The options below are advanced parameters stored in
C:\Program Files\VeridiumAD\RAEPServer\RaWebApp\web.config
Change them only under guidance from Veridium Support or when your deployment guide explicitly instructs you to do so.
|
Key |
Default value |
Description |
|---|---|---|
|
AddAccountName |
|
When set to |
|
bopsVerifyJWTTokenForCitrix |
|
For Citrix environments, every request is validated on the server. Leave at |
|
CheckPasswordExpiryByUPN |
|
In Citrix deployments, RA finds the user with a UPN-based LDAP query (using ADShortDomain and AD\_LDAP\_Domain) and checks whether the password has expired. |
|
CheckPasswordExpiryBySID |
|
Same as above, but the lookup uses the user’s SID instead of UPN. |
|
ADShortDomain |
|
Short domain name used for LDAP searches. |
|
AD\_LDAP\_Domain |
|
Full LDAP path used for directory searches. |
|
AddUserSIDToCertRequest |
|
Embeds the user’s SID in the certificate request (OID 1.3.6.1.4.1.311.25.2) to create a strong binding between user and certificate. |
|
upnSuffixReplacement |
(empty) |
Lets you swap the UPN suffix in incoming requests—handy for Entra ID hybrid scenarios. |
|
UseEmailAsUPN |
|
When enabled, the email attribute from GetStaticProfile is used as the UPN; the original UPN is ignored. |
|
cn |
|
Defines how the Common Name (CN) in the certificate is formatted. Choices: |
|
UseUpnAsUserIdentifier |
|
|
|
AddUserNameHint |
|
Adds a UserNameHint to the certificate based on the format defined in UserNameHintFormat. When |
|
UserNameHintFormat |
|
Template for the UserNameHint; placeholders: |
|
AddEmailToCertRequest |
|
Adds the user’s email address to the Subject Alternative Name (SAN) extension of the certificate. |
|
AddUpnToCertRequest |
|
Adds the user’s UPN to the Subject Alternative Name (SAN) extension of the certificate. |