-
Notifications
You must be signed in to change notification settings - Fork 115
/
values.yaml
481 lines (476 loc) · 22.8 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
# Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com) All Rights Reserved.
#
# WSO2 LLC. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
wso2:
subscription:
# -- WSO2 account username
username: ""
# -- WSO2 account password
password: ""
deployment:
apparmor:
# -- Apparmor profile
profile: "runtime/default"
ingress:
# -- Host name of the Identity server as Key Manager
hostName: "wso2is.com"
# -- Ingress class name
ingressClassName: "nginx"
# -- K8s TLS secret for configured hostname
tlsSecretsName: "is-tls"
# -- Enable Nginx rate limiting
enableNginxRateLimit: false
annotations:
nginx.ingress.kubernetes.io/affinity: "cookie"
nginx.ingress.kubernetes.io/session-cookie-name: "paf"
nginx.ingress.kubernetes.io/session-cookie-hash: "sha1"
nginx.ingress.kubernetes.io/session-cookie-samesite: "None"
# Disable same site cookie. Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#session-affinity
nginx.ingress.kubernetes.io/session-cookie-conditional-samesite-none: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/session-cookie-path: "/"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
# Enable or disable proxy buffering proxy_buffering. By default, proxy buffering is disabled in the NGINX config(Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#proxy-buffering).
nginx.ingress.kubernetes.io/proxy-buffering: "on"
# Sets the size of the buffer proxy_buffer_size used for reading the first part of the response received from the proxied server. By default proxy buffer size is set as "64k".(Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#proxy-buffer-size)
nginx.ingress.kubernetes.io/proxy-buffer-size: "64k"
image:
# -- Container image registry host name
registry: "docker.wso2.com"
# -- Container image repository name
repository: "wso2is"
# -- Container image digest
digest: ""
# -- Container image tag. Either "tag" or "digest" should defined
tag: "7.0.0"
# -- Refer to the Kubernetes documentation on updating images (Ref: https://kubernetes.io/docs/concepts/containers/images/#updating-images)
pullPolicy: "Always"
# -- image pull secret name
imagePullSecret: ""
# -- Progress deadline seconds where the Deployment controller waits before indicating (in the Deployment status) that the Deployment progress has stalled.
progressDeadlineSeconds: 600
# -- preStopHookWaitInSeconds waits before calling server stop in the pre stop hook.
preStopHookWaitSeconds: 10
# -- Pod termination grace period. K8s API server waits this period after pre stop hook and sending TERM signal
terminationGracePeriodSeconds: 40
# -- Number of deployment replicas
replicas: 1
# -- Additional volumeMounts to the pods. All the configuration mounts should be done under the path "/home/wso2carbon/wso2-config-volume/"
extraVolumeMounts: [ ]
# - name: custom-property-file
# mountPath: /home/wso2carbon/wso2-config-volume/repository/conf/custom-property-file.properties
# subPath: custom-property-file.properties
# -- Additional volumes to the pod.
extraVolumes: []
# - name: custom-property-file
# configMap:
# # Provide the name of the ConfigMap containing the files you want
# # to add to the container
# name: custom-property-file
securityContext:
# -- Run as user ID
runAsUser: 802
seccompProfile:
# -- Seccomp profile type
type: "RuntimeDefault"
hpa:
# -- Enable HPA for the deployment
enabled: false
# -- Max replica count for HPA(Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
maxReplicas: 2
# -- Average CPU utilization for HPA
averageUtilizationCPU: 65
# -- averageUtilizationMemory parameter should be greater than 75 if not un expected scaling will happen during rolling update.
averageUtilizationMemory: 75
pdb:
# -- Minimum availability for PDB
minAvailable: "50%"
strategy:
rollingUpdate:
# -- The maximum number of pods that can be scheduled above the desired number of pods
maxSurge: 1
# -- The maximum number of pods that can be unavailable during the update
maxUnavailable: 0
# -- Kubernetes Probes
# -- Startup probe executed prior to Liveness Probe taking over
startupProbe:
# -- Number of seconds after the container has started before startup probes are initiated
initialDelaySeconds: 60
# -- How often (in seconds) to perform the probe
periodSeconds: 5
# -- Number of attempts
failureThreshold: 30
# -- Indicates whether the container is running
livenessProbe:
# -- How often (in seconds) to perform the probe
periodSeconds: 10
# -- Indicates whether the container is ready to service requests
readinessProbe:
# -- Number of seconds after the container has started before readiness probes are initiated
initialDelaySeconds: 60
# -- How often (in seconds) to perform the probe
periodSeconds: 10
resources:
# -- These are the minimum resource recommendations for running WSO2 Identity and Access Management product profiles
# -- as per official documentation (Ref: https://is.docs.wso2.com/en/latest/setup/installation-prerequisites/)
requests:
# -- The minimum amount of memory that should be allocated for a Pod
memory: "2Gi"
# -- The minimum amount of CPU that should be allocated for a Pod
cpu: "2"
limits:
# -- The maximum amount of memory that should be allocated for a Pod
memory: "4Gi"
# -- The maximum amount of CPU that should be allocated for a Pod
cpu: "3"
jvm:
# -- JVM memory options
memOpts: "-Xms2048m -Xmx2048m"
# -- JVM parameters
javaOpts: -Djdk.tls.ephemeralDHKeySize=2048 -Djdk.tls.rejectClientInitiatedRenegotiation=true
-Dhttpclient.hostnameVerifier=Strict -Djdk.tls.client.protocols=TLSv1.2
-Djava.util.prefs.systemRoot=/home/wso2carbon/.java -Djava.util.prefs.userRoot=/home/wso2carbon/.java/.userPrefs
# -- Product version
buildVersion: "7.0.0"
# -- Product pack name
productPackName: "wso2is"
# -- Enable correlation logs
enableCorrelationLogs: false
externalJKS:
# -- Mount external keystore and trustores
enabled: false
# -- K8s secret name which contains JKS files
secretName: "keystores"
persistence:
# -- Enable persistence for artifact sharing
enabled: false
subPaths:
# -- Azure storage account tenants file share path
tenants: "tenants"
# -- Azure storage account userstores file share path
userstores: "userstores"
azure:
# -- Enable persistence for artifact sharing using Azure file share
enabled: true
# -- Azure Storage Account credentials to access the file shares
# -- Ref: https://docs.microsoft.com/en-us/azure/aks/azure-files-volume#create-a-kubernetes-secret
# -- Names of Azure File shares for persisted data
fileShare: "is-share"
# -- K8s secret name for the Azure file share CI driver
secretName: "azure-storage-csi"
# -- Define capacity for persistent runtime artifacts which are shared between instances of the Identity Server profile
capacity: 100Gi
secretStore:
# -- Enable secure vault with secret store CSI driver
enabled: false
azure:
# -- Enable Azure Key Vault integration.
enabled: true
keyVault:
# -- Name of the target Azure Key Vault instance
name: ""
# -- Subscription ID of the target Azure Key Vault
subscriptionId: ""
# -- Name of the Azure Resource Group to which the target Azure Key Vault belongs
resourceGroup: ""
# -- Service Principal created for transacting with the target Azure Key Vault
# Ref: https://github.com/Azure/secrets-store-csi-driver-provider-azure/blob/master/docs/service-principal-mode.md
servicePrincipalAppID: ""
# -- Azure Active Directory tenant ID of the target Key Vault
tenantId: ""
# -- Azure Key Vault secret name of the internal keystore password
secretName: "INTERNAL-KEYSTORE-PASSWORD-DECRYPTED"
# -- The name of the Kubernetes secret that contains the service principal credentials to access Azure Key Vault. Ref: https://azure.github.io/secrets-store-csi-driver-provider-azure/docs/configurations/identity-access-modes/service-principal-mode/#configure-service-principal-to-access-keyvault
nodePublishSecretRef: "azure-kv-secret-store-sp"
deploymentToml:
server:
# -- Change default ports(Ref: https://is.docs.wso2.com/en/latest/references/default-ports-of-wso2-products/#:~:text=For%20each%20additional%20WSO2%20product,to%20the%20server%20during%20startup.)
offset: "0"
userStore:
type: "database_unique_id"
superAdmin:
# -- Carbon console admin account username
username: "admin"
# -- Carbon console admin account password
password: "admin"
# -- Create Carbon console admin account
createAdminAccount: true
account:
recovery:
endpoint:
auth:
# -- Configure client authentication app password hash. Ref https://is.docs.wso2.com/en/latest/deploy/security/product-level-security-guidelines/#configure-client-authentication
hash: "66cd9688a2ae068244ea01e70f0e230f5623b7fa4cdecb65070a09ec06452262"
identity:
authFramework:
endpoint:
# -- Configure client authentication encrypted app password. Ref https://is.docs.wso2.com/en/latest/deploy/security/product-level-security-guidelines/#configure-client-authentication
appPassword: "dashboard"
encryption:
# -- Configure symmetric key encryption key. Ref https://is.docs.wso2.com/en/latest/deploy/security/symmetric-encryption/use-symmetric-encryption/
key: "3cc0481b70794667b5bee7e2beed2de4"
clustering:
# -- Enable clustering. Ref: https://is.docs.wso2.com/en/latest/deploy/configure-hazelcast/
enabled: true
# -- Cluster domain
domain: "wso2.is.domain"
# -- This defines membership schema type
membershipScheme: "kubernetes"
# -- This defines local member port
localMemberPort: "4001"
database:
identity:
# -- The SQL server type(ex: mysql, mssql)
type: "h2"
# -- The database username
username: "wso2carbon"
# -- The database JDBC URL
url: "jdbc:h2:./repository/database/WSO2IDENTITY_DB;DB_CLOSE_ON_EXIT=FALSE"
# -- The password
password: "wso2carbon"
# -- The database JDBC driver
driver: "org.h2.Driver"
# -- The database pool options
poolOptions:
# maxActive: "50"
# maxWait: "60000"
# minIdle: "10"
# validationInterval: "30000"
# defaultAutoCommit: true
# commitOnReturn: false
shared:
# -- The SQL server type(ex: mysql, mssql)
type: "h2"
# -- The database username
username: "wso2carbon"
# -- The database JDBC URL
url: "jdbc:h2:./repository/database/WSO2SHARED_DB;DB_CLOSE_ON_EXIT=FALSE;LOCK_TIMEOUT=60000"
# -- The database password
password: "wso2carbon"
# -- The database JDBC driver
driver: "org.h2.Driver"
# -- The database pool options
poolOptions:
# maxActive: "50"
# maxWait: "60000"
# minIdle: "10"
# validationInterval: "30000"
# defaultAutoCommit: true
# commitOnReturn: false
user:
# -- The SQL server type(ex: mysql, mssql)
type: "h2"
# -- The database username
username: "wso2carbon"
# -- The database JDBC URL
url: "jdbc:h2:./repository/database/WSO2SHARED_DB;DB_CLOSE_ON_EXIT=FALSE;LOCK_TIMEOUT=60000"
# -- The database password
password: "wso2carbon"
# -- The database JDBC driver
driver: "org.h2.Driver"
# -- The database pool options
poolOptions:
# maxActive: "50"
# maxWait: "60000"
# minIdle: "10"
# validationInterval: "30000"
# defaultAutoCommit: true
# commitOnReturn: false
consent:
# -- The SQL server type(ex: mysql, mssql)
type: "h2"
# -- The database username
username: "wso2carbon"
# -- The database JDBC URL
url: "jdbc:h2:./repository/database/WSO2IDENTITY_DB;DB_CLOSE_ON_EXIT=FALSE"
# -- The database password
password: "wso2carbon"
# -- The database JDBC driver
driver: "org.h2.Driver"
# -- The database pool options
poolOptions:
# maxActive: "80"
# maxWait: "60000"
# minIdle: "5"
# testOnBorrow: true
# validationQuery: "SELECT 1"
# validationInterval: "30000"
# defaultAutoCommit: false
keystore:
tls:
fileName: "wso2carbon.jks"
type: "JKS"
password: "wso2carbon"
alias: "wso2carbon"
keyPassword: "wso2carbon"
primary:
fileName: "wso2carbon.jks"
type: "JKS"
password: "wso2carbon"
alias: "wso2carbon"
keyPassword: "wso2carbon"
internal:
fileName: "wso2carbon.jks"
type: "JKS"
password: "wso2carbon"
alias: "wso2carbon"
keyPassword: "wso2carbon"
truststore:
fileName: "client-truststore.jks"
type: "JKS"
password: "wso2carbon"
recaptcha:
# -- Enable reCAPTCHA. Ref: https://is.docs.wso2.com/en/latest/deploy/configure-recaptcha/
enabled: false
apiUrl: ""
verifyUrl: ""
siteKey: ""
secretKey: ""
outputAdapter:
email:
# -- Enable the email sender. Ref: https://is.docs.wso2.com/en/latest/deploy/configure-email-sending/#configure-the-email-sender-globally
enabled: false
fromAddress: ""
username: ""
hostname: ""
port: 587
password: ""
enableStartTls: true
enableAuthentication: true
oauth:
# -- Enable/Disable the internal token cleanup process. Ref: https://is.docs.wso2.com/en/6.0.0/deploy/remove-unused-tokens-from-the-database/#!
tokenCleanup: false
tokenGeneration:
# -- Add UserName Assertions in Access Tokens. Ref: https://is.docs.wso2.com/en/6.0.0/deploy/enable-assertions-in-access-tokens/
includeUsernameInAccessToken: false
transport:
https:
properties:
# -- Server name in HTTP response headers. Ref: https://is.docs.wso2.com/en/latest/deploy/security/configure-transport-level-security/#change-the-server-name-in-http-response-headers
server: "WSO2 Carbon Server"
sslHostConfig:
properties:
# -- Enabling SSL protocols in the HTTPS transport. Ref: https://is.docs.wso2.com/en/latest/deploy/security/configure-transport-level-security/#enabling-ssl-protocols-in-the-wso2-is
protocols: "+TLSv1, +TLSv1.1, +TLSv1.2, +TLSv1.3"
# -- Configure TSL ciphers in the HTTPS transport. Ref: https://is.docs.wso2.com/en/latest/deploy/security/configure-transport-level-security/#disable-weak-ciphers
ciphers: "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSVF"
thrift:
# -- Enabling SSL protocols in ThriftAuthenticationService. Ref: https://is.docs.wso2.com/en/latest/deploy/security/configure-transport-level-security/#enable-ssl-protocols-and-ciphers-in-thriftauthenticationservice
protocols: "TLSv1,TLSv1.1,TLSv1.2"
# -- Configure TSL ciphers in ThriftAuthenticationService. Ref: https://is.docs.wso2.com/en/latest/deploy/security/configure-transport-level-security/#enable-ssl-protocols-and-ciphers-in-thriftauthenticationservice
ciphers: "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA"
userAccountLock:
# -- Enable user account lock. Ref: https://is.docs.wso2.com/en/latest/guides/identity-lifecycles/lock-account/
enabled: true
loginAttempts:
# -- This indicates the number of consecutive attempts that a user can try to log in without the account getting locked. If the value you specify is 2, the account gets locked if the login attempt fails twice.
allowedFailedAttempts: 5
# -- This indicates how much the account unlock timeout is incremented by after each failed login attempt
autoUnlockTimeIncrementRatio: 2
# -- The time specified here is in minutes. Authentication can be attempted once this time has passed.
autoUnlockAfter: 5
otp:
email:
# -- Enable email OTP. Ref: https://is.docs.wso2.com/en/latest/guides/mfa/email-otp-config-advanced/#email-otp-configurations
enabled: false
# -- Authentication endpoint URL of the authenticator.
authenticationEndpointURL: "https://localhost:9443/emailotpauthenticationendpoint/emailotp.jsp"
# -- Error page that will be displayed in case of an authentication failure.
authenticationEndpointErrorPage: "https://localhost:9443/emailotpauthenticationendpoint/emailotpError.jsp"
addressRequestPage: "https://localhost:9443/emailotpauthenticationendpoint/emailAddress.jsp"
# -- This parameter defines how the email ID will be retrieved.
usecase: "local"
# -- You can define multiple user stores per tenant as comma separated values.
secondaryUserstore: "primary"
# -- This parmeter defines whether email OTP is enforced as the second step of the 2FA/MFA or not.
mandatory: false
sendOTPToFederatedEmailAttribute: false
federatedEmailAttributeKey: "email"
enableByUserClaim: true
captureAndUpdateEmailAddress: true
showEmailAddressInUI: true
useEventHandlerBasedEmailSender: true
emailAddressRegex: '(?<=.{1}).(?=.*@)'
tokenExpirationTime: 300000
# -- Enable account locking by email OTP. Ref: https://is.docs.wso2.com/en/latest/guides/identity-lifecycles/lock-accounts-by-failed-otp-attempts/
userAccountLockEnabled: false
sms:
# -- Enable SMS OTP. Ref: https://is.docs.wso2.com/en/latest/guides/mfa/sms-otp-config-advanced/
enabled: false
authenticationEndpointURL: "/smsotpauthenticationendpoint/smsotp.jsp"
authenticationEndpointErrorPage: "/smsotpauthenticationendpoint/smsotpError.jsp"
mobileNumberRegPage: "/smsotpauthenticationendpoint/mobile.jsp"
retryEnable: true
resendEnable: true
backupCode: true
enableByUserClaim: true
usecase: "local"
secondaryUserstore: "primary"
mandatory: false
federatedMobile: false
federatedMobileAttributeKey: "mobile"
captureAndUpdateMobileNumber: true
directlyToMobile: false
redirectToMultiOptionPageOnFailure: false
# -- Enable account locking by email OTP. Ref: https://is.docs.wso2.com/en/latest/guides/identity-lifecycles/lock-accounts-by-failed-otp-attempts/
userAccountLockEnabled: false
totp:
enabled: false
encodingMethod: "Base32"
timeStepSize: "30"
windowSize: "3"
authenticationMandatory: true
enrolUserInAuthenticationFlow: true
usecase: "local"
secondaryUserstore: "primary"
authenticationEndpointURL: "authenticationendpoint/totp.do"
authenticationEndpointErrorPage: "authenticationendpoint/totp_error.do"
authenticationEndpointEnableTOTPPage: "authenticationendpoint/totp_enroll.do"
issuer: "WSO2"
useCommonIssuer: true
# -- Enable account locking by OTP. Ref: https://is.docs.wso2.com/en/latest/guides/identity-lifecycles/lock-accounts-by-failed-otp-attempts/
userAccountLockEnabled: false
# -- Add custom configurations to deployment.toml.
extraConfigs: #|
# [transport.https.properties]
# proxyPort = 443
# -- K8s API versions for K8s kinds
k8sKindAPIVersions:
# -- K8s API version for kind Deployment
deployment: "apps/v1"
# -- K8s API version for kind ConfigMap
configMap: "v1"
# -- K8s API version for kind HorizontalPodAutoscaler
horizontalPodAutoscaler: "autoscaling/v1"
# -- K8s API version for kind Ingress
ingress: "networking.k8s.io/v1"
# -- K8s API version for kind PodDisruptionBudget
podDisruptionBudget: "policy/v1"
# -- K8s API version for kind PersistentVolumeClaim
persistentVolumeClaim: "v1"
# -- K8s API version for kind PersistentVolume
persistentVolume: "v1"
# -- K8s API version for kind ServiceAccount
serviceAccount: "v1"
# -- K8s API version for kind Role
role: "rbac.authorization.k8s.io/v1"
# -- K8s API version for kind RoleBinding
roleBinding: "rbac.authorization.k8s.io/v1"
# -- K8s API version for kind SecretProviderClass
secretProviderClass: "secrets-store.csi.x-k8s.io/v1"
# -- K8s API version for kind Secret
secret: "v1"
# -- K8s API version for kind Service
service: "v1"