IDM configuration properties in Jetty

In IDM 7.3.2 and later, the embedded Jetty web server supports Jetty 12. Future releases of IDM 7.3.x are only compatible with Java 17. Jetty 12 requires this change.

When serving SSL requests, Jetty 12 checks that the incoming host header matches the server certificate’s subject and returns a 400 Bad Request error on a mismatch. If you’re upgrading to IDM 7.3.2 or later, you must ensure your IDM server certificate subject matches the host name used by your deployment.

Learn more in What’s new.

IDM exposes a Param class that you can use in jetty.xml to include IDM-specific configuration. The Param class exposes Bean properties for common Jetty settings and generic property access for other arbitrary settings.

Explicit Bean properties

To retrieve an explicit Bean property, use the following syntax in jetty.xml:

<Get class="org.forgerock.openidm.jetty.Param" name="<bean property name>"/>

For example, to set a Jetty property for keystore password:

<Set name="password">
    <Get class="org.forgerock.openidm.jetty.Param" name="keystorePassword"/>
</Set>

Also refer to the bundled jetty.xml for further examples.

The following explicit Bean properties are available; they map either to the boot.properties in the openidm/resolver/ subdirectory, or the secrets.json file in your project’s conf/ subdirectory.

port: Maps to openidm.port.http
port: Maps to openidm.port.https
port: Maps to openidm.port.mutualauth
keystoreType: Maps to `mainKeyStore`storeType
keystoreProvider: Maps to `mainKeyStore`providerName
keystoreLocation: Maps to `mainKeyStore`file
keystorePassword: Maps to `mainKeyStore`storePassword
truststoreLocation: Maps to `mainTrustStore`file
truststorePassword: Maps to `mainTrustStore`storePassword

Generic Properties

<Call class="org.forgerock.openidm.jetty.Param" name="getProperty">
  <Arg>org.forgerock.openidm.some.sample.property</Arg>
</Call>