Orchid Fusion VMS uses a configuration file (fusion.properties) and a logging file (logback.xml). These files contain settings that don’t change on a regular basis, and are reserved for those with administrator access. If a change to the configuration settings is required, please refer to the appropriate section (such as Working in Windows or Working in Ubuntu 16.04) earlier in this Installation Guide.
Orchid Fusion VMS’s configuration settings are included below.
Web Server Settings
Possible values include http and https. (The ssl.pem and ssl.key also need to be set. See SSL Properties.)
Port number of the web server.
Root path to the Orchid Fusion VMS HTML files.
Listening address (0.0.0.0 binds to all network interfaces).
Access-Control-Allow-Headers response header value (CORS). The default value is authorization, content-type.
Full path to the PEM encoded TLS certificate file.
Full path to the PEM encoded RSA key.
The sqlite database file.
Fusion Server Settings
Number of seconds between Orchid Core VMS data sync.
Updates the admin password (removed from the file after parsed). Prior to version 2.0.0, this was new.password.
This allows for the creation of a new user. (Set this to True and set the password property below to create a new user. Set this to False to delete a Fusion user.)
This may be used to reset the password of any user, or to create a new user (when combined with the enabled property above).
This allows for the promotion of any user to superuser status. (Set this to True to create a new superuser. Set this to False to revoke superuser status.)
Sets the number of Orchid Core VMS servers that will be displayed per page (on the Servers screen). The default is 10.
This optional setting may be used to set a custom, public URL for the Fusion server. Starting with version 2.6.2, this public URL will be displayed in Notification emails. In prior versions, the Notification emails displayed an IP address (which was not always helpful in identifying the source of the problem).
This setting may be used to automatically log a user out of the system after a set number of minutes of inactivity. Enter a number greater than zero to set the number of minutes of inactivity that the system will allow. (After that number of minutes expires, the software will log the user out of the system.) Enter zero to disable this setting. (Default: 0.)
RTSP Proxy Server Settings
Options are as follows:
Default – Orchid Fusion VMS UI will access the streams via UDP.
Orchid Fusion VMS UI will access the streams via TCP-interleaved.
Orchid Fusion VMS UI will access the streams via UDP SRTP. (Secure — ssl.pem and ssl.key must be set)
Orchid Fusion VMS UI will access the streams via TCP-interleaved TLS. (Secure tcp — ssl.pem and ssl.key must be set)
The port the rtsp proxy listens on (default 9554)
This is the RTSP transport protocol between Orchid Fusion VMS and Orchid Core VMS. Options are:
(http only works with target Orchid Core VMS servers running rtsp)
Time (in seconds) to periodically check for inactive sessions. Default is 2 seconds.
The maximum number of queued requests for the server. Default is 50.
The maximum number of threads used by the pool to handle client requests. A value of 0 will use the pool mainloop; a value of -1 will use an unlimited number of threads. The default is 100.
The maximum allowed number of sessions. A value of 0 allows an unlimited number of sessions. Default is 128.
Sets the minimum RTP port range. A value of 0 will disable the minimum setting (meaning the server may use any available port). Default is 0. If this is set to 0 (disabled), the rtsp.port.range.max will also be disabled.
Sets the maximum RTP port range. A value of 0 will disable the maximum setting (meaning the server may use any available port). Default is 0. If this is set to 0 (disabled), the rtsp.port.range.min will also be disabled.
Sign In Options
Beginning with version 2.0.0, Orchid Fusion VMS offers multiple ways to sign in. Important information regarding the configuration file is included below.
Enabling Google sign in requires an OAuth client ID for Orchid Fusion VMS that is generated by Google. For more information, please refer to https://console.developers.google.com/apis/credentials.
This property enables Google sign in. (For example: google.auth.clientid=<your client id>)
To use Active Directory authentication, you must already have an Active Directory server with at least one Active Directory group with one Active Directory user. The following properties will also need to be configured, as noted.
This command identifies the active directory server. If there are more than one, use a comma to separate multiple server addresses.
This property was previously required to initialize admin access and provides a comma-separated list of groups for each domain. This property is now optional. You may use the Orchid Fusion VMS user interface to add Active Directory Administrator groups.
This property allows authentication to follow references to another server. Values include follow (the default), ignore, and throw.
Azure Active Directory
To use Azure Active Directory authentication, you must create an Azure Active Directory App. (Please refer to Microsoft documentation for the most up-to-date instructions.). The following properties will also need to be configured, as noted.
This property provides the Application ID assigned to your App when you registered it with Azure Active Directory.
This property provides the application secret that you saved after creating it in the Azure Portal.
This property provides the Microsoft OAuth 2.0 Authorize Endpoint assigned to your App when you registered it with Azure Active Directory.
This property defines the domain associated with this Azure Active Directory instance. This can be anything, but in most cases should match the domain into which users are logging in. For example, for users logging in as <Users>@ipconfigure.com, the appropriate domain setting would be ipconfigure.com.
To use FreeIPA authentication, you must already have a FreeIPA server with at least one FreeIPA group with one user. The following properties will also need to be configured, as noted.
This property provides a list of authentication domains from FreeIPA.
This property sets the base domain name used when authenticating a FreeIPA user. (This is an advanced FreeIPA option that will only need to be defined if the users are located somewhere other than the domains defined in the property above.)
All LDAP Authenticators (Active Directory, FreeIPA)
Orchid Fusion VMS uses the LDAP protocol to communicate with both Active Directory and FreeIPA servers. You may need to define the property below (as noted).
This property provides a list of alternate domain names for servers registered with Active Directory or FreeIPA. (This is an advanced setting that will only be needed if the users are signing in to an “alias” domain for Active Directory or FreeIPA.)