|Agent Mode||Assess & Protect|
|Main Product Category||Contrast UI|
In the event when Contrast Teamserver property files need to be updated there are two ways to accomplish this.
For simple changes to the properties files, it is best to use the encrypted properties editor as outlined in our Open docs article.
When using the encrypted properties editor is not feasible due to the sheer amount of updates needed. For instance, automating changes with multiple Teamserver Nodes in a cluster, you can create .cleartext versions of the .properties files and place them in the /data/conf/ folder. When Contrast is started it will ingest these .cleartext files, by replacing the current .properties file with the new .cleartext version and then removing the .cleartext file.
The following example illustrates this method using the saml.properties file.
1. Use the encrypted properties editor to extract the values out of the properties file.
authenticator.saml.keystore.path : /path/to/jks.jks
authenticator.saml.keystore.default.key : default_keystore
authenticator.saml.keystore.passwordMap : keystore=pass
authenticator.saml.keystore.password : keystore_pass
authenticator.saml.url : http://acme.local:8080/Contrast
2. Create a new file with the same name +.cleartext
3. Paste in the contents of those value.
4. Modify the values as needed and save the file.
5. Make sure to set the correct ownership on the .cleartext files to match the rest in the folder contents. Typically these are owned by the contrast_service group and user.
chown contrast_service:contrast_service *.cleartext
6. Restart the contrast server
All the .cleartext files will start to disappear as the properties files are updated&encrypted. You can check the logs to see if this was done by looking for the following entry.
INFO (DataInitializationListener.java:671) Updated /opt/contrast/data/conf/saml.properties with /opt/contrast/data/conf/saml.properties.cleartext
Note! Teamserver requires a functional database.properties to start. Before updates to this cleartext file are made, Tomcat checks that it has a valid connection to the MySQL database.