{ "componentChunkName": "component---src-templates-docs-js", "path": "/admin/9-r-Proxy/9-directive-reference", "result": {"data":{"site":{"siteMetadata":{"title":"OpenIAM Documentation v2026.5.1 | OpenIAM","docsLocation":""}},"mdx":{"fields":{"id":"1db99926-8343-5221-8cf8-b7b07aebfefc","title":"mod_openiam Directive Reference","slug":"/admin/9-r-Proxy/9-directive-reference"},"body":"var _excluded = [\"components\"];\n\nfunction _extends() { _extends = Object.assign || function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return _extends.apply(this, arguments); }\n\nfunction _objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = _objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }\n\nfunction _objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }\n\n/* @jsxRuntime classic */\n\n/* @jsx mdx */\nvar _frontmatter = {\n \"title\": \"mod_openiam Directive Reference\",\n \"metaTitle\": \"mod_openiam Apache Directive Reference\",\n \"metaDescription\": \"Complete reference for all OPENIAM_ directives supported in apache.conf when configuring the rProxy (mod_openiam.so)\"\n};\nvar layoutProps = {\n _frontmatter: _frontmatter\n};\nvar MDXLayout = \"wrapper\";\nreturn function MDXContent(_ref) {\n var components = _ref.components,\n props = _objectWithoutProperties(_ref, _excluded);\n\n return mdx(MDXLayout, _extends({}, layoutProps, props, {\n components: components,\n mdxType: \"MDXLayout\"\n }), mdx(\"p\", null, \"The OpenIAM rProxy is implemented as a custom Apache module (\", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"mod_openiam.so\"), \"). All \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"OPENIAM_\"), \" directives listed here are \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"proprietary to this module\"), \" \\u2014 they are not standard Apache httpd directives. They are loaded into Apache via:\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\",\n \"className\": \"language-apache\"\n }, \"LoadModule openiam_module modules/mod_openiam.so\\n\")), mdx(\"blockquote\", null, mdx(\"p\", {\n parentName: \"blockquote\"\n }, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Scope note:\"), \" Some directives are global (outside any \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"\"), \" or \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"\"), \" block), some belong inside \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"\"), \" blocks. See the examples in \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"../../installation/1-rpm-installation/2-rproxy\"\n }, \"rProxy Installation\"), \" and the category notes below.\")), mdx(\"hr\", null), mdx(\"h2\", null, \"Core / ESB Connectivity\"), mdx(\"table\", null, mdx(\"thead\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"thead\"\n }, mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Directive\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Type\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Description\"))), mdx(\"tbody\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_ESBPath\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"URL\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"ESB endpoint. Use \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"http://esb:9080\"), \" for Docker or \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"http://localhost:9080\"), \" for standalone. Must be set outside \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"\"), \".\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_ConfigureBackend\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"URL\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Backend UI endpoint for the setup wizard. Use \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"http://ui:8080\"), \" for Docker or \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"http://localhost:8080\"), \" for standalone.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_ConfigureHost\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Path\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Redirect target when the content provider is not yet configured (e.g. \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"/webconsole/setup\"), \").\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_ConfigureUrls\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Path (repeatable)\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Paths accessible without authentication during initial setup. Can be specified multiple times.\")))), mdx(\"hr\", null), mdx(\"h2\", null, \"Authentication & Session\"), mdx(\"table\", null, mdx(\"thead\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"thead\"\n }, mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Directive\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Type\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Description\"))), mdx(\"tbody\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_AuthProvider\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"String\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Name of the authentication provider to use.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_AuthAuthoritative\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Whether OpenIAM auth is the authoritative authentication mechanism.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_AuthCookieName\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"String\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Override the default \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_AUTH_TOKEN\"), \" session cookie name.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_SetCookiesSecure\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Force the \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"Secure\"), \" attribute on all cookies set by the module.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_ReadCookiesFrom\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"String\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Read cookies from a header other than \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"Cookie\"), \".\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_LogoutRedirect\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"URL (repeatable)\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"One or more URLs to redirect through before reaching \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"/idp/logout\"), \".\")))), mdx(\"hr\", null), mdx(\"h2\", null, \"URL Routing & Redirects\"), mdx(\"table\", null, mdx(\"thead\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"thead\"\n }, mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Directive\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Type\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Description\"))), mdx(\"tbody\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_DefaultUrl\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"URL\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Default redirect URL after login (e.g. \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"/selfservice/\"), \"). Used inside \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"\"), \".\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_DefaultPostbackUrl\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"URL\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Default postback URL to return to after authentication.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_DefaultTimeout\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Integer\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Default request timeout in seconds.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_DefaultUrlForLang\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"URL\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Redirect from \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"/\"), \" to this URL when a language cookie is present.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_NoAuth\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Path (repeatable)\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Paths that bypass authentication. Can be specified multiple times.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_NoAuthOnPath\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Path\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Skip authentication for this specific path.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_Redirect\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"URL\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Unconditionally redirect to this URL.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_RedirectWithAuth\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"URL\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Redirect to this URL when the user is authenticated.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_RedirectWithoutAuth\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"URL\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Redirect to this URL when the user is not authenticated.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_RedirectBackUrl\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"URL\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"URL to return the user to after completing authentication.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_RedirectBackForLang\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"String\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Set the \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_REDIRECT_BACK\"), \" cookie for a specific language for \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"/\"), \" and \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"/idp/login\"), \".\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_FixRedirectForLang\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Enable or disable language-cookie-based redirects for \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"/\"), \" and \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"/idp/login\"), \".\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_FixLocationList\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"String (repeatable)\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"List of \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"Location\"), \" response headers to rewrite.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_ProxyPassReverse\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"URL\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Adjust \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"Location\"), \" headers in proxied responses (equivalent to Apache's \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"ProxyPassReverse\"), \").\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_OutHeadersRedirectName\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"String\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Name of a response header to inspect for conditional redirects.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_OutHeadersRedirectValues\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"String\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Two-argument value: if the header named by \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_OutHeadersRedirectName\"), \" contains this value, redirect to the given URL.\")))), mdx(\"hr\", null), mdx(\"h2\", null, \"Security Headers\"), mdx(\"table\", null, mdx(\"thead\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"thead\"\n }, mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Directive\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Type\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Description\"))), mdx(\"tbody\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_CSPEnabled\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Enable automatic \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"Content-Security-Policy\"), \" header generation.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_CSPOverride\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"String\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Fully replace the default CSP header value with this string.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_CSPOverrideWithCors\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"String\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Replace the CSP header value and also add CORS headers. Useful when \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_CORSAllowAll on\"), \" is insufficient.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_CSPReportEnalbed\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Enable CSP violation reporting. (\", mdx(\"strong\", {\n parentName: \"td\"\n }, \"Note:\"), \" directive name contains a typo \\u2014 \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"Enalbed\"), \" \\u2014 use exactly as written.)\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_CSPReportOnly\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Set CSP header in \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"Report-Only\"), \" mode (logs violations without blocking).\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_CORSAllowAll\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Add \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"Access-Control-Allow-Origin: *\"), \" and related CORS headers to responses.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_AddHSTSHeaders\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Add \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"Strict-Transport-Security\"), \" (HSTS) headers.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_DefaultRespHeader\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"String (repeatable)\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Set a default response header if it has not already been set by the upstream. Format: \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_DefaultRespHeader Header-Name value\"), \". Example: \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_DefaultRespHeader Referrer-Policy strict-origin\"), \".\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_RandomIV\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Use a random initialization vector for encryption. Default: \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \".\")))), mdx(\"h3\", null, \"CSP Example\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\",\n \"className\": \"language-apache\"\n }, \"# Simple \\u2014 use built-in CSP generation\\nOPENIAM_CSPEnabled on\\n\\n# Override with a custom policy\\nOPENIAM_CSPOverride \\\"default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval'; \\\\\\n script-src 'self' 'unsafe-inline' 'unsafe-eval' apis.google.com; \\\\\\n style-src 'self' 'unsafe-inline' 'unsafe-eval' *; \\\\\\n img-src 'self' data:; \\\\\\n font-src 'self' *;\\\"\\n\\n# Override CSP and add CORS headers at the same time\\nOPENIAM_CSPOverrideWithCors \\\"default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval'; \\\\\\n script-src 'self' 'unsafe-inline' 'unsafe-eval' apis.google.com; \\\\\\n style-src 'self' 'unsafe-inline' 'unsafe-eval' *; \\\\\\n form-action 'self' 'unsafe-inline' 'unsafe-eval' *; \\\\\\n img-src 'self' data:; \\\\\\n font-src 'self' *;\\\"\\n\")), mdx(\"hr\", null), mdx(\"h2\", null, \"Client Certificate Authentication\"), mdx(\"table\", null, mdx(\"thead\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"thead\"\n }, mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Directive\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Type\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Description\"))), mdx(\"tbody\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_CertPromptUrl\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"URL\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"URL that triggers the certificate selection prompt (e.g. \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"/idp/auth-cert\"), \").\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_ClientCertHeaderName\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"String\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Name of the HTTP header that contains the client certificate (used with \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_ReadClientCertFromHeader\"), \"). Default: \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"x-openiam-client-cert\"), \".\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_ReadClientCertFromHeader\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Read the client certificate from the header specified by \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_ClientCertHeaderName\"), \" rather than from the TLS handshake.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_NoAuthHeaderForCertAuth\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"String\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Skip setting the auth header when cert-based auth is used.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_NoAuthHeaderForCertFromHeader\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"String\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Skip setting the auth header when the cert is read from a header.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_NoCookieForCertAuth\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Do not set the session cookie when cert-based auth is used.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_NoCookieForCertFromHeader\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Do not set the session cookie when the cert is read from a header.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_DebugCertAuth\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Enable verbose debug logging for certificate authentication.\")))), mdx(\"hr\", null), mdx(\"h2\", null, \"Kerberos Authentication\"), mdx(\"table\", null, mdx(\"thead\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"thead\"\n }, mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Directive\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Type\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Description\"))), mdx(\"tbody\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_Kerberos\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Enable Kerberos (SPNEGO) authentication handling.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_KrbPrincipalOnly\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Strip the realm from the Kerberos principal and use only the username portion.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_KrbPrincipalPrefix\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"String\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Prefix to prepend to the Kerberos principal before passing it to OpenIAM.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_KrbPrincipalSuffix\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"String\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Suffix to append to the Kerberos principal before passing it to OpenIAM.\")))), mdx(\"p\", null, \"See also: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"./8-kerberos\"\n }, \"Kerberos configuration guide\"), \".\"), mdx(\"hr\", null), mdx(\"h2\", null, \"Forwarded Headers / Client IP\"), mdx(\"table\", null, mdx(\"thead\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"thead\"\n }, mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Directive\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Type\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Description\"))), mdx(\"tbody\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_Client_Ip_Header\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"String\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Name of the header from which to read the originating client IP address.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_Forwarded_For_Header\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"String\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Header name to use for forwarding the client IP (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"X-Forwarded-For\"), \").\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_Forwarded_By_Header\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"String\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Header name to use for the proxy identity (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"X-Forwarded-By\"), \").\")))), mdx(\"hr\", null), mdx(\"h2\", null, \"SOAP / Header-Based Authentication\"), mdx(\"table\", null, mdx(\"thead\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"thead\"\n }, mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Directive\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Type\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Description\"))), mdx(\"tbody\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_SoapHeader\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"String\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Set a SOAP header on backend requests.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_SoapAuthHeaders\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Include authentication headers in SOAP requests to the backend.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_AuthHeaderUsername\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"String\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Header name for the username in header-based authentication flows.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_AutnHeaderPassword\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"String\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Header name for the password in header-based authentication flows. (\", mdx(\"strong\", {\n parentName: \"td\"\n }, \"Note:\"), \" directive name contains a typo \\u2014 \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"Autn\"), \" \\u2014 use exactly as written.)\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_UserParam\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"String\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"URL query parameter name for the username.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_PasswordParam\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"String\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"URL query parameter name for the password.\")))), mdx(\"hr\", null), mdx(\"h2\", null, \"cURL Backend Transport\"), mdx(\"p\", null, \"By default the module uses Apache's internal HTTP client. To use libcurl instead:\"), mdx(\"table\", null, mdx(\"thead\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"thead\"\n }, mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Directive\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Type\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Description\"))), mdx(\"tbody\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_UseCurl\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Use libcurl for all backend HTTP requests. Default: \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \".\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_CurlPoolEnable\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Enable a persistent cURL connection pool.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_CurlPoolSize\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Integer\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Number of connections in the cURL pool. Default: \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"32\"), \".\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_CurlConnectTimeout\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Integer\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"TCP connection timeout in seconds. Default: \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"2\"), \".\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_CurlTimeout\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Integer\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Total request timeout in seconds. Default: \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"10\"), \".\")))), mdx(\"hr\", null), mdx(\"h2\", null, \"Worker Pool\"), mdx(\"p\", null, \"The worker pool manages a set of persistent backend connections. These directives are set globally (outside \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"\"), \"):\"), mdx(\"table\", null, mdx(\"thead\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"thead\"\n }, mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Directive\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Type\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Description\"))), mdx(\"tbody\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_WorkerPooEnabled\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"On\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"Off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Enable the worker pool. (\", mdx(\"strong\", {\n parentName: \"td\"\n }, \"Note:\"), \" directive name contains a typo \\u2014 \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"Poo\"), \" \\u2014 use exactly as written.)\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_WorkerPoolMin\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Integer\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Minimum number of workers to keep alive.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_WorkerPoolMax\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Integer\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Maximum number of workers.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_WorkerPoolSoftMax\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Integer\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Soft maximum \\u2014 workers above this value are eligible for idle reaping.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_WorkerPoolTTL\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Integer\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Time-to-live for an idle worker connection, in seconds.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_WorkerPoolTimeout\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Integer\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Timeout for a worker request, in seconds.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_WorkerPoolKeepAlive\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"On\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"Off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Keep backend connections alive between requests.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_WorkerPoolRetry\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Integer\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Number of times to retry a failed backend request.\")))), mdx(\"h3\", null, \"Recommended worker pool settings (Docker deployment)\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\",\n \"className\": \"language-apache\"\n }, \"OPENIAM_WorkerPooEnabled On\\nOPENIAM_WorkerPoolMin 25\\nOPENIAM_WorkerPoolMax 100\\nOPENIAM_WorkerPoolSoftMax 100\\nOPENIAM_WorkerPoolTTL 600\\nOPENIAM_WorkerPoolTimeout 300\\nOPENIAM_WorkerPoolKeepAlive On\\nOPENIAM_WorkerPoolRetry 0\\n\\nOPENIAM_CurlPoolEnable On\\nOPENIAM_CurlPoolSize 32\\nOPENIAM_CurlConnectTimeout 2\\nOPENIAM_CurlTimeout 10\\n\")), mdx(\"hr\", null), mdx(\"h2\", null, \"Debug & Logging\"), mdx(\"p\", null, \"All debug directives default to \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"off\"), \". Enable only as needed for troubleshooting \\u2014 they produce significant log volume.\"), mdx(\"table\", null, mdx(\"thead\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"thead\"\n }, mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Directive\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Type\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Description\"))), mdx(\"tbody\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_Verbose\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Enable verbose module logging.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_DebugESB\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Log all ESB request/response details.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_DebugCookies\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Log cookie inspection and manipulation.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_DebugRespHeaders\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Log outgoing response headers.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_DebugPatterns\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Log URL pattern matching decisions.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_PrintTimings\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Log request timing information (useful for latency diagnosis).\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_AllowDumpHeaders\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Enable header dumping (required for the Dump* directives below to show headers).\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_DumpRequests\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Dump incoming request metadata to the error log.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_DumpRequestsBody\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Dump incoming request bodies.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_DumpRequestBody_filter\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"String\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Only dump request bodies matching this pattern.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_DumpNoAuth\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Also dump requests that do not require authentication.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_DumpResponses\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Dump outgoing response metadata.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"OPENIAM_DumpResponsesBody\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Flag (\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"on\"), \"/\", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"off\"), \")\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Dump outgoing response bodies.\")))), mdx(\"h3\", null, \"Full debug configuration example\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\",\n \"className\": \"language-apache\"\n }, \"LogLevel debug\\n\\nOPENIAM_Verbose on\\nOPENIAM_DebugESB on\\nOPENIAM_DebugCookies on\\nOPENIAM_DebugCertAuth on\\nOPENIAM_PrintTimings on\\nOPENIAM_AllowDumpHeaders on\\nOPENIAM_DumpRequests on\\nOPENIAM_DumpRequestsBody on\\nOPENIAM_DumpResponses on\\nOPENIAM_DumpResponsesBody on\\nOPENIAM_DebugRespHeaders on\\n\")));\n}\n;\nMDXContent.isMDXComponent = true;","tableOfContents":{"items":[{"url":"#core--esb-connectivity","title":"Core / ESB Connectivity"},{"url":"#authentication--session","title":"Authentication & Session"},{"url":"#url-routing--redirects","title":"URL Routing & Redirects"},{"url":"#security-headers","title":"Security Headers","items":[{"url":"#csp-example","title":"CSP Example"}]},{"url":"#client-certificate-authentication","title":"Client Certificate Authentication"},{"url":"#kerberos-authentication","title":"Kerberos Authentication"},{"url":"#forwarded-headers--client-ip","title":"Forwarded Headers / Client IP"},{"url":"#soap--header-based-authentication","title":"SOAP / Header-Based Authentication"},{"url":"#curl-backend-transport","title":"cURL Backend Transport"},{"url":"#worker-pool","title":"Worker Pool","items":[{"url":"#recommended-worker-pool-settings-docker-deployment","title":"Recommended worker pool settings (Docker deployment)"}]},{"url":"#debug--logging","title":"Debug & Logging","items":[{"url":"#full-debug-configuration-example","title":"Full debug configuration example"}]}]},"parent":{"relativePath":"admin/9-r-Proxy/9-directive-reference.md"},"frontmatter":{"metaTitle":"mod_openiam Apache Directive Reference","metaDescription":"Complete reference for all OPENIAM_ directives supported in apache.conf when configuring the rProxy (mod_openiam.so)"}},"allMdx":{"edges":[{"node":{"fields":{"slug":"/admin","title":"Administration guide"}}},{"node":{"fields":{"slug":"/appendix","title":"Appendix"}}},{"node":{"fields":{"slug":"/changelog","title":"Change log"}}},{"node":{"fields":{"slug":"/connectorconfig","title":"IdM Connectors"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice","title":"End user guide for SelfService portal"}}},{"node":{"fields":{"slug":"/ssocatalog","title":"SSO Catalog"}}},{"node":{"fields":{"slug":"/getting-started","title":"Getting Started"}}},{"node":{"fields":{"slug":"/troubleshooting","title":"FAQ / Troubleshooting"}}},{"node":{"fields":{"slug":"/developerguide","title":"Developer Guide"}}},{"node":{"fields":{"slug":"/whatsnew","title":"What's new in OpenIAM"}}},{"node":{"fields":{"slug":"/installation","title":"Installing OpenIAM"}}},{"node":{"fields":{"slug":"/admin/0-login","title":"Logging in to the admin portal"}}},{"node":{"fields":{"slug":"/admin/1-exportimport","title":"Import / Export"}}},{"node":{"fields":{"slug":"/","title":"Welcome to the OpenIAM Documentation"}}},{"node":{"fields":{"slug":"/admin/1-usradmin","title":"User administration"}}},{"node":{"fields":{"slug":"/admin/10-consent-management","title":"Consent management"}}},{"node":{"fields":{"slug":"/admin/10-password","title":"Password policy"}}},{"node":{"fields":{"slug":"/admin/12-administration","title":"Administration"}}},{"node":{"fields":{"slug":"/admin/13-selfregistration","title":"Self-registration"}}},{"node":{"fields":{"slug":"/admin/15-audit","title":"Audit"}}},{"node":{"fields":{"slug":"/admin/14-Help.Desk.User.Profile.Protection","title":"HelpDesk profile protection"}}},{"node":{"fields":{"slug":"/admin/18-services-passwd-change-k8","title":"Password update for OpenIAM services in Kubernetes"}}},{"node":{"fields":{"slug":"/admin/2-authentication","title":"Authentication"}}},{"node":{"fields":{"slug":"/admin/20-virtual-tentant-by-org","title":"Enabling a virtual tenant by organization"}}},{"node":{"fields":{"slug":"/admin/21-graph-rebuild","title":"Rebuilding OpenIAM's in-memory authorization graph"}}},{"node":{"fields":{"slug":"/admin/3-authz","title":"Managing access"}}},{"node":{"fields":{"slug":"/admin/22-token-session-util","title":"Session management utility for RPM"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding","title":"Application onboarding"}}},{"node":{"fields":{"slug":"/admin/16-admin-pswd-change","title":"Password reset for administrator's account"}}},{"node":{"fields":{"slug":"/admin/19-reports","title":"OpenIAM report services"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov","title":"Requests / Approval"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle","title":"Automated provisioning"}}},{"node":{"fields":{"slug":"/admin/8-sso","title":"Federation / SSO to applications"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy","title":"Access gateway"}}},{"node":{"fields":{"slug":"/appendix/1-self-signedcert","title":"Generate Self-signed Cert"}}},{"node":{"fields":{"slug":"/admin/7-access-cert","title":"User access review"}}},{"node":{"fields":{"slug":"/appendix/2-openssl","title":"Install OpenSSL"}}},{"node":{"fields":{"slug":"/appendix/4-prepforprod","title":"Prepare for Production"}}},{"node":{"fields":{"slug":"/changelog/12-Release-4.2.1.6","title":"Release 4.2.1.6"}}},{"node":{"fields":{"slug":"/changelog/13-Release-4.2.1.7","title":"Release 4.2.1.7"}}},{"node":{"fields":{"slug":"/changelog/14-Release-4.2.1.8","title":"Release 4.2.1.8"}}},{"node":{"fields":{"slug":"/changelog/11-Release-4.2.1.5","title":"Release 4.2.1.5"}}},{"node":{"fields":{"slug":"/changelog/15-Release-4.2.1.9","title":"Release 4.2.1.9"}}},{"node":{"fields":{"slug":"/appendix/3-installopenldap","title":"Install OpenLDAP on Ubuntu"}}},{"node":{"fields":{"slug":"/changelog/18-Release-4.2.1.12","title":"Release 4.2.1.12"}}},{"node":{"fields":{"slug":"/changelog/16-Release-4.2.1.10","title":"Release 4.2.1.10"}}},{"node":{"fields":{"slug":"/changelog/17-Release-4.2.1.11","title":"Release 4.2.1.11"}}},{"node":{"fields":{"slug":"/changelog/20-Release-4.2.1.14","title":"Release 4.2.1.14"}}},{"node":{"fields":{"slug":"/changelog/21-Release-4.2.1.15","title":"Release 4.2.1.15"}}},{"node":{"fields":{"slug":"/changelog/22-v2026.1.1","title":"Changelog for v2026.1.1"}}},{"node":{"fields":{"slug":"/connectorconfig/2-configparam","title":"Connector parameters"}}},{"node":{"fields":{"slug":"/connectorconfig/4-troubleshootingconnector","title":"Provisioning operations troubleshooting"}}},{"node":{"fields":{"slug":"/connectorconfig/JDBC","title":"JDBC connector"}}},{"node":{"fields":{"slug":"/connectorconfig/LDAP","title":"LDAP connector"}}},{"node":{"fields":{"slug":"/connectorconfig/SAPUME","title":"SAP UME connector"}}},{"node":{"fields":{"slug":"/connectorconfig/adp","title":"ADP connector"}}},{"node":{"fields":{"slug":"/connectorconfig/aerospike","title":"Aerospike connector"}}},{"node":{"fields":{"slug":"/changelog/19-Release-4.2.1.13","title":"Release 4.2.1.13"}}},{"node":{"fields":{"slug":"/connectorconfig/linux","title":"Linux connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft","title":"Microsoft Application Connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/aws","title":"AWS connector"}}},{"node":{"fields":{"slug":"/connectorconfig/oracle","title":"Oracle RDBMS connector"}}},{"node":{"fields":{"slug":"/connectorconfig/oracleebs","title":"Oracle EBS connector"}}},{"node":{"fields":{"slug":"/connectorconfig/postgresql","title":"PostgreSQL connector"}}},{"node":{"fields":{"slug":"/connectorconfig/rexx","title":"Rexx connector"}}},{"node":{"fields":{"slug":"/connectorconfig/gsuite","title":"GSuite connector"}}},{"node":{"fields":{"slug":"/connectorconfig/scim","title":"SCIM connector"}}},{"node":{"fields":{"slug":"/connectorconfig/sap","title":"SAP S/4 Hana connector"}}},{"node":{"fields":{"slug":"/connectorconfig/scriptConnector","title":"Groovy Script connector"}}},{"node":{"fields":{"slug":"/connectorconfig/tableau","title":"Tableau connector"}}},{"node":{"fields":{"slug":"/developerguide/10-OpenIAM-opensource-rep","title":"OpenIAM open source repository"}}},{"node":{"fields":{"slug":"/connectorconfig/workday","title":"Workday connector"}}},{"node":{"fields":{"slug":"/developerguide/1-custom-css","title":"Customizing branding"}}},{"node":{"fields":{"slug":"/developerguide/3-whitelisting","title":"Whitelisting packages"}}},{"node":{"fields":{"slug":"/developerguide/4-scheduledtasks","title":"Batch/Scheduled tasks"}}},{"node":{"fields":{"slug":"/connectorconfig/freeIPA","title":"FreeIPA connector"}}},{"node":{"fields":{"slug":"/developerguide/5-datamodel","title":"Data model"}}},{"node":{"fields":{"slug":"/developerguide/2-api","title":"RESTful API"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization","title":"Synchronization Scripts"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/1-login","title":"Logging in to SelfService portal"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice","title":"Operations via SelfService portal"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess","title":"User access rights"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest","title":"Request management"}}},{"node":{"fields":{"slug":"/getting-started/1-what_is_openiam","title":"What is OpenIAM?"}}},{"node":{"fields":{"slug":"/getting-started/2-productarchitecture","title":"Platform architecture"}}},{"node":{"fields":{"slug":"/getting-started/3-install_openiam","title":"Installing OpenIAM"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/6-singlesignon","title":"Single sign-on"}}},{"node":{"fields":{"slug":"/getting-started/21-concepts","title":"Concepts"}}},{"node":{"fields":{"slug":"/getting-started/5-connecting","title":"Connecting to an authoritative source"}}},{"node":{"fields":{"slug":"/developerguide/6-ide","title":"Script development using an IDE"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding","title":"Application onboarding"}}},{"node":{"fields":{"slug":"/getting-started/7-selfservice-pswd","title":"SelfService password reset"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce","title":"Discovery questions"}}},{"node":{"fields":{"slug":"/getting-started/9-openiam-as-IdP","title":"Integrating OpenIAM as your IdP"}}},{"node":{"fields":{"slug":"/getting-started/8-openiam-with-IdP","title":"Integrating OpenIAM with your IdP"}}},{"node":{"fields":{"slug":"/getting-started/99-multifactor-authentication","title":"Configuring multi-factor authentication"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning","title":"Automated user provisioning"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation","title":"Deploying via RPM on Linux"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation","title":"Deploying to Kubernetes"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation","title":"Deploying on OpenShift"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation","title":"Deploying via Docker"}}},{"node":{"fields":{"slug":"/installation/8-sizing","title":"Sizing recommendations"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous","title":"Miscellaneous related articles"}}},{"node":{"fields":{"slug":"/ssocatalog/AWS","title":"AWS SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Gsuite","title":"GSuite SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Freshdesk","title":"Freshdesk SSO"}}},{"node":{"fields":{"slug":"/installation/9-data_migration","title":"OpenIAM data migration"}}},{"node":{"fields":{"slug":"/ssocatalog/Azure","title":"Azure SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Office365","title":"Office365 SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Salesforce","title":"Salesforce.com"}}},{"node":{"fields":{"slug":"/ssocatalog/okta","title":"Okta SSO"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster","title":"Cluster"}}},{"node":{"fields":{"slug":"/troubleshooting/connectors","title":"Connectors"}}},{"node":{"fields":{"slug":"/troubleshooting/docker","title":"Docker Swarm"}}},{"node":{"fields":{"slug":"/troubleshooting/environment","title":"Environment"}}},{"node":{"fields":{"slug":"/troubleshooting/operational","title":"Operational"}}},{"node":{"fields":{"slug":"/troubleshooting/rpm","title":"RPM"}}},{"node":{"fields":{"slug":"/whatsnew/10-v4218","title":"New in v4.2.1.8"}}},{"node":{"fields":{"slug":"/whatsnew/1-v420","title":"New in v4.2.0.0"}}},{"node":{"fields":{"slug":"/whatsnew/12-v42110","title":"New in v4.2.1.10"}}},{"node":{"fields":{"slug":"/whatsnew/11-v4219","title":"New in v4.2.1.9"}}},{"node":{"fields":{"slug":"/whatsnew/16-v42115","title":"New in v4.2.1.15"}}},{"node":{"fields":{"slug":"/troubleshooting/v3_update","title":"Update from V3.X to V4.X"}}},{"node":{"fields":{"slug":"/whatsnew/15-v42113","title":"New in v4.2.1.13"}}},{"node":{"fields":{"slug":"/whatsnew/16-v422","title":"New in v4.2.2"}}},{"node":{"fields":{"slug":"/whatsnew/17-v2026.1.1","title":"New in v2026.1.1"}}},{"node":{"fields":{"slug":"/whatsnew/18-v2026.2.1","title":"New in v2026.2.1"}}},{"node":{"fields":{"slug":"/whatsnew/18-v2026.3.1","title":"New in v2026.3.1"}}},{"node":{"fields":{"slug":"/whatsnew/19-v2026.3.2","title":"New in v2026.3.2"}}},{"node":{"fields":{"slug":"/whatsnew/20-v2026.4.1","title":"New in v2026.4.1"}}},{"node":{"fields":{"slug":"/whatsnew/21-v2026.4.2","title":"New in v2026.4.2"}}},{"node":{"fields":{"slug":"/whatsnew/7-v4215","title":"New in v4.2.1.5"}}},{"node":{"fields":{"slug":"/whatsnew/8-v4216","title":"New in v4.2.1.6"}}},{"node":{"fields":{"slug":"/whatsnew/13-v42111","title":"New in v4.2.1.11"}}},{"node":{"fields":{"slug":"/whatsnew/22-v2026.5.1","title":"New in v2026.5.1"}}},{"node":{"fields":{"slug":"/connectorconfig/salesforce","title":"Salesforce.com connector"}}},{"node":{"fields":{"slug":"/admin/17-services-manual-passwd-change","title":"Manual password update for OpenIAM services in RPM"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/10-bulkoperations","title":"Bulk operations"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/1-createuser","title":"Creating a user"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/11-bulkentitlements","title":"Bulk operations with entitlements"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/12-externaldelegation","title":"Organization level delegation"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/13-unlock-account","title":"Unlocking an account"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/14-add-remove-entitlements","title":"Adding/Removing entitlements"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/16-user-conversion","title":"User conversion"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/18-creating-new-dept-division","title":"Creating a new department or division"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/17-newhireworkflow","title":"New hire workflow configuration"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/2-usertypes","title":"Custom user types"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/15-rehireuserflow","title":"Rehire user flow"}}},{"node":{"fields":{"slug":"/whatsnew/14-v42112","title":"New in v4.2.1.12"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/6-relatedAccount","title":"Related accounts"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/5-finduser","title":"User search"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/8-serviceaccounts","title":"Service accounts"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/9-orphanmanagement","title":"Orphan management"}}},{"node":{"fields":{"slug":"/whatsnew/9-v4217","title":"New in v4.2.1.7"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/7-customfields","title":"Custom fields"}}},{"node":{"fields":{"slug":"/admin/10-password/1-pswd-compromised","title":"Password breach detection"}}},{"node":{"fields":{"slug":"/admin/12-administration/3-squence-generator","title":"Sequence generators"}}},{"node":{"fields":{"slug":"/admin/12-administration/5-links","title":"External links on login page"}}},{"node":{"fields":{"slug":"/admin/12-administration/6-languages","title":"Managing languages"}}},{"node":{"fields":{"slug":"/admin/12-administration/7-reconciliationhistory","title":"Reconciliation history"}}},{"node":{"fields":{"slug":"/admin/12-administration/8-aboutopenIAM-page","title":"About OpenIAM Page"}}},{"node":{"fields":{"slug":"/admin/12-administration/99-heartbeat","title":"Heartbeat links"}}},{"node":{"fields":{"slug":"/admin/12-administration/9-reindex_elasticsearch","title":"Reindex Opensearch"}}},{"node":{"fields":{"slug":"/admin/15-audit/2-audit-log-export-connector","title":"Audit log export connector"}}},{"node":{"fields":{"slug":"/admin/15-audit/1-audit-events-interpret","title":"Audit events interpretation"}}},{"node":{"fields":{"slug":"/admin/2-authentication/1-auth-overview","title":"Configuring authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/10-fidologin","title":"FIDO-2 authentication"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/3-adminoperations","title":"Administrative actions on a User"}}},{"node":{"fields":{"slug":"/admin/2-authentication/11-credentialprovider","title":"Credential provider"}}},{"node":{"fields":{"slug":"/admin/2-authentication/14-duo-auth","title":"Duo authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/13-criiptoauth","title":"Criipto authentication"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration","title":"Configuring page templates"}}},{"node":{"fields":{"slug":"/admin/2-authentication/16-external-multiselect-auth","title":"External/multiselect authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/15-modernauth","title":"Microsoft Modern authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/2-auth-policy","title":"Authentication policy"}}},{"node":{"fields":{"slug":"/admin/2-authentication/21-dashboards","title":"Monitoring dashboards"}}},{"node":{"fields":{"slug":"/admin/2-authentication/2-delegatedauth","title":"Managed System authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/3-passwordauth","title":"Password-based authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/7-otp","title":"OTP over SMS or E-mail"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social","title":"Social authentication"}}},{"node":{"fields":{"slug":"/admin/3-authz/1-overview","title":"Introduction to access control"}}},{"node":{"fields":{"slug":"/admin/2-authentication/9-adaptiveauth","title":"Adaptive authentication"}}},{"node":{"fields":{"slug":"/admin/3-authz/10-accessright","title":"Access rights"}}},{"node":{"fields":{"slug":"/admin/3-authz/11-contentprovider","title":"Content provider"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus","title":"Menus"}}},{"node":{"fields":{"slug":"/admin/3-authz/3-conflict-groups","title":"Conflict Groups"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles","title":"Managing roles"}}},{"node":{"fields":{"slug":"/admin/3-authz/3-groups","title":"Managing groups"}}},{"node":{"fields":{"slug":"/admin/3-authz/4-types","title":"Metadata types"}}},{"node":{"fields":{"slug":"/admin/3-authz/5-resources","title":"Managing resources"}}},{"node":{"fields":{"slug":"/admin/3-authz/8-accesstossoapps","title":"Access to SSO applications"}}},{"node":{"fields":{"slug":"/admin/2-authentication/12-account-unlock","title":"Setting up account unlock"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding/1-Automated-applications","title":"Connected applications"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding/2-Manual-applications","title":"Manual applications"}}},{"node":{"fields":{"slug":"/admin/2-authentication/12-certificateauth","title":"Configuring certificate-based authentication"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/10-managedsystemsimulation","title":"Managed system simulation mode"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/12-LDAP-managedsys-config","title":"LDAP Managed system configuration"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/11-provisioning-config","title":"Configure Provisioning"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/2-incrementalsynch","title":"Incremental synchronization"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/1-synch","title":"Configuring synchronization"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/3-recon","title":"Configure reconciliation"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/4-birthright","title":"Birthright access"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/6-managedsystem-config","title":"Managed system configuration"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/5-recon-groovy","title":"Groovy Scripts for Reconciliation"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/9-importorganization","title":"Import Organizations"}}},{"node":{"fields":{"slug":"/admin/3-authz/9-approvalflow","title":"Configuring approval workflows"}}},{"node":{"fields":{"slug":"/admin/3-authz/6-organization","title":"Managing organizations"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/8-importentitlements","title":"Import entitlements"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/2-approval-flow","title":"Approval flow"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/4-post-request","title":"After request has been approved"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/5-approve-by-email","title":"Approving requests via Email"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/3-manualTasks","title":"Manual tasks"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/1-entitlmentcert","title":"Entitlement based certification"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/7-questionnaire","title":"Questionnaire"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/10-mitigation-controls","title":"Mitigation controls for SoD"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/2-risk-event-driven-cert","title":"Risk event driven certification"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/2-risk-factor-config","title":"Risk factors configuration"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/2-usercert","title":"User based review"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/3-certification-reporting","title":"Certification reporting"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/5-delete-campaign","title":"Deleting an access certification campaign"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/4-membership-tags","title":"Membership tags"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/6-campaign-database","title":"Access certification campaigns as database objects"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/1-application-category","title":"Application categories"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/8-multiple-reviwer-campaigns","title":"Multi-reviewer user access review campaigns"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/9-segregation-of-duties","title":"Segregation of Duties (SoD) policies"}}},{"node":{"fields":{"slug":"/admin/8-sso/1-saml","title":"Add SAML SP to OpenIAM"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/7-expiration-policy","title":"Expiration policy"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/1-formfill","title":"Form Fill"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/2-headerinj","title":"Header Injection"}}},{"node":{"fields":{"slug":"/admin/8-sso/5-auth_scopes","title":"OpenIAM oAuth scopes"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/3-urlrewriting","title":"URL Rewriting"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/6-example","title":"Examples"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/8-kerberos","title":"Setting up Kerberos via rProxy"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/7-rProxy-loadbalancer","title":"Reverse Proxy with Load Balancer"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/9-directive-reference","title":"mod_openiam Directive Reference"}}},{"node":{"fields":{"slug":"/admin/8-sso/2-oauth2","title":"oAuth 2.0"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/10-winlocal","title":"WinLocal OpenIAM connector"}}},{"node":{"fields":{"slug":"/admin/8-sso/3-oidc","title":"OpenID Connect"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/1-powershellconnectorinstallation","title":"Installing PowerShell connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/12-dynamics365FO","title":"Dynamics365 Finance&Operations connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/12-WindowsPasswordFilter","title":"AD Password Filter"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/13-successfactors","title":"SuccessFactors connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/14-psgraph","title":"Microsoft Graph PowerShell connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/15-powershell-generic","title":"Building a custom PowerShell connector for OpenIAM"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management","title":"Mail management"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig","title":"System configuration"}}},{"node":{"fields":{"slug":"/admin/12-administration/4-otpconfig","title":"Configure OTP Provider"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/16-teams","title":"Microsoft Teams connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/3-powershellconnectorupdate","title":"Updating PowerShell connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/5-azuread","title":"Entra ID/O365 connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/7-azuredevops","title":"Azure DevOps connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/8-dynamics365","title":"Dynamics365 connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/9-sqlserver","title":"Microsoft SQL Server connector"}}},{"node":{"fields":{"slug":"/connectorconfig/scriptConnector/connector-request-template","title":"OpenIAM connector request template"}}},{"node":{"fields":{"slug":"/developerguide/1-custom-css/1-customcss","title":"Creating custom CSS"}}},{"node":{"fields":{"slug":"/connectorconfig/scriptConnector/GroovyScriptConnector","title":"Configuring Groovy Script connector"}}},{"node":{"fields":{"slug":"/developerguide/1-custom-css/2-cssexamples","title":"CSS file examples"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/6-exchange","title":"Exchange connector"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman","title":"Getting started with Postman"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/2-powershellconnectorsusage","title":"Using PowerShell connectors"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python","title":"Getting started with Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java","title":"Getting started with Java"}}},{"node":{"fields":{"slug":"/developerguide/4-sheduledtasks/2-access-certification-reminder","title":"Notification reminders for approvers"}}},{"node":{"fields":{"slug":"/developerguide/5-datamodel/1-usermodel","title":"User data model"}}},{"node":{"fields":{"slug":"/developerguide/5-datamodel/2-rbacmodel","title":"Access control model"}}},{"node":{"fields":{"slug":"/developerguide/8-api/approver-association","title":"/webconsole - approver-association"}}},{"node":{"fields":{"slug":"/developerguide/8-api/access-right","title":"/webconsole - access-right"}}},{"node":{"fields":{"slug":"/developerguide/8-api/audit-log","title":"/webconsole - audit-log"}}},{"node":{"fields":{"slug":"/developerguide/8-api/auth-provider","title":"/webconsole - auth-provider"}}},{"node":{"fields":{"slug":"/developerguide/8-api/authentication-grouping","title":"/webconsole - authentication-grouping"}}},{"node":{"fields":{"slug":"/developerguide/8-api/challenge-response","title":"/webconsole - challenge-response"}}},{"node":{"fields":{"slug":"/developerguide/8-api/batch","title":"/webconsole - batch"}}},{"node":{"fields":{"slug":"/developerguide/8-api/connector","title":"/webconsole - connector"}}},{"node":{"fields":{"slug":"/developerguide/8-api/content-provider","title":"/webconsole - content-provider"}}},{"node":{"fields":{"slug":"/developerguide/8-api/email","title":"/webconsole - email"}}},{"node":{"fields":{"slug":"/developerguide/8-api/elastic-search","title":"/webconsole - elastic-search"}}},{"node":{"fields":{"slug":"/developerguide/8-api/field","title":"/webconsole - field"}}},{"node":{"fields":{"slug":"/developerguide/8-api/groovy-manager","title":"/webconsole - groovy-manager"}}},{"node":{"fields":{"slug":"/developerguide/8-api/group","title":"/webconsole - group"}}},{"node":{"fields":{"slug":"/developerguide/8-api/idp-oauth","title":"/idp - idp-oauth"}}},{"node":{"fields":{"slug":"/developerguide/4-sheduledtasks/1-provision-on-date","title":"Provision/Deprovision on date"}}},{"node":{"fields":{"slug":"/developerguide/8-api/managed-system","title":"/webconsole - managed-system"}}},{"node":{"fields":{"slug":"/developerguide/8-api/menu","title":"/webconsole - menu"}}},{"node":{"fields":{"slug":"/developerguide/8-api/metadata","title":"/webconsole - metadata"}}},{"node":{"fields":{"slug":"/whatsnew/20-v2026.3.3","title":"New in 2026.3.3"}}},{"node":{"fields":{"slug":"/developerguide/8-api/oauth","title":"/webconsole - oauth"}}},{"node":{"fields":{"slug":"/developerguide/8-api/it-policy","title":"/webconsole - it-policy"}}},{"node":{"fields":{"slug":"/developerguide/8-api/organization-type","title":"/webconsole - organization-type"}}},{"node":{"fields":{"slug":"/developerguide/8-api/idp-rest","title":"/idp - idp-rest"}}},{"node":{"fields":{"slug":"/developerguide/8-api/page-template","title":"/webconsole - page-template"}}},{"node":{"fields":{"slug":"/developerguide/8-api/organization","title":"/webconsole - organization"}}},{"node":{"fields":{"slug":"/developerguide/8-api/property-value","title":"/webconsole - property-value"}}},{"node":{"fields":{"slug":"/developerguide/8-api/report","title":"/webconsole - report"}}},{"node":{"fields":{"slug":"/developerguide/8-api/policy","title":"/webconsole - policy"}}},{"node":{"fields":{"slug":"/developerguide/8-api/resource-type","title":"/webconsole - resource-type"}}},{"node":{"fields":{"slug":"/developerguide/8-api/resource","title":"/webconsole - resource"}}},{"node":{"fields":{"slug":"/developerguide/8-api/role","title":"/webconsole - role"}}},{"node":{"fields":{"slug":"/developerguide/8-api/sync-config","title":"/webconsole - sync-config"}}},{"node":{"fields":{"slug":"/developerguide/8-api/ui-theme","title":"/webconsole - ui-theme"}}},{"node":{"fields":{"slug":"/developerguide/8-api/sync-rest","title":"/webconsole - sync-rest"}}},{"node":{"fields":{"slug":"/developerguide/8-api/system","title":"/webconsole - system"}}},{"node":{"fields":{"slug":"/developerguide/8-api/uri-pattern","title":"/webconsole - uri-pattern"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/1-autoprov","title":"Automated provisioning Scripts"}}},{"node":{"fields":{"slug":"/developerguide/8-api/user","title":"/webconsole - user"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import","title":"Import from application"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/3-importing_groups","title":"Importing groups from application"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/1-forgotpassword","title":"Forgot password"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/3-changepassword","title":"Updating your password"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/4-outofoffice","title":"Out of office assistant"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/2-updateprofile","title":"Updating user profile"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/4-relations-with-manager","title":"Populating a manager"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/5-forgotusername","title":"Forgot username"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/6-updatesecquestions","title":"Updating security questions"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/1-servicecatalog","title":"Requesting access via catalog"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/10-positionchange","title":"Position change request"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/11-accessprofiles","title":"Access profiles"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/12-bulkupload","title":"Uploading users in bulk"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/5-approverequest","title":"Approving requests"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/2-jobprofile","title":"Requesting access from profile"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/6-requestadministration","title":"Request administration"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/7-requesthistory","title":"Requests history"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/9-newuser","title":"Creating a new user"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess/1-viewmyaccess","title":"View my access"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/8-newgroup","title":"Creating a group request"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess/2-directreports","title":"View direct reports"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess/3-UAR-in-Self-Service","title":"User access review module in SelfService"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce/1-designrole","title":"Designing business roles"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce/2-openiam-access-role","title":"Designing access roles"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce/3-connector-planning","title":"Connector requirements"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect","title":"Deploying and registering connectors"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements","title":"Importing entitlements"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements","title":"Importing users and their entitlement memberships"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/1-jml","title":"Joiners, movers, leavers processes"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial","title":"Automated provisioning tutorial"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode","title":"Single VM Install"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/10-ha-rpm","title":"High availability (HA) deployment using RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/11-configuration-options","title":"Configuration options in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/2-rproxy","title":"r-Proxy installation in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/12-migrating-onpremises-to-cloud","title":"Migrating OpenIAM from on-premises installation to a cloud-based infrastructure"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/5-ports","title":"Deployment architecture in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/4-backup","title":"RPM backup / recovery"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading","title":"Upgrading OpenIAM in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB","title":"Installing OpenIAM with a remote database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/8-ssl","title":"Configuring HTTPS in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-migrating-non-production-to-production-environment","title":"Migrating non-production to production environment in RPM"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/1-https","title":"Configuring HTTPS on Docker"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/9-rabbitssl","title":"Enable TLS for RabbitMQ in RPM"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading","title":"Upgrading OpenIAM in Docker environment"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/4-YAML-files","title":"Docker YAML files"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/5-docker-swarm-backup","title":"Backup / restore in Docker Swarm"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/2-Configuration-options","title":"Configuration options in Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/6-externalDB","title":"Installing OpenIAM with a remote database in Docker"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/1-ssl","title":"Configuring HTTPS in Kubernetes"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/10-backup-and-restoration","title":"Backup and restoration procedure in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/11-common-scenario","title":"Installing OpenIAM in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/12-vault-migration-fromRPM-toK8","title":"Migration of Vault from RPM-based cluster to Kubernetes-based OpenIAM cluster"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/2-deployment-with-terraform","title":"Deploying OpenIAM with Terraform"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/3-depl-without-terraform","title":"Deploying OpenIAM on Kubernetes using Helm"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/4-RabbitMQ-TLS","title":"RabbitMQ TLS directory in Kubernetes"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading","title":"Upgrading OpenIAM in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/7-useal-keys-restoration","title":"Backing up and restoring the vault unseal keys in Kubernetes"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms","title":"Kubernetes Platforms"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/9-remoteDB","title":"Installing OpenIAM with a remote database in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/1-create-cluster","title":"Creating an OpenShift cluster on Azure"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/8-AKS_with_ext_MSSQL","title":"Deploying OpenIAM on AKS (Kubernetes) with an external MSSQL database"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/2-connect-to-cluster","title":"Connect to OpenShift cluster on Azure"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/4-some-descriptions-helm","title":"Memory requirements for OpenShift deployment with Helm"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/5-localhost-dev-cluster","title":"Localhost development cluster"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/6-deploy-from-windows","title":"Deploy OpenIAM to OpenShift cluster with Helm (from Windows)"}}},{"node":{"fields":{"slug":"/installation/8-sizing/2-medium-k8","title":"Medium Enterprise - K8"}}},{"node":{"fields":{"slug":"/installation/8-sizing/1-small-k8","title":"Small Enterprise - K8"}}},{"node":{"fields":{"slug":"/installation/9-data_migration/1-migrating_ES_Docker","title":"Verifying and migrating Elasticsearch data in Docker-based OpenIAM cluster"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/01-log4j","title":"Log4j Vulnerability"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/02-hardening","title":"Securing your installation"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/03-db-switch","title":"Change OpenIAM product database"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/04-compatibility","title":"Compatibility matrix"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/05-postgres-install","title":"Installing PostgreSQL 15"}}},{"node":{"fields":{"slug":"/installation/99-miscellaneous/04-compatibility","title":"Compatibility Matrix"}}},{"node":{"fields":{"slug":"/developerguide/8-api/access-certification","title":"/webconsole - access-certification"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster/1-rabbitmq-reinit","title":"RabbitMQ cluster went out of order"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster/3-Rabbitmq-connection-timeout","title":"RabbitMQ connection timeout issue"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster/2-rabbitmq-UI","title":"RabbitMQ is not reached from UI in RPM installations"}}},{"node":{"fields":{"slug":"/troubleshooting/connectors/sync-vs-async-source","title":"Synchronous vs. asynchronous synchronization source for connectors"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/3-deploy-OpenIAM-helm","title":"Deploy OpenIAM to OpenShift cluster with Helm"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/1-connectorlogs","title":"View container logs"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/2-containersrestart","title":"Containers Restarting"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/3-uninstall","title":"Remove an OpenIAM Docker Install"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/4-troubleshooting-steps","title":"Troubleshooting steps in a container-based cluster"}}},{"node":{"fields":{"slug":"/troubleshooting/environment/memoryutili","title":"Check memory utilization"}}},{"node":{"fields":{"slug":"/troubleshooting/environment/redismemory","title":"Redis memory utilization"}}},{"node":{"fields":{"slug":"/troubleshooting/environment/disableswap","title":"Disable swap"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/JDBC-connection-pool","title":"Increasing the JDBC connection pool size"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/5-log-checking-guide","title":"Docker log checking guide"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/access-after-migration","title":"Access problem after migrating OpenIAM"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/access-forbidden","title":"Access Forbidden error"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/activationlink","title":"Error when sending activation link"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/audit-doc-timestamp","title":"Audit document timestamp issue"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/auth-manager","title":"Backend exception error when running authentication manager"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/database-reset","title":"Database reset"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/debug-logs-CassandraJanusGraph","title":"Enabling and disabling debug logs for Cassandra and JanusGraph"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/elasticsearch-readonly-state","title":"Elasticsearch read-only state"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/flyway_version","title":"Flyway version issue"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/increasing-RAM","title":"Increasing memory for OpenIAM services"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/lackof_disk_space","title":"Running out of disk space"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/modifly_system_labels_and_messages","title":"Changing system labels and messages"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/my-application-page-selfservice","title":"Changing refresh time for My Applications page in SelfService"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/overriding-app-properties","title":"Overriding UI application properties"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/pad-block-corrupted","title":"PAD Block Corrupted"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/remove-navigation-bar","title":"Removing menu items from top navigation bar"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/report-generation-issue","title":"Error during report generating in RPM installations"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/resetting_passwords","title":"Resetting passwords"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/run_flyway_repair_mode","title":"Run Flyway in repair mode"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/unlocksysadmin","title":"Unlock sysadmin"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/username_in_selfservice","title":"Username not shown in SelfService"}}},{"node":{"fields":{"slug":"/troubleshooting/rpm/failed-dependencies","title":"Failed dependencies"}}},{"node":{"fields":{"slug":"/troubleshooting/rpm/trobleshooting_guide","title":"Troubleshooting guide for RPM"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration/1-userpage","title":"Configuring user page templates"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration/2-customuserpage","title":"Creating more custom user edit pages"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration/4-customtemplates","title":"Custom form templates"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/1-system","title":"System tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/2-regex-validation","title":"Validation regular expressions"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/3-UI","title":"UI tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/5-organization-tab","title":"Organization tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/9-health-checks","title":"Configuring health checks for managed systems"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/4-workflow","title":"Workflow tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/7-authentication","title":"Authentication tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/8-auditeventstosyslog","title":"Exporting audit events to syslogs"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/1-emailtemplates","title":"Email templates"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/6-password","title":"Password tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/2-smtpconfig","title":"Mailbox Configuration"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/3-multilanguagemail","title":"Multilanguage emails"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/4-mail-via-azure","title":"Mailbox configuration via Azure application"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/5-alert-notifications","title":"Configuring alert notifications"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/6-email-template-variables","title":"Email template variables reference"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/1-googlesociallogin","title":"Google Social Login"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/2-facebooksociallogin","title":"Facebook Social Login"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/3-linkedinsociallogin","title":"LinkedIn Social Login"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/4-appleidsociallogin","title":"AppleID Social Login"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/1-enduseraccess","title":"End-user access roles"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/2-adminaccess","title":"Admin access role"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/3-FAQ","title":"FAQs about menus and their use"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/4-Config-Lhand-menu-SS-MyInfo","title":"Configurable left-hand menu in SelfService 'My Info' page"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/2-createrole","title":"Create role"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/1-role-types","title":"Types of roles existing in OpenIAM"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/3-findrole","title":"Finding an existing role"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/5-importingroles","title":"Importing roles"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/11-provisioning-config/1-prepost-processor","title":"Pre/PostProcessor"}}},{"node":{"fields":{"slug":"/admin/8-sso/1-saml/1-jit-provisioning","title":"Just-in-time Provisioning"}}},{"node":{"fields":{"slug":"/admin/3-authz/3-groups/1-create-group","title":"Creating a group"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding/2-Manual-applications/1-reg-applications","title":"Register applications"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/2-postmanconfig","title":"Create Postman collection"}}},{"node":{"fields":{"slug":"/admin/8-sso/2-oauth2/1-Auth-code-grand","title":"Authorization code grant type"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/3-add-request","title":"Define an API request in Postman"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/10-winlocal/2-winlocalv5","title":"Version 5"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/10-winlocal/1-winlocalv4","title":"Version 4"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/1-createauthprovider","title":"Create OpenIAM Provider for Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/4-JWT-tokens","title":"Getting started with JWT tokens in Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/5-postman-links","title":"Postman API documentation links"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/1-createauthprovider","title":"Create OpenIAM oAuth provider in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/6-example","title":"Client credentials flow with a defined scope in Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/2-grantinguathz","title":"Granting authorization to the API with Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/4-enabling-disabling-user","title":"Enabling/Disabling a user with API calls examples in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/3-api-call-examples","title":"API calls examples in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/5-object-oriented-impl-example","title":"Object oriented implementation for REST API in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/6-OTP-verification","title":"OTP Verification in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/3-creating-searching-users","title":"Creating and searching a user with API call in Java"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/4-calls-examples","title":"API calls examples in Java"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/5-enabling-disabling-users","title":"Enabling/Disabling a user with API calls examples in Java"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/3-azuread","title":"Entra ID"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/1-autoprov/1-newhires","title":"New hires"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/6-importroles","title":"Import Roles"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/1-createauthprovider","title":"Create OpenIAM Provider"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/2-grantauthz","title":"Granting authorization to the API with Java"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect/2-rpm","title":"Connectors via RPM"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect/3-docker","title":" Connectors via Docker"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/1-configuring-synch","title":"Configuring synchronization for importing entitlements"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect/4-k8","title":" Connectors via Kubernetes"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/2-transformationscripts","title":"Transformation scripts"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/3-troubleshooting","title":"Troubleshooting"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/2-policymap","title":"Policy map"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/3-creatingrole","title":"Creating role"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/1-config-synch","title":"Configuring synchronization for importing users and their entitlement memberships"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/3-common-questions","title":"Common questions"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/4-birthright","title":"New hire"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/1-provisioningCSV","title":"Creating a synchronization configuration for the source"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/6-termination","title":"Terminations"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/5-transfer","title":"Transfer"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/5-ports/1-one-node","title":"Single node deployment"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/2-transformationscripts","title":"Transformation scripts"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode/3-nonroot-partition","title":"Installing OpenIAM on a non-root partition"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/5-ports/2-three-node","title":"Three node cluster"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode/1-rpm-with-internet","title":"Installation with Internet access"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/10-upgrading-2026-4-2","title":"Upgrading OpenIAM to v.2026.4.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/10-upgrading-2026-5-1","title":"Upgrading OpenIAM to v.2026.5.1 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/1-databasemigration","title":"Database migration from version 3.X to 4.X"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/3-upgradingto-42111","title":"Upgrading from versions 4.2.1.9-4.2.1.10 to version 4.2.1.11 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode/2-rpm-no-internet","title":"Installation without Internet access"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/2-upgradingto-42110","title":"Upgrading from version 4.2.1.5-4.2-4.2.1.8 to version 4.2.1.10 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/4-migrating-index-data","title":"Migration of index data from older ElasticSearch versions to newer one"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/4-upgradingto-42112","title":"Upgrading from versions 4.2.1.x to version 4.2.1.12 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/5-infrastructure_upgrade","title":"Infrastructure upgrade"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/7-upgradingto-422","title":"Upgrading OpenIAM from versions 4.2.1.x to 4.2.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/6-infra-upgrade-42113","title":"Infrastructure upgrade in v4.2.1.13"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrading-2026-3-1","title":"Upgrading OpenIAM to v.2026.3.1 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrading-2026-3-2","title":"Upgrading OpenIAM to v.2026.3.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/9-422-changes","title":"Known issues related to upgrading from 4.2.1.x to 2026.4.1 version"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrading-2026-2-1","title":"Upgrading OpenIAM to v.2026.2.1 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB/1-oracle","title":"Installing OpenIAM with a remote Oracle database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB/2-postgres","title":"Installing OpenIAM with a remote Postgres database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/5-upgradingto-42115","title":"Upgrading from versions 4.2.1.x to version 4.2.1.15 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB/3-MSSQL","title":"Installing OpenIAM with a remote MSSQL database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/1-upgrade-4219","title":"Upgrade from version 4.2.1.5-4.2.1.8 to version 4.2.1.10 in Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/2-upgrade-42110","title":"Upgrade from version 4.2.1.9 to version 4.2.1.10 in Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/3-upgrade-42111","title":"Upgrade from version 4.2.1.10 to version 4.2.1.11 in Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/4-upgrade-42115","title":"Upgrade from version 4.2.1.x to version 4.2.1.15 in Docker"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/3-upgrade-42113k8-rabbitmq","title":"Upgrading from version below 4.2.1.8 to version 4.2.1.13 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/4-upgrade-42115k8","title":"Upgrading from versions 4.2.1.x to version 4.2.1.15 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/6-upgrade-422k8","title":"Upgrading from version 4.2.1.x to version 4.2.2 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/5-upgrade-42112k8","title":"Upgrading from version 4.2.1.x to version 4.2.1.12 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/1-gce","title":"GCE Kubernetes guide"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/2-aws","title":"AWS Kubernetes guide"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/3-helm","title":"Private Kubernetes Cluster using Helm"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/4-azure","title":"Azure Kubernetes Guide"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/ldap/3-ldapattributeslists","title":"LDAP Attribute list for User Synchronization"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/ldap/1-ldapvalidation","title":"Synchronization Validation Script"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/ldap/2-ldapsynchusers","title":"LDAP User Synchronization Script"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/2-transformationscripts/1-ADgroup-transformation","title":"Sample transformation script for AD groups"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/2-transformationscripts/2-csv-transformation","title":"Sample transformation script for a CSV file"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/2-transformationscripts/4-csv-users-entitlements","title":"Sample transformation script for a CSV file"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/2-transformationscripts/3-ADtransformation-usergroup","title":"Sample transformation script for AD users and group memberships"}}},{"node":{"fields":{"slug":"/changelog/21-Release-4.2.2","title":"Release 4.2.2"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/4-adpowershell","title":"Active Directory PowerShell connector"}}},{"node":{"fields":{"slug":"/appendix/5-message_en_file","title":"Message properties"}}}]}},"pageContext":{"id":"1db99926-8343-5221-8cf8-b7b07aebfefc"}}, "staticQueryHashes": ["2619113677","3706406642","417421954"]}