lenses.access.control.allow.methodsHTTP verbs allowed in cross-origin HTTP requestsGET,POST,PUT,DELETE,OPTIONS
lenses.access.control.allow.originAllowed hosts for cross-origin HTTP requests*
lenses.allow.weak.sslAllow https:// with self-signed certificatesfalse
lenses.ssl.keystore.locationThe full path to the keystore file used to enable TLS on Lenses port
lenses.ssl.keystore.passwordPassword for the keystore file
lenses.ssl.key.passwordPassword for the ssl certificate used
lenses.ssl.enabled.protocolsVersion of TLS protocol to useTLSv1.2
lenses.ssl.algorithmX509 or PKIX algorithm to use for TLS terminationSunX509
lenses.ssl.cipher.suitesComma separated list of ciphers allowed for TLS negotiation


LDAP or AD connectivity is optional. All settings are string.

KeyDescriptionDefault server URL (TLS, StartTLS and unencrypted supported) user account. Must be able to list users and their groups. The distinguished name (DN) must be used account password base path for querying user accounts. All user accounts that will be able to access Lenses should be under this path query filter for matching users. Lenses will request all entries under the base path that satisfy this filter. The result should be unique(&(objectClass=person)(sAMAccountName=<user>)) classpath that implements the LDAP query for the user’s groups. You can use the implementation that comes with Lenses if your LDAP setup is supported user attribute that provides memberOf information. In most implementations the attribute has the same name, so you don’t have to set anything. Used by the default pluginmemberOf regular expression to extract a part of the user’s groups. If this part matches a Lenses group, the user will be granted all the permissions of this group. Lenses checks against the list of memberOf attribute values and uses the first regex group that is returned(?i)CN=(\\w+),ou=Groups.* key is used by the included LDAP plugin class LdapMemberOfUserGroupPlugin. It expects the LDAP user attribute that provides the full name of the usersn

And additional configuration setting when set to true will use the account to read the groups of the current logged user. The default behavior (false) uses the current logged user to read group memberships.


KeyDescriptionDefault HTTPS URL that matches the Service Provider (SP) and part of the Identity Provider (IdP) SAML handshake i.e. Service Provider (SP) Entity ID for Lenses, used as part of the SAML handshake protocol. Identity Provider (IdP) type: azure, google, keycloak, okta, onelogin to XML file provided by the Identity Provider. e.g. /path/to/saml-idp.xml maximum “duration since login” to accept from IdP. A SAML safety measure that is usually not used. See the duration syntax.100days for the Java keystore file to be used for SAML crypto i.e. /path/to/keystore.jks for accessing the keystore to use for the private key within the keystore (only required when the keystore has multiple keys) for accessing the private key within the keystore


KeyDescriptionDefault Kerberos principal for Lenses to use in the SPNEGO form: HTTP/lenses.address@REALM.COM to Kerberos keytab with the service principal. It should not be password protected Java’s JAAS debugging informationfalse
Last modified: July 3, 2024