory | Description |
|---|---|---|
| mfp.admin.proxy.port | Optional | If the MobileFirst administration server is behind a firewall or reverse proxy, this property specifies the address of the host. Set this property to enable a user outside the firewall to reach the MobileFirst administration server. Typically, this property is the port of the proxy, for example 443. It is necessary only if the protocol of the external and internal URIs are different. |
| mfp.admin.proxy.protocol | Optional | If the MobileFirst administration server is behind a firewall or reverse proxy, this property specifies the protocol (HTTP or HTTPS). Set this property to enable a user outside the firewall to reach the MobileFirst administration server. Typically, this property is set to the protocol of the proxy. For example, wl.net. This property is necessary only if the protocol of the external and internal URIs are different. |
| mfp.admin.proxy.scheme | Optional | This property is just an alternative name for mfp.admin.proxy.protocol. |
| mfp.admin.proxy.host | Optional | If the MobileFirst administration server is behind a firewall or reverse proxy, this property specifies the address of the host. Set this property to enable a user outside the firewall to reach the MobileFirst administration server. Typically, this property is the address of the proxy. |
| Property | Optional or mandatory | Description |
|---|---|---|
| mfp.admin.audit | Optional. | Set this property to false to disable the audit feature of the MobileFirst Operations Console. The default value is true. |
| mfp.admin.environmentid | Optional. | The environment identifier for the registration
of the MBeans. Use this identifier when different instances of the MobileFirst Server are installed on the same application server. The identifier determines which administration service, which console, and which runtimes belong to the same installation. The administration service manages only the runtimes that have the same environment identifier. |
| mfp.admin.serverid | Mandatory for server farms and Liberty collective, optional otherwise. | Server farm: the server identifier. Must be
different for each server in the farm. Liberty collective: the value must be controller. |
| mfp.admin.hsts | Optional. | Set to true to enable HTTP Strict Transport Security according to RFC 6797. |
| mfp.topology.platform | Optional | Server type. Valid values:
|
| mfp.topology.clustermode | Optional | In addition to the server type, specify here
the server topology. Valid values:
|
| mfp.admin.farm.heartbeat | Optional | This property enables you to set in minutes
the heartbeat rate that is used in server farm topologies. The default value is 2 minutes. In a server farm, all members must use the same heartbeat rate. If you set or change this JNDI value on one server in the farm, you must also set the same value on every other server in the farm. For more information, see Lifecycle of a server farm node. |
| mfp.admin.farm.missed.heartbeats.timeout | Optional | This property enables you to set the number
of missed heartbeats of a farm member before the status of the farm
member is considered to be failed or down. The default value is 2. In a server farm all members must use the same missed heartbeat value. If you set or change this JNDI value on one server in the farm, you must also set the same value on every other server in the farm. For more information, see Lifecycle of a server farm node. |
| mfp.admin.farm.reinitialize | Optional | A Boolean value (true or false) for re-registering or re-initializing the farm member. |
| mfp.swagger.ui.url | Optional | This property defines the URL of the Swagger user interface to be displayed in the administration console. |
| Property | Optional or mandatory | Description |
|---|---|---|
| mfp.admin.db.jndi.name | Optional | The JNDI name of the database. This parameter is the normal mechanism to specify the database. The default value is java:comp/env/jdbc/mfpAdminDS. |
| mfp.admin.db.openjpa.ConnectionDriverName | Optional Conditionally mandatory |
The fully qualified name of the database connection driver class. Mandatory only when the data source that is specified by the mfp.admin.db.jndi.name property is not defined in the application server configuration. |
| mfp.admin.db.openjpa.ConnectionURL | Optional Conditionally mandatory |
The URL for the database connection. Mandatory only when the data source that is specified by the mfp.admin.db.jndi.name property is not defined in the application server configuration. |
| mfp.admin.db.openjpa.ConnectionUserName | Optional Conditionally mandatory |
The user name for the database connection. Mandatory only when the data source that is specified by the mfp.admin.db.jndi.name property is not defined in the application server configuration. |
| mfp.admin.db.openjpa.ConnectionPassword | Optional Conditionally mandatory |
The password for the database connection. Mandatory only when the data source that is specified by the mfp.admin.db.jndi.name property is not defined in the application server configuration. |
| mfp.admin.db.openjpa.Log | Optional | This property is passed to OpenJPA and enables JPA logging. For more information, see the Apache OpenJPA User's Guide. |
| mfp.admin.db.type | Optional | This property defines the type of database. The default value is inferred from the connection URL. |
| Property | Optional or mandatory | Description |
|---|---|---|
| mfp.admin.license.key.server.host |
|
Host name of the Rational® License Key Server. |
| mfp.admin.license.key.server.port |
|
Port number of the Rational License Key Server. |
| Property | Optional or mandatory | Description |
|---|---|---|
| mfp.jndi.configuration | Optional | The name of the JNDI configuration if the JNDI properties (except this one) must be read from a property file that is injected into the WAR file. If you do not set this property, JNDI properties are not read from a property file. |
| mfp.jndi.file | Optional | The name of the file that contains the JNDI configuration if the JNDI properties (except this one) must be read from a file installed in the web server. If you do not set this property, JNDI properties are not read from a property file. |
The administration service uses a live update service as an auxiliary facility to store various configurations. Use these properties to configure how to reach the live update service.
| Property | Optional or mandatory | Description |
|---|---|---|
| mfp.config.service.url | Optional | The URL of the live update service. The default URL is derived from the URL of administration service by adding config to the context root of the administration service. |
| mfp.config.service.user | Mandatory | The user name that is used to access the live update service. In a server farm topology, the user name must be the same for all the members of the farm. |
| mfp.config.service.password | Mandatory | The password that is used to access the live update service. In a server farm topology, the password must be the same for all the members of the farm. |
| mfp.config.service.schema | Optional | The name of the schema that is used by the live update service. |
The administration service uses a push service as an auxiliary facility to store various push settings. Use these properties to configure how to reach the push service. Because the push service is protected by the OAuth security model, you must set various properties to enable confidential clients in OAuth.
| Property | Optional or mandatory | Description |
|---|---|---|
| mfp.admin.push.url | Optional | The URL of the push service. If the property is not specified, the push service is considered disabled. If the property is not properly set, the administration service cannot contact the push service and the administration of push services in MobileFirst Operations Console does not work. |
| mfp.admin.authorization.server.url | Optional | The URL of the OAuth authorization server that is used by the push service. The default URL is derived from the URL of the administration service by changing the context root to the context root of the first installed runtime. If you install multiple runtimes, it is best to set the property. If the property is not set properly, the administration service cannot contact the push service and the administration of push services in MobileFirst Operations Console does not work. |
| mfp.push.authorization.client.id | Optional, conditionally mandatory | The identifier of the confidential client that handles OAuth authorization for the push service. Mandatory only if the mfp.admin.push.url property is specified. |
| mfp.push.authorization.client.secret | Optional, conditionally mandatory | The secret of the confidential client that handles OAuth authorization for the push service. Mandatory only if the mfp.admin.push.url property is specified. |
| mfp.admin.authorization.client.id | Optional, conditionally mandatory | The identifier of the confidential client that handles OAuth authorization for the administration service. Mandatory only if the mfp.admin.push.url property is specified. |
| mfp.push.authorization.client.secret | Optional, conditionally mandatory | The secret of the confidential client that handles OAuth authorization for the administration service. Mandatory only if the mfp.admin.push.url property is specified. |
The following properties can be set on the web application (mfp-admin-ui.war) of MobileFirst Operations Console.
| Property | Optional or mandatory | Description |
|---|---|---|
| mfp.admin.endpoint | Optional | Enables the MobileFirst Operations Console to locate the MobileFirst Server administration REST service. Specify the external address and context root of the mfp-admin-service.war web application. In a scenario with a firewall or a secured reverse proxy, this URI must be the external URI and not the internal URI inside the local LAN. For example, https://wl.net:443/mfpadmin. |
| mfp.admin.global.logout | Optional | Clears the WebSphere user
authentication cache during the console logout. This property is useful
only for WebSphere Application Server V7. The default value is false. |
| mfp.admin.hsts | Optional | Set this property to true to
enable HTTP Strict Transport Security according to RFC 6797. For more
information, see the W3C Strict Transport Security page. The default value is false. |
| mfp.admin.ui.cors | Optional | The default value is true. For more information, see the W3C Cross-Origin Resource Sharing page. |
| mfp.admin.ui.cors.strictssl | Optional | Set to false to allow CORS situations where the MobileFirst Operations Console is secured with SSL (HTTPS protocol) while the MobileFirst Server administration service is not, or conversely. This property takes effect only if the mfp.admin.ui.cors property is enabled. |
To know how to set those properties, see Setting up JNDI properties for MobileFirst Server web applications.