Configuration files

This article provides an overview of all the files that are available for configuration and parametrization after installing Airlock IAM.

Standard file layout

The following table describes the standard file layout of Airlock IAM after installation:

Directory	Contents	Owner	Access (“airlock” User)
/opt/airlock-iam-<version>	Distribution of Airlock IAM of a specific version	root	read-only
/opt/airlock-iam	Link to the most recently installed distribution directory	root	read-only
/home/airlock/iam	Configuration files	airlock	read-write

File layout concept:

The files in the installation/distribution directory opt/ are read-only and should not be edited. There is one distribution directory for each installed IAM version (e.g., /opt/airlock-iam-8.2.1). The airlock-iam file in the opt directory links to the directory with the most recently installed IAM version.
The configuration files in the configuration directory /home/airlock/iam are editable. They are used to configure the details of the IAM instances. This article focusses on these files.

Configuration files - overview

The table below lists all the files that are available for configuration and parametrization after installing Airlock IAM. Per file, the table shows the file name, aim and usage, and location in your local IAM directory system, and provides further links to more detailed information in the IAM documentation.

Notice

All paths to the location of the listed files are relative to the configuration directory /home/airlock/iam/instances.

For a description of the instances directory, see Instances directory.

Notice

Some configuration files can either apply to one specific IAM instance or to all instances. This depends on the location of the file:

Location of

Configuration files that apply to all instances: /home/airlock/iam/instances/common
Configuration files that apply to one specific instance: /home/airlock/iam/instances/<instance-name>

File name	Aim and usage	Location	Further information
Basic configuration
`instance.properties`	This file defines all fundamental application properties of an Airlock IAM instance. It is used to launch your IAM instance. Example settings: Logging settings Java options	`<instance-name>`	Application parameters Instance configuration
`medusa-configuration.xml`	This XML file specifies the IAM instance configuration. This information is managed by and editable in the Config Editor. Each time you edit your instance's configuration in the Config Editor and activate the change, the new settings are directly written to the `medusa-configuration.xml` file. Notice Do not change this file manually; always modify the instance configuration settings via the Config Editor.	`<instance-name>`	IAM Config Editor (UI) Using environment variables in the IAM configuration
`sensitive-values.properties` `sensitive-values.jceks`	By default, IAM stores sensitive external configuration secrets outside the configuration XML in a JCEKS key store. The key store is automatically created using a random password. There are two files: The `sensitive-values.properties` file defines how to store the sensitive config values and what password to use. The `sensitive-values.jceks` file is the actual key store.	`<instance-name>`	External configuration secrets Keystore tools Technical information
Logs and audits
`all-modules.xml` `adminapp.xml` `api-policy-service.xml` `config-editor.xml` `logginapp.xml` `service-container.xml` `transaction-approval.xml`	IAM provides a logging configuration file template for each IAM module. The `<module-name>.xml` files specify the individual logging settings for a specific module. E.g., the `loginapp.xml` file defines the logging settings for the Loginapp. The `all-modules.xml` file specifies logging settings that are valid for all modules.	`<instance-name>/log4j`	Log4j 2 configuration files - examples
`medusa-audit-logger.properties`	The `medusa-audit-logger.properties` file specifies the properties of the sensitive key material of the audit logger.	`<instance-name>/audit-logger`
Profiles
`adminapp.properties` `loginapp.properties`	The `adminapp.properties` and the `loginapp.properties` files are so-called profile files. Profile files allow overriding some of the application parameters defined in the `instance.properties` file. They basically define which IAM modules to enable when launching IAM. By default, IAM only provides the `adminapp.properties` and the `loginapp.properties` profile files. Rename and modify these files if you want to create additional IAM launching profiles.	`<instance-name>/profiles`	Sandboxing with profiles Using profiles
Letter templates
`airlock-2fa-letter-<de/en>.docx` `password-letter-<de/en>.docx` etc.	Some situations in an authentication procedure require the sending of letters in PDF format to the end-user, e.g., in the case of a forgotten password or when activating a new Airlock 2FA device. The generation of these letters is based on Word templates. IAM provides a set of sample Word letter templates, which can be modified as needed.	`common/report-templates`	Report templates based on Word documents
Translation files
`strings_en.properties` `strings_de.properties` `strings_fr.properties` `strings_it.properties`	IAM provides (empty) language-specific `strings_.properties` files. These files can be used for language-specific customizations. You can customize the following text elements and messages:* Text elements displayed in the Adminapp and the Service Container module. Transaction approval text messages. Non-UI-related, REST API based text elements in the Loginapp, such as email-, SMS-, or Cronto-texts not shown in the browser (UI texts of the Loginapp are customized with the Loginapp Design Kit - for more information, see further below). The corresponding original text elements and messages are stored in the IAM installation directory, as `.json` files (Adminapp) or `strings_.properties` files (all other modules). These original files contain the property names of the text elements. Use these property names as keys for your customizations in the strings properties files in the configuration* directory. Notice Do not change the original text element files in the installation directory. These files are overwritten without notice during update- and installation procedures, and your customizations are lost. The list below shows the locations of the original text element files in the installation directory. All paths are relative to `/opt/airlock-iam-<version>/app`. Location of original text element files Adminapp : `adminapp/ui/i18n` Loginapp: `loginapp/WEB-INF/classes` Service Container: `service-container/WEB-INF/classes` Transaction approval: `transaction-approval/WEB-INF/classes`	Possible locations Location for language-specific customization files that apply to all instances: `common/<application-name>-texts` E.g., `common/adminapp-texts` Location for language-specific customization files that apply to one specific instance: `<instance-name>/<application-name>-texts` E.g., `auth/adminapp-texts` Common customization files applying to all instances overwrite the original language property files, whereas instance-specific customization files in turn overwrite the common customization files.	Customizing text elements in the Adminapp UI Customizing non-UI-related text elements in the Loginapp REST API Customizing text elements in the Transaction Approval module Customizing text elements in the Service Container

Loginapp UI customization with Loginapp Design Kit

To customize the UI texts of the Loginapp and adapt the look and feel of the Loginapp UI to your corporate design, Airlock IAM provides the Loginapp Design Kit.

The scope of the Loginapp Design Kit is as follows:

Customization of default translations of the Loginapp UI text elements.
Styling of the UI using SCSS.
Changing the layout (header/footer/content).
Modifying existing product pages.
Adding new pages.

For more information, see