Realm Settings
General
| Label | Value |
|---|---|
| Name | X4Realm |
| Enabled | ON |
Login
| Label | Value |
|---|---|
| User registration | OFF |
| Edit username | OFF |
| Forgot password | OFF |
| Remember Me | OFF |
| Verify email | OFF |
| Login with email | ON |
| Require SSL | external requests |
Tokens
| Label | Value |
|---|---|
| Default Signature Algorithm | RS256 |
| Revoke Refresh Token | OFF |
| SSO Session Idle | 30 Minutes |
| SSO Session Max | 10 Hours |
| SSO Session Idle Remember Me | 0 Minutes |
| SSO Session Max Remember Me | 0 Minutes |
| Offline Session Idle | 30 Days |
| Offline Session Max Limited | OFF |
| Client Session Idle | 0 Minutes |
| Client Session Max | 0 Minutes |
| Access Token Lifespan | 5 Minutes |
| Access Token Lifespan For Implicit Flow | 15 Minutes |
| Client login timeout | 1 Minutes |
| Login timeout | 30 Minutes |
| Login action timeout | 5 Minutes |
| User-Initiated Action Lifespan | 5 Minutes |
| Default Admin-Initiated Action Lifespan | 12 Hours |
| OAuth 2.0 Device Code Lifespan | 10 Minutes |
| OAuth 2.0 Device Polling Interval | 5 |
Security Defenses
| Label | Value |
|---|---|
| X-Frame-Options | SAMEORIGIN |
| Content-Security-Policy | frame-src 'self'; frame-ancestors 'self'; object-src 'none'; |
| X-Content-Type-Options | nosniff |
| X-Robots-Tag | none |
| X-XSS-Protection | 1; mode=block |
| HTTP Strict Transport Security (HSTS) | max-age=31536000; includeSubDomains |