Configuration¶

This section describe the environment variables that are used to configure the Device Portal. It is divided into various sections. One general for the application itself, two for ISE. One main section and one additional one if pxGrid is enabled. There is one section for authentication settings where the backend is defined and finally a specific section for the chosen authentication backend either LDAP or Radius

Main application configuration parameters¶

Base configuration setting for onboarding app.

allow_unprovisioned¶

“Specifies if the workflow of onboarding unprovisioned devices should be enabled.

Type	`boolean`
Default	`False`
Required	`False`
Environment Variable	`DEVICE_ONBOARDING_ALLOW_UNPROVISIONED`

db_database¶

Name of database

Type	`string`
Default	`None`
Required	`True`
Environment Variable	`DEVICE_ONBOARDING_DB_DATABASE`

db_host¶

Hostname or address of database server, should be ‘db’ for an internal database or point to an FQDN for external databases.

Type	`string`
Default	`db`
Required	`False`
Environment Variable	`DEVICE_ONBOARDING_DB_HOST`

db_port¶

Port of the database server

Type	`integer`
Default	`1433`
Required	`False`
Environment Variable	`DEVICE_ONBOARDING_DB_PORT`

db_passwd¶

Password for the database user

Type	`string`
Default	`None`
Required	`True`
Environment Variable	`DEVICE_ONBOARDING_DB_PASSWD`

db_user¶

Database user account

Type	`string`
Default	`None`
Required	`True`
Environment Variable	`DEVICE_ONBOARDING_DB_USER`

redis¶

Redis Connection string

Type	`string`
Default	`redis://redis/`
Required	`False`
Environment Variable	`DEVICE_ONBOARDING_REDIS`

log_level¶

Logging level [‘CRITICAL’, ‘ERROR’, ‘WARNING’, ‘INFO’, ‘DEBUG’]

Type	`string`
Default	`INFO`
Required	`False`
Environment Variable	`DEVICE_ONBOARDING_LOG_LEVEL`

network_users¶

Enables handling of network users (internal ISE Users).

Type	`boolean`
Default	`False`
Required	`False`
Environment Variable	`DEVICE_ONBOARDING_NETWORK_USERS`

secret_key¶

A secret key for JSON Script WebToken (JWT). Use a generated value such as ‘openssl rand -hex 32’

Type	`string`
Default	`None`
Required	`True`
Environment Variable	`DEVICE_ONBOARDING_SECRET_KEY`

sgt_enabled¶

Incidates if the SGT features are enabled.

Type	`boolean`
Default	`False`
Required	`False`
Environment Variable	`DEVICE_ONBOARDING_SGT_ENABLED`

license_key¶

License key

Type	`string`
Default
Required	`False`
Environment Variable	`DEVICE_ONBOARDING_LICENSE_KEY`

Cisco ISE Configuration¶

Configuration settings for communication with Cisco ISE.

ise_disable_pxgrid¶

Determines if pxGrid should be disabled

Type	`boolean`
Default	`False`
Required	`False`
Environment Variable	`DEVICE_ONBOARDING_ISE_DISABLE_PXGRID`

ise_node_cert_path¶

The path of the ISE certificates

Type	`string`
Default	`/app/certs/ise`
Required	`False`
Environment Variable	`DEVICE_ONBOARDING_ISE_NODE_CERT_PATH`

ise_pan_address¶

The DNS name of the primary ISE node

Type	`string`
Default	`None`
Required	`True`
Environment Variable	`DEVICE_ONBOARDING_ISE_PAN_ADDRESS`

ise_password¶

The password of the ISE user

Type	`string`
Default	`None`
Required	`True`
Environment Variable	`DEVICE_ONBOARDING_ISE_PASSWORD`

ise_username¶

Username for accessing ISE

Type	`string`
Default	`None`
Required	`True`
Environment Variable	`DEVICE_ONBOARDING_ISE_USERNAME`

ise_wide_imports¶

If wide imports are enabled non admin users will be able to import any device from ISE, otherwise normal users can only import devices connected to ISE device groups they have access to

Type	`boolean`
Default	`False`
Required	`False`
Environment Variable	`DEVICE_ONBOARDING_ISE_WIDE_IMPORTS`

ise_endpoint_ipsk_attr¶

ISE Custom Attribute name for the iPSK attribute

Type	`string`
Default	`device_onboarding_ipsk`
Required	`False`
Environment Variable	`DEVICE_ONBOARDING_ISE_ENDPOINT_IPSK_ATTR`

ise_endpoint_interface_attr¶

ISE Custom Attribute name for the interface attribute

Type	`string`
Default	`device_onboarding_interface`
Required	`False`
Environment Variable	`DEVICE_ONBOARDING_ISE_ENDPOINT_INTERFACE_ATTR`

ise_endpoint_sgt_attr¶

ISE Custom Attribute name for the sgt attribute

Type	`string`
Default	`device_onboarding_sgt`
Required	`False`
Environment Variable	`DEVICE_ONBOARDING_ISE_ENDPOINT_SGT_ATTR`

ise_endpoint_group_attr¶

ISE Custom Attribute name for the device_group/endpoint_group attribute

Type	`string`
Default	`device_onboarding_group`
Required	`False`
Environment Variable	`DEVICE_ONBOARDING_ISE_ENDPOINT_GROUP_ATTR`

ise_user_interface_attr¶

ISE Custom Attribute name for the user interface attribute

Type	`string`
Default	`device_onboarding_interface`
Required	`False`
Environment Variable	`DEVICE_ONBOARDING_ISE_USER_INTERFACE_ATTR`

pxGrid configuration settings¶

Configuration settings for pxGrid when enabled.

ise_pxgrid_client_cert¶

Name of the client certificate file, if this isn’t an absolute path it will be prefixed by /app/certs/ise/

Type	`string`
Default	`None`
Required	`True`
Environment Variable	`DEVICE_ONBOARDING_ISE_PXGRID_CLIENT_CERT`

ise_pxgrid_client_description¶

Description of the pxGrid client

Type	`string`
Default	`Conscia Device Portal, used to monitor Radius sessions`
Required	`False`
Environment Variable	`DEVICE_ONBOARDING_ISE_PXGRID_CLIENT_DESCRIPTION`

ise_pxgrid_client_key¶

Name of the client secret file, if this isn’t an absolute path it will be prefixed by /app/certs/ise/

Type	`string`
Default	`None`
Required	`True`
Environment Variable	`DEVICE_ONBOARDING_ISE_PXGRID_CLIENT_KEY`

ise_pxgrid_client_key_secret¶

Password for the client secret file

Type	`string`
Default	`None`
Required	`True`
Environment Variable	`DEVICE_ONBOARDING_ISE_PXGRID_CLIENT_KEY_SECRET`

ise_pxgrid_client_name¶

Name of the pxGrid client

Type	`string`
Default	`conscia-device-portal-app`
Required	`False`
Environment Variable	`DEVICE_ONBOARDING_ISE_PXGRID_CLIENT_NAME`

Authentication settings¶

Authentication settings.

authentication_backend¶

Supported options are LDAPBackend or RadiusBackend

Type	`string`
Default	`LDAPBackend`
Required	`False`
Environment Variable	`AAA_AUTHENTICATION_BACKEND`

authorization_group_map¶

Mapping from specific user group to Application Role

Type	`string`
Default
Required	`False`
Environment Variable	`AAA_AUTHORIZATION_GROUP_MAP`

authorization_group_regex¶

Regex to identify a user’s relevant groups

Type	`string`
Default	`.*`
Required	`False`
Environment Variable	`AAA_AUTHORIZATION_GROUP_REGEX`

authorization_group_regex_map¶

Regex to map user groups to Application Roles

Type	`string`
Default
Required	`False`
Environment Variable	`AAA_AUTHORIZATION_GROUP_REGEX_MAP`

LDAP Backend¶

Configuration settings for LDAP Authentication

ldap_servers¶

LDAP Servers

Type	`string`
Default	`None`
Required	`True`
Environment Variable	`AAA_LDAP_SERVERS`

ldap_port¶

LDAP Port

Type	`integer`
Default	`389`
Required	`False`
Environment Variable	`AAA_LDAP_PORT`

ldap_tls_port¶

LDAP TLS Port

Type	`integer`
Default	`636`
Required	`False`
Environment Variable	`AAA_LDAP_TLS_PORT`

ldap_use_tls¶

Use TLS

Type	`boolean`
Default	`False`
Required	`False`
Environment Variable	`AAA_LDAP_USE_TLS`

ldap_tls_validate_server¶

Validate TLS

Type	`boolean`
Default	`False`
Required	`False`
Environment Variable	`AAA_LDAP_TLS_VALIDATE_SERVER`

ldap_tls_trust_file¶

Trustfile

Type	`string`
Default
Required	`False`
Environment Variable	`AAA_LDAP_TLS_TRUST_FILE`

ldap_base_dn¶

Base DN

Type	`string`
Default	`None`
Required	`True`
Environment Variable	`AAA_LDAP_BASE_DN`

ldap_query_field¶

Query field

Type	`string`
Default	`userPrincipalName`
Required	`False`
Environment Variable	`AAA_LDAP_QUERY_FIELD`

ldap_attrs¶

LDAP Attributes to collect

Type	`string`
Default	`displayName,initials,userPrincipalName,mail,memberOf,objectGUID`
Required	`False`
Environment Variable	`AAA_LDAP_ATTRS`

ldap_uuid_attrs¶

object guid

Type	`string`
Default	`objectGUID`
Required	`False`
Environment Variable	`AAA_LDAP_UUID_ATTRS`

ldap_authorization_group_attrs¶

Group attributes

Type	`string`
Default	`memberOf`
Required	`False`
Environment Variable	`AAA_LDAP_AUTHORIZATION_GROUP_ATTRS`

ldap_service_principal¶

LDAP Service User

Type	`string`
Default	`None`
Required	`True`
Environment Variable	`AAA_LDAP_SERVICE_PRINCIPAL`

ldap_service_password¶

LDAP Service Password

Type	`string`
Default	`None`
Required	`True`
Environment Variable	`AAA_LDAP_SERVICE_PASSWORD`

ldap_group_dn¶

Group DN, example OU=Users,DC=example,DC=com

Type	`string`
Default	`None`
Required	`True`
Environment Variable	`AAA_LDAP_GROUP_DN`

ldap_group_query¶

LDAP Group Query filter

Type	`string`
Default	`(&(cn=*)(objectClass=group))`
Required	`False`
Environment Variable	`AAA_LDAP_GROUP_QUERY`

ldap_nested_groups¶

Enable nested group support

Type	`boolean`
Default	`False`
Required	`False`
Environment Variable	`AAA_LDAP_NESTED_GROUPS`

RADIUS Backend¶

Configuration settings for RADIUS Authentication

radius_secret¶

Radius Secret

Type	`string`
Default	`None`
Required	`True`
Environment Variable	`AAA_RADIUS_SECRET`

radius_servers¶

Radius Servers

Type	`string`
Default	`None`
Required	`True`
Environment Variable	`AAA_RADIUS_SERVERS`