fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering#

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering#

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers#

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# The contents of this file are subject to the terms

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# of the Common Development and Distribution License

5430f7f2bc7330f3088b894166bf3524a067e3d8Lennart Poettering# (the License). You may not use this file except in

5430f7f2bc7330f3088b894166bf3524a067e3d8Lennart Poettering# compliance with the License.

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering#

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# You can obtain a copy of the License at

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# https://opensso.dev.java.net/public/CDDLv1.0.html or

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# opensso/legal/CDDLv1.0.txt

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# See the License for the specific language governing

5430f7f2bc7330f3088b894166bf3524a067e3d8Lennart Poettering# permission and limitations under the License.

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering#

5430f7f2bc7330f3088b894166bf3524a067e3d8Lennart Poettering# When distributing Covered Code, include this CDDL

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# Header Notice in each file and include the License file

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# at opensso/legal/CDDLv1.0.txt.

4e949c11a1df4547d5f102e4131e07b026369cd7Javier Jardón# If applicable, add the following below the CDDL Header,

4e949c11a1df4547d5f102e4131e07b026369cd7Javier Jardón# with the fields enclosed by brackets [] replaced by

4e949c11a1df4547d5f102e4131e07b026369cd7Javier Jardón# your own identifying information:

cd4010b37349413db1e553e213e62e654ca28113Lennart Poettering# "Portions Copyrighted [year] [name of copyright owner]"

4e949c11a1df4547d5f102e4131e07b026369cd7Javier Jardón#

4e949c11a1df4547d5f102e4131e07b026369cd7Javier Jardón# $Id: OpenSSOAgentConfiguration.template,v 1.8 2009/10/15 23:33:36 leiming Exp $

4e949c11a1df4547d5f102e4131e07b026369cd7Javier Jardón#

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# Portions Copyrighted 2013-2014 ForgeRock AS.

78a825f216d39ee0295b00647b059d45467e1d02Kay Sievers

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering#------------------------------------------------------------------------------

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# Configuration Property File

a80db8bd5f7f15859e8891aab9fc3694ce4cd0bdJavier Jardón#

a80db8bd5f7f15859e8891aab9fc3694ce4cd0bdJavier Jardón# OpenAM Policy Agent for:

4db6d587c37c0357d20c79bf1a7c9afd4c7ced61Kay Sievers# Sun Java System Application Server 8.1/8.2/9.0/9.1

907dd1953b7517534d646f5b2777780020c896e2Kay Sievers#

eb7bbee6cd182d5c4eb1e1180631c35158f59379Kay Sievers# Version: ${project.version}

bbd9b8c2139a70005e4e83d198575e2a10fe1db2Lennart Poettering

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers#------------------------------------------------------------------------------

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering#

22be093ffb403a1c474037939ca9b88b1ee39f77Lennart Poettering# THIS FILE PROVIDES THE CONFIGURATION SETTINGS NECESSARY FOR THE AGENT

d59d0a2b4b41a75eaf618b26b8f8bd1e17de7e2bcee# TO FUNCTION CORRECTLY. PLEASE REFER TO THE DOCUMENTATION BEFORE

d59d0a2b4b41a75eaf618b26b8f8bd1e17de7e2bcee# MODIFYING ANY OF THE VALUES IN THIS FILE.

d59d0a2b4b41a75eaf618b26b8f8bd1e17de7e2bcee#

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# Note:

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# Data present in this file provides the necessary configuration

8666abb452db73d9a11ead61251eec42bc531cceKay Sievers# settings needed by Agent to work correctly. Invalid configuration

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# data present in this file can lead to malfunction of the Agent, the

5e63ce78b5018ba612e794a610a6f13c5eefade7Cristian Rodríguez# application, and the Application Server.

3d585edbb14b9705c80183aeb16dfd0a28df0ac9Lennart Poettering#

5e63ce78b5018ba612e794a610a6f13c5eefade7Cristian Rodríguez# WARNING: The contents of this file are classified as an UNSTABLE

1c7dde3e475978c569a982d65fd86d4b4e3caad8Bastien Nocera# interface by Sun Microsystems, Inc. As such, they are subject to

1c7dde3e475978c569a982d65fd86d4b4e3caad8Bastien Nocera# significant, incompatible changes in any future release of the

1c7dde3e475978c569a982d65fd86d4b4e3caad8Bastien Nocera# software.

1c7dde3e475978c569a982d65fd86d4b4e3caad8Bastien Nocera#

1c7dde3e475978c569a982d65fd86d4b4e3caad8Bastien Nocera# INVALID CONFIGURATION SETTINGS MAY RESULT IN MALFUNCTION OF THE ENTIRE

1c7dde3e475978c569a982d65fd86d4b4e3caad8Bastien Nocera# SYSTEM.

e9da3678fcfc774b325dc1eaa054d0e00028a1fcLennart Poettering#------------------------------------------------------------------------------

e9da3678fcfc774b325dc1eaa054d0e00028a1fcLennart Poettering

e9da3678fcfc774b325dc1eaa054d0e00028a1fcLennart Poettering#------------------------------------------------------------------------------

3ce4fad8f548db9edb19869ea540e3192d2123f4Kay Sievers# General Notes about the Agent Configuration

f975e971accc4d50c73ae53167db3df7a7099cf2Lennart Poettering# -------------------------------------------

e9da3678fcfc774b325dc1eaa054d0e00028a1fcLennart Poettering#

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# HOT-SWAP MECHANISM:

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# Certain property keys in this configuration are hot-swap enabled.

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# The value for these keys when altered are dynamically loaded by the

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# Agent such that it is not necessary to restart the Application

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# Server in order for these changes to take effect. However, in cases

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# where the key is explicitly identified as not enabled for hot-swap

fe1fed02c7637a2c18cd575f78be7fda27972148Zbigniew Jędrzejewski-Szmek# or in cases when the hot-swap mechanism is disabled on the system,

92ec4495f76a7a2a6c31f5bb2a5240f78dcfe1d2Javier Jardón# the Application Server must be restarted for the changes to take

86b2e20a5e5abf222fb81edcb5d58d012e35cbaaLennart Poettering# effect. Please refer to the Agent documentation to further learn

86b2e20a5e5abf222fb81edcb5d58d012e35cbaaLennart Poettering# about hot-swap configuration of the Agent.

b51fc639f01ee6194af3e7e944a79accce474fe1Dave Reisner#

86b2e20a5e5abf222fb81edcb5d58d012e35cbaaLennart Poettering# LIST CONSTRUCTS:

86b2e20a5e5abf222fb81edcb5d58d012e35cbaaLennart Poettering# Certain property keys in this configuration are specified as lists.

c1c02e07ed87e027a6364c4f4aa2468796ca1c56Dave Reisner# A list construct is defined as follows:

96ede2601f27cd5fe52eed96b873bef55cd0ce23Lennart Poettering#

edeb68c53f1cdc452016b4c8512586a70b1262e3Tom Gundersen# Format:

edeb68c53f1cdc452016b4c8512586a70b1262e3Tom Gundersen# <key>[<index>]=<value>

7801356442578ff6e1c65844eb9e65c819af4660Zbigniew Jędrzejewski-Szmek#

7801356442578ff6e1c65844eb9e65c819af4660Zbigniew Jędrzejewski-Szmek# Where:

80a5cbace45a6adbf2f9119edc5a4b10db493064Kay Sievers# key : is the configuration key

b37250d661ed67d07c734630617d73e64f6d7e49Zbigniew Jędrzejewski-Szmek# index : is a positive number starting from 0 that increments by 1

b37250d661ed67d07c734630617d73e64f6d7e49Zbigniew Jędrzejewski-Szmek# for every value specified in this list.

6581f00f7eabdaccf587a4b6af60ed4696dd2791Zbigniew Jędrzejewski-Szmek# value : is one of the values specified in this list.

6581f00f7eabdaccf587a4b6af60ed4696dd2791Zbigniew Jędrzejewski-Szmek#

92ec4495f76a7a2a6c31f5bb2a5240f78dcfe1d2Javier Jardón# Notes:

fe1fed02c7637a2c18cd575f78be7fda27972148Zbigniew Jędrzejewski-Szmek# - Please refer the Agent documentation for full details on usage.

fe1fed02c7637a2c18cd575f78be7fda27972148Zbigniew Jędrzejewski-Szmek#

fe1fed02c7637a2c18cd575f78be7fda27972148Zbigniew Jędrzejewski-Szmek# Example:

fe1fed02c7637a2c18cd575f78be7fda27972148Zbigniew Jędrzejewski-Szmek# com.sun.identity.agents.config.example[0] = value0

6e92b23f0d6dd398848376bbaf47e54a90ed3389Kay Sievers# com.sun.identity.agents.config.example[1] = value1

0eaeca1f2373a323b98c86b47561d98e59c67b25Kay Sievers# com.sun.identity.agents.config.example[2] = value2

d66ee73a3dd7b5433fc0da3125bbdff740de7745Zbigniew Jędrzejewski-Szmek#

d66ee73a3dd7b5433fc0da3125bbdff740de7745Zbigniew Jędrzejewski-Szmek# MAP CONSTRUCTS:

d66ee73a3dd7b5433fc0da3125bbdff740de7745Zbigniew Jędrzejewski-Szmek# Certain property keys in this configuration are specified as Maps.

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# A Map construct is defined as follows:

ac714a78fdca481488d88f84b6332d28083a4511Martin Jansa#

ac714a78fdca481488d88f84b6332d28083a4511Martin Jansa# Format:

b62cfcea00862ccbf0e5e297f8a339f70987edefMichael Biebl# <key>[<name>]=<value>

b62cfcea00862ccbf0e5e297f8a339f70987edefMichael Biebl#

b62cfcea00862ccbf0e5e297f8a339f70987edefMichael Biebl# Where:

9a60da2834074d970ca063c210fe9d2f05c70532Thierry Reding# key : is the configuration key

732bfe09aeffc3cd78b80ee9e20c9c3babd944d6Zbigniew Jędrzejewski-Szmek# name : is a string that forms the lookup key as available in the

732bfe09aeffc3cd78b80ee9e20c9c3babd944d6Zbigniew Jędrzejewski-Szmek# Map

732bfe09aeffc3cd78b80ee9e20c9c3babd944d6Zbigniew Jędrzejewski-Szmek# value : is the value associated with the name in the Map

732bfe09aeffc3cd78b80ee9e20c9c3babd944d6Zbigniew Jędrzejewski-Szmek#

732bfe09aeffc3cd78b80ee9e20c9c3babd944d6Zbigniew Jędrzejewski-Szmek# Notes:

732bfe09aeffc3cd78b80ee9e20c9c3babd944d6Zbigniew Jędrzejewski-Szmek# - Please refer the Agent documentation for full details on usage.

732bfe09aeffc3cd78b80ee9e20c9c3babd944d6Zbigniew Jędrzejewski-Szmek#

732bfe09aeffc3cd78b80ee9e20c9c3babd944d6Zbigniew Jędrzejewski-Szmek# Example:

732bfe09aeffc3cd78b80ee9e20c9c3babd944d6Zbigniew Jędrzejewski-Szmek# com.sun.identity.agents.config.example[AL] = ALABAMA

732bfe09aeffc3cd78b80ee9e20c9c3babd944d6Zbigniew Jędrzejewski-Szmek# com.sun.identity.agents.config.example[AK] = ALASKA

732bfe09aeffc3cd78b80ee9e20c9c3babd944d6Zbigniew Jędrzejewski-Szmek# com.sun.identity.agents.config.example[AZ] = ARIZONA

732bfe09aeffc3cd78b80ee9e20c9c3babd944d6Zbigniew Jędrzejewski-Szmek#

732bfe09aeffc3cd78b80ee9e20c9c3babd944d6Zbigniew Jędrzejewski-Szmek# APPLICATION SPECIFIC/GLOBAL CONFIGURATION:

732bfe09aeffc3cd78b80ee9e20c9c3babd944d6Zbigniew Jędrzejewski-Szmek# Certain property keys in this configuration can be specified per

eb2e280f9c59b66965c9316eadc4c113a13ca744Lucas De Marchi# protected application. This implies that the Agent will use

be1a67d9d63bfdd4a5f8ba9cfc804030f10f5833Lennart Poettering# different values of the same configuration key for different

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering# applications as defined in this configuration file. Properties

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering# which are not specified per protected applications are called Global

27765dfc7a32d790badb29e6498b34edb0b60c33Lennart Poettering# properties. Application specific properties are defined as follows:

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering#

780040dc2a4b08a2c1fe5bd8db3a70e966c2acb3Kay Sievers# Format:

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering# <key>[<appname>]=<value>

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering#

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering# Where:

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering# key : is the configuration key

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering# appname : is the Application name to which this configuration

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering# belongs. The application name is the context path of

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering# the application without the leading forward slash

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering# character. In case when the application has been

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering# deployed at the root-context of the server, the

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering# application name should be specified as

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering# 'DefaultWebApp'.

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering# value : the value that will be used by the Agent when

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering# protecting the application identified by the given

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering# application name.

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering#

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering# Notes:

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering# - When an application specific configuration is not present, the

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering# Agent uses different mechanisms to identify a default value. There

be1a67d9d63bfdd4a5f8ba9cfc804030f10f5833Lennart Poettering# could be configurations where the default value is used as the

be1a67d9d63bfdd4a5f8ba9cfc804030f10f5833Lennart Poettering# value specified for the same key without any application specific

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering# suffix '[<appname>]'. For example, if the following configuration

be1a67d9d63bfdd4a5f8ba9cfc804030f10f5833Lennart Poettering# keys are present:

8745297f9853c4a17bac69e1b7e652fe81bc1940Lennart Poettering#

d200735e13c52dcfe36c0e066f9f6c2fbfb85a9cMichal Schmidt# com.sun.identity.agents.config.example[Portal] = value1

be1a67d9d63bfdd4a5f8ba9cfc804030f10f5833Lennart Poettering# com.sun.identity.agents.config.example[DefaultWebApp] = value2

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering# com.sun.identity.agents.config.example = value3

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering#

9f64229f9ca69f5652b238a67531432e56108bd6Zbigniew Jędrzejewski-Szmek# then, for applications other than the ones deployed on the root

9b85fc6a89386582bfe792dba881800b0a093839Gustavo Sverzut Barbieri# context and the context '/Portal', the value of this key will

9b85fc6a89386582bfe792dba881800b0a093839Gustavo Sverzut Barbieri# default to 'value3'.

9b85fc6a89386582bfe792dba881800b0a093839Gustavo Sverzut Barbieri#

5a45a93627609451784a04366cfa1150d32611d1Lennart Poettering# - Application Specific configuration properties must follow the

c1663b9daf5a43425e54bbe3daf6b10e64578f80Lennart Poettering# rules and syntax of the MAP construct of configuration entries as

c1663b9daf5a43425e54bbe3daf6b10e64578f80Lennart Poettering# defined above.

732bfe09aeffc3cd78b80ee9e20c9c3babd944d6Zbigniew Jędrzejewski-Szmek#

5a45a93627609451784a04366cfa1150d32611d1Lennart Poettering# Example:

03a170c03cd4a09721369ece48affb70d66c6b90Kay Sievers# com.sun.identity.agents.config.example[Portal] = value1

a6c0b31d509f76023d8efbcd5e912863c8fb254cZbigniew Jędrzejewski-Szmek# com.sun.identity.agents.config.example[BankApp] = value2

a6c0b31d509f76023d8efbcd5e912863c8fb254cZbigniew Jędrzejewski-Szmek# com.sun.identity.agents.config.example[DefaultWebApp] = value3

a6c0b31d509f76023d8efbcd5e912863c8fb254cZbigniew Jędrzejewski-Szmek#------------------------------------------------------------------------------

732bfe09aeffc3cd78b80ee9e20c9c3babd944d6Zbigniew Jędrzejewski-Szmek

9e7adc3ae1133fa08a468768a490812299fad030Lucas De Marchi#

9e7adc3ae1133fa08a468768a490812299fad030Lucas De Marchi# FILTER OPERATION MODE

9b85fc6a89386582bfe792dba881800b0a093839Gustavo Sverzut Barbieri# Specifies the mode of operation of the Filter. Valid value is one of:

9d2d0fe1e3f28a639c26b62391f79cfd1450d91bEvangelos Foutras# NONE, SSO_ONLY, URL_POLICY, J2EE_POLICY, ALL. This property can also be

5a45a93627609451784a04366cfa1150d32611d1Lennart Poettering# specified as an application specific property. However, the global

5a45a93627609451784a04366cfa1150d32611d1Lennart Poettering# property must always be present.

5a45a93627609451784a04366cfa1150d32611d1Lennart Poettering# WARNING:

732bfe09aeffc3cd78b80ee9e20c9c3babd944d6Zbigniew Jędrzejewski-Szmek# WHEN THIS PROPERTY IS SET TO 'NONE', THE AGENT WILL GRANT ACCESS TO

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# ALL PROTECTED RESOURCES. THIS MODE OF OPERATION SHOULD NOT BE USED

c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek# IN DEPLOYED PRODUCTION SYSTEMS AT ANY TIME AS IT CAN RESULT IN

c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek# UNAUTHORIZED ACCESS TO PROTECTED SYSTEM RESOURCES. THIS MODE OF

c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek# OPERATION IS PROVIDED ONLY TO FACILITATE TROUBLESHOOTING OF THE

c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek# APPLICATION IN A WELL CONTROLLED DEVELOPMENT AND TEST ENVIRONMENT

c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek# AND SHOULD NOT BE USED IN ANY OTHER ENVIRONMENT.

c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek# Hot-Swap Enabled: No

c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek# Example:

c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek# com.sun.identity.agents.config.filter.mode = ALL

c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek# com.sun.identity.agents.config.filter.mode[BankApp] = URL_POLICY

c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek#

c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmekcom.sun.identity.agents.config.filter.mode = ALL

c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek

c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek#

25ee45f9953c121fc26a54a85ad7bb3a3180152bMichael Biebl# USER MAPPING PROPERTIES

c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek# - user.mapping.mode: Specifies the mechanism by which the user-ID

c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek# to be used on the protected server for the authenticated user is

c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek# determined by the Agent. Value of this is one of: USER_ID,

1864b0e39505cd44a98eee61c97916b86491c0b4Zbigniew Jędrzejewski-Szmek# PROFILE_ATTRIBUTE, HTTP_HEADER, SESSION_PROPERTY.

1864b0e39505cd44a98eee61c97916b86491c0b4Zbigniew Jędrzejewski-Szmek# - user.attribute.name: Specifies the name of the profile attribute,

1864b0e39505cd44a98eee61c97916b86491c0b4Zbigniew Jędrzejewski-Szmek# or HTTP header, or Session property which contains the user-ID to

a6c0b31d509f76023d8efbcd5e912863c8fb254cZbigniew Jędrzejewski-Szmek# be used on the protected server for the authenticated user. This

a6c0b31d509f76023d8efbcd5e912863c8fb254cZbigniew Jędrzejewski-Szmek# property is not used if the value of user.mapping.mode is set to

1864b0e39505cd44a98eee61c97916b86491c0b4Zbigniew Jędrzejewski-Szmek# USER_ID.

a6c0b31d509f76023d8efbcd5e912863c8fb254cZbigniew Jędrzejewski-Szmek# - user.principal: A flag that indicates that the principal of the

a6c0b31d509f76023d8efbcd5e912863c8fb254cZbigniew Jędrzejewski-Szmek# authenticated user be used instead of just the user-ID for

a6c0b31d509f76023d8efbcd5e912863c8fb254cZbigniew Jędrzejewski-Szmek# authenticating the user on the protected server. This property is

a6c0b31d509f76023d8efbcd5e912863c8fb254cZbigniew Jędrzejewski-Szmek# applicable if the user.mapping.mode is set to USER_ID.

a6c0b31d509f76023d8efbcd5e912863c8fb254cZbigniew Jędrzejewski-Szmek# - user.token: Specifies a session property name which contains the

a6c0b31d509f76023d8efbcd5e912863c8fb254cZbigniew Jędrzejewski-Szmek# user-ID of the authenticated user in session. This property is used

a6c0b31d509f76023d8efbcd5e912863c8fb254cZbigniew Jędrzejewski-Szmek# when the user.mapping.mode is set to USER_ID and the user.principal

f2ec0646aba7c6703a6c79603957e805b74c3befZbigniew Jędrzejewski-Szmek# flag is set to false.

c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek# Hot-Swap Enabled: Yes

c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek# Examples:

c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek# com.sun.identity.agents.config.user.mapping.mode = PROFILE_ATTRIBUTE

c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek# com.sun.identity.agents.config.user.attribute.name = employeenumber

c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek#

afea26ad7d406d8b6c95d2642cb5a1d807b87546Lennart Poetteringcom.sun.identity.agents.config.user.mapping.mode = USER_ID

7959ff9914a6f3a59dbff95c199bcc540b70ac94Kay Sieverscom.sun.identity.agents.config.user.attribute.name = employeenumber

4b357e15876b730343db08719c877fdb45b6ad42Michael Marineaucom.sun.identity.agents.config.user.principal = false

7959ff9914a6f3a59dbff95c199bcc540b70ac94Kay Sieverscom.sun.identity.agents.config.user.token = UserToken

7959ff9914a6f3a59dbff95c199bcc540b70ac94Kay Sievers

7959ff9914a6f3a59dbff95c199bcc540b70ac94Kay Sievers#

85f19d825e7504676f3a80c78c1d9a7ec35a3b3fMichael Biebl# CLIENT IDENTIFICATION PROPERTIES

85f19d825e7504676f3a80c78c1d9a7ec35a3b3fMichael Biebl# - client.ip.header: Specifies a HTTP header name that holds the IP

85f19d825e7504676f3a80c78c1d9a7ec35a3b3fMichael Biebl# address of the client. May be left blank if not used.

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# - client.hostname.header: Specifies a HTTP header name that holds the

85f19d825e7504676f3a80c78c1d9a7ec35a3b3fMichael Biebl# Hostname of the client. May be left blank if not used.

7959ff9914a6f3a59dbff95c199bcc540b70ac94Kay Sievers# Hot-Swap Enabled: Yes

7959ff9914a6f3a59dbff95c199bcc540b70ac94Kay Sievers# Example:

7959ff9914a6f3a59dbff95c199bcc540b70ac94Kay Sievers# com.sun.identity.agents.config.client.ip.header = X-Proxy-Client-IP

fba1ea06bb5b653e9eb0cc1b6004af8da273a4abShawn Landden# com.sun.identity.agents.config.client.hostname.header = X-Proxy-Client-Host

fba1ea06bb5b653e9eb0cc1b6004af8da273a4abShawn Landden#

fba1ea06bb5b653e9eb0cc1b6004af8da273a4abShawn Landdencom.sun.identity.agents.config.client.ip.header =

85f19d825e7504676f3a80c78c1d9a7ec35a3b3fMichael Bieblcom.sun.identity.agents.config.client.hostname.header =

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering

9388e99e208a6487b26dcbda86005ee9eba8d93dMichael Olbrich#

4db17f291c627c885de668200ff8cce2e57c933fZbigniew Jędrzejewski-Szmek# CONFIGURATION RELOAD INTERVAL

9388e99e208a6487b26dcbda86005ee9eba8d93dMichael Olbrich# Specifies the interval in seconds between configuration reloads. When

a8348796c0d39435b1c3d85ce6e95dad1ac85fecLennart Poettering# set to 0, the hot-swap mechanism will be disabled.

9388e99e208a6487b26dcbda86005ee9eba8d93dMichael Olbrich# Hot-Swap Enabled: Yes

9388e99e208a6487b26dcbda86005ee9eba8d93dMichael Olbrich#

a8348796c0d39435b1c3d85ce6e95dad1ac85fecLennart Poetteringcom.sun.identity.agents.config.load.interval = 3600

b237ef2cfac7ab0b33170809e8cb64628606207dTollef Fog Heen

a9b5b03212f9c854938483b8901e433c2ba6619bMichael Tremer#

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering# LOCALE IDENTIFICATION PROPERTIES

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# - locale.language: Specifies the language code for identifying the Locale

e30431623a7d871da123cc37055ac49abf2c20eaTom Gundersen# of operation.

4b357e15876b730343db08719c877fdb45b6ad42Michael Marineau# - locale.country: Specifies the country code for identifying the Locale of

6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# operation.

6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# Hot-Swap Enabled: No

6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen#

6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersencom.sun.identity.agents.config.locale.language = en

6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersencom.sun.identity.agents.config.locale.country = US

6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen

6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen#

6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# AUDIT LOG PROPERTIES

6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# - audit.accesstype: Specifies the access type which will be logged by the

6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# Agent. Valid value is one of: LOG_NONE, LOG_ALLOW, LOG_DENY, LOG_BOTH.

6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# - log.disposition: Specifies the audit log mode that the Agent will use

6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# when writing audit log messages. Valid value is one of: LOCAL, REMOTE,

6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# ALL.

6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# - remote.logfile: Specifies the file name to be used on the remote server

6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# if the log.disposition is set to REMOTE or ALL.

6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# - local.log.rotate: A flag that indicates if the rotation of audit log

6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# local file is enabled or disabled.

6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# - local.log.size: The size in bytes of the local audit log file, beyond

6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# which the Agent should rotate the log file.

6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# Hot-Swap Enabled: Yes

6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen#

6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersencom.sun.identity.agents.config.audit.accesstype = LOG_NONE

6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersencom.sun.identity.agents.config.log.disposition = REMOTE

e30431623a7d871da123cc37055ac49abf2c20eaTom Gundersencom.sun.identity.agents.config.remote.logfile = @AUDIT_LOG_FILENAME@

e30431623a7d871da123cc37055ac49abf2c20eaTom Gundersencom.sun.identity.agents.config.local.log.rotate = false

e30431623a7d871da123cc37055ac49abf2c20eaTom Gundersencom.sun.identity.agents.config.local.log.size = 52428800

e30431623a7d871da123cc37055ac49abf2c20eaTom Gundersen

e2ca86cf78f911a8be51f0224796e24883019139Dave Reisner#

e2ca86cf78f911a8be51f0224796e24883019139Dave Reisner# WEB SERVICE PROCESSING PROPERTIES

a18535d9e138c525d0443ec9f30a90b3e2184686Tom Gundersen# - webservice.enable: A flag that specifies if Web Service processing is

e2ca86cf78f911a8be51f0224796e24883019139Dave Reisner# enabled or disabled.

70d8320978dcbce022d9acbb953a10a7aca049abDavid Strauss# - webservice.endpoint: A list of Web Application end points that represent

e2ca86cf78f911a8be51f0224796e24883019139Dave Reisner# Web Services.

e30431623a7d871da123cc37055ac49abf2c20eaTom Gundersen# - webservice.process.get.enable: A flag that indicates if the processing

c4955740969d7ba8ba43b024bca1a0a5b56eb8e8Tom Gundersen# of HTTP GET requests for Web Service endpoints is enabled or disabled.

e30431623a7d871da123cc37055ac49abf2c20eaTom Gundersen# - webservice.authenticator: An implementation class that can be used to

e30431623a7d871da123cc37055ac49abf2c20eaTom Gundersen# authenticate web-service requests.

e30431623a7d871da123cc37055ac49abf2c20eaTom Gundersen# - webservice.internalerror.content: The name of file that contains content

f553b3b1074151200187df916427a1468186435eAnders Olofsson# used by the Agent to generate an internal error fault for clients.

f553b3b1074151200187df916427a1468186435eAnders Olofsson# - webservice.autherror.content: The name of file that contains content

f553b3b1074151200187df916427a1468186435eAnders Olofsson# used by the Agent to generate an authorization error fault for clients.

f553b3b1074151200187df916427a1468186435eAnders Olofsson# - webservice.responseprocessor: An implementation class that is used to do

f553b3b1074151200187df916427a1468186435eAnders Olofsson# web-service response processing.

f553b3b1074151200187df916427a1468186435eAnders Olofsson# Hot-Swap Enabled: Yes

f553b3b1074151200187df916427a1468186435eAnders Olofsson#

f553b3b1074151200187df916427a1468186435eAnders Olofssoncom.sun.identity.agents.config.webservice.enable = false

f553b3b1074151200187df916427a1468186435eAnders Olofssoncom.sun.identity.agents.config.webservice.endpoint[0] =

f553b3b1074151200187df916427a1468186435eAnders Olofssoncom.sun.identity.agents.config.webservice.process.get.enable = true

f553b3b1074151200187df916427a1468186435eAnders Olofssoncom.sun.identity.agents.config.webservice.authenticator =

f553b3b1074151200187df916427a1468186435eAnders Olofssoncom.sun.identity.agents.config.webservice.internalerror.content = WSInternalErrorContent.txt

728beb28a713709f521d374c9f8f3da781969d26Tom Gundersencom.sun.identity.agents.config.webservice.autherror.content = WSAuthErrorContent.txt

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sieverscom.sun.identity.agents.config.webservice.responseprocessor =

816115863962548a9a0d9fbfe429c7f8e685beacRoberto Sassu

816115863962548a9a0d9fbfe429c7f8e685beacRoberto Sassu#

816115863962548a9a0d9fbfe429c7f8e685beacRoberto Sassu# ACCESS DENIED URI

816115863962548a9a0d9fbfe429c7f8e685beacRoberto Sassu# An application specific (MAP) property that specifies the URI used by

816115863962548a9a0d9fbfe429c7f8e685beacRoberto Sassu# the Agent to block unauthorized access requests. May be left unspecified

816115863962548a9a0d9fbfe429c7f8e685beacRoberto Sassu# if not available. A global value can also be specified.

816115863962548a9a0d9fbfe429c7f8e685beacRoberto Sassu# Example:

816115863962548a9a0d9fbfe429c7f8e685beacRoberto Sassu# com.sun.identity.agents.config.access.denied.uri[BankApp] = /BankApp/accessdenied.html

816115863962548a9a0d9fbfe429c7f8e685beacRoberto Sassu# com.sun.identity.agents.config.access.denied.uri = /accessdenied.html

816115863962548a9a0d9fbfe429c7f8e685beacRoberto Sassu# Hot-Swap Enabled: Yes

816115863962548a9a0d9fbfe429c7f8e685beacRoberto Sassu#

816115863962548a9a0d9fbfe429c7f8e685beacRoberto Sassucom.sun.identity.agents.config.access.denied.uri[] =

816115863962548a9a0d9fbfe429c7f8e685beacRoberto Sassu

77e68fa2f0bd018bab2621a31919bfaa6a6b0a35Lennart Poettering#

77e68fa2f0bd018bab2621a31919bfaa6a6b0a35Lennart Poettering# FORM LOGIN PROCESSING PROPERTIES

77e68fa2f0bd018bab2621a31919bfaa6a6b0a35Lennart Poettering# - login.form: A LIST property used by the Agent to identify login

77e68fa2f0bd018bab2621a31919bfaa6a6b0a35Lennart Poettering# request and take appropriate action. Each entry should be the

77e68fa2f0bd018bab2621a31919bfaa6a6b0a35Lennart Poettering# absolute URI of the resource specified in the web.xml deployment

77e68fa2f0bd018bab2621a31919bfaa6a6b0a35Lennart Poettering# descriptor of the protected application in the element

77e68fa2f0bd018bab2621a31919bfaa6a6b0a35Lennart Poettering# form-login-page.

77e68fa2f0bd018bab2621a31919bfaa6a6b0a35Lennart Poettering# - login.error.uri: A LIST property used by the Agent to identify

77e68fa2f0bd018bab2621a31919bfaa6a6b0a35Lennart Poettering# error page request and take appropriate action. Each entry should

77e68fa2f0bd018bab2621a31919bfaa6a6b0a35Lennart Poettering# be the absolute URI of the resource specified in the web.xml

77e68fa2f0bd018bab2621a31919bfaa6a6b0a35Lennart Poettering# deployment descriptor of the protected application in the element

77e68fa2f0bd018bab2621a31919bfaa6a6b0a35Lennart Poettering# form-error-page.

77e68fa2f0bd018bab2621a31919bfaa6a6b0a35Lennart Poettering# - login.use.internal: A flag that specifies if the Agent should use

77e68fa2f0bd018bab2621a31919bfaa6a6b0a35Lennart Poettering# internal content for handling form login requests.

77e68fa2f0bd018bab2621a31919bfaa6a6b0a35Lennart Poettering# - login.content.file: Specifies the name or complete path of the file

77e68fa2f0bd018bab2621a31919bfaa6a6b0a35Lennart Poettering# that will be used by the Agent for handling form login requests if

77e68fa2f0bd018bab2621a31919bfaa6a6b0a35Lennart Poettering# the login.use.internal flag is set to true.

77e68fa2f0bd018bab2621a31919bfaa6a6b0a35Lennart Poettering# Hot-Swap Enabled: Yes

77e68fa2f0bd018bab2621a31919bfaa6a6b0a35Lennart Poettering# Examples:

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# com.sun.identity.agents.config.login.form[0] = /BankApp/jsp/login.jsp

591622d7efbc828f00f190d91b6608148b967ff5Lennart Poettering# com.sun.identity.agents.config.login.error.uri[0] = /BankApp/jsp/error.jsp

591622d7efbc828f00f190d91b6608148b967ff5Lennart Poettering#

591622d7efbc828f00f190d91b6608148b967ff5Lennart Poetteringcom.sun.identity.agents.config.login.form[0] =

3f8cc098d218525710e5cbad9adf37001d3b6060Jan Engelhardtcom.sun.identity.agents.config.login.error.uri[0] =

591622d7efbc828f00f190d91b6608148b967ff5Lennart Poetteringcom.sun.identity.agents.config.login.use.internal = true

591622d7efbc828f00f190d91b6608148b967ff5Lennart Poetteringcom.sun.identity.agents.config.login.content.file = FormLoginContent.txt

591622d7efbc828f00f190d91b6608148b967ff5Lennart Poettering

591622d7efbc828f00f190d91b6608148b967ff5Lennart Poettering#

56cf987fe74270bde4e16c7ec9e0414a9030723bDaniel J Walsh# LOCAL AUTHENTICATION PROCESSING PROPERTIES

591622d7efbc828f00f190d91b6608148b967ff5Lennart Poettering# - auth.handler: A MAP property that specifies application

45df1f2c9a7fee67b37f64ddd00adad5982844faCristian Rodríguez# specific Authentication Handler to be used by the the

45df1f2c9a7fee67b37f64ddd00adad5982844faCristian Rodríguez# Agent in order to authenticate the logged on user with the

45df1f2c9a7fee67b37f64ddd00adad5982844faCristian Rodríguez# Application server for the particular application.

45df1f2c9a7fee67b37f64ddd00adad5982844faCristian Rodríguez# - logout.handler: A MAP property that specifies the application

45df1f2c9a7fee67b37f64ddd00adad5982844faCristian Rodríguez# specific Logout Handler to be used by the Agent in order to logout

45df1f2c9a7fee67b37f64ddd00adad5982844faCristian Rodríguez# the logged on user within the Application server for the

45df1f2c9a7fee67b37f64ddd00adad5982844faCristian Rodríguez# particular application.

5ec6b15b65304d94dc1c8cbad05c8b996b470d3aKay Sievers# - verification.handler: A MAP property that specifies the application

56cf987fe74270bde4e16c7ec9e0414a9030723bDaniel J Walsh# specific local verification handler used by the agent to validate

45df1f2c9a7fee67b37f64ddd00adad5982844faCristian Rodríguez# the user credentials with the local repository.

45df1f2c9a7fee67b37f64ddd00adad5982844faCristian Rodríguez# Hot-Swap Enabled: Yes

45df1f2c9a7fee67b37f64ddd00adad5982844faCristian Rodríguez# Example:

45df1f2c9a7fee67b37f64ddd00adad5982844faCristian Rodríguez# com.sun.identity.agents.config.auth.handler[BankApp] = BankAuthHandler

45df1f2c9a7fee67b37f64ddd00adad5982844faCristian Rodríguez# com.sun.identity.agents.config.logout.handler[BankApp] = BankLogoutHandler

45df1f2c9a7fee67b37f64ddd00adad5982844faCristian Rodríguez# com.sun.identity.agents.config.verification.handler[BankApp] = BankVerificationHandler

45df1f2c9a7fee67b37f64ddd00adad5982844faCristian Rodríguez#

45df1f2c9a7fee67b37f64ddd00adad5982844faCristian Rodríguezcom.sun.identity.agents.config.auth.handler[] =

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sieverscom.sun.identity.agents.config.logout.handler[] =

807e17f05e217b474af39503efb9503d81b12596Lennart Poetteringcom.sun.identity.agents.config.verification.handler[] =

807e17f05e217b474af39503efb9503d81b12596Lennart Poettering

807e17f05e217b474af39503efb9503d81b12596Lennart Poettering#

807e17f05e217b474af39503efb9503d81b12596Lennart Poettering# HTTP SESSION BINDING

807e17f05e217b474af39503efb9503d81b12596Lennart Poettering# Its default value is false so the agent will not invalidate http session,

807e17f05e217b474af39503efb9503d81b12596Lennart Poettering# and session data will be maintained.

807e17f05e217b474af39503efb9503d81b12596Lennart Poettering# If its value is true, then the agent will invalidate the http session when

807e17f05e217b474af39503efb9503d81b12596Lennart Poettering# the agent identifies that login has failed, user does not have SSO session

807e17f05e217b474af39503efb9503d81b12596Lennart Poettering# or pincipal user name does not match SSO user name.

807e17f05e217b474af39503efb9503d81b12596Lennart Poettering# Hot-Swap Enabled: Yes

807e17f05e217b474af39503efb9503d81b12596Lennart Poetteringcom.sun.identity.agents.config.httpsession.binding = false

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers

0213c3f8102bdc934c629d11a44ca0b408762287Lennart Poettering#

0213c3f8102bdc934c629d11a44ca0b408762287Lennart Poettering# GOTO PARAMETER NAME

0213c3f8102bdc934c629d11a44ca0b408762287Lennart Poettering# This property has been deprecated.

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering# Specifies the goto Parameter name to be used by the Agent when

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering# redirecting the user to the appropriate authentication service. The

0213c3f8102bdc934c629d11a44ca0b408762287Lennart Poettering# value of this parameter is used by the authentication service to

0213c3f8102bdc934c629d11a44ca0b408762287Lennart Poettering# redirect the user to the original requested destination.

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering# Valid Values:

0213c3f8102bdc934c629d11a44ca0b408762287Lennart Poettering# A string value that represents the goto parameter name.

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering# Hot-Swap Enabled: Yes

0213c3f8102bdc934c629d11a44ca0b408762287Lennart Poettering#

0213c3f8102bdc934c629d11a44ca0b408762287Lennart Poetteringcom.sun.identity.agents.config.redirect.param = goto

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering#

0213c3f8102bdc934c629d11a44ca0b408762287Lennart Poettering# LOGIN URL

812cce323db081634f37e4ec6d29f2b9328a3f52Lennart Poettering# Specifies the login URLs to be used by the Agent to redirect

0213c3f8102bdc934c629d11a44ca0b408762287Lennart Poettering# incoming users without sufficient credentials to the OpenAM

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering# authentication service.

0213c3f8102bdc934c629d11a44ca0b408762287Lennart Poettering# Hot-Swap Enabled: Yes

0213c3f8102bdc934c629d11a44ca0b408762287Lennart Poettering#

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poetteringcom.sun.identity.agents.config.login.url[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/UI/Login

0213c3f8102bdc934c629d11a44ca0b408762287Lennart Poettering

0213c3f8102bdc934c629d11a44ca0b408762287Lennart Poettering#

0213c3f8102bdc934c629d11a44ca0b408762287Lennart Poettering# LOGOUT URL

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# Specifies the logout URLs to be used by the Agent to log out

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering# the authenticated users from the OpenAM authentication service.

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering# Hot-Swap Enabled: Yes

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering#

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poetteringcom.sun.identity.agents.config.logout.url[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/UI/Logout

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering#

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering# LOGIN URL, LOGOUT URL, or CDSSO URLs PROPERTIES

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering# - login.url.prioritized: specifies if the failover sequence for Login URLs

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering# or CDSSO URLs should be prioritized as defined in the list with the lowest

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering# index having the highest priority.

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering# - login.url.probe.enabled: specifies if agent will check the availability

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering# of these urls before redirecting to them.

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering# Default value is true for backward compability, but suggests to set it

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering# to false (server will not be checked) in production deployment where agent

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering# often can not access login url directly.

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering# - login.url.probe.timeout: this is the connect timeout value in milliseconds

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering# when login.url.probe.enabled is set to true (or server will be checked).

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering# - logout.url.prioritized: specifies if the failover sequence for Logout

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering# URLs should be prioritized as defined in the list with the lowest

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering# index having the highest priority.

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering# - logout.url.probe.enabled: specifies if agent will check the availability

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering# of these urls before redirecting to them.

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering# Default value is true for backward compability, but suggests to set it

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering# to false (server will not be checked) in production deployment where agent

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering# often can not access logout url directly.

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering# - logout.url.probe.timeout: this is the connect timeout value in milliseconds

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering# when logout.url.probe.enabled is set to true (or server will be checked).

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering# Hot-Swap Enabled: Yes

812cce323db081634f37e4ec6d29f2b9328a3f52Lennart Poettering#

812cce323db081634f37e4ec6d29f2b9328a3f52Lennart Poetteringcom.sun.identity.agents.config.login.url.prioritized = true

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poetteringcom.sun.identity.agents.config.login.url.probe.enabled = true

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poetteringcom.sun.identity.agents.config.login.url.probe.timeout = 2000

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poetteringcom.sun.identity.agents.config.logout.url.prioritized = true

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poetteringcom.sun.identity.agents.config.logout.url.probe.enabled = true

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poetteringcom.sun.identity.agents.config.logout.url.probe.timeout = 2000

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering

5b6319dceedd81f3f1ce7eb70ea5defaef43bcecLennart Poettering#

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# AGENT SERVER PROPERTIES

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering# - agent.host: The host name identifying the Agent protected server to

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering# the client browsers if different from the actual host name. May be

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering# left blank if not used.

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering# - agent.port: The port number identifying the Agent protected server

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering# listening port to the client browsers if different from the actual

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering# listening port. May be left blank if not used.

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering# - agent.protocol: The protocol being used (http/https) by the client

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering# browsers to communicate with the Agent protected server if different

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering# from the actual protocol used by the server.

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering# Hot-Swap Enabled: Yes

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering#

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poetteringcom.sun.identity.agents.config.agent.host =

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poetteringcom.sun.identity.agents.config.agent.port =

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poetteringcom.sun.identity.agents.config.agent.protocol =

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering#

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering# LOGIN ATTEMPT LIMIT

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering# Specifies the number of login attempts that a user can make without

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering# success using a single browser session which will trigger the

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering# blocking of the user request. Setting this value to 0 disables this

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering# feature.

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering# Hot-Swap Enabled: Yes

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering#

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poetteringcom.sun.identity.agents.config.login.attempt.limit = 0

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering# SSO Cache Enable Flag:

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering# This property specifies if the SSO Cache is active for the agent. This cache

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering# is used through public APIs exposed by the agent SDK.

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering# Valid Values: true, false

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering# Hot-Swap Enabled: Yes

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poetteringcom.sun.identity.agents.config.amsso.cache.enable = true

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering#

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering# COOKIE RESET PROCESSING PROPERTIES

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering# - cookie.reset.enable: A flag that specifies if cookie reset processing

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering# is enabled or disabled.

5eda94dda25bccda928c4b33c790dbe748573a22Lennart Poettering# - cookie.reset.name: A list of cookie names that will be reset by the

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering# Agent if cookie reset processing is enabled.

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering# - cookie.reset.domain: A MAP property with the key being the cookie name

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering# specified in cookie.reset.name property and the value being the domain

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering# of this cookie to be used when a reset event occurs.

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering# - cookie.reset.path: A MAP property with the key being the cookie name

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering# specified in cookie.reset.name property and the value being the path

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering# of this cookie to be used when a reset event occurs.

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering# Hot-Swap Enabled: Yes

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering#

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poetteringcom.sun.identity.agents.config.cookie.reset.enable = false

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poetteringcom.sun.identity.agents.config.cookie.reset.name[0] =

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poetteringcom.sun.identity.agents.config.cookie.reset.domain[] =

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poetteringcom.sun.identity.agents.config.cookie.reset.path[] =

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering#

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering# CDSSO PROCESSING PROPERTIES

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering# - cdsso.enable: A flag that specifies if CDSSO processing is

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering# enabled or disabled.

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering# - cdsso.redirect.uri: An intermediate URI that is used by the

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering# Agent for processing CDSSO requests.

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering# - cdsso.cdcservlet.url: A LIST of URLs of the available CDSSO controllers

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering# that may be used by the Agent for CDSSO processing.

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering# - cdsso.clock.skew: Specifies a time in seconds to be used by the

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering# Agent to determine the validity of the CDSSO AuthnResponse assertion.

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering# - cdsso.trusted.id.providers: This property specifies the OpenAM

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering# Server/ID providers that should be trusted by the agent, when evaluating

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering# the CDC Liberty Responses. Used when a Load Balancer/Firewall is between

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering# the agent & server.

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering# - cdsso.domain: This property specifies the domains for which cookies have

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering# to be set in a CDSSO scenario. If this property is left blank then the

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering# fully qualified cookie domain for the agent server will be used for

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering# setting the cookie domain. In such case it is a host cookie instead of

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering# a domain cookie.

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering# Example:

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering# com.sun.identity.agents.config.cdsso.domain[0] = .sun.com

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering# Hot-Swap Enabled: Yes

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poettering#

fb0951b02ebf51a93acf12721d8857d31ce57ba3Lennart Poetteringcom.sun.identity.agents.config.cdsso.enable = false

2b3e18de74ca89b374dd4f7a2c30e5731d347841Karol Lewandowskicom.sun.identity.agents.config.cdsso.redirect.uri = @AGENT_APP_URI@/sunwCDSSORedirectURI

2b3e18de74ca89b374dd4f7a2c30e5731d347841Karol Lewandowskicom.sun.identity.agents.config.cdsso.cdcservlet.url[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/cdcservlet

2b3e18de74ca89b374dd4f7a2c30e5731d347841Karol Lewandowskicom.sun.identity.agents.config.cdsso.clock.skew = 0

2b3e18de74ca89b374dd4f7a2c30e5731d347841Karol Lewandowskicom.sun.identity.agents.config.cdsso.trusted.id.provider[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/cdcservlet

2b3e18de74ca89b374dd4f7a2c30e5731d347841Karol Lewandowski#com.sun.identity.agents.config.cdsso.domain[0] =

2b3e18de74ca89b374dd4f7a2c30e5731d347841Karol Lewandowski

2b3e18de74ca89b374dd4f7a2c30e5731d347841Karol Lewandowski#

2b3e18de74ca89b374dd4f7a2c30e5731d347841Karol Lewandowski# LOGOUT PROCESSING PROPERTIES

2b3e18de74ca89b374dd4f7a2c30e5731d347841Karol Lewandowski# - logout.application.handler: An application specific (MAP) property

2b3e18de74ca89b374dd4f7a2c30e5731d347841Karol Lewandowski# that identifies a handler to be used for logout processing.

2b3e18de74ca89b374dd4f7a2c30e5731d347841Karol Lewandowski# - logout.uri: An application specific (MAP) property that identifies

2b3e18de74ca89b374dd4f7a2c30e5731d347841Karol Lewandowski# a request URI which indicates a logout event.

2b3e18de74ca89b374dd4f7a2c30e5731d347841Karol Lewandowski# - logout.request.param: An application specific (MAP) property that

2b3e18de74ca89b374dd4f7a2c30e5731d347841Karol Lewandowski# identifies a parameter which when present in the HTTP request

2b3e18de74ca89b374dd4f7a2c30e5731d347841Karol Lewandowski# indicates a logout event.

2b3e18de74ca89b374dd4f7a2c30e5731d347841Karol Lewandowski# - logout.introspect.enabled: A flag that when set allows the Agent

2b3e18de74ca89b374dd4f7a2c30e5731d347841Karol Lewandowski# to search HTTP request body to locate logout parameter.

2b3e18de74ca89b374dd4f7a2c30e5731d347841Karol Lewandowski# - logout.entry.uri: An application specific (MAP) property that identifies

2b3e18de74ca89b374dd4f7a2c30e5731d347841Karol Lewandowski# a URI to be used as an entry point after successful logout and

2b3e18de74ca89b374dd4f7a2c30e5731d347841Karol Lewandowski# subsequent successful authentication if applicable.

2b3e18de74ca89b374dd4f7a2c30e5731d347841Karol Lewandowski# Hot-Swap Enabled: Yes

8b197c3a8a57c3f7c231b39e5660856fd9580c80Auke Kok#

8b197c3a8a57c3f7c231b39e5660856fd9580c80Auke Kokcom.sun.identity.agents.config.logout.application.handler[] =

8b197c3a8a57c3f7c231b39e5660856fd9580c80Auke Kokcom.sun.identity.agents.config.logout.uri[] =

8b197c3a8a57c3f7c231b39e5660856fd9580c80Auke Kokcom.sun.identity.agents.config.logout.request.param[] =

8b197c3a8a57c3f7c231b39e5660856fd9580c80Auke Kokcom.sun.identity.agents.config.logout.introspect.enabled = false

8b197c3a8a57c3f7c231b39e5660856fd9580c80Auke Kokcom.sun.identity.agents.config.logout.entry.uri[] =

2b3e18de74ca89b374dd4f7a2c30e5731d347841Karol Lewandowski

2b3e18de74ca89b374dd4f7a2c30e5731d347841Karol Lewandowski#

2b3e18de74ca89b374dd4f7a2c30e5731d347841Karol Lewandowski# FQDN PROCESSING PROPERTIES

2b3e18de74ca89b374dd4f7a2c30e5731d347841Karol Lewandowski# - fqdn.check.enable: A flag that indicates if FQDN checking is enabled

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering# or not.

feb12d3ed2c7f9132c64773c7c41b9e3a608a814Lennart Poettering# - fqdn.default: A hostname that represents the default FQDN to be

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering# used by the Agent when necessary.

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering# - fqdn.mapping: A MAP property that specifies a mapping from an invalid

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering# FQDN entry specified as the key to a valid FQDN entry specified as

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering# its value.

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering# Hot-Swap Enabled: Yes

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering# Examples of fqdn.mapping:

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering# com.sun.identity.agents.config.fqdn.mapping[myserver]=myserver.mydomain.com

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering#

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poetteringcom.sun.identity.agents.config.fqdn.check.enable = true

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poetteringcom.sun.identity.agents.config.fqdn.default = @AGENT_HOST@

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poetteringcom.sun.identity.agents.config.fqdn.mapping[] =

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering#

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering# LEGACY USER AGENT PROCESSING PROPERTIES

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering# These three properties have been deprecated:

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering# - legacy.support.enable: A flag that specifies if legacy user agent

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering# support is enabled or disabled.

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering# - legacy.user.agent: A LIST of user agent header values that identify

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering# legacy browsers. Entries in this list can have wild card character '*'.

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering# - legacy.redirect.uri: An intermediate URI used by the Agent to

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering# redirect legacy user agent requests.

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering# Hot-Swap Enabled: Yes

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering#

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poetteringcom.sun.identity.agents.config.legacy.support.enable = false

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poetteringcom.sun.identity.agents.config.legacy.user.agent[0] = Mozilla/4.7*

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poetteringcom.sun.identity.agents.config.legacy.redirect.uri = @AGENT_APP_URI@/sunwLegacySupportURI

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering#

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering# CUSTOM RESPONSE HEADERS

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering# A MAP property that specifies the custom headers that are set by

7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering# the Agent on the client browser. The key is the header name and the

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# value represents the header value.

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering# Hot-Swap Enabled: Yes

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering# Example:

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering# com.sun.identity.agents.config.response.header[Cache-Control] = no-cache

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering#

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poetteringcom.sun.identity.agents.config.response.header[] =

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering#

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering# REDIRECT ATTEMPT LIMIT

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering# Specifies the number of successive single point redirects that a

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering# user can make using a single browser session which will trigger the

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering# blocking of the user request. When set to 0 this feature is disabled.

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering# Hot-Swap Enabled: Yes

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering#

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poetteringcom.sun.identity.agents.config.redirect.attempt.limit = 0

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering#

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering# PORT CHECK PROCESSING PROPERTIES

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering# - port.check.enable: A flag that indicates if port check functionality

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering# is enabled or disabled.

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering# - port.check.file: Specifies the name or complete path of a file that

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering# has the necessary content needed to handle requests that need port

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering# correction.

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering# - port.check.setting: A MAP of port versus protocol entries with the

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering# key being the listening port number and value being the listening

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering# protocol to be used by the Agent to identify requests with invalid

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering# port numbers.

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering# Hot-Swap Enabled: Yes

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering# Example of port.check.setting:

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering# com.sun.identity.agents.config.port.check.setting[80] = http

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering# com.sun.identity.agents.config.port.check.setting[443] = https

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering#

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poetteringcom.sun.identity.agents.config.port.check.enable = false

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poetteringcom.sun.identity.agents.config.port.check.file = PortCheckContent.txt

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poetteringcom.sun.identity.agents.config.port.check.setting[@AGENT_PREF_PORT@] = @AGENT_PREF_PROTO@

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering#

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# NOT-ENFORCED URI PROCESSING PROPERTIES

7f4e08056de0184b205a20632e62db73d299937eLennart Poettering# - notenforced.uri: A LIST of URIs for which protection is not enforced

7f4e08056de0184b205a20632e62db73d299937eLennart Poettering# by the Agent.

7f4e08056de0184b205a20632e62db73d299937eLennart Poettering# - notenforced.uri.invert: A flag that specifies if the list of URIs

8cf3ca80680b43015971cbbf4625517ae859d50cJan Janssen# specified by the property notenforced.uri should be inverted. When

7f4e08056de0184b205a20632e62db73d299937eLennart Poettering# set to true, it indicates that the URIs specified should be enforced

7f4e08056de0184b205a20632e62db73d299937eLennart Poettering# and all other URIs should be not enforced by the Agent. Entries in

591622d7efbc828f00f190d91b6608148b967ff5Lennart Poettering# this list can have wild card character '*'.

7f4e08056de0184b205a20632e62db73d299937eLennart Poettering# - notenforced.uri.cache.enable: A flag that specifies if the caching of

7f4e08056de0184b205a20632e62db73d299937eLennart Poettering# of not-enforced URI list evaluation results is enabled or disabled.

7f4e08056de0184b205a20632e62db73d299937eLennart Poettering# - notenforced.uri.cache.size: The size of the cache to be used if

7f4e08056de0184b205a20632e62db73d299937eLennart Poettering# caching of not-enforced URI list evaluation results is enabled.

f6a971bc0bf1252e9614919ccca0d53db5fc53d9Lennart Poettering# - notenforced.refresh.session.idletime: A flag that specifies if the OpenAM

f6a971bc0bf1252e9614919ccca0d53db5fc53d9Lennart Poettering# session idle time is reset or not when accessing the not enforced URIs.

f6a971bc0bf1252e9614919ccca0d53db5fc53d9Lennart Poettering# Hot-Swap Enabled: Yes

f6a971bc0bf1252e9614919ccca0d53db5fc53d9Lennart Poettering# Example of notenforced.uri:

f6a971bc0bf1252e9614919ccca0d53db5fc53d9Lennart Poettering# com.sun.identity.agents.config.notenforced.uri[0]=*.gif

f6a971bc0bf1252e9614919ccca0d53db5fc53d9Lennart Poettering# com.sun.identity.agents.config.notenforced.uri[1]=/public/*

f6a971bc0bf1252e9614919ccca0d53db5fc53d9Lennart Poettering# com.sun.identity.agents.config.notenforced.uri[2]=/images/*

f6a971bc0bf1252e9614919ccca0d53db5fc53d9Lennart Poettering#

f6a971bc0bf1252e9614919ccca0d53db5fc53d9Lennart Poetteringcom.sun.identity.agents.config.notenforced.uri[0] =

f6a971bc0bf1252e9614919ccca0d53db5fc53d9Lennart Poetteringcom.sun.identity.agents.config.notenforced.uri.invert = false

f6a971bc0bf1252e9614919ccca0d53db5fc53d9Lennart Poetteringcom.sun.identity.agents.config.notenforced.uri.cache.enable = true

f6a971bc0bf1252e9614919ccca0d53db5fc53d9Lennart Poetteringcom.sun.identity.agents.config.notenforced.uri.cache.size = 1000

7b17a7d72f5ba5ad838b19803534c56a46f3bce9Lennart Poetteringcom.sun.identity.agents.config.notenforced.refresh.session.idletime = false

7b17a7d72f5ba5ad838b19803534c56a46f3bce9Lennart Poettering

7b17a7d72f5ba5ad838b19803534c56a46f3bce9Lennart Poettering#

7b17a7d72f5ba5ad838b19803534c56a46f3bce9Lennart Poettering# NOT-ENFORCED CLIENT IP PROCESSING PROPERTIES

59bb9d9a14889bee001706a32a518fe0a5009048Zbigniew Jędrzejewski-Szmek# - notenforced.ip: A LIST of client IP addresses for which protection is

7b17a7d72f5ba5ad838b19803534c56a46f3bce9Lennart Poettering# not enforced by the Agent.

7b17a7d72f5ba5ad838b19803534c56a46f3bce9Lennart Poettering# - notenforced.ip.invert: A flag that specifies if the list of client IP

7b17a7d72f5ba5ad838b19803534c56a46f3bce9Lennart Poettering# addresses specified by the property notenforced.ip should be inverted.

7b17a7d72f5ba5ad838b19803534c56a46f3bce9Lennart Poettering# When set to true, it indicates that the client IP addresses specified

7b17a7d72f5ba5ad838b19803534c56a46f3bce9Lennart Poettering# should be enforced and all other client IPs should be not enforced by

7b17a7d72f5ba5ad838b19803534c56a46f3bce9Lennart Poettering# the Agent. Entries in this list can have wild card character '*'.

7b17a7d72f5ba5ad838b19803534c56a46f3bce9Lennart Poettering# - notenforced.ip.cache.enable: A flag that specifies if the caching of

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# of not-enforced IP list evaluation results is enabled or disabled.

27669061f40766457db93d5cc3dfe00dce240806Miklos Vajna# - notenforced.ip.cache.size: The size of the cache to be used if

27669061f40766457db93d5cc3dfe00dce240806Miklos Vajna# caching of not-enforced IP list evaluation results is enabled.

27669061f40766457db93d5cc3dfe00dce240806Miklos Vajna# Hot-Swap Enabled: Yes

be31376e6c9add0786f31a38eec2ecfdb73eb115Kay Sievers# Example of notenforced.ip:

27669061f40766457db93d5cc3dfe00dce240806Miklos Vajna# com.sun.identity.agents.config.notenforced.ip[0]=192.18.145.*

27669061f40766457db93d5cc3dfe00dce240806Miklos Vajna# com.sun.identity.agents.config.notenforced.ip[1]=192.18.146.123

27669061f40766457db93d5cc3dfe00dce240806Miklos Vajna#

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sieverscom.sun.identity.agents.config.notenforced.ip[0] =

e5e83e8362e946890ac991fc86a2c5869f9befdfLennart Poetteringcom.sun.identity.agents.config.notenforced.ip.invert = false

e5e83e8362e946890ac991fc86a2c5869f9befdfLennart Poetteringcom.sun.identity.agents.config.notenforced.ip.cache.enable = true

e5e83e8362e946890ac991fc86a2c5869f9befdfLennart Poetteringcom.sun.identity.agents.config.notenforced.ip.cache.size = 1000

be31376e6c9add0786f31a38eec2ecfdb73eb115Kay Sievers

e5e83e8362e946890ac991fc86a2c5869f9befdfLennart Poettering#

e5e83e8362e946890ac991fc86a2c5869f9befdfLennart Poettering# COMMON ATTRIBUTE FETCH PROCESSING PROPERTIES

e5e83e8362e946890ac991fc86a2c5869f9befdfLennart Poettering# - attribute.cookie.separator: A character that will be used to separate

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# multiple values of the same attribute when it is being set as a cookie.

e5e83e8362e946890ac991fc86a2c5869f9befdfLennart Poettering# - attribute.cookie.encode: A flag that indicates if the value of the

e5e83e8362e946890ac991fc86a2c5869f9befdfLennart Poettering# attribute should be URL encoded before being set as a cookie.

e5e83e8362e946890ac991fc86a2c5869f9befdfLennart Poettering# - attribute.date.format: The format of date attribute values to be used

be31376e6c9add0786f31a38eec2ecfdb73eb115Kay Sievers# when the attribute is being set as HTTP header. This format is based

e5e83e8362e946890ac991fc86a2c5869f9befdfLennart Poettering# on the definition as provided in java.text.SimpleDateFormat.

e5e83e8362e946890ac991fc86a2c5869f9befdfLennart Poettering# Hot-Swap Enabled: Yes

e5e83e8362e946890ac991fc86a2c5869f9befdfLennart Poettering#

83fdc450aa8f79941bec84488ffd5bf8eadab18eAuke Kokcom.sun.identity.agents.config.attribute.cookie.separator = |

83fdc450aa8f79941bec84488ffd5bf8eadab18eAuke Kokcom.sun.identity.agents.config.attribute.date.format = EEE, d MMM yyyy hh:mm:ss z

83fdc450aa8f79941bec84488ffd5bf8eadab18eAuke Kokcom.sun.identity.agents.config.attribute.cookie.encode = true

83fdc450aa8f79941bec84488ffd5bf8eadab18eAuke Kok

83fdc450aa8f79941bec84488ffd5bf8eadab18eAuke Kok#

83fdc450aa8f79941bec84488ffd5bf8eadab18eAuke Kok# PROFILE ATTRIBUTE PROCESSING PROPERTIES

83fdc450aa8f79941bec84488ffd5bf8eadab18eAuke Kok# - profile.attribute.fetch.mode: The mode of fetching profile attributes.

83fdc450aa8f79941bec84488ffd5bf8eadab18eAuke Kok# This value is one of: NONE, HTTP_HEADER, REQUEST_ATTRIBUTE, HTTP_COOKIE

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# - profile.attribute.mapping: A MAP that specifies the profile attributes to

4de856120f252e7aa19c923c10fbf23310d623aaLennart Poettering# be populated under specific names for the currently authenticated user.

4de856120f252e7aa19c923c10fbf23310d623aaLennart Poettering# The key is the profile attribute name and the value is the name under

4de856120f252e7aa19c923c10fbf23310d623aaLennart Poettering# which that attribute will be made available.

be31376e6c9add0786f31a38eec2ecfdb73eb115Kay Sievers# Hot-Swap Enabled: Yes

4de856120f252e7aa19c923c10fbf23310d623aaLennart Poettering# Example of profile.attribute.mapping:

4de856120f252e7aa19c923c10fbf23310d623aaLennart Poettering# com.sun.identity.agents.config.profile.attribute.mapping[cn]=CUSTOM-Common-Name

4de856120f252e7aa19c923c10fbf23310d623aaLennart Poettering# com.sun.identity.agents.config.profile.attribute.mapping[mail]=CUSTOM-Email

6351163bf3e519cc07adb2732d12450741f5a0d3Umut Tezduyar#

6351163bf3e519cc07adb2732d12450741f5a0d3Umut Tezduyarcom.sun.identity.agents.config.profile.attribute.fetch.mode = NONE

6351163bf3e519cc07adb2732d12450741f5a0d3Umut Tezduyarcom.sun.identity.agents.config.profile.attribute.mapping[] =

6351163bf3e519cc07adb2732d12450741f5a0d3Umut Tezduyar

6351163bf3e519cc07adb2732d12450741f5a0d3Umut Tezduyar#

6351163bf3e519cc07adb2732d12450741f5a0d3Umut Tezduyar# SESSION ATTRIBUTE PROCESSING PROPERTIES

6351163bf3e519cc07adb2732d12450741f5a0d3Umut Tezduyar# - session.attribute.fetch.mode: The mode of fetching session attributes.

6351163bf3e519cc07adb2732d12450741f5a0d3Umut Tezduyar# This value is one of: NONE, HTTP_HEADER, REQUEST_ATTRIBUTE, HTTP_COOKIE

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# - session.attribute.mapping: A MAP that specifies the session attributes to

4de856120f252e7aa19c923c10fbf23310d623aaLennart Poettering# be populated under specific names for the currently authenticated user.

4de856120f252e7aa19c923c10fbf23310d623aaLennart Poettering# The key is the session attribute name and the value is the name under

4de856120f252e7aa19c923c10fbf23310d623aaLennart Poettering# which that attribute will be made available.

be31376e6c9add0786f31a38eec2ecfdb73eb115Kay Sievers# Hot-Swap Enabled: Yes

4de856120f252e7aa19c923c10fbf23310d623aaLennart Poettering# Example of session.attribute.mapping:

4de856120f252e7aa19c923c10fbf23310d623aaLennart Poettering# com.sun.identity.agents.config.session.attribute.mapping[UserToken]=CUSTOM-userid

4de856120f252e7aa19c923c10fbf23310d623aaLennart Poettering#

3731acf1acfb4a6eb68374a5b137f3b368f63381Lennart Poetteringcom.sun.identity.agents.config.session.attribute.fetch.mode = NONE

3731acf1acfb4a6eb68374a5b137f3b368f63381Lennart Poetteringcom.sun.identity.agents.config.session.attribute.mapping[] =

3731acf1acfb4a6eb68374a5b137f3b368f63381Lennart Poettering

3731acf1acfb4a6eb68374a5b137f3b368f63381Lennart Poettering#

3731acf1acfb4a6eb68374a5b137f3b368f63381Lennart Poettering# RESPONSE ATTRIBUTE PROCESSING PROPERTIES

3731acf1acfb4a6eb68374a5b137f3b368f63381Lennart Poettering# - response.attribute.fetch.mode: The mode of fetching policy response

3731acf1acfb4a6eb68374a5b137f3b368f63381Lennart Poettering# attributes. This value is one of: NONE, HTTP_HEADER, REQUEST_ATTRIBUTE,

3731acf1acfb4a6eb68374a5b137f3b368f63381Lennart Poettering# HTTP_COOKIE

3990f247652c3bd41e4ea074e6302277eb9c7aa3Lennart Poettering# - response.attribute.mapping: A MAP that specifies the policy response

3990f247652c3bd41e4ea074e6302277eb9c7aa3Lennart Poettering# attributes to be populated under specific names for the currently

3990f247652c3bd41e4ea074e6302277eb9c7aa3Lennart Poettering# authenticated user. The key is the policy response attribute name and

3990f247652c3bd41e4ea074e6302277eb9c7aa3Lennart Poettering# the value is the name under which that attribute will be made available.

3990f247652c3bd41e4ea074e6302277eb9c7aa3Lennart Poettering# Hot-Swap Enabled: Yes

3990f247652c3bd41e4ea074e6302277eb9c7aa3Lennart Poettering#

3990f247652c3bd41e4ea074e6302277eb9c7aa3Lennart Poetteringcom.sun.identity.agents.config.response.attribute.fetch.mode = NONE

3990f247652c3bd41e4ea074e6302277eb9c7aa3Lennart Poetteringcom.sun.identity.agents.config.response.attribute.mapping[] =

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers

2a018e83ded29c9719b2478a65ee6245c829c0f5Kay Sievers#

2a018e83ded29c9719b2478a65ee6245c829c0f5Kay Sievers# BYPASS PRINCIPAL LIST

2a018e83ded29c9719b2478a65ee6245c829c0f5Kay Sievers# This property specifies a list of principals that is bypassed by the

be31376e6c9add0786f31a38eec2ecfdb73eb115Kay Sievers# Agent for authentication and search purposes.

2a018e83ded29c9719b2478a65ee6245c829c0f5Kay Sievers# Hot-Swap Enabled: Yes

2a018e83ded29c9719b2478a65ee6245c829c0f5Kay Sievers# Example:

4c80c73c2b804576b1de27e644c1da4dab2f9026Kay Sievers# com.sun.identity.agents.config.bypass.principal[0] = guest

2a018e83ded29c9719b2478a65ee6245c829c0f5Kay Sievers# com.sun.identity.agents.config.bypass.principal[1] = testuser

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poetteringcom.sun.identity.agents.config.bypass.principal[0] =

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering# PRIVILEGED ATTRIBUTE PROCESSING PROPERTIES

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering# - default.privileged.attribute: A list of privileged attributes that will

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering# be granted to all users who have a valid OpenAM session.

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering# - privileged.attribute.type: A list of privileged attribute types that will

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering# be fetched for each user.

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# - privileged.attribute.tolowercase : A MAP property that specifies if the

b2e9fb99ab288e8817302851743ed1a3cddd384bMiklos Vajna# privileged attribute types should be converted to lowercase.

b2e9fb99ab288e8817302851743ed1a3cddd384bMiklos Vajna# - privileged.session.attribute: A list of session property names which

b2e9fb99ab288e8817302851743ed1a3cddd384bMiklos Vajna# hold privileged attributes for the authenticated user.

be31376e6c9add0786f31a38eec2ecfdb73eb115Kay Sievers# Hot-Swap Enabled: Yes

b2e9fb99ab288e8817302851743ed1a3cddd384bMiklos Vajna# Examples:

b2e9fb99ab288e8817302851743ed1a3cddd384bMiklos Vajna# com.sun.identity.agents.config.default.privileged.attribute[0] = AUTHENTICATED_USERS

b2e9fb99ab288e8817302851743ed1a3cddd384bMiklos Vajna# com.sun.identity.agents.config.privileged.attribute.type[0] = Group

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# com.sun.identity.agents.config.privileged.attribute.tolowercase[Group] = false

f47cd184c0ff80e025428e9e385e61bda1ef3d69Miklos Vajna# com.sun.identity.agents.config.privileged.session.attribute[0] = UserToken

f47cd184c0ff80e025428e9e385e61bda1ef3d69Miklos Vajna# com.sun.identity.agents.config.privileged.attribute.mapping.enable=true

f47cd184c0ff80e025428e9e385e61bda1ef3d69Miklos Vajna# com.sun.identity.agents.config.privileged.attribute.mapping[id\=manager,ou\=group,dc\=openam,dc\=forgerock,dc\=org] = am_manager_role

be31376e6c9add0786f31a38eec2ecfdb73eb115Kay Sievers# com.sun.identity.agents.config.privileged.attribute.mapping[id\=employee,ou\=group,dc\=openam,dc\=forgerock,dc\=org] = am_employee_role

f47cd184c0ff80e025428e9e385e61bda1ef3d69Miklos Vajna#

f47cd184c0ff80e025428e9e385e61bda1ef3d69Miklos Vajnacom.sun.identity.agents.config.default.privileged.attribute[0] = AUTHENTICATED_USERS

f47cd184c0ff80e025428e9e385e61bda1ef3d69Miklos Vajnacom.sun.identity.agents.config.privileged.attribute.type[0] = Group

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sieverscom.sun.identity.agents.config.privileged.attribute.type[1] = Role

4cd1eaa54507a65286413363216ad407fa7c6e50Miklos Vajnacom.sun.identity.agents.config.privileged.attribute.tolowercase[Group] = false

4cd1eaa54507a65286413363216ad407fa7c6e50Miklos Vajnacom.sun.identity.agents.config.privileged.attribute.tolowercase[Role] = false

4cd1eaa54507a65286413363216ad407fa7c6e50Miklos Vajnacom.sun.identity.agents.config.privileged.session.attribute[0] =

be31376e6c9add0786f31a38eec2ecfdb73eb115Kay Sieverscom.sun.identity.agents.config.privileged.attribute.mapping.enable = true

4cd1eaa54507a65286413363216ad407fa7c6e50Miklos Vajnacom.sun.identity.agents.config.privileged.attribute.mapping[] =

4cd1eaa54507a65286413363216ad407fa7c6e50Miklos Vajna

4cd1eaa54507a65286413363216ad407fa7c6e50Miklos Vajna#

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# SSO TOKEN COOKIE NAME

f5e04665ebf7124f3ea17dcf258793ed73a95fe1Lennart Poettering# The name of the SSO Token cookie used between the OpenAM server and

f5e04665ebf7124f3ea17dcf258793ed73a95fe1Lennart Poettering# the Agent.

f5e04665ebf7124f3ea17dcf258793ed73a95fe1Lennart Poettering# Hot-Swap Enabled: No

be31376e6c9add0786f31a38eec2ecfdb73eb115Kay Sieverscom.iplanet.am.cookie.name=iPlanetDirectoryPro

f5e04665ebf7124f3ea17dcf258793ed73a95fe1Lennart Poettering

f5e04665ebf7124f3ea17dcf258793ed73a95fe1Lennart Poettering#

f5e04665ebf7124f3ea17dcf258793ed73a95fe1Lennart Poettering# SESSION CLIENT PROPERTIES

46ba8aae2b82bc5c87ba347e6bf914ecd5e9d51eLennart Poettering# - com.iplanet.am.session.client.polling.enable: A flag that specifies if

46ba8aae2b82bc5c87ba347e6bf914ecd5e9d51eLennart Poettering# the session client must use polling for updating session information

46ba8aae2b82bc5c87ba347e6bf914ecd5e9d51eLennart Poettering# and not depend upon server notifications.

46ba8aae2b82bc5c87ba347e6bf914ecd5e9d51eLennart Poettering# - com.iplanet.am.session.client.polling.period: Specifies the time in

46ba8aae2b82bc5c87ba347e6bf914ecd5e9d51eLennart Poettering# seconds after which the session client will request update of cached

46ba8aae2b82bc5c87ba347e6bf914ecd5e9d51eLennart Poettering# session information from the server.

46ba8aae2b82bc5c87ba347e6bf914ecd5e9d51eLennart Poettering#

46ba8aae2b82bc5c87ba347e6bf914ecd5e9d51eLennart Poettering# Note: the notification url to be used by the Agent to receive session

46ba8aae2b82bc5c87ba347e6bf914ecd5e9d51eLennart Poettering# notifications is com.sun.identity.client.notification.url

b872e9a05939bc3e0ac95a042592506a7488dd6fLennart Poettering# Hot-Swap Enabled: No

b872e9a05939bc3e0ac95a042592506a7488dd6fLennart Poettering#

b872e9a05939bc3e0ac95a042592506a7488dd6fLennart Poetteringcom.iplanet.am.session.client.polling.enable=false

b872e9a05939bc3e0ac95a042592506a7488dd6fLennart Poetteringcom.iplanet.am.session.client.polling.period=180

b872e9a05939bc3e0ac95a042592506a7488dd6fLennart Poettering

b872e9a05939bc3e0ac95a042592506a7488dd6fLennart Poettering#

b872e9a05939bc3e0ac95a042592506a7488dd6fLennart Poettering# ENCRYPTION PROVIDER

b872e9a05939bc3e0ac95a042592506a7488dd6fLennart Poettering# Specifies the encryption provider implementation to be used by the Agent.

b872e9a05939bc3e0ac95a042592506a7488dd6fLennart Poettering# Hot-Swap Enabled: No

b1c4ca25bf58e1925012d1dcdd83d61cecbf87fbLennart Poettering#

b1c4ca25bf58e1925012d1dcdd83d61cecbf87fbLennart Poetteringcom.iplanet.security.encryptor=com.iplanet.services.util.JCEEncryption

b1c4ca25bf58e1925012d1dcdd83d61cecbf87fbLennart Poettering

b1c4ca25bf58e1925012d1dcdd83d61cecbf87fbLennart Poettering#

b1c4ca25bf58e1925012d1dcdd83d61cecbf87fbLennart Poettering# USER DATA CACHE PROPERTIES

b1c4ca25bf58e1925012d1dcdd83d61cecbf87fbLennart Poettering# - com.sun.identity.idm.remote.notification.enabled: A flag that is used to

b1c4ca25bf58e1925012d1dcdd83d61cecbf87fbLennart Poettering# enable/disable the notifications for amsdk and IdRepo Caches. If set to

b1c4ca25bf58e1925012d1dcdd83d61cecbf87fbLennart Poettering# true notifications are enabled and disabled if set to false.

b1c4ca25bf58e1925012d1dcdd83d61cecbf87fbLennart Poettering# - com.iplanet.am.sdk.remote.pollingTime: Cache update time in minutes for

bc2708414babc5c99bb8000e63c84e87606cc15dLennart Poettering# user management data. If set to '0' no updates happen. This property

b1c4ca25bf58e1925012d1dcdd83d61cecbf87fbLennart Poettering# takes effect only if no notification url is provided by

bc2708414babc5c99bb8000e63c84e87606cc15dLennart Poettering# 'com.sun.identity.client.notification.url' or if notifications are

b1c4ca25bf58e1925012d1dcdd83d61cecbf87fbLennart Poettering# disabled. (i.e., com.sun.identity.idm.remote.notification.enabled=false)

b1c4ca25bf58e1925012d1dcdd83d61cecbf87fbLennart Poettering# Hot-Swap Enabled: No

bc2708414babc5c99bb8000e63c84e87606cc15dLennart Poettering#

b1c4ca25bf58e1925012d1dcdd83d61cecbf87fbLennart Poetteringcom.sun.identity.idm.remote.notification.enabled=true

b1c4ca25bf58e1925012d1dcdd83d61cecbf87fbLennart Poetteringcom.iplanet.am.sdk.remote.pollingTime=1

b1c4ca25bf58e1925012d1dcdd83d61cecbf87fbLennart Poettering

b1c4ca25bf58e1925012d1dcdd83d61cecbf87fbLennart Poettering#

a382332eed10d3348231803c47a4c599d24c5e3aLennart Poettering# SERVICE DATA CACHE PROPERTIES

a382332eed10d3348231803c47a4c599d24c5e3aLennart Poettering# - com.sun.identity.sm.notification.enabled: A flag that is used to

a382332eed10d3348231803c47a4c599d24c5e3aLennart Poettering# enable/disable the notifications for service management caches. If set to

a382332eed10d3348231803c47a4c599d24c5e3aLennart Poettering# true notifications are enabled and disabled if set to false.

a382332eed10d3348231803c47a4c599d24c5e3aLennart Poettering# - com.sun.identity.sm.cacheTime: Cache update time in minutes for service

a382332eed10d3348231803c47a4c599d24c5e3aLennart Poettering# configuration data. If set to '0' no updates happen. This property

a382332eed10d3348231803c47a4c599d24c5e3aLennart Poettering# takes effect only if no notification url is provided by

a382332eed10d3348231803c47a4c599d24c5e3aLennart Poettering# 'com.sun.identity.client.notification.url' or if notifications are

a382332eed10d3348231803c47a4c599d24c5e3aLennart Poettering# disabled. (i.e., com.sun.identity.sm.notification.enabled=false).

a382332eed10d3348231803c47a4c599d24c5e3aLennart Poettering# Hot-Swap Enabled: No

a382332eed10d3348231803c47a4c599d24c5e3aLennart Poettering#

a382332eed10d3348231803c47a4c599d24c5e3aLennart Poetteringcom.sun.identity.sm.notification.enabled=true

a382332eed10d3348231803c47a4c599d24c5e3aLennart Poetteringcom.sun.identity.sm.cacheTime=1

a382332eed10d3348231803c47a4c599d24c5e3aLennart Poettering

a382332eed10d3348231803c47a4c599d24c5e3aLennart Poettering#

a382332eed10d3348231803c47a4c599d24c5e3aLennart Poettering# AUTHENTICATION SERVICE PROPERTIES

a382332eed10d3348231803c47a4c599d24c5e3aLennart Poettering# Server protocol, host and port to be used by Authentication Service.

a382332eed10d3348231803c47a4c599d24c5e3aLennart Poettering# Hot-Swap Enabled: No

a382332eed10d3348231803c47a4c599d24c5e3aLennart Poettering#

4ad61fd1806dde23d2c99043b4bed91a196d2c82Cristian Rodríguezcom.iplanet.am.server.protocol=@AM_SERVICES_PROTO@

4ad61fd1806dde23d2c99043b4bed91a196d2c82Cristian Rodríguezcom.iplanet.am.server.host=@AM_SERVICES_HOST@

4ad61fd1806dde23d2c99043b4bed91a196d2c82Cristian Rodríguezcom.iplanet.am.server.port=@AM_SERVICES_PORT@

4ad61fd1806dde23d2c99043b4bed91a196d2c82Cristian Rodríguez

abaaabf40a9891014ed4c402d7beb5a67ac256b1Lennart Poettering#

4ad61fd1806dde23d2c99043b4bed91a196d2c82Cristian Rodríguez# POLICY CLIENT PROPERTIES

4ad61fd1806dde23d2c99043b4bed91a196d2c82Cristian Rodríguez# - com.sun.identity.agents.notification.enabled: A flag that specifies

4ad61fd1806dde23d2c99043b4bed91a196d2c82Cristian Rodríguez# if notifications are enabled or disabled for remote policy client.

4ad61fd1806dde23d2c99043b4bed91a196d2c82Cristian Rodríguez# - com.sun.identity.agents.polling.interval: The duration in minutes

4ad61fd1806dde23d2c99043b4bed91a196d2c82Cristian Rodríguez# after which the cached entries are refreshed by remote policy client.

7211f918ba2b86e0041413b47d51d7593e73cf5dLennart Poettering# - com.sun.identity.policy.client.cacheMode: The mode of caching to be

7211f918ba2b86e0041413b47d51d7593e73cf5dLennart Poettering# used by remote policy client. Valid value is one of: subtree, self.

d562955eac58d3a5089e0f344ea586412a134451Tom Gundersen# Cache mode subtree is recommended for a small number of policy rules

d562955eac58d3a5089e0f344ea586412a134451Tom Gundersen# In all other cases, cacheMode self is recommended.

f8c5a5815ff7c137d9a1e5d7b48a6532b9f31407Lennart Poettering# - com.sun.identity.policy.client.booleanActionValues : boolean action

d562955eac58d3a5089e0f344ea586412a134451Tom Gundersen# values for policy action names.

d562955eac58d3a5089e0f344ea586412a134451Tom Gundersen# format : serviceName|actionName|trueValue|falseValue

a3b6fafed441d96380a3f089118f7486d6aa3126Lennart Poettering# - com.sun.identity.policy.client.resourceComparators: Resource Comparators

d562955eac58d3a5089e0f344ea586412a134451Tom Gundersen# to be used for different service names.

d562955eac58d3a5089e0f344ea586412a134451Tom Gundersen# - com.sun.identity.policy.client.clockSkew: Specifies time in seconds

d562955eac58d3a5089e0f344ea586412a134451Tom Gundersen# which is allowed to accommodate the time difference between the

d562955eac58d3a5089e0f344ea586412a134451Tom Gundersen# OpenAM server machine and the remote policy client machine.

d562955eac58d3a5089e0f344ea586412a134451Tom Gundersen#

d562955eac58d3a5089e0f344ea586412a134451Tom Gundersen# Note: the Notification URL for remote policy client is set by the

d562955eac58d3a5089e0f344ea586412a134451Tom Gundersen# property com.sun.identity.client.notification.url.

d562955eac58d3a5089e0f344ea586412a134451Tom Gundersen# Hot-Swap Enabled: No

d562955eac58d3a5089e0f344ea586412a134451Tom Gundersen#

d562955eac58d3a5089e0f344ea586412a134451Tom Gundersencom.sun.identity.agents.notification.enabled=true

d562955eac58d3a5089e0f344ea586412a134451Tom Gundersencom.sun.identity.agents.polling.interval=3

d562955eac58d3a5089e0f344ea586412a134451Tom Gundersencom.sun.identity.policy.client.cacheMode=subtree

d562955eac58d3a5089e0f344ea586412a134451Tom Gundersencom.sun.identity.policy.client.booleanActionValues=iPlanetAMWebAgentService|GET|allow|deny:iPlanetAMWebAgentService|POST|allow|deny

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sieverscom.sun.identity.policy.client.resourceComparators=serviceType=iPlanetAMWebAgentService|class=com.sun.identity.policy.plugins.HttpURLResourceName|wildcard=*|delimiter=/|caseSensitive=false

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sieverscom.sun.identity.policy.client.clockSkew=10

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers

a3bd8447be4ea2ce230eb8ae0e815c04d85fa15aTom Gundersen#

a3bd8447be4ea2ce230eb8ae0e815c04d85fa15aTom Gundersen# URL POLICY ENVIRONMENT VARIABLE PROPERTIES

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# - com.sun.identity.agents.config.policy.env.get.param: A list of HTTP GET

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# request parameters whose names and values will be set in the environment

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# map for URL policy evaluation at AM server. The key in the map is in the

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# format of GET.<parameter-name>, the map value is a set of string values

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# of the parameter.

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# - com.sun.identity.agents.config.policy.env.post.param: A list of HTTP POST

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# request parameters whose names and values will be set in the environment

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# map for URL policy evaluation at AM server. The key in the map is in the

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# format of POST.<parameter-name>, the map value is a set of string values

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# of the parameter.

a3bd8447be4ea2ce230eb8ae0e815c04d85fa15aTom Gundersen# - com.sun.identity.agents.config.policy.env.jsession.param: A list of

d8d4bee76cf3b40ea923bc57d44aa0815ca9b5ffKay Sievers# HTTP SESSION attributes whose names and values will be set in the

a3bd8447be4ea2ce230eb8ae0e815c04d85fa15aTom Gundersen# environment map for URL policy evaluation at AM server. The key in the

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# map is in the format of JSESSION.<parameter-name>, the map value is a

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# set that contains the string value of the parameter.

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# Hot-Swap Enabled: Yes

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers#

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# Examples:

de1c301ed165eb4d04a0c9d4babe97912b5233bbLennart Poettering# com.sun.identity.agents.config.policy.env.get.param[0]=name

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# com.sun.identity.agents.config.policy.env.get.param[1]=phonenumber

de1c301ed165eb4d04a0c9d4babe97912b5233bbLennart Poettering# com.sun.identity.agents.config.policy.env.jsession.param[0]=cardnumber

de1c301ed165eb4d04a0c9d4babe97912b5233bbLennart Poettering# Assuming HTTP GET request parameters "name" and "phonenumber" have their

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# values as "bob" and "1-800-123-4567" respectively. There is a HTTP Session

75db9a77605b33a1b9355eae957f26380441fce6Lennart Poettering# attribute "cardnumber" with its value as "12345678".

4c2b0e4e423fe73fafef10a5efa6fb778784cebcLennart Poettering# In the map, the following will be set:

fe1fed02c7637a2c18cd575f78be7fda27972148Zbigniew Jędrzejewski-Szmek# GET.name => [bob]

fe1fed02c7637a2c18cd575f78be7fda27972148Zbigniew Jędrzejewski-Szmek# GET.phonenumber => [1-800-123-4567]

fe1fed02c7637a2c18cd575f78be7fda27972148Zbigniew Jędrzejewski-Szmek# JSESSION.cardnumber => [12345678]

fe1fed02c7637a2c18cd575f78be7fda27972148Zbigniew Jędrzejewski-Szmek#

fe1fed02c7637a2c18cd575f78be7fda27972148Zbigniew Jędrzejewski-Szmekcom.sun.identity.agents.config.policy.env.get.param[0]=

fe1fed02c7637a2c18cd575f78be7fda27972148Zbigniew Jędrzejewski-Szmekcom.sun.identity.agents.config.policy.env.post.param[0]=

fe1fed02c7637a2c18cd575f78be7fda27972148Zbigniew Jędrzejewski-Szmekcom.sun.identity.agents.config.policy.env.jsession.param[0]=

75db9a77605b33a1b9355eae957f26380441fce6Lennart Poettering

3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# AGENT NOTIFICATION URL PROPERTY

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering# -com.sun.identity.client.notification.url: URL for agent to receive

34eff652cedec3cac34b92629ead5f140334b689Lennart Poettering# notifications from the OpenAM server for session, policy, and

34eff652cedec3cac34b92629ead5f140334b689Lennart Poettering# configuration changes.

f1dd0c3f9b4a257e81ff9c6a08070c702a0db45aLennart Poettering# Hot-Swap Enabled: No

f975e971accc4d50c73ae53167db3df7a7099cf2Lennart Poettering#

12e84679cc81cdf5f042540e54131a0ce37147adLennart Poetteringcom.sun.identity.client.notification.url=@AGENT_PREF_PROTO@://@AGENT_HOST@:@AGENT_PREF_PORT@@AGENT_APP_URI@/notification

136337ff74f05be3d42a769d9f0cb99716c5c40fTollef Fog Heen

be31376e6c9add0786f31a38eec2ecfdb73eb115Kay Sievers#

bc2708414babc5c99bb8000e63c84e87606cc15dLennart Poettering# DEBUG SERVICE PROPERTY

be31376e6c9add0786f31a38eec2ecfdb73eb115Kay Sievers# - com.iplanet.services.debug.level: Specifies the debug level to be used.

be31376e6c9add0786f31a38eec2ecfdb73eb115Kay Sievers# The value is one of: off, error, warning, message.

136337ff74f05be3d42a769d9f0cb99716c5c40fTollef Fog Heen# Hot-Swap Enabled: Yes

dee4c244254bb49d1ffa8bd7171ae9cce596d2d0Lennart Poettering#

dee4c244254bb49d1ffa8bd7171ae9cce596d2d0Lennart Poetteringcom.iplanet.services.debug.level=@DEBUG_LEVEL@

bc2708414babc5c99bb8000e63c84e87606cc15dLennart Poettering

136337ff74f05be3d42a769d9f0cb99716c5c40fTollef Fog Heen#

136337ff74f05be3d42a769d9f0cb99716c5c40fTollef Fog Heen# IGNORE REQUEST URL PATH INFO

136337ff74f05be3d42a769d9f0cb99716c5c40fTollef Fog Heen# The path info will be stripped from the request URL while doing Not Enforced

07459bb6b92268beb2599f65cf195708d88c51ccFabiano Fidêncio# List check and url policy evaluation if the value is set to true.

07459bb6b92268beb2599f65cf195708d88c51ccFabiano Fidêncio#

07459bb6b92268beb2599f65cf195708d88c51ccFabiano Fidêncio# Hot-Swap Enabled: Yes

f975e971accc4d50c73ae53167db3df7a7099cf2Lennart Poettering#

07459bb6b92268beb2599f65cf195708d88c51ccFabiano Fidênciocom.sun.identity.agents.config.ignore.path.info = false

dee4c244254bb49d1ffa8bd7171ae9cce596d2d0Lennart Poettering

07459bb6b92268beb2599f65cf195708d88c51ccFabiano Fidêncio