Table of Contents

Graphlytic's configuration is stored in the "conf/graphlytic.conf" file.

Configuration from the graphlytic.conf file is loaded as the application default configuration when a new installation is started for the first time (no HSQL DB exists yet).

1. Environment Variables

Every configuration in the graphlytic.conf file can be overridden with environment variables of the OS (environment variables have higher priority than the graphlytic.conf values).

The environment variable names have to be written in uppercase with underscore "_" as separators (instead of the dot "." in the graphlytic.conf file), e.g. "MAIN_LOGDIR".

Environment variables can be used only when Graphlytic is run as a console application or using Docker. They do not work when Graphlytic is run as a system service.

Variables, that are not configurable in graphlytic.conf but only with environment variables:

Environment variable

Default Value

Description

GRAPHLYTIC_HTTP_PORT

8080

Port used for unencrypted application access.

GRAPHLYTIC_HTTPS_PORT

8443

Port used for encrypted application access.

GRAPHLYTIC_XMX


Maximum memory allocation pool for Graphlytic. Example value: 1g

GRAPHLYTIC_XMS


Initial memory allocation pool for Graphlytic. Example value: 256m

2. Mandatory Configuration

Mandatory configuration

# where Graphlytic stores its data
main.dataDir=../data/
# where Graphlytic stores log files
main.logDir=../data/logs/
# where Graphlytic stores external widgets
main.widgetsDir=../widgets/
# where Graphlytic stores external icons
main.iconsDir=../icons/
# where Graphlytic stores email templates
main.emailsDir=../emails/
# OPTIONAL (default is the main.dataDir value) - where Graphlytic stores the license key
main.licenseDir=../data/

Property key

Example Value

Description

main.dataDir

../data/

Location of the directory where Graphlytic stores its internal database.

main.logDir

../data/logs/

Location of the directory with application logs.

main.widgetsDir

../widgets/

Location of the directory with custom widgets installed in the application.

main.iconsDir

../icons/

Location of the directory with custom icons available in the application to be used to style the graph visualizations.

main.emailsDir

../emails/

Location of the directory with email templates.

main.licenseDir

../data/

Location of the directory where Graphlytic stores the license key. This is an optional parameter. If not defined, the main.dataDir value is used.

3. Optional Configurations

All optional configuration options in the graphlytic.conf file can be modified directly in the application.

3.1. Default Graph Connection

Different graph connections (together with a custom certificate upload) can be managed directly in the application. For more info see: Graph Connections

The Neo4j connection defined in the graphlytic.conf file is used as a default configuration. 

Default Graph Connection

# Default Neo4j Bolt connection
neo4j.connector.type=NEO4J_4
neo4j.connector.bolt=bolt://localhost:7687
neo4j.connector.username=neo4j
neo4j.connector.password=admin
#encryption of the connection to DB. Neo4j 4 requires ssl to be explicitly enabled and configured. It does not accept default self-signed Neo4j 3 certificates.
neo4j.connector.encrypted=false

Property key

Default value

Description

neo4j.connector.type

NEO4J_4

Graph Database type. Values: NEO4J_5, NEO4J_5_ENTERPRISE, NEO4J_4, NEO4J_4_ENTERPRISE, NEO4J_35, MEMGRAPH

neo4j.connector.bolt

bolt://localhost:7687

Graph Database Bolt protocol URL

neo4j.connector.username

neo4j

Graph connection username

neo4j.connector.password

admin

Graph connection password

neo4j.connector.encrypted

false

Graph connection encryption. If a trusted certificate is used on the Graph Database side then just set this to true. If it's an untrusted certificate please use the UI to load the certificate into Graphlytics's Keystore. For more info see: Graph Connections

3.2. Default SMTP Configuration

SMTP connection can be managed also directly in the app. For more info please refer to SMTP Email Server Connection.

To override the default SMTP configuration during app startup, add these options to the graphlytic.conf file and change the values to your desired configuration.

# SMTP connection
email.smtp.enable=true
email.smtp.host=localhost
email.smtp.port=1025
email.smtp.username=
email.smtp.password=
email.smtp.auth=false
email.smtp.starttls.enable=false
email.from.address=<info@graphlytic.com>

Property key

Value data type

Description

email.smtp.enable

Boolean

SMTP connection configuration - enable/disable configuration

email.smtp.host

String

SMTP connection configuration - hostname of the email server

email.smtp.port

Number

SMTP connection configuration - port number of the email server

email.smtp.username

String

SMTP connection configuration - email server's user used to send emails

email.smtp.password

String

SMTP connection configuration - user's password

email.smtp.auth

Boolean

SMTP connection configuration - enable/disable (true/false) authentication for the email server

email.smtp.starttls

Boolean

SMTP connection configuration - enable/disable (true/false) TLS communication

email.from.address

Email address string

Email address used in sending emails as the "from" address

Startup check

SMTP connection is tested during Graphlytic startup. If the connection was successful an info message is in the log.

Successful example:

20.05.14 15:46:54.613 INFO [Scanner-1] s.d.g.GraphlyticConfiguration:119 - SMTP connection successful

Unsuccessful example:

20.05.14 15:46:58.613 INFO [Scanner-1] s.d.g.GraphlyticConfiguration:119 - SMTP server is unreachable

3.3. Default Password Reset Configuration

Password Reset configuration can be managed also directly in the app. For more info please refer to Email Invitations and Password Reset.

To override the default Password Reset configuration during app startup, add these options to the graphlytic.conf file and change the values to your desired configuration.

# Email Templates
email.base.path=http://localhost:8080/
email.template.dir=c:/usr/local/graphlytic/emailing/
email.template.password.reset.subject=Testing password reset
email.template.password.reset=reset_html.ftl
email.template.password.create.subject=Testing password create
email.template.password.create=create_html.ftl
email.template.password.change.subject=Testing password change
email.template.password.change=change_html.ftl
# Email links validity durations (Java duration format)
password.reset.hash.validity=PT24H
password.change.hash.validity=PT24H
password.create.hash.validity=PT168H

Property key

Value data type

Description

email.base.path

URL string

Base path used to generate an URL link in emails. The Graphlytic's instance base URL should be used here.

email.template.dir

Path string

Relative or absolute path to the folder with the email templates.

email.template.password.reset.subject

String

The subject of the email sent after the login's page forgot password form submit

email.template.password.reset

File name string

The filename of the email template used to generate the email sent after the login's page forgot password form submit

email.template.password.create.subject

String

The subject of the email sent after a new user is created with an invitation email

email.template.password.create

File name string

The filename of the email template used to generate the email sent after a new user is created with an invitation email

email.template.password.change.subject

String

The subject of the email sent after the user's password is force-reset by the admin

email.template.password.change

File name string

The filename of the email template used to generate the email after the user's password is force-reset by the admin

password.reset.hash.validity

Java duration string

Validity duration for password change links generated on the login's page forgot password form. Format: ISO 8601 duration.

password.change.hash.validity

Java duration string

Validity duration for password change links generated by the admin on the User management page. Format: ISO 8601 duration.

password.create.hash.validity

Java duration string

Validity duration for invitation links generated when a new user is created. Format: ISO 8601 duration.

3.4. Default Single Sign-On Configuration

Single Sign-On configuration can be managed also directly in the app. For more info please refer to Single sign-on.

To override the default Single Sign-On configuration during app startup, add these options to the graphlytic.conf file and change the values to your desired configuration.

# SAML2 IdP connection
login.autoRedirect=false
saml2.idpid.loginButtonLabel=Sign in with SSO
saml2.idpid.name=idpid
saml2.idpid.certificate.signing=c:/usr/local/graphlytic/conf/idp-pub
saml2.idpid.certificate.encryption=
saml2.idpid.entity.remote=active_directory_id
saml2.idpid.entity.local=graphlytic_idp_id
saml2.idpid.webSsoUrl=https://idp_url_for_login.com/sso
saml2.idpid.assertionConsumerUrl=https://domain.com/login/saml2/sso/idpid
saml2.idpid.groupClaim=claims/role
saml2.idpid.firstNameClaim=claims/firstName
saml2.idpid.lastNameClaim=claims/lastName
saml2.idpid.emailClaim=claims/email
saml2.idpid.autoManageGroups=true
saml2.idpid.defaultGroup=Name_of_the_group
 
# Group mapping
saml2.idpid.groups.SomeActiveDirGroup=gl-administrators
saml2.idpid.groups.OtherActiveDirGroup=custom-group

Property

Example value

Description

login.autoRedirect

false

If set to true the user is automatically redirected to the SSO login from the Login page. For accessing the Login page please use URL with the logout parameter, e.g. "https://yourdomain.com/login?logout=true"

SAML2 IdP connection

saml2.idpid.loginButtonLabel

Sign in with SSO

Title of the Login page button. If missing, saml2.idpid.name, will be used instead.

saml2.idpid.name

idpid

Name of this configuration. Will be also used in assertion consumer url

saml2.idpid.certificate.signing

/usr/local/graphlytic/conf/idp-pub

Path to the IdP certificate for IdP signing verification. This certificate is used to verify that the response is correct and that it was sent from the contacted IdP.

saml2.idpid.certificate.encryption

/usr/local/graphlytic/conf/enc-pub

Path to the IdP certificate for encryption. Can be empty for no encryption. If defined, this certificate is used to decrypt messages from IdP.

saml2.idpid.entity.remote

active_directory_id

The IdP entity identifier (Asserting Party Entity Id).

saml2.idpid.entity.local

graphlytic_idp_id

The local application (Graphlytic) ID for IdP communication. Has to be created in the IdP configuration.

saml2.idpid.webSsoUrl

https://idp_url_for_login.com/sso

Login redirect URL. The user will be redirected to this location during the login workflow.

saml2.idpid.assertionConsumerUrl

https://domain.com/login/saml2/sso/idpid

Assertion URL where the successfully logged-in user is redirected back from the IdP. If not defined a default value is used (this value is sent in the IdP request and some IdPs are automatically reading and using this value).

saml2.idpid.groupClaim

claims/role

The claim name in the returned XML where the AD user groups are returned.

saml2.idpid.firstNameClaim

claims/firstName

The claim name in the returned XML where the user’s first name is returned.

saml2.idpid.lastNameClaim

claims/lastName

The claim name in the returned XML where the user’s last name is returned.

saml2.idpid.emailClaim

claims/email

The claim name in the returned XML where the user’s email address is returned.

saml2.idpid.autoManageGroups

true

Flag to turn on (true) or off (false) of the automatic Graphlytic user group mapping.

saml2.idpid.defaultGroup

Name_of_the_group

For autoManageGroups=true it’s the name of a Graphlytic user group that will be used if no mapping is successful. If the defaultGroup is not configured or the group doesn't exist in Graphlytic then such a user (with no user groups) is not created in Graphlytic (to minimize license consumption).

For autoManageGroups=false it’s the name of the group that will be assigned to all users created during SSO login.

Group mapping

saml2.idpid.groups.SomeActiveDirGroup

gl-administrators

Group mapping "SomeActiveDirGroup" >> "gl-administrators"

saml2.idpid.groups.OtherActiveDirGroup

custom-gl-group

Group mapping "OtherActiveDirGroup" >> "custom-gl-group"

3.5. Branding Options

Branding options can be managed also in the Application Settings. Use in-app Site Branding to customize branding.

Graphlytic supports basic branding options like changing the logo, primary color, or application title shown on the Login page.

To override the default Branding configuration during app startup, add these options to the graphlytic.conf file and change the values to your desired configuration.

# Branding - custom logo & header background
site.logo.title=Graphlytic
site.logo.image=/custom_logo/logo.svg
site.header.background=72,83,195

Property key

Example value

Description

site.logo.title

Graphlytic

Application title shown on the Login page.

site.logo.image

/custom_logo/logo.svg

Logo shown on every page in the top left corner.

site.header.background

72,83,195

Primary brand color used as the color of the header panel shown on every page and also primary color on buttons and other UI elements.

Color is defined as Red, Green, and Blue values from 0 to 255.

3.6. HSQL Schema Name

The name of the database schema used in Graphlytic's internal database can be configured in the graphlytic.conf file. The default value is GRAPHLYTIC and in most cases, there's no need to change the value. This configuration can be used to store the configuration of multiple Graphlytic instances in one HSQL database, but this is a very rare situation and generally, we discourage doing so.

#HSQLDB schema name
hsql.schema=GRAPHLYTIC