In the /integrations subfolder you will find a suggested layout for individual files which can be used to manage advanced settings.
You can make the following additional config to any apps configured in the zfa section (note that this example refers to an app which has been named global for which you should already have specified the client ID and client secret in the core.yaml file):
zfa: global: otp_endpoint: https://api.mpin.io/otp max_uses: 1 max_attempts: 3
Note that otp_endpoint should always be
max_uses controls the number of times an issued OTP can be used before it expires.
max_attempts controls the number of incorrect attempts a user can make before they are blocked. The maximum value for this is 5.
log: level: INFO network: tcp address: 127.0.0.1:514
Can be set to "EMERGENCY", "ALERT", "CRITICAL", "ERROR", "WARNING", "NOTICE", "INFO" or "DEBUG".
Note that it should not be set to DEBUG in a production environment.
The program uses StatsD to collect usage metrics which can then be used with a StatsD-compatible client such as Graphite to visually render key system performance information such as session starts, logins, communicating with the authentication server, spikes in 404 statuses etc.
An example config would be:
stats: prefix: srv-idp network: udp address: :8125
Note that prefix defines the prefix that is given to each bucket of stats. Address can be in the format of 'url:port' or just 'port'.
The above example would be suitable for a Graphite installation, as Graphite https://github.com/etsy/statsd/blob/master/docs/graphite.md listens on port 8125 by default. A useful Docker image for Graphite can be found at https://github.com/hopsoft/docker-graphite-statsd
The system uses Redis to collect data for logged in sessions. Below is the default config. Redis can be used locally or installed on a separate machine. In a production environment, AWS Elasticache may be used.
redis: network: tcp address: :6379 password: ""