Przejdź do głównej zawartości
Wersja: 16.0 (Preview)

Tools

The Tools menu provide access to three types of settings:

General

The following settings are available in this section:

Authentication

The following settings are available in this section:

Support

The following settings are available in this section:

  • Information

    Downloading a support information package (SIP) containing logging and system information.

  • Debug Mode

    Managing debug mode.

  • Maintenance

    Managing maintenance mode.

System Preferences

To access the system preferences:

  • Go to Home > More options, and then click System Preferences.

The System Preferences window opens. It contains the following tabs:

These tabs are discussed in more detail in the following sections.

Security Settings

The following options are available:

Password Strength Settings

Here you can customise the password strength settings. The following options are available:

  • Minimal password strength

    ADONIS determines the strength of passwords based on their length, complexity, and predictability and assigns them a value of 0 - 100%. Here you can set the minimum strength passwords must have: from very weak (0%), weak (20%), good (40%), strong (60%) to very strong (80%).

  • Custom password rule

    By default, a new password must have at least 8 characters and contain at least one digit (e.g. 0-9) and uppercase as well as lowercase characters (e.g. A-Z, a-z). You can change this setting and specify a custom password rule via a regular expression pattern.

    Examples of custom password rules

    Passwords should have at least 5 characters and contain a lowercase character (e.g. a-z). The Custom password rule field should therefore read:

    ^(?=.*[a-z]).{5,}$

    Passwords should have at least 8 characters and contain a digit (e.g. 0-9), a lowercase character (e.g. a-z) and an uppercase character (e.g. A-Z). The Custom password rule field should therefore read:

    ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}$

  • Number of not allowed previous passwords

    Specify the number of previous passwords that are stored by ADONIS and must not be reused on password change.

  • Maximum password age (days)

    Specify the period of time (in days) that a password can be used before ADONIS requires the user to change it.

  • Minimum password age (days)

    Specify the period of time (in days) that a password must be used before the user can change it.

Wskazówka

Passwords must meet the minimum password strength settings (e.g., reach 60%) AND match the custom password rule (e.g., contain at least 8 characters and contain numeric and uppercase and lowercase characters).

Login Settings

Here you can customise security relevant login settings. The following options are available:

  • Number of allowed login failures

    Choose a maximal number of allowed login failures before a user is disabled and cannot log in anymore.

System Preferences – Audit Log

Please refer to the section Enable Audit Log for details.

File Management

This tool allows managing auxiliary files (graphic files, scripts…) in the database. To open the file manager:

  • Go to Home > More options, and then click File Management.

The Database File Management window opens. The following functions are available:

  • Search

    Search for a file or folder in the database.

  • File and Folder Management

    Create new folders, cut and paste files, rename files and folders, delete files and folders, refresh the content of the catalogue.

  • Export

    Export files and folders from the database into the file system.

  • Import

    Import external files into the database.

Wskazówka

Only the super user Admin has full access to all files in the database.

Update Database Statistics

The contents of the database are subject to permanent change: models and objects are created and deleted, libraries imported and much more. Every action creates new information which - over time - slows down the database access. Therefore, it is advisable to update the catalogue statistics of the database system either after major reorganisations or periodically.

Database catalogue statistics are data about the distribution of table and index values which are consulted by the database system for query optimisation. Up-to-date catalogue statistics lead to more efficient execution plans resulting in considerably shorter system response times and thus speeding up the user's work.

To update the database statistics:

Info

Updating the database statistics can take a while. During the update other users will experience significant slowdowns in the database communication with ADONIS. Therefore, we recommend not updating the database statistics during times of heavy use.

Maintenance Method

When you update the database statistics, you can select the maintenance method:

  • Default settings

    These are the default settings as defined in the configuration file adoxx.conf in the folder "<ADONIS installation>/conf".

  • Statistics update

    The database catalogue statistics are updated, while the indexes are not defragmented.

  • Defragmentation on leaf level

    The indexes are defragmented on leaf level, and the database catalogue statistics are updated.

  • Index rebuild

    The complete index is defragmented.

  • Index rebuild (online):

    The complete index is defragmented while the index remains online. Not available for Oracle or PostgreSQL databases.

Topic (Table Group)

When you update the database statistics, you can select for which database tables the selected maintenance method should be performed:

  • All

    Maintenance is performed for all database tables.

  • Migration (all data tables except library definition)

    Maintenance is performed for all database tables containing ADONIS data which are relevant for migrations.

  • Repository (repository list, groups, models, objects and users, relations)

    Maintenance is performed for all database tables which contain repository data including the repository list.

  • Models (groups, models, objects and users, relations)

    Maintenance is performed for all database tables which contain repository data excluding the repository list.

  • Objects (groups, objects and users, relations)

    Maintenance is performed for all database tables which contain object data.

  • Users (groups, objects and users, rights and system roles; no relations)

    Maintenance is performed for all database tables which contain user data.

  • Metamodel (library definition)

    Maintenance is performed for all database tables which contain the metamodel definition.

Analyse Bandwidth

This function allows you to perform a quick, superficial analysis of the bandwidth and response times between the ADONIS application server and the database server. To analyse the bandwidth:

  • Go to Home > More options, and then click Analyse Bandwidth.

  • Click Start.

Three files (1KB, 1MB, 10MB) will be generated in the user's temp directory. Then ADONIS measures how long it takes to

  • upload the files to the database (a temp directory will be created in the database),

  • download the files from the database and

  • delete the files from the database.

When the analysis is completed, you can compare your results with the reference values.

Licence Overview

This page shows you at a glance the total number of available scenario licences as well as the number of scenario licences currently in use. You can also find out quickly about all active ADONIS users including the time of login and the time of the last action. To open the Licence Overview page:

  • Go to Home > More options, and then click Licence Overview.
Wskazówka

If you have questions about the different types of licences or the difference between concurrent users and named users, please refer to the sections Product Licences vs. Scenario Licences and Named Users vs. Concurrent Users.

Wskazówka

You can control whether actual login names are shown in this widget by setting the parameter ADOXX_WEB_TRACK_LOGINS in the file adoxx_web_conf.js to true/false. This file can be found in the folder <ADONIS installation>\conf”.

Server

This page allows you to perform various maintenance tasks. To open the Server page:

  • Go to Home > More options, and then click Server.

The following functionalities are available:

  • Restart Environment

    Restart the application server and the web application. All users will be logged out. As soon as the application server is up and running again, and the web application is completely initialised, login is possible again.

  • Restart Web Application

    Restart the web application. All web client users will be logged out. As soon as the web client is completely initialised, login is possible again.

  • Re-intialise search index

    Reinitialize the search index if you if you are encountering problems with the search function in ADONIS. Depending on the number of models and objects in the database this process may take a few minutes.

  • Start LDAP synchronisation

    Start the synchronization of users with an LDAP-compliant directory service according to the configuration specified on the Admin Page. The synchronization is triggered for all configured domains. During the synchronization, a progress bar provides information on the current status. After the synchronization, all newly synchronized users and any error codes are displayed for each domain.

    Wskazówka

    For questions about the necessary steps to enable synchronization, please refer to the Installation Manual.

  • Clear LDAP Cache

    When synchronization of users with an LDAP-compliant directory service is enabled and the option recursiveNodeLookup is enabled for one or more LDAP properties, ADONIS is caching results to speed up performance. To detect changes in the directory structure, this cache is automatically cleared when the web application is restarted, when you start LDAP synchronization here on the Admin Page, or when a periodic synchronization of users with LDAP is triggered.

    Use this button to clear the LDAP cache if recursiveNodeLookup is enabled, there are changes in the directory structure, and you want to make sure that users that log in to the ADONIS web client for the first time will be assigned correctly to system roles, user groups and repositories.

General Settings

Use this page to edit authentication settings. To open the General Settings page:

  • Go to Home > More options, and then click General Settings.
Wskazówka

To ensure the security of client connections to the Admin Page, we strongly recommended to enable SSL communication in the web client if you plan on editing the authentication configuration. Install ADONIS according to the Installation Manual and configure SSL/TLS support on Tomcat.

Uwaga

To edit these settings, you need experience with JSON. If you need help, contact your ADONIS consultant.

The following functionalities are available:

SAML Settings

Modify the global basic configuration parameters for SAML connectors.

Security Settings

Adapt the brute force protection settings.

Wskazówka

For details on how to configure the parameters please refer to section Configure Brute Force Protection Settings in the Installation Manual.

Licence Warnings

Configure Licence Warnings - automated email notifications when most of the available named users are already assigned for a specific scenario and action should be taken to extend the licence.

Language

Select the language for user group names, system role names etc. to be used in user mappings.

Upload Certificates

Upload certificates to use for signing and encryption during authentication and for data synchronization with a directory service. To reference an uploaded certificate, you can use the simple file name without any path information (e.g. BOC.jks).

Tracing

Turn on authentication trace logging in order to have additional authentication details logged in the web server logs. This is useful in the setup phase for authentication mechanisms such as SAML. Tracing will automatically be turned off on web server restart.

Reset Configuration

Reset the authentication settings to the factory settings. Any previously applied modifications will be lost.

Download Template

Download a sample configuration with all authentication parameters explained. You can copy the required code from the sample and use it as necessary.

Connectors

All authentication mechanisms (= connectors) of the ADONIS web client are listed here. The authentication mechanisms can be used separately or in combination.

In principal, the following authentication mechanisms are available:

  • Standard (= the standard login page)

  • IDM

  • SAML

  • OIDC

Each of these authentication mechanisms can be configured to use LDAP coupling to fetch additional user data from a directory service.

The following settings are available:

  • Edit Connector

    Click the button .

  • Delete Connector

    Click the button .

  • Add Connector

    Click the Add button .

Save Changes

Save changes made on this page. Once the changes are saved on the Admin Page, they take effect immediately. A restart is not required.

Configure Self-Service Password Reset

Self-service password reset lets ADONIS users reset their own passwords without having to contact their ADONIS administrator each time. They can simply click the "Forgot Password?" link on the login page, and will then receive an email with a link to reset their password.

Availability

This functionality is available if the mail component is configured and the Standard connector is used (= standard login page where the user can enter his or her username and password).

Wskazówka

The mail component can only be configured in the Administration Toolkit. For details please refer to the section Mail in the Administration Help (Rich Client).

The following users CANNOT reset their password themselves:

  • ADONIS Administrators (users with global administrator rights)

  • Technical users

  • Users from an external user management system

  • Users without email address

Configuration

On the Admin Page, you can enable/disable the self-service password reset and configure how long a password reset link is valid. By default, this feature is enabled and the expiry time of the link is 30 minutes.

To configure the password reset properties:

  • Go to Home > More options, and then click General Settings.

  • Edit the Standard Login connector and save the changes afterwards.

Here is the relevant code snippet:

 Configure Self-Service Password Reset

The following child properties of the property "properties" need to be added or modified:

  • password_reset_enabled

    JSON object with the following properties: "name": "password_reset_enabled" and "value" which may be "true" or "false" (to enable/disable password reset in self-service).

  • password_reset_link_expires_in_minutes

    JSON object with the following properties: "name": "password_reset_link_expires_in_minutes" and "value" specifying how long a link is valid in minutes (default: "30").

Configure Licence Warnings

On the Admin Page, you can configure an automated email notification when most of the available named users are already assigned for a specific scenario and action should be taken to extend the licence.

Availability

This functionality is available if the mail component is configured.

Wskazówka

The mail component can only be configured in the Administration Toolkit. For details please refer to the section Mail in the Administration Help (Rich Client).

Configuration

To configure the licence warnings:

  1. Go to Home > More options, and then click General Settings.

  2. Click the Licence Warnings button. Edit the settings and save the changes afterwards.

The following parameters are available:

  • notify-on-threshold-exceeded

    Specify whether a notification is sent when the number of named users for a scenario has exceeded the configured threshold. Possible values are "true" or "false".

  • notify-on-threshold-recovery

    Specify whether a notification is sent when the number of named users for a scenario has dropped below the configured threshold. Possible values are "true" or "false".

  • notification-recipient-email

    Enter the email address that should receive the notifications.

  • notification-threshold

    Specify the notification threshold. Enter the percentage of named users already assigned for a specific scenario that, when exceeded, triggers a licence warning.

LDAP

Use this page to edit LDAP settings. To open the LDAP page:

  • Go to Home > More options, and then click LDAP.
Wskazówka

To ensure the security of client connections to the Admin Page, we strongly recommended to enable SSL communication in the web client if you plan on editing the authentication configuration. Install ADONIS according to the Installation Manual and configure SSL/TLS support on Tomcat.

Uwaga

To edit these settings, you need experience with JSON. If you need help, contact your ADONIS consultant.

The following functionalities are available:

Upload Certificates

Upload certificates to use for signing and encryption during authentication and for data synchronization with a directory service. To reference an uploaded certificate, you can use the simple file name without any path information (e.g. BOC.jks).

Download Template

Download a sample configuration with all authentication parameters explained. You can copy the required code from the sample and use it as necessary.

Domains

All configured domains are listed here.

The following settings are available:

  • Edit Domain Configuration

    Click the button .

  • Delete Domain Configuration

    Click the button .

  • Add Domain Configuration

    Click the Add button .

LDAP Settings

Modify the general parameters that apply to all domains.

Save Changes

Save changes made on this page. Once the changes are saved on the Admin Page, they take effect immediately. A restart is not required.

OAuth 2.0

Use this page to edit OAuth 2.0 settings. To open the OAuth 2.0 page:

  • Go to Home > More options, and then click OAuth 2.0.

The following functionalities are available:

Upload Logos

Upload logos to represent client applications. You can use these logos when you configure client data.

General Settings

Select the OAuth 2.0 enabled check box to enable OAuth 2.0.

Clients

All configured clients are listed here. The following settings are available:

  • Edit Client Configuration

    Click the button . The Client Data form appears.

  • Delete Client Configuration

    Click the button .

  • Add Client Configuration

    Click the Add button . The Client Data form appears.

Save Changes

Save changes made on this page. Once the changes are saved on the Admin Page, they take effect immediately. A restart is not required.

Client Data

When you add a new client or edit an exisiting client on the OAuth 2.0 page, the Client Data form appears. You can enter and edit the following data:

  • Type: Select the client type. Confidential clients are e.g. centralized, server based applications, which are capable of securely storing client secrets. Public clients are e.g. purely client based applications and native apps which are not capable of securely storing client secrets.

  • ID: The ID of the client system. Must be unique among the clients, should be kept simple as special characters need to be URL encoded.

  • Name: The name of the client application. Will be shown on the user interface.

  • Redirect URI: The URL of a redirect endpoint inside the client application which will be called by the authorization server when issuing an authorization code.

Wskazówka

The Redirect URI is unnecessary when using the Client Credentials Flow, however the Client Data form requires this field to be filled (mandatory for Authorization Code Flow).

  • Logo: Select a logo to represent the client application (must be uploaded first on the OAuth 2.0 page). Will be shown on the user interface.

  • Access Token Validity (Seconds): The time in seconds how long an access token is valid until it expires. Default: 1800s = 30 minutes.

  • Refresh Token Validity (Seconds): The time in seconds how long an refresh token is valid until it expires. Default: 1209600s = 14 days.

  • Secret: The secret to use for client authentication. You can click Generate to generate a new secret or manually specify one.

Click Save after completing the Client Data form, and then click Save changes to save the OAuth 2.0 page.

JWT (REST)

How to configure the settings on the JWT (REST) page is explained as part of REST API documentation in the Administration Help (Rich Client). For details please refer to the section Enable JWT Authentication for ADONIS .

Information

This page allows you to download support information packages in different sizes. A support information package contains log files of the application server, log files of the web server including the web application as well as configuration files within an encrypted Zip archive. To open the Information page:

  • Go to Home > More options, and then click Information.

The following sizes are available:

  • Support Package SMALL

    Downloads log files from the last 24 hours.

  • Support Package MEDIUM

    Downloads log files from the last week.

  • Support Package LARGE

    Downloads all log files.

Download Support Information Package when Access to the Admin Page is not possible

You can still download the support package when the Admin Page cannot be reached in case of an error. In order to do so:

  • Open a web browser and navigate to "http://<SERVER_NAME>:<TOMCAT_PORT>/ADONIS16_0/supportinformation".

<SERVER_NAME> is the name of the server machine, <TOMCAT_PORT> is the port at which Apache Tomcat is accessible (by default this is 8000).

Example

If you are running the web client locally, the URL should look like this:

"http://localhost:8000/ADONIS16_0/supportinformation"

You can modify the URL to only download log files from a certain time period. In order to do this, add ?logType=<PARAMETER> to the URL. The following parameters that correspond to the package sizes listed above are available: "small", "medium" and "large".

Example

If you are running the web client locally and you want to download log files from the last 24 hours, the URL should look like this:

"http://localhost:8000/ADONIS16_0/supportinformation?logType=small"

Wskazówka

Please provide these log files when you contact our support team.

Debug Mode

This page allows you to activate the debug mode. The debug mode influences various details in the behaviour of the application and can be used for error analysis. To open the Debug Mode page:

  • Go to Home > More options, and then click Debug Mode.

The following functionalities are available:

Activate Debug Mode

To activate the debug mode:

  • Click Activate. Enter a duration and, optionally, a reason. Then, click OK.

The debug mode will automatically deactivate after the selected timespan.

Change Duration

To change the duration of the debug mode:

  • Click Change duration. Modify the duration as needed. Then, click OK.

Deactivate Debug Mode

To deactivate the debug mode:

  • Click Deactivate.
Uwaga

The debug mode should never be permanently enabled! It is recommended to only activate the debug mode on request of a BOC employee.

Maintenance

This page allows you to enable maintenance mode. Maintenance mode eases the planning of maintenance windows. To open the Maintenance page:

  • Go to Home > More options, and then click Maintenance.

To activate or deactivate maintenance mode:

  • Click Activate or Deactivate.

When maintenance mode is enabled, no further logins to the web application will be allowed and a corresponding message will be displayed. The Admin Page of the ADONIS web client is excluded from maintenance mode and can still be used.