Table of Contents
Graphlytic's configuration is stored in the "conf/graphlytic.conf" file.
Configuration from the graphlytic.conf file is loaded as the application default configuration when a new installation is started for the first time (no HSQL DB exists yet).
1. Environment Variables
Every configuration in the graphlytic.conf file can be overridden with environment variables of the OS (environment variables have higher priority than the graphlytic.conf values).
The environment variable names have to be written in uppercase with underscore "_" as separators (instead of the dot "." in the graphlytic.conf file), e.g. "MAIN_LOGDIR".
Environment variables can be used only when Graphlytic is run as a console application or using Docker. They do not work when Graphlytic is run as a system service.
Variables, that are not configurable in graphlytic.conf but only with environment variables:
Environment variable | Default Value | Description |
---|---|---|
GRAPHLYTIC_HTTP_PORT | 8080 | Port used for unencrypted application access. |
GRAPHLYTIC_HTTPS_PORT | 8443 | Port used for encrypted application access. |
GRAPHLYTIC_XMX | Maximum memory allocation pool for Graphlytic. Example value: 1g | |
GRAPHLYTIC_XMS | Initial memory allocation pool for Graphlytic. Example value: 256m |
2. Mandatory Configuration
Mandatory configuration
# where Graphlytic stores its data
main.dataDir=..
/data/
# where Graphlytic stores log files
main.logDir=..
/data/logs/
# where Graphlytic stores external widgets
main.widgetsDir=..
/widgets/
# where Graphlytic stores external icons
main.iconsDir=..
/icons/
# where Graphlytic stores email templates
main.emailsDir=..
/emails/
# OPTIONAL (default is the main.dataDir value) - where Graphlytic stores the license key
main.licenseDir=..
/data/
Property key | Example Value | Description |
---|---|---|
main.dataDir | ../data/ | Location of the directory where Graphlytic stores its internal database. |
main.logDir | ../data/logs/ | Location of the directory with application logs. |
main.widgetsDir | ../widgets/ | Location of the directory with custom widgets installed in the application. |
main.iconsDir | ../icons/ | Location of the directory with custom icons available in the application to be used to style the graph visualizations. |
main.emailsDir | ../emails/ | Location of the directory with email templates. |
main.licenseDir | ../data/ | Location of the directory where Graphlytic stores the license key. This is an optional parameter. If not defined, the main.dataDir value is used. |
3. Optional Configurations
All optional configuration options in the graphlytic.conf file can be modified directly in the application.
3.1. Default Graph Connection
Different graph connections (together with a custom certificate upload) can be managed directly in the application. For more info see: Graph Connections
The Neo4j connection defined in the graphlytic.conf file is used as a default configuration.
Default Graph Connection
# Default Neo4j Bolt connection
neo4j.connector.
type
=NEO4J_4
neo4j.connector.bolt=bolt:
//localhost
:7687
neo4j.connector.username=neo4j
neo4j.connector.password=admin
#encryption of the connection to DB. Neo4j 4 requires ssl to be explicitly enabled and configured. It does not accept default self-signed Neo4j 3 certificates.
neo4j.connector.encrypted=
false
Property key | Default value | Description |
---|---|---|
neo4j.connector.type | NEO4J_4 | Graph Database type. Values: NEO4J_5, NEO4J_5_ENTERPRISE, NEO4J_4, NEO4J_4_ENTERPRISE, NEO4J_35, MEMGRAPH |
neo4j.connector.bolt | bolt://localhost:7687 | Graph Database Bolt protocol URL |
neo4j.connector.username | neo4j | Graph connection username |
neo4j.connector.password | admin | Graph connection password |
neo4j.connector.encrypted | false | Graph connection encryption. If a trusted certificate is used on the Graph Database side then just set this to true. If it's an untrusted certificate please use the UI to load the certificate into Graphlytics's Keystore. For more info see: Graph Connections |
3.2. Default SMTP Configuration
SMTP connection can be managed also directly in the app. For more info please refer to SMTP Email Server Connection.
To override the default SMTP configuration during app startup, add these options to the graphlytic.conf file and change the values to your desired configuration.
# SMTP connection
email.smtp.enable=
true
email.smtp.host=localhost
email.smtp.port=
1025
email.smtp.username=
email.smtp.password=
email.smtp.auth=
false
email.smtp.starttls.enable=
false
email.from.address=<info
@graphlytic
.com>
Property key | Value data type | Description |
---|---|---|
email.smtp.enable | Boolean | SMTP connection configuration - enable/disable configuration |
email.smtp.host | String | SMTP connection configuration - hostname of the email server |
email.smtp.port | Number | SMTP connection configuration - port number of the email server |
email.smtp.username | String | SMTP connection configuration - email server's user used to send emails |
email.smtp.password | String | SMTP connection configuration - user's password |
email.smtp.auth | Boolean | SMTP connection configuration - enable/disable (true/false) authentication for the email server |
email.smtp.starttls | Boolean | SMTP connection configuration - enable/disable (true/false) TLS communication |
email.from.address | Email address string | Email address used in sending emails as the "from" address |
Startup check
SMTP connection is tested during Graphlytic startup. If the connection was successful an info message is in the log.
Successful example:
20.05
.
14
15
:
46
:
54.613
INFO [Scanner-
1
] s.d.g.GraphlyticConfiguration:
119
- SMTP connection successful
Unsuccessful example:
20.05
.
14
15
:
46
:
58.613
INFO [Scanner-
1
] s.d.g.GraphlyticConfiguration:
119
- SMTP server is unreachable
3.3. Default Password Reset Configuration
Password Reset configuration can be managed also directly in the app. For more info please refer to Email Invitations and Password Reset.
To override the default Password Reset configuration during app startup, add these options to the graphlytic.conf file and change the values to your desired configuration.
# Email Templates
email.base.path=http:
//localhost:8080/
email.template.dir=c:/usr/local/graphlytic/emailing/
email.template.password.reset.subject=Testing password reset
email.template.password.reset=reset_html.ftl
email.template.password.create.subject=Testing password create
email.template.password.create=create_html.ftl
email.template.password.change.subject=Testing password change
email.template.password.change=change_html.ftl
# Email links validity durations (Java duration format)
password.reset.hash.validity=PT24H
password.change.hash.validity=PT24H
password.create.hash.validity=PT168H
Property key | Value data type | Description |
---|---|---|
email.base.path | URL string | Base path used to generate an URL link in emails. The Graphlytic's instance base URL should be used here. |
email.template.dir | Path string | Relative or absolute path to the folder with the email templates. |
email.template.password.reset.subject | String | The subject of the email sent after the login's page forgot password form submit |
email.template.password.reset | File name string | The filename of the email template used to generate the email sent after the login's page forgot password form submit |
email.template.password.create.subject | String | The subject of the email sent after a new user is created with an invitation email |
email.template.password.create | File name string | The filename of the email template used to generate the email sent after a new user is created with an invitation email |
email.template.password.change.subject | String | The subject of the email sent after the user's password is force-reset by the admin |
email.template.password.change | File name string | The filename of the email template used to generate the email after the user's password is force-reset by the admin |
password.reset.hash.validity | Java duration string | Validity duration for password change links generated on the login's page forgot password form. Format: ISO 8601 duration. |
password.change.hash.validity | Java duration string | Validity duration for password change links generated by the admin on the User management page. Format: ISO 8601 duration. |
password.create.hash.validity | Java duration string | Validity duration for invitation links generated when a new user is created. Format: ISO 8601 duration. |
3.4. Default Single Sign-On Configuration
Single Sign-On configuration can be managed also directly in the app. For more info please refer to Single sign-on.
To override the default Single Sign-On configuration during app startup, add these options to the graphlytic.conf file and change the values to your desired configuration.
# SAML2 IdP connection
login.autoRedirect=
false
saml2.idpid.loginButtonLabel=Sign in with SSO
saml2.idpid.name=idpid
saml2.idpid.certificate.signing=c:/usr/local/graphlytic/conf/idp-pub
saml2.idpid.certificate.encryption=
saml2.idpid.entity.remote=active_directory_id
saml2.idpid.entity.local=graphlytic_idp_id
saml2.idpid.webSsoUrl=https:
//idp_url_for_login.com/sso
saml2.idpid.assertionConsumerUrl=https:
//domain.com/login/saml2/sso/idpid
saml2.idpid.groupClaim=claims/role
saml2.idpid.firstNameClaim=claims/firstName
saml2.idpid.lastNameClaim=claims/lastName
saml2.idpid.emailClaim=claims/email
saml2.idpid.autoManageGroups=
true
saml2.idpid.defaultGroup=Name_of_the_group
# Group mapping
saml2.idpid.groups.SomeActiveDirGroup=gl-administrators
saml2.idpid.groups.OtherActiveDirGroup=custom-group
Property | Example value | Description |
---|---|---|
login.autoRedirect | false | If set to true the user is automatically redirected to the SSO login from the Login page. For accessing the Login page please use URL with the logout parameter, e.g. "https://yourdomain.com/login?logout=true" |
SAML2 IdP connection | ||
saml2.idpid.loginButtonLabel | Sign in with SSO | Title of the Login page button. If missing, saml2.idpid.name, will be used instead. |
saml2.idpid.name | idpid | Name of this configuration. Will be also used in assertion consumer url |
saml2.idpid.certificate.signing | /usr/local/graphlytic/conf/idp-pub | Path to the IdP certificate for IdP signing verification. This certificate is used to verify that the response is correct and that it was sent from the contacted IdP. |
saml2.idpid.certificate.encryption | /usr/local/graphlytic/conf/enc-pub | Path to the IdP certificate for encryption. Can be empty for no encryption. If defined, this certificate is used to decrypt messages from IdP. |
saml2.idpid.entity.remote | active_directory_id | The IdP entity identifier (Asserting Party Entity Id). |
saml2.idpid.entity.local | graphlytic_idp_id | The local application (Graphlytic) ID for IdP communication. Has to be created in the IdP configuration. |
saml2.idpid.webSsoUrl | https://idp_url_for_login.com/sso | Login redirect URL. The user will be redirected to this location during the login workflow. |
saml2.idpid.assertionConsumerUrl | https://domain.com/login/saml2/sso/idpid | Assertion URL where the successfully logged-in user is redirected back from the IdP. If not defined a default value is used (this value is sent in the IdP request and some IdPs are automatically reading and using this value). |
saml2.idpid.groupClaim | claims/role | The claim name in the returned XML where the AD user groups are returned. |
saml2.idpid.firstNameClaim | claims/firstName | The claim name in the returned XML where the user’s first name is returned. |
saml2.idpid.lastNameClaim | claims/lastName | The claim name in the returned XML where the user’s last name is returned. |
saml2.idpid.emailClaim | claims/email | The claim name in the returned XML where the user’s email address is returned. |
saml2.idpid.autoManageGroups | true | Flag to turn on (true) or off (false) of the automatic Graphlytic user group mapping. |
saml2.idpid.defaultGroup | Name_of_the_group | For autoManageGroups=true it’s the name of a Graphlytic user group that will be used if no mapping is successful. If the defaultGroup is not configured or the group doesn't exist in Graphlytic then such a user (with no user groups) is not created in Graphlytic (to minimize license consumption). For autoManageGroups=false it’s the name of the group that will be assigned to all users created during SSO login. |
Group mapping | ||
saml2.idpid.groups.SomeActiveDirGroup | gl-administrators | Group mapping "SomeActiveDirGroup" >> "gl-administrators" |
saml2.idpid.groups.OtherActiveDirGroup | custom-gl-group | Group mapping "OtherActiveDirGroup" >> "custom-gl-group" |
3.5. Branding Options
Branding options can be managed also in the Application Settings. Use in-app Site Branding to customize branding.
Graphlytic supports basic branding options like changing the logo, primary color, or application title shown on the Login page.
To override the default Branding configuration during app startup, add these options to the graphlytic.conf file and change the values to your desired configuration.
# Branding - custom logo & header background
site.logo.title=Graphlytic
site.logo.image=/custom_logo/logo.svg
site.header.background=
72
,
83
,
195
Property key | Example value | Description |
---|---|---|
site.logo.title | Graphlytic | Application title shown on the Login page. |
site.logo.image | /custom_logo/logo.svg | Logo shown on every page in the top left corner. |
site.header.background | 72,83,195 | Primary brand color used as the color of the header panel shown on every page and also primary color on buttons and other UI elements. Color is defined as Red, Green, and Blue values from 0 to 255. |
3.6. HSQL Schema Name
The name of the database schema used in Graphlytic's internal database can be configured in the graphlytic.conf file. The default value is GRAPHLYTIC and in most cases, there's no need to change the value. This configuration can be used to store the configuration of multiple Graphlytic instances in one HSQL database, but this is a very rare situation and generally, we discourage doing so.
#HSQLDB schema name
hsql.schema=GRAPHLYTIC