PVWA Parameter File (Web.config)

The web.config file contains the configuration parameters for the PVWA Web application. During installation, the file is copied to the PVWA installation folder on the PVWA server, located in the Inetpub\wwwroot\PasswordVault folder.

Other than the web.config file, all the PVWA parameter files are configured in the PVWA interface. For more information, see Configure the system through PVWA.

 

All parameters must be specified without spaces.

 

Parameter

Description

VaultFile

The full path name of the Vault.ini file that contains the settings of the Password Vault (e.g. Address, Port, etc.). The IIS user must have read permissions for the file.

Acceptable values: Full path name

GWFile

The full path name of the user credential file that contains the Agent Account Vault username and encrypted password. The IIS user must have both read and write permissions for the file in order to change the password of the Agent account.

Acceptable values: Full path name

HomePage

The page that appears when a user clicks the CyberArk logo.

Acceptable values: Page name

CustomerLogoURL

The URL that is displayed when the user clicks the customized logo.

Acceptable values: URL

ConfigurationCredentialFile

The credentials file for the application user.

Acceptable values: Full path name

ConfigurationSafeName

The name of the Safe where the application configuration files are stored.

Acceptable values: Safe name

LogFolder

The full path name to a folder where the log files are stored.

Acceptable values: Full path name

ApplicationID

Identifies the instance of the PVWA on the machine. Use when more than one instance is installed on the same machine.

Type: String

FullVersionEnabled

Whether or not users can access the PVWA through the full version of the PVWA.

Acceptable Values: Yes/No

Default value: Yes

MobileVersionEnabled

Whether or not users can access the PVWA through the mobile version of the PVWA.

Acceptable Values: Yes/No

Default value: Yes

RSADecodeUserName

Whether or not to decode user names received from RSA authentication. For SecureID authentication through the PVWA, make sure this parameter is set to Yes.

Acceptable Values: Yes/No

Default value: Yes

maxRequestLength

The maximum size in KB of each request that is carried out by the PVWA. This includes the size of files that can be stored in the Vault and opened.

Type: Number

Default value: 10000

executionTimeout

Specifies the number of seconds after which a request is automatically timed out.

 

This is a .NET parameter that users can specify in the web.config file to override general parameters.

Type: Number

Default value: 90

AdvancedFIPSCryptography

Enables advanced FIPS cryptography.

Acceptable Values: Yes/No

Default value: No

maxJsonLength

Specifies the length of the JSON request.

 

This is a .NET parameter that users can specify in the web.config file to override general parameters.

Type: Number

PSMConnectionTimeout

Specifies the number of seconds that the PSM will try to connect to a remote machine, after which the connection is automatically timed out. This parameter is optional.

 

This is a .NET parameter that users can specify in the web.config file to override general parameters.

Type: Number between 0-500

Default value: 60

LoadBalancerClientAddressHeader

The HTTP Header field's name from which the PVWA should read the client IP. This parameter should be used when the PVWA is behind a load balancer. If the PVWA is behind a load balancer and this parameter is not used, or the specified value does not exist in the HTTP Header, the Vault will log incoming requests as if their source is the load balancer and not the real client IP.

Acceptable Values: String

EnableThrottling

Enables API throttling.

Type: Yes/No

Mandatory: No

Default value: No

MaxCPUUsage

The percentage of CPU usage required in order for throttling to take effect.

Type: Integer between 1-100

Mandatory: no

Default value: 90

MaxRequestPerProcessor

The maximum number of average requests per processor required in order for throttling to take effect.

Type: Non-negative integer

Mandatory: No

Default value: 8

NoOfSecondsBetweenSamples

Number of seconds between each sample of system metrics.

Type: Non-negative integer

Mandatory: No

Default value: 15

MinNoOfFailedConsecutiveSamples

Number of consecutive failed samples required in order for throttling to take effect.

Type:Positive integer

Mandatory: No

Default value: 8