Skip to content

Production-ready settings¤

If you plan to deploy Corporate Memory in an public available environment you should take care about a few issues.

Changing keycloak client settings¤

Corporate Memory uses some clients to authenticate against keycloak. For each client you have to adjust the referrer uri. These clients you need to take care of:

  • datamanager
  • dataintegration

Go to Cmem-Realm → Clients → datamanger / dataintegration and enter your deploy URI like*


Password policies¤

If you create users in Keycloak, make sure users have strong passwords, for this setting up password policies will help. You can take a look here:

In Keycloak you should enforce secure flag for keycloak cookies. Go to Cmem-Realm → Realm Settings → Login and change Require SSL to “all requests”. If you are running without SSL you will no longer be able to login into Corporate Memory.

Once this is done, make sure Dataplatform and Dataintegration uses HTTPS to connect to Keycloak. See the usage of DATAPLATFORM_AUTH_URL, OAUTH_AUTHORIZATION_URL, OAUTH_TOKEN_URL


Dataplatform CORS settings¤

Corporate Memorys Dataplatform uses http.cors.allowedOrigins * as default setting. It is recommended to correctly set the values for the following headers:

  • Access-Control-Allow-Origin:  specifies which domains can access a site’s resources. For example, if ABC Corp. has domains and, then its developers can use this header to securely grant access to’s resources.
  • Access-Control-Allow-Methods: specifies which HTTP request methods (GET, PUT, DELETE, etc.) can be used to access resources. This header lets developers further enhance security by specifying what methods are valid when XYZ accesses ABC’s resources.

Detailed configuration options can be found here

This is an example section in dataplatforms application.yml


## Cross-Origin Resource Sharing (CORS) settings
      - ""
      - "OPTIONS"
   - "HEAD"
      - "GET"
      - "POST"
      - "PUT"
      - "DELETE"
      - "PATCH"