Nexeed
    • Introduction
    • User manual
      • Basic operation
      • Getting started
      • User
      • Groups
      • Roles
      • Organizations
      • Contracts
      • Modules
      • Identity providers
        • General Settings for the Identity Provider
        • Mapper Overview
      • Reports
      • Activity log
      • My Account
        • Overview: Login Tab
      • Configuration
        • Contents of the configuration file
        • How to work with the configuration file
    • Operations manual
      • Overview
      • System Architecture and Interfaces
      • System Requirements
        • macma/macma-webapp-backend
        • macma/macma-core
        • macma/macma-keycloak-mssql
      • Migration from Previous Versions
        • Migration to 1.37+
        • Migration to 1.34+
        • Migration to 1.33+
        • Migration to 1.32+
        • Migration to 1.31+
        • Migration to 1.29+
        • Migration to 1.28+
        • Migration to 1.27+
        • Migration to 1.26+
        • Migration to 1.25+
        • Migration to 1.21+
        • Migration to 1.20+
        • Migration to 1.19+
        • Migration to 1.18+
        • Migration to 1.17+
        • Migration to 1.16.0
        • Migration to 1.15.0
      • Setup and Configuration
        • Helm Configuration
        • macma/macma-core Configuration
        • macma/macma-keycloak-mssql Configuration
        • macma/macma-webapp-backend Configuration
        • Installation guide
        • Identity provider integration
        • Optional Configuration
        • Recommendations
        • Module Health Verification Endpoints and K8S Probes
      • Start and Shutdown
      • Regular Operations
        • Registering a new application in MACMA
          • Allowing application to use other applications
        • Change client secret of an application
      • Logging and Monitoring
        • Required Monitoring
        • Security Logging
          • Macma Security Events
          • Keycloak Security Events
          • Security Logging Format
        • Activity Logging
          • Activity Log Events
      • Known Limitations
        • Performance
        • General
        • Allowed characters and Internationalization
    • Developer documentation
      • Concepts
        • Authentication
        • Authorization
        • Resources
        • Roles
        • Sharing
      • Getting started
        • Registration
        • Authentication
        • Authorization
        • Multitenancy
      • How-to
        • Get & handle tokens
        • OAuth 2.0 for Mobile and Native Apps
        • Evolve authorization in your application lifecycle
        • Use Web Core for user login
        • Handle our integration events
        • Frequent How-To Questions for Application Developers
        • Do automated testing
        • Advertise things to colleagues
        • Integrate with additional environments
      • Deep dives
        • OAuth2 and its flows
        • OpenID Connect endpoints
    • Troubleshooting
      • Startup and availability
      • Identity provider integration
      • Resource deletion
      • Authentication
      • Authorization
    • API documentation
      • HTTP API
      • Event API
    • Glossary
Multitenant Access Control
  • Industrial Application System
  • Core Services
    • Block Management
    • Deviation Processor
    • ID Builder
    • Multitenant Access Control
    • Notification Service
    • Ticket Management
    • Web Portal
  • Shopfloor Management
    • Andon Live
    • Global Production Overview
    • KPI Reporting
    • Operational Routines
    • Shift Book
    • Shopfloor Management Administration
  • Product & Quality
    • Product Setup Management
    • Part Traceability
    • Process Quality
    • Setup Specs
  • Execution
    • Line Control
    • Material Management
    • Order Management
    • Packaging Control
    • Rework Control
  • Intralogistics
    • AGV Control Center
    • Stock Management
    • Transport Management
  • Machine & Equipment
    • Condition Monitoring
    • Device Portal
    • Maintenance Management
    • Tool Management
  • Enterprise & Shopfloor Integration
    • Archiving Bridge
    • Data Publisher
    • Direct Data Link
    • Engineering UI
    • ERP Connectivity
    • Gateway
    • Information Router
    • Master Data Management
    • Orchestrator

Nexeed Learning Portal
  • Multitenant Access Control
  • Operations manual
  • Setup and Configuration
  • macma/macma-webapp-backend Configuration
1.37.1 1.37.0

macma/macma-webapp-backend

MACMA_CLIENT_ID

Description

MACMA’s own client’s client-id. Used for registration at portal if enabled.
Required

No
Defaults to

macma
Sources

  • Environment Variable

  • helmchart Secret: macma-client-secret

MACMA_CLIENT_SECRET

Description

The environment’s MACMA client secret.
Required

Yes
Defaults to

-
Sources

  • Environment Variable

  • helmchart Secret: macma-client-secret

  • helmchart property: .Values.global.modules.macma.keycloakBCIMasterdataClientSecret

AUTH_SERVER_BASE_URL

Description

Public URL to Keycloak instance to match the token’s issuer URL. Must not end with a slash. The base URL is the part in front of the /auth context path offered by Keycloak.
Required

Yes
Defaults to

-
Sources

  • Environment Variable

  • helmchart ConfigMap: auth-server-configmap

LOCAL_NETWORK_AUTH_SERVER_URL

Description

URL to directly connect to the auth server, ideally on the internal network for improved performance. This URL is the part in front of the /auth context path offered by Keycloak.
Required

No
Defaults to

http://keycloak-22-service
Sources

  • Environment Variable

  • helmchart ConfigMap: auth-server-configmap

NEXEED_MACMA_REVERSE_PROXY_CORE_URL

Description

URL to connect to MACMA core directly.
Required

No
Defaults to

http://macma-core-service.iam.svc.cluster.local
Sources

  • Environment Variable

  • helmchart ConfigMap: core-shared-configmap

AUTH_SERVER_DEFAULT_REALM

Description

The ID of the root tenant. Default realm for registration at portal and login.
Required

No
Defaults to

7311ea8c-5d48-43fe-acf9-980eedf24b6c
Sources

  • Environment Variable

  • helmchart ConfigMap: auth-server-configmap

  • helmchart property: .Values.global.nexeedMacmaTenant0Id

ACCESS_TOKEN_TIMEOUT

Description

Timeout in milliseconds to get an access token from the authorization server to register in portal.
Required

No
Defaults to

5000
Sources

  • Environment Variable

JAVA_TLS_DISABLE

Description

Disable TLS / HTTPS. Must be set to true, if LOCAL_NETWORK_BASE_URL is not using HTTPS.
Required

No
Defaults to

true
Sources

  • Environment Variable

  • helmchart ConfigMap: auth-server-configmap

USE_SYSTEM_CA_CERTS

Description

Import all default certificates from the Ubuntu ca-certificates package to Java. Custom certificates that are mounted to /certificates are imported as well. Required to enable TLS.
Required

No
Defaults to

true
Sources

  • Environment Variable

  • helmchart ConfigMap: auth-server-configmap

PORTAL_BASE_URL

Description

Base url of the portal. Required for registration.
Required

Yes
Defaults to

-
Sources

  • Environment Variable

  • helmchart ConfigMap: portal-connectivity-configmap

PORTAL_CLIENT_NAME

Description

Name of the portal module. For registration the id of the portal’s client is searched by this name to get a proper token.
Required

No
Defaults to

portal
Sources

  • Environment Variable

  • helmchart ConfigMap: portal-connectivity-configmap

  • helmchart property: .Values.global.modules.macma.portalName

PORTAL_REGISTRATION_WAIT_BEFORE_FIRST_ATTEMPT

Description

Delay in milliseconds before the first attempt to register in portal is triggered.
Required

No
Defaults to

10000
Sources

  • Environment Variable

PORTAL_REGISTRATION_WAIT_BEFORE_NEXT_ATTEMPT

Description

Delay in milliseconds before the next attempt to register in portal is triggered if the first request failed.
Required

No
Defaults to

60000
Sources

  • Environment Variable

PORTAL_REGISTRATION_TIMEOUT

Description

Request timeout while trying to register at portal.
Required

No
Defaults to

10000
Sources

  • Environment Variable

OTEL_ENABLED

Description

Enable OpenTelemetry agent.
Required

No
Defaults to

false
Sources

  • Environment Variable

  • helmchart ConfigMap: otel-observability-configmap (handled by utility-toolkit)

  • helmchart property: .Values.global.observability.otelEnabled or .Values.local.observability.otelEnabled

OTEL_EXPORTER_OTLP_ENDPOINT

Description

URL of the elastic APM server.
Required

Yes (if enabled by OTEL_ENABLED)
Defaults to

-
Sources

  • Environment Variable

  • helmchart ConfigMap: otel-observability-configmap (handled by utility-toolkit)

  • helmchart property: .Values.global.observability.otlpUrl or .Values.local.observability.otlpUrl

OTEL_LOGS_EXPORTER

Description

Logs exporter to be used.
Required

No
Defaults to

none
Sources

  • Environment Variable

  • helmchart ConfigMap: otel-observability-configmap (handled by utility-toolkit)

  • helmchart property: can be configured by enabling/disabling .Values.global.observability.otlpLoggingEnabled or .Values.local.observability.otlpLoggingEnabled

OTEL_METRICS_EXPORTER

Description

Metrics exporter to be used.
Required

No
Defaults to

none
Sources

  • Environment Variable

  • helmchart ConfigMap: otel-observability-configmap (handled by utility-toolkit)

  • helmchart property: can be configured by enabling/disabling .Values.global.observability.otlpMetricEnabled or .Values.local.observability.otlpMetricEnabled

OTEL_TRACES_EXPORTER

Description

Traces exporter to be used.
Required

No
Defaults to

none
Sources

  • Environment Variable

  • helmchart ConfigMap: otel-observability-configmap (handled by utility-toolkit)

  • helmchart property: can be configured by enabling/disabling .Values.global.observability.otlpTracingEnabled or .Values.local.observability.otlpTracingEnabled

OTEL_EXPORTER_OTLP_PROTOCOL

Description

The transport protocol of OpenTelemetry Exporter.
Required

No
Defaults to

grpc
Sources

  • Environment Variable

  • helmchart ConfigMap: otel-observability-configmap (handled by utility-toolkit)

  • helmchart property: .Values.global.observability.otlpProtocol or .Values.local.observability.otlpProtocol

OTEL_TRACES_SAMPLER

Description

Specifies the Sampler used to sample traces by the OpenTelemetry SDK.
Required

No
Defaults to

parentbased_always_on
Sources

  • Environment Variable

  • helmchart ConfigMap: otel-observability-configmap (handled by utility-toolkit)

  • helmchart property: .Values.global.observability.tracesSampler or .Values.local.observability.tracesSampler

OTEL_TRACES_SAMPLER_ARG

Description

Specifies argument for the trace smapler. Each Sampler type defines its own expected input.
Required

No
Defaults to

-
Sources

  • Environment Variable

  • helmchart ConfigMap: otel-observability-configmap (handled by utility-toolkit)

  • helmchart property: .Values.global.observability.tracesSamplerArg or .Values.local.observability.tracesSamplerArg

OTEL_RESOURCE_ATTRIBUTES

Description

Key-value pairs to be used as resource attributes for OpenTelemetry SDK, containing e.g. service.name, service.version, deployment.environment.
Required

Yes (if enabled by OTEL_ENABLED)
Defaults to

-
Sources

  • Environment Variable

  • helmchart ConfigMap: otel-observability-configmap (handled by utility-toolkit)

  • helmchart property: .Values.global.observability.otelResourceAttributes or .Values.local.observability.otelResourceAttributes

OTEL_EXPORTER_OTLP_HEADERS

Description

Header of OpenTelemetry exporter including authentication at the APM server.
Required

Yes (if enabled by OTEL_ENABLED)
Defaults to

-
Sources

  • Environment Variable

  • helmchart ConfigMap: otel-observability-secret (handled by utility-toolkit)

  • helmchart property: .Values.global.observability.otlpHeaders or .Values.local.observability.otlpHeaders

LOG_LEVEL_ROOT

Description

Default loglevel except for the following explicit settings.
Required

No
Defaults to

WARN
Sources

  • Environment Variable

  • helmchart ConfigMap: loglevel-configmap

  • helmchart property: .Values.global.logging.default or .Values.local.logging.default

LOG_LEVEL_SPRING

Description

Loglevel for everything Spring (but not Spring Boot).
Required

No
Defaults to

WARN
Sources

  • Environment Variable

  • helmchart ConfigMap: loglevel-configmap

  • helmchart property: .Values.local.logging.spring.default

LOG_LEVEL_SPRING_BOOT

Description

Loglevel for everything Spring Boot.
Required

No
Defaults to

WARN
Sources

  • Environment Variable

  • helmchart ConfigMap: loglevel-configmap

  • helmchart property: .Values.local.logging.spring.boot

LOG_LEVEL_SPRING_SECURITY

Description

Loglevel for everything Spring SECURITY.
Required

No
Defaults to

WARN
Sources

  • Environment Variable

  • helmchart ConfigMap: loglevel-configmap

  • helmchart property: .Values.local.logging.spring.security

LOG_LEVEL_BOSCH

Description

Loglevel for Bosch Components.
Required

No
Defaults to

WARN
Sources

  • Environment Variable

  • helmchart ConfigMap: loglevel-configmap

  • helmchart property: .Values.global.logging.application or .Values.local.logging.application

MANAGEMENT_ENDPOINT_HEALTH_ENABLED

Description

Enable '/health' endpoint, to expose application health information.
Required

No
Defaults to

true
Sources

  • Environment Variable

MANAGEMENT_ENDPOINT_HEALTH_SHOW-DETAILS

Description

When to show full health details. Valid values: never, when_authorized, always.
Required

No
Defaults to

when_authorized
Sources

  • Environment Variable

MANAGEMENT_ENDPOINT_HEALTH_PROBES_ENABLED

Description

Enable liveness and readiness probes. Use in combination with MANAGEMENT_HEALTH_LIVENESSSTATE_ENABLED and MANAGEMENT_HEALTH_READINESSSTATE_ENABLED to enable '/health/liveness' and '/health/readiness' endpoints
Required

No
Defaults to

true
Sources

  • Environment Variable

MANAGEMENT_HEALTH_LIVENESSSTATE_ENABLED

Description

Enable liveness state health check. Use in combination with MANAGEMENT_ENDPOINT_HEALTH_PROBES_ENABLED to enable '/health/liveness' endpoint
Required

No
Defaults to

true
Sources

  • Environment Variable

MANAGEMENT_HEALTH_READINESSSTATE_ENABLED

Description

Enable readiness state health check. Use in combination with MANAGEMENT_ENDPOINT_HEALTH_PROBES_ENABLED to enable '/health/readiness' endpoint
Required

No
Defaults to

true
Sources

  • Environment Variable

MANAGEMENT_ENDPOINT_HEALTH_GROUP_LIVENESS_INCLUDE

Description

Comma separated list of health indicator IDs that should be included for the liveness probe (or '*' for all).
Required

No
Defaults to

livenessState
Sources

  • Environment Variable

MANAGEMENT_ENDPOINT_HEALTH_GROUP_READINESS_INCLUDE

Description

Comma separated list of health indicator IDs that should be included for the readiness probe (or '*' for all).
Required

No
Defaults to

readinessState
Sources

  • Environment Variable

NEXEED_MACMA_LIFECYLE_TIMEOUT_PER_SHUTDOWN_PHASE_IN_SECONDS

Description

Timeout in seconds for the shutdown of any phase (group of SmartLifecycle beans with the same 'phase' value), when the shutdown mode is set to graceful
Required

No
Defaults to

45
Sources

  • Environment Variable

  • helmchart ConfigMap: graceful-shutdown-configmap

  • helmchart property: .Values.local.gracefulShutdown.lifecycleTimeoutPerShutdownPhaseInSeconds

NEXEED_MACMA_EXECUTION_AWAIT_TERMINATION_ON_SHUTDOWN

Description

Whether the executor should wait for scheduled tasks to complete on shutdown, when the shutdown mode is set to graceful
Required

No
Defaults to

true
Sources

  • Environment Variable

  • helmchart ConfigMap: graceful-shutdown-configmap

  • helmchart property: .Values.local.gracefulShutdown.executionAwaitTerminationOnShutdown

NEXEED_MACMA_EXECUTION_AWAIT_TERMINATION_IN_SECONDS_ON_SHUTDOWN

Description

Maximum time in seconds the executor should wait for remaining tasks to complete, when the shutdown mode is set to graceful
Required

No
Defaults to

45
Sources

  • Environment Variable

  • helmchart ConfigMap: graceful-shutdown-configmap

  • helmchart property: .Values.local.gracefulShutdown.executionAwaitTerminationInSecondsOnShutdown

NEXEED_MACMA_SCHEDULING_AWAIT_TERMINATION_ON_SHUTDOWN

Description

Whether the scheduler should wait for scheduled tasks to complete on shutdown, when the shutdown mode is set to graceful
Required

No
Defaults to

true
Sources

  • Environment Variable

  • helmchart ConfigMap: graceful-shutdown-configmap

  • helmchart property: .Values.local.gracefulShutdown.schedulingAwaitTerminationOnShutdown

NEXEED_MACMA_SCHEDULING_AWAIT_TERMINATION_IN_SECONDS_ON_SHUTDOWN

Description

Maximum time in seconds the scheduler should wait for remaining tasks to complete, when the shutdown mode is set to graceful
Required

No
Defaults to

45
Sources

  • Environment Variable

  • helmchart ConfigMap: graceful-shutdown-configmap

  • helmchart property: .Values.local.gracefulShutdown.schedulingAwaitTerminationInSecondsOnShutdown

NEXEED_MACMA_SHUTDOWN_MODE

Description

Allowed values: graceful or immediate
Required

No
Defaults to

graceful
Sources

  • Environment Variable

  • helmchart ConfigMap: graceful-shutdown-configmap

  • helmchart property: .Values.local.gracefulShutdown.shutdownMode

INTERNAL_AUTHORIZATION_ACL_CACHE_ENABLED

Description

Enable caching for MACMA’s own ACL.
Required

No
Defaults to

true
Sources

  • Environment Variable

INTERNAL_AUTHORIZATION_ACL_CACHE_EXPIRY_IN_SEC

Description

Cache expiration time in seconds for MACMA’s own ACL cache.
Required

No
Defaults to

300
Sources

  • Environment Variable

NEXEED_MACMA_MAX_FILE_UPLOAD_SIZE_IN_MB

Description

Maximum allowed filesize for file upload e.g. for configuration file. Increasing the value can cause OutOfMemory errors.
Required

No
Defaults to

8
Sources

  • Environment Variable

  • helmchart ConfigMap: core-shared-configmap

  • helmchart property: .Values.local.fileUploadMaxSizeInMB

Contents

© Robert Bosch Manufacturing Solutions GmbH 2023-2025, all rights reserved

Changelog Corporate information Legal notice Data protection notice Third party licenses