RAEP - Advanced web.config configuration
The options below are advanced parameters stored in
C:\Program Files\VeridiumAD\RAEPServer\RaWebApp\web.config
Change them only under guidance from Veridium Support or when your deployment guide explicitly instructs you to do so.
Key | Default value | Description |
|---|---|---|
AddAccountName |
| When set to |
bopsVerifyJWTTokenForCitrix |
| For Citrix environments, every request is validated on the server. Leave at |
CheckPasswordExpiryByUPN |
| In Citrix deployments, RA finds the user with a UPN-based LDAP query (using ADShortDomain and AD\_LDAP\_Domain) and checks whether the password has expired. |
CheckPasswordExpiryBySID |
| Same as above, but the lookup uses the user’s SID instead of UPN. |
ADShortDomain |
| Short domain name used for LDAP searches. |
AD\_LDAP\_Domain |
| Full LDAP path used for directory searches. |
AddUserSIDToCertRequest |
| Embeds the user’s SID in the certificate request (OID 1.3.6.1.4.1.311.25.2) to create a strong binding between user and certificate. |
upnSuffixReplacement | (empty) | Lets you swap the UPN suffix in incoming requests—handy for Entra ID hybrid scenarios. |
UseEmailAsUPN |
| When enabled, the email attribute from GetStaticProfile is used as the UPN; the original UPN is ignored. |
cn |
| Defines how the Common Name (CN) in the certificate is formatted. Choices: |
UseUpnAsUserIdentifier |
|
|
AddUserNameHint |
| Adds a UserNameHint to the certificate based on the format defined in UserNameHintFormat. When |
UserNameHintFormat |
| Template for the UserNameHint; placeholders: |
AddEmailToCertRequest |
| Adds the user’s email address to the Subject Alternative Name (SAN) extension of the certificate. |
AddUpnToCertRequest |
| Adds the user’s UPN to the Subject Alternative Name (SAN) extension of the certificate. |