OpenSSOAgentConfiguration.template revision 20d6346411620e69843780ad0526325cd7ad94ee
c4567d06753c4420af492d07b720125a918fcf23Tinderbox User# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
ce9f893e21d2ffc6f6a78bf226c038c396740aebEvan Hunt# Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
fc39b6a96109b78154ec148d20eaf29e8abc14b6Mukund Sivaraman# The contents of this file are subject to the terms
fc39b6a96109b78154ec148d20eaf29e8abc14b6Mukund Sivaraman# of the Common Development and Distribution License
fc39b6a96109b78154ec148d20eaf29e8abc14b6Mukund Sivaraman# (the License). You may not use this file except in
88278358cbfbaaf2073a04c2a74e0b56371d40feMukund Sivaraman# compliance with the License.
2cc21870b0dd92cde23305e0030e3e6e2bfd3cdaMukund Sivaraman# You can obtain a copy of the License at
2cc21870b0dd92cde23305e0030e3e6e2bfd3cdaMukund Sivaraman# https://opensso.dev.java.net/public/CDDLv1.0.html or
dbb064aa7972ef918d9a235b713108a4846cbb62Mark Andrews# See the License for the specific language governing
dbb064aa7972ef918d9a235b713108a4846cbb62Mark Andrews# permission and limitations under the License.
3a49d0ff1000bb74a5f5abaef04f3e41e957c875Mark Andrews# When distributing Covered Code, include this CDDL
3a49d0ff1000bb74a5f5abaef04f3e41e957c875Mark Andrews# Header Notice in each file and include the License file
3a49d0ff1000bb74a5f5abaef04f3e41e957c875Mark Andrews# If applicable, add the following below the CDDL Header,
3a49d0ff1000bb74a5f5abaef04f3e41e957c875Mark Andrews# with the fields enclosed by brackets [] replaced by
0bc743f9bc0ad5989c9b2a65bf54d25c4f78d30dMark Andrews# your own identifying information:
0bc743f9bc0ad5989c9b2a65bf54d25c4f78d30dMark Andrews# "Portions Copyrighted [year] [name of copyright owner]"
b716b9cddcf2924b83c5ba2c21142cb4c626061fEvan Hunt# $Id: OpenSSOAgentConfiguration.template,v 1.3 2009/10/15 23:34:10 leiming Exp $
b716b9cddcf2924b83c5ba2c21142cb4c626061fEvan Hunt# Portions Copyrighted 2013-2014 ForgeRock AS.
245c74ce39e801273ded5fd41e090cdd5563517bEvan Hunt#------------------------------------------------------------------------------
b399f4e5684a66123e2f38e0f7e254f0f3ca0cc6Mark Andrews# Configuration Property File
ff6dccd21c28b6746cdb635aafabdc502df72ee4Mark Andrews# OpenAM Policy Agent for:
ff6dccd21c28b6746cdb635aafabdc502df72ee4Mark Andrews# Jboss server 7.x
70d987def5a58ebeb8243017c0ec2e9b2c326cf4Evan Hunt#------------------------------------------------------------------------------
70d987def5a58ebeb8243017c0ec2e9b2c326cf4Evan Hunt# THIS FILE PROVIDES THE CONFIGURATION SETTINGS NECESSARY FOR THE AGENT
70d987def5a58ebeb8243017c0ec2e9b2c326cf4Evan Hunt# TO FUNCTION CORRECTLY. PLEASE REFER TO THE DOCUMENTATION BEFORE
33ca26968b638b4ff9c657e9574d14d1a04a52ddMukund Sivaraman# MODIFYING ANY OF THE VALUES IN THIS FILE.
33ca26968b638b4ff9c657e9574d14d1a04a52ddMukund Sivaraman# Data present in this file provides the necessary configuration
3e33f4198d1840fd0aed97d98ba0be8ac0cafd19Mark Andrews# settings needed by Agent to work correctly. Invalid configuration
3e33f4198d1840fd0aed97d98ba0be8ac0cafd19Mark Andrews# data present in this file can lead to malfunction of the Agent, the
3e33f4198d1840fd0aed97d98ba0be8ac0cafd19Mark Andrews# application, and the Application Server.
3e33f4198d1840fd0aed97d98ba0be8ac0cafd19Mark Andrews# INVALID CONFIGURATION SETTINGS MAY RESULT IN MALFUNCTION OF THE ENTIRE
3e33f4198d1840fd0aed97d98ba0be8ac0cafd19Mark Andrews#------------------------------------------------------------------------------
ce67023ae3ad39a77da5361d0187ab6f3f0219cbMark Andrews#------------------------------------------------------------------------------
ce67023ae3ad39a77da5361d0187ab6f3f0219cbMark Andrews# General Notes about the Agent Configuration
b399f4e5684a66123e2f38e0f7e254f0f3ca0cc6Mark Andrews# -------------------------------------------
ce67023ae3ad39a77da5361d0187ab6f3f0219cbMark Andrews# HOT-SWAP MECHANISM:
ce67023ae3ad39a77da5361d0187ab6f3f0219cbMark Andrews# Certain property keys in this configuration are hot-swap enabled.
ce67023ae3ad39a77da5361d0187ab6f3f0219cbMark Andrews# The value for these keys when altered are dynamically loaded by the
307adf67922dd222bacf84ef0f074a0eb84d3a0aMark Andrews# Agent such that it is not necessary to restart the Application
307adf67922dd222bacf84ef0f074a0eb84d3a0aMark Andrews# Server in order for these changes to take effect. However, in cases
753b27a7d325f8da6ef3dc8da8a2cc43e968ccb2Mark Andrews# where the key is explicitly identified as not enabled for hot-swap
753b27a7d325f8da6ef3dc8da8a2cc43e968ccb2Mark Andrews# or in cases when the hot-swap mechanism is disabled on the system,
753b27a7d325f8da6ef3dc8da8a2cc43e968ccb2Mark Andrews# the Application Server must be restarted for the changes to take
c44c77178e0bf420483b0dd0af43839bf636a6ccMukund Sivaraman# effect. Please refer to the Agent documentation to further learn
c44c77178e0bf420483b0dd0af43839bf636a6ccMukund Sivaraman# about hot-swap configuration of the Agent.
c44c77178e0bf420483b0dd0af43839bf636a6ccMukund Sivaraman# LIST CONSTRUCTS:
c44c77178e0bf420483b0dd0af43839bf636a6ccMukund Sivaraman# Certain property keys in this configuration are specified as lists.
c44c77178e0bf420483b0dd0af43839bf636a6ccMukund Sivaraman# A list construct is defined as follows:
08f01297320b7ad55d0abff0aca9a577196079e2Mukund Sivaraman# <key>[<index>]=<value>
4a61eae6514bfde56f8801ef66f27a8d462bd164Mark Andrews# key : is the configuration key
4a61eae6514bfde56f8801ef66f27a8d462bd164Mark Andrews# index : is a positive number starting from 0 that increments by 1
adbf81335b67be0cebdcf9f1f4fcb38ef4814f4dMark Andrews# for every value specified in this list.
adbf81335b67be0cebdcf9f1f4fcb38ef4814f4dMark Andrews# value : is one of the values specified in this list.
2f66e2dd81c270647976eebd15a45dc4d6d2f318Mark Andrews# - Please refer the Agent documentation for full details on usage.
f10a67dad21d7dd87ee2144964faa639f96766b5Witold Krecicki# com.sun.identity.agents.config.example[0] = value0
f10a67dad21d7dd87ee2144964faa639f96766b5Witold Krecicki# com.sun.identity.agents.config.example[1] = value1
6e6dcfcb45a5d2477ddf55293e9e8f587b7bcfe4Mark Andrews# com.sun.identity.agents.config.example[2] = value2
0439bfedd97fa2e004cbf572773d703b33fda10fMukund Sivaraman# MAP CONSTRUCTS:
0439bfedd97fa2e004cbf572773d703b33fda10fMukund Sivaraman# Certain property keys in this configuration are specified as Maps.
0439bfedd97fa2e004cbf572773d703b33fda10fMukund Sivaraman# A Map construct is defined as follows:
b4e114e3cd99b8875fc677a1a1c7c8257ef5a7a6Mukund Sivaraman# <key>[<name>]=<value>
d14c2683625c5db500ab93fb7176a9570798ca1eMukund Sivaraman# key : is the configuration key
d14c2683625c5db500ab93fb7176a9570798ca1eMukund Sivaraman# name : is a string that forms the lookup key as available in the
71931ab6b3815c953756a04e6029a3a113a2a9f4Mukund Sivaraman# value : is the value associated with the name in the Map
9869bfeed4fab59c5730065cd7cce1f7c60b741fMark Andrews# - Please refer the Agent documentation for full details on usage.
71931ab6b3815c953756a04e6029a3a113a2a9f4Mukund Sivaraman# com.sun.identity.agents.config.example[AL] = ALABAMA
af3770ed93e519d07a4696739d477764c8d5c4b8Witold Krecicki# com.sun.identity.agents.config.example[AK] = ALASKA
59a9cb54c112fd979b772e832b819d8efc83b85dMukund Sivaraman# com.sun.identity.agents.config.example[AZ] = ARIZONA
59a9cb54c112fd979b772e832b819d8efc83b85dMukund Sivaraman# APPLICATION SPECIFIC/GLOBAL CONFIGURATION:
59a9cb54c112fd979b772e832b819d8efc83b85dMukund Sivaraman# Certain property keys in this configuration can be specified per
f85deb5154d996978f0fc8455961698bc710ae73Witold Krecicki# protected application. This implies that the Agent will use
f85deb5154d996978f0fc8455961698bc710ae73Witold Krecicki# different values of the same configuration key for different
29ec74b60fcaef12c16ecb6bdb8c8ecb278d449fEvan Hunt# applications as defined in this configuration file. Properties
ecfe29f54b0566d9923b826b2e4a36ee83c9ea3eEvan Hunt# which are not specified per protected applications are called Global
29ec74b60fcaef12c16ecb6bdb8c8ecb278d449fEvan Hunt# properties. Application specific properties are defined as follows:
8a9bac8dec81997fec38fb880dc81b41eb026c27Mark Andrews# <key>[<appname>]=<value>
eb447eca8847be14e93d7b2d524154433e4ee565Evan Hunt# key : is the configuration key
eb447eca8847be14e93d7b2d524154433e4ee565Evan Hunt# appname : is the Application name to which this configuration
8c9fba44a41e3ea23e7e8405029980aba672f7ceEvan Hunt# belongs. The application name is the context path of
8c9fba44a41e3ea23e7e8405029980aba672f7ceEvan Hunt# the application without the leading forward slash
8c9fba44a41e3ea23e7e8405029980aba672f7ceEvan Hunt# character. In case when the application has been
a85c6b35affa7179434c41b277109dca2cbe01ecMark Andrews# deployed at the root-context of the server, the
38c19e577915221b1783791cbb4f4e3ceea20019Mark Andrews# application name should be specified as
38c19e577915221b1783791cbb4f4e3ceea20019Mark Andrews# 'DefaultWebApp'.
8bb630c7513ecfe224622a3923f0de477c44f2a9Mark Andrews# value : the value that will be used by the Agent when
8bb630c7513ecfe224622a3923f0de477c44f2a9Mark Andrews# protecting the application identified by the given
e53e202ef3b51c58fb9abe0d15e3829a970b00e7Mark Andrews# application name.
598b502695802c3d4e23316b85368e54f39f5cabMark Andrews# - When an application specific configuration is not present, the
598b502695802c3d4e23316b85368e54f39f5cabMark Andrews# Agent uses different mechanisms to identify a default value. There
a32b6291aa5f797e1336869390f99d4a655484c2Evan Hunt# could be configurations where the default value is used as the
a32b6291aa5f797e1336869390f99d4a655484c2Evan Hunt# value specified for the same key without any application specific
a32b6291aa5f797e1336869390f99d4a655484c2Evan Hunt# suffix '[<appname>]'. For example, if the following configuration
39f11e83a34e8282c46afc6d189c209632cfeb6eCurtis Blackburn# keys are present:
a32b6291aa5f797e1336869390f99d4a655484c2Evan Hunt# com.sun.identity.agents.config.example[Portal] = value1
c55a1da4fc1188afe88264f97c1b705e188ae1feEvan Hunt# com.sun.identity.agents.config.example[DefaultWebApp] = value2
c55a1da4fc1188afe88264f97c1b705e188ae1feEvan Hunt# then, for applications other than the ones deployed on the root
c55a1da4fc1188afe88264f97c1b705e188ae1feEvan Hunt# context and the context '/Portal', the value of this key will
cadf8d687b9719b87c121d5cc8b028b1ddccc642Evan Hunt# default to 'value3'.
cadf8d687b9719b87c121d5cc8b028b1ddccc642Evan Hunt# - Application Specific configuration properties must follow the
705cea35a8f798340ac947713ab97791be521b52Mukund Sivaraman# rules and syntax of the MAP construct of configuration entries as
705cea35a8f798340ac947713ab97791be521b52Mukund Sivaraman# defined above.
705cea35a8f798340ac947713ab97791be521b52Mukund Sivaraman# com.sun.identity.agents.config.example[Portal] = value1
72a1c3f1a7ad790ebe13ef6be85c269b2c2dcb95Mukund Sivaraman# com.sun.identity.agents.config.example[BankApp] = value2
72a1c3f1a7ad790ebe13ef6be85c269b2c2dcb95Mukund Sivaraman# com.sun.identity.agents.config.example[DefaultWebApp] = value3
72a1c3f1a7ad790ebe13ef6be85c269b2c2dcb95Mukund Sivaraman#------------------------------------------------------------------------------
72a1c3f1a7ad790ebe13ef6be85c269b2c2dcb95Mukund Sivaraman# FILTER OPERATION MODE
72a1c3f1a7ad790ebe13ef6be85c269b2c2dcb95Mukund Sivaraman# Specifies the mode of operation of the Filter. Valid value is one of:
72a1c3f1a7ad790ebe13ef6be85c269b2c2dcb95Mukund Sivaraman# NONE, SSO_ONLY, URL_POLICY, J2EE_POLICY, ALL. This property can also be
72a1c3f1a7ad790ebe13ef6be85c269b2c2dcb95Mukund Sivaraman# specified as an application specific property. However, the global
19365b43e922fcbaf5caff3f92b87b52cbc1b530Evan Hunt# property must always be present.
7e6cf6fc6e700061a1cec3bcf67786706d956fc5Evan Hunt# WHEN THIS PROPERTY IS SET TO 'NONE', THE AGENT WILL GRANT ACCESS TO
7e6cf6fc6e700061a1cec3bcf67786706d956fc5Evan Hunt# ALL PROTECTED RESOURCES. THIS MODE OF OPERATION SHOULD NOT BE USED
7e6cf6fc6e700061a1cec3bcf67786706d956fc5Evan Hunt# IN DEPLOYED PRODUCTION SYSTEMS AT ANY TIME AS IT CAN RESULT IN
7e6cf6fc6e700061a1cec3bcf67786706d956fc5Evan Hunt# UNAUTHORIZED ACCESS TO PROTECTED SYSTEM RESOURCES. THIS MODE OF
247a9c2cf6637ca68b9b5d332131522bd157a3e9Mark Andrews# OPERATION IS PROVIDED ONLY TO FACILITATE TROUBLESHOOTING OF THE
c7463967dbcb31c2ec0dd513986a9dec05994a0aMark Andrews# APPLICATION IN A WELL CONTROLLED DEVELOPMENT AND TEST ENVIRONMENT
d9a0f1bea7c183864c72d0ad14f6b61fbe1b5b05Mark Andrews# AND SHOULD NOT BE USED IN ANY OTHER ENVIRONMENT.
d9a0f1bea7c183864c72d0ad14f6b61fbe1b5b05Mark Andrews# Hot-Swap Enabled: No
8f20f6c9d7ce5a0f0af6ee4c5361832d97b1c5d4Mark Andrews# com.sun.identity.agents.config.filter.mode = ALL
b947e1a521c6931f787d6d1b3604d5b138170c3dMukund Sivaraman# com.sun.identity.agents.config.filter.mode[BankApp] = URL_POLICY
b947e1a521c6931f787d6d1b3604d5b138170c3dMukund Sivaramancom.sun.identity.agents.config.filter.mode = ALL
b947e1a521c6931f787d6d1b3604d5b138170c3dMukund Sivaraman# USER MAPPING PROPERTIES
9e804040a29b9c3066c8471b43835f30707039b7Evan Hunt# - user.mapping.mode: Specifies the mechanism by which the user-ID
9e804040a29b9c3066c8471b43835f30707039b7Evan Hunt# to be used on the protected server for the authenticated user is
9e804040a29b9c3066c8471b43835f30707039b7Evan Hunt# determined by the Agent. Value of this is one of: USER_ID,
9e804040a29b9c3066c8471b43835f30707039b7Evan Hunt# PROFILE_ATTRIBUTE, HTTP_HEADER, SESSION_PROPERTY.
8f25faf9720a0c2730c4ac80ea4c12ca1f25599fMukund Sivaraman# - user.attribute.name: Specifies the name of the profile attribute,
8f25faf9720a0c2730c4ac80ea4c12ca1f25599fMukund Sivaraman# or HTTP header, or Session property which contains the user-ID to
8f25faf9720a0c2730c4ac80ea4c12ca1f25599fMukund Sivaraman# be used on the protected server for the authenticated user. This
8f25faf9720a0c2730c4ac80ea4c12ca1f25599fMukund Sivaraman# property is not used if the value of user.mapping.mode is set to
dc877b38a0bdfd7caa0c129d6f5b5cbb1caa6848Evan Hunt# - user.principal: A flag that indicates that the principal of the
dc877b38a0bdfd7caa0c129d6f5b5cbb1caa6848Evan Hunt# authenticated user be used instead of just the user-ID for
dc877b38a0bdfd7caa0c129d6f5b5cbb1caa6848Evan Hunt# authenticating the user on the protected server. This property is
1c02dd9dd94c95a9a59bb6c10b669fb790853b10Evan Hunt# applicable if the user.mapping.mode is set to USER_ID.
1c02dd9dd94c95a9a59bb6c10b669fb790853b10Evan Hunt# - user.token: Specifies a session property name which contains the
1c02dd9dd94c95a9a59bb6c10b669fb790853b10Evan Hunt# user-ID of the authenticated user in session. This property is used
1c02dd9dd94c95a9a59bb6c10b669fb790853b10Evan Hunt# when the user.mapping.mode is set to USER_ID and the user.principal
52aa2f94981aa570a37c659b451541171f7537a4Mark Andrews# flag is set to false.
52aa2f94981aa570a37c659b451541171f7537a4Mark Andrews# Hot-Swap Enabled: Yes
b292230ab8dd33480dabad2b3615dcce5dd70c35Mark Andrews# com.sun.identity.agents.config.user.mapping.mode = PROFILE_ATTRIBUTE
b292230ab8dd33480dabad2b3615dcce5dd70c35Mark Andrews# com.sun.identity.agents.config.user.attribute.name = employeenumber
e77e44954909dd2e0af1ce724e01f4199ae1e9c0Mark Andrewscom.sun.identity.agents.config.user.mapping.mode = USER_ID
e77e44954909dd2e0af1ce724e01f4199ae1e9c0Mark Andrewscom.sun.identity.agents.config.user.attribute.name = employeenumber
ef1aaab9ed44bcc6b58d85de2673e382dc6a7c1dEvan Huntcom.sun.identity.agents.config.user.principal = false
ef1aaab9ed44bcc6b58d85de2673e382dc6a7c1dEvan Huntcom.sun.identity.agents.config.user.token = UserToken
c82b3781158672e8308b53a8b6289e432ceb48d0Mark Andrews# CLIENT IDENTIFICATION PROPERTIES
ef0e6744569fdef42fa93864443005dc0593b24cMark Andrews# - client.ip.header: Specifies a HTTP header name that holds the IP
ef0e6744569fdef42fa93864443005dc0593b24cMark Andrews# address of the client. May be left blank if not used.
ef0e6744569fdef42fa93864443005dc0593b24cMark Andrews# - client.hostname.header: Specifies a HTTP header name that holds the
017cbd4429a16d1b8eb77333c86f022dcc31045dEvan Hunt# Hostname of the client. May be left blank if not used.
017cbd4429a16d1b8eb77333c86f022dcc31045dEvan Hunt# Hot-Swap Enabled: Yes
ab973ec40cc7a79bbf930085b1293824caf73e7fFrancis Dupont# com.sun.identity.agents.config.client.ip.header = X-Proxy-Client-IP
ab973ec40cc7a79bbf930085b1293824caf73e7fFrancis Dupont# com.sun.identity.agents.config.client.hostname.header = X-Proxy-Client-Host
f1a261ba2d5e11a106a0a95c46b409a9daf138efMark Andrewscom.sun.identity.agents.config.client.ip.header =
bcb68be0a8f3c3eca58d6a6a869267e5c1841de2Francis Dupontcom.sun.identity.agents.config.client.hostname.header =
c03fe78ef59b2373233db1a7b568cc2000d6d3b4Evan Hunt# CONFIGURATION RELOAD INTERVAL
c03fe78ef59b2373233db1a7b568cc2000d6d3b4Evan Hunt# Specifies the interval in seconds between configuration reloads. When
c03fe78ef59b2373233db1a7b568cc2000d6d3b4Evan Hunt# set to 0, the hot-swap mechanism will be disabled.
fc3ed1dbda48d0e832ffc8ad70394cd475986531Evan Hunt# Hot-Swap Enabled: Yes
fc3ed1dbda48d0e832ffc8ad70394cd475986531Evan Huntcom.sun.identity.agents.config.load.interval = 3600
c855e7170a7ddb5d4ebab69a771f35dc93e95e43Mark Andrews# LOCALE IDENTIFICATION PROPERTIES
e840f92bfba0881039f1cdfb3349ecb03382b7beMark Andrews# - locale.language: Specifies the language code for identifying the Locale
e840f92bfba0881039f1cdfb3349ecb03382b7beMark Andrews# of operation.
e840f92bfba0881039f1cdfb3349ecb03382b7beMark Andrews# - locale.country: Specifies the country code for identifying the Locale of
bc8f82492dfdfa8b6d58bca850fa328e176cfd91Mark Andrews# Hot-Swap Enabled: No
bc8f82492dfdfa8b6d58bca850fa328e176cfd91Mark Andrewscom.sun.identity.agents.config.locale.language = en
ac31adc3b76a3acf61c711d1cd49480a288b1317Mukund Sivaramancom.sun.identity.agents.config.locale.country = US
2c4d5faf7fa490aa537efa36b1ba26d0cd80e442Mukund Sivaraman# AUDIT LOG PROPERTIES
2c4d5faf7fa490aa537efa36b1ba26d0cd80e442Mukund Sivaraman# - audit.accesstype: Specifies the access type which will be logged by the
2c4d5faf7fa490aa537efa36b1ba26d0cd80e442Mukund Sivaraman# Agent. Valid value is one of: LOG_NONE, LOG_ALLOW, LOG_DENY, LOG_BOTH.
bc8f82492dfdfa8b6d58bca850fa328e176cfd91Mark Andrews# - log.disposition: Specifies the audit log mode that the Agent will use
54fe1d05b6d78120452c71023629b35cbe55e97fMark Andrews# when writing audit log messages. Valid value is one of: LOCAL, REMOTE,
d9b37259f3abcb27e6b1b0bcb312c26cfd229fdaEvan Hunt# - remote.logfile: Specifies the file name to be used on the remote server
d9b37259f3abcb27e6b1b0bcb312c26cfd229fdaEvan Hunt# if the log.disposition is set to REMOTE or ALL.
d9b37259f3abcb27e6b1b0bcb312c26cfd229fdaEvan Hunt# - local.log.rotate: A flag that indicates if the rotation of audit log
f28e5058c33bfb99f8717d94c2525a976897dc91Evan Hunt# local file is enabled or disabled.
f28e5058c33bfb99f8717d94c2525a976897dc91Evan Hunt# - local.log.size: The size in bytes of the local audit log file, beyond
f28e5058c33bfb99f8717d94c2525a976897dc91Evan Hunt# which the Agent should rotate the log file.
febb020dceab01c12b406eeae6e825aca7411dd6Mark Andrews# Hot-Swap Enabled: Yes
febb020dceab01c12b406eeae6e825aca7411dd6Mark Andrewscom.sun.identity.agents.config.audit.accesstype = LOG_NONE
fba894c98b8f3345a61932be6830993a059a211aMukund Sivaramancom.sun.identity.agents.config.log.disposition = REMOTE
fba894c98b8f3345a61932be6830993a059a211aMukund Sivaramancom.sun.identity.agents.config.remote.logfile = @AUDIT_LOG_FILENAME@
f9f81abff0ea36f19474f3b7a11bf0f17c4f116cMukund Sivaramancom.sun.identity.agents.config.local.log.rotate = false
f9f81abff0ea36f19474f3b7a11bf0f17c4f116cMukund Sivaramancom.sun.identity.agents.config.local.log.size = 52428800
f9f81abff0ea36f19474f3b7a11bf0f17c4f116cMukund Sivaraman# WEB SERVICE PROCESSING PROPERTIES
f9f81abff0ea36f19474f3b7a11bf0f17c4f116cMukund Sivaraman# - webservice.enable: A flag that specifies if Web Service processing is
9a7532f83618b5abbfd7db59be77e451647ecbf2Mukund Sivaraman# enabled or disabled.
9a7532f83618b5abbfd7db59be77e451647ecbf2Mukund Sivaraman# - webservice.endpoint: A list of Web Application end points that represent
9a7532f83618b5abbfd7db59be77e451647ecbf2Mukund Sivaraman# Web Services.
e89972afcb893a824db11086f4f00388057170ccEvan Hunt# - webservice.process.get.enable: A flag that indicates if the processing
e89972afcb893a824db11086f4f00388057170ccEvan Hunt# of HTTP GET requests for Web Service endpoints is enabled or disabled.
ebeb4b3e094f36121e05d7cc8226047db96ba4f6Mukund Sivaraman# - webservice.authenticator: An implementation class that can be used to
ebeb4b3e094f36121e05d7cc8226047db96ba4f6Mukund Sivaraman# authenticate web-service requests.
ebeb4b3e094f36121e05d7cc8226047db96ba4f6Mukund Sivaraman# - webservice.internalerror.content: The name of file that contains content
642e4ac70ddc4e7037a515208b30d5cf8d8efc94Mukund Sivaraman# used by the Agent to generate an internal error fault for clients.
642e4ac70ddc4e7037a515208b30d5cf8d8efc94Mukund Sivaraman# - webservice.autherror.content: The name of file that contains content
641b9fd39b1c3f895eca8dfe84d5d14d7742e045Evan Hunt# used by the Agent to generate an authorization error fault for clients.
77b179cbbe7b820b5d838a675200a7b87eb12dacMark Andrews# Hot-Swap Enabled: Yes
641b9fd39b1c3f895eca8dfe84d5d14d7742e045Evan Huntcom.sun.identity.agents.config.webservice.enable = false
24f2cc7d06e4bb6625f90323e44b42e0cad63588Mukund Sivaramancom.sun.identity.agents.config.webservice.endpoint[0] =
24f2cc7d06e4bb6625f90323e44b42e0cad63588Mukund Sivaramancom.sun.identity.agents.config.webservice.process.get.enable = true
73eacba1f107468b30e8aa7cd6e213bb2d7f3142Evan Huntcom.sun.identity.agents.config.webservice.authenticator =
73eacba1f107468b30e8aa7cd6e213bb2d7f3142Evan Huntcom.sun.identity.agents.config.webservice.internalerror.content = WSInternalErrorContent.txt
73eacba1f107468b30e8aa7cd6e213bb2d7f3142Evan Huntcom.sun.identity.agents.config.webservice.autherror.content = WSAuthErrorContent.txt
1b05d22789fd9a17aca4f459639bc2b6848c3160Mark Andrews# ACCESS DENIED URI
1b05d22789fd9a17aca4f459639bc2b6848c3160Mark Andrews# An application specific (MAP) property that specifies the URI used by
1b05d22789fd9a17aca4f459639bc2b6848c3160Mark Andrews# the Agent to block unauthorized access requests. May be left unspecified
29d52c001ff976561669375cf0c866b815a90c49Mark Andrews# if not available. A global value can also be specified.
7ae96d882326357448f8f440c52f47ac1b1fa455Evan Hunt# com.sun.identity.agents.config.access.denied.uri[BankApp] = /BankApp/accessdenied.html
7ae96d882326357448f8f440c52f47ac1b1fa455Evan Hunt# com.sun.identity.agents.config.access.denied.uri = /accessdenied.html
7ae96d882326357448f8f440c52f47ac1b1fa455Evan Hunt# Hot-Swap Enabled: Yes
7ae96d882326357448f8f440c52f47ac1b1fa455Evan Huntcom.sun.identity.agents.config.access.denied.uri[] =
a85c6b35affa7179434c41b277109dca2cbe01ecMark Andrews# FORM LOGIN PROCESSING PROPERTIES
a8da00ef95ba37b9d071c2b8db1a0c967e060106Mark Andrews# - login.form: A LIST property used by the Agent to identify login
a8da00ef95ba37b9d071c2b8db1a0c967e060106Mark Andrews# request and take appropriate action. Each entry should be the
48fe77df0c604359c3a406510f4327fc3182e836Evan Hunt# absolute URI of the resource specified in the web.xml deployment
5f590e93d2ec1372a591b943a375506817787d8aMukund Sivaraman# descriptor of the protected application in the element
b5edc023a1bb8066d86777dd40fd4555e285de57Mark Andrews# form-login-page.
be9720ae2c2e933da36c5fb209dd4798a0337febMark Andrews# - login.error.uri: A LIST property used by the Agent to identify
be9720ae2c2e933da36c5fb209dd4798a0337febMark Andrews# error page request and take appropriate action. Each entry should
be9720ae2c2e933da36c5fb209dd4798a0337febMark Andrews# be the absolute URI of the resource specified in the web.xml
bb5df338d9b119bb2fe18dea9b0e3034c3925f7bMark Andrews# deployment descriptor of the protected application in the element
bb5df338d9b119bb2fe18dea9b0e3034c3925f7bMark Andrews# form-error-page.
bb5df338d9b119bb2fe18dea9b0e3034c3925f7bMark Andrews# - login.use.internal: A flag that specifies if the Agent should use
f5ea8d2838e0d9279d00afe984aa67f07ad758b1Mark Andrews# internal content for handling form login requests.
f5ea8d2838e0d9279d00afe984aa67f07ad758b1Mark Andrews# - login.content.file: Specifies the name or complete path of the file
af669cb4fd7ecfb67ed145b176e5e764b249573bMark Andrews# that will be used by the Agent for handling form login requests if
af669cb4fd7ecfb67ed145b176e5e764b249573bMark Andrews# the login.use.internal flag is set to true.
044008f58f66d7a1b50c1dfc09cf8049e83a8227Evan Hunt# Hot-Swap Enabled: Yes
044008f58f66d7a1b50c1dfc09cf8049e83a8227Evan Hunt# com.sun.identity.agents.config.login.form[0] = /BankApp/jsp/login.jsp
044008f58f66d7a1b50c1dfc09cf8049e83a8227Evan Hunt# com.sun.identity.agents.config.login.error.uri[0] = /BankApp/jsp/error.jsp
84f95ddb2572641022619950a211aff49e331c98Mukund Sivaramancom.sun.identity.agents.config.login.error.uri[0] =
84f95ddb2572641022619950a211aff49e331c98Mukund Sivaramancom.sun.identity.agents.config.login.use.internal = true
1783676a64b8e390b756d775ae152509f1d76719Mukund Sivaramancom.sun.identity.agents.config.login.content.file = FormLoginContent.txt
07dd40e8eeff964d7e8018817378d903ded690e3Mukund Sivaraman# LOCAL AUTHENTICATION PROCESSING PROPERTIES
db93c0def5c3e1e0ea40c7596482ad3fca4ed03bMukund Sivaraman# - auth.handler: A MAP property that specifies application
db93c0def5c3e1e0ea40c7596482ad3fca4ed03bMukund Sivaraman# specific Authentication Handler to be used by the the
db93c0def5c3e1e0ea40c7596482ad3fca4ed03bMukund Sivaraman# Agent in order to authenticate the logged on user with the
db93c0def5c3e1e0ea40c7596482ad3fca4ed03bMukund Sivaraman# Application server for the particular application.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt# - logout.handler: A MAP property that specifies the application
c10fda07d68c04221c2d552dc71a2de1352074cbTinderbox User# specific Logout Handler to be used by the Agent in order to logout
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt# the logged on user within the Application server for the
c2444e25ab0fe2a6efdba2fc789a1662b95a6eb5Evan Hunt# particular application.
c10fda07d68c04221c2d552dc71a2de1352074cbTinderbox User# - verification.handler: A MAP property that specifies the application
aeff3f0541beed6c7e384737bc83b46ea5e66a84Evan Hunt# specific local verification handler used by the agent to validate
8378b0c190300e1652fc0ce129a4b9af4ef56e24Evan Hunt# the user credentials with the local repository.
8378b0c190300e1652fc0ce129a4b9af4ef56e24Evan Hunt# Hot-Swap Enabled: Yes
53ae008f2749a29773b27a481452b292c8f53b65Evan Hunt# com.sun.identity.agents.config.auth.handler[BankApp] = BankAuthHandler
53ae008f2749a29773b27a481452b292c8f53b65Evan Hunt# com.sun.identity.agents.config.logout.handler[BankApp] = BankLogoutHandler
bfc11b9c659a9c46c478cd9176220a1a29a862a1Evan Hunt# com.sun.identity.agents.config.verification.handler[BankApp] = BankVerificationHandler
177e523c48674936078c1422403840de159db5dfEvan Huntcom.sun.identity.agents.config.verification.handler[] =
7acc2f21563b79229d592f09dde17e60d64afc8fEvan Hunt# HTTP SESSION BINDING
7acc2f21563b79229d592f09dde17e60d64afc8fEvan Hunt# Its default value is false so the agent will not invalidate http session,
7acc2f21563b79229d592f09dde17e60d64afc8fEvan Hunt# and session data will be maintained.
7acc2f21563b79229d592f09dde17e60d64afc8fEvan Hunt# If its value is true, then the agent will invalidate the http session when
7acc2f21563b79229d592f09dde17e60d64afc8fEvan Hunt# the agent identifies that login has failed, user does not have SSO session
e58eb371a047c3a8aee4ce9aaca0f7f3673432a4Mukund Sivaraman# or pincipal user name does not match SSO user name.
e58eb371a047c3a8aee4ce9aaca0f7f3673432a4Mukund Sivaraman# Hot-Swap Enabled: Yes
e58eb371a047c3a8aee4ce9aaca0f7f3673432a4Mukund Sivaramancom.sun.identity.agents.config.httpsession.binding = false
2ff2145ff53ec10df0e3c9c51906d63187fd54faMark Andrews# GOTO PARAMETER NAME
2ff2145ff53ec10df0e3c9c51906d63187fd54faMark Andrews# This property has been deprecated.
c213a58e803c0bba12e3df0f33405eaee907acc6Evan Hunt# Specifies the goto Parameter name to be used by the Agent when
bc8f82492dfdfa8b6d58bca850fa328e176cfd91Mark Andrews# redirecting the user to the appropriate authentication service. The
c213a58e803c0bba12e3df0f33405eaee907acc6Evan Hunt# value of this parameter is used by the authentication service to
f4102ab13ea049d73f5523c1a94fe2b83c408c9eMark Andrews# redirect the user to the original requested destination.
a98f70acc8d36bf73c000808ffed455ad8f15b02Evan Hunt# Valid Values:
a98f70acc8d36bf73c000808ffed455ad8f15b02Evan Hunt# A string value that represents the goto parameter name.
8b61aef4dcc53267a500449058c0af705e3a64d1Evan Hunt# Hot-Swap Enabled: Yes
2616cb69443f6ccd1900901c91e04d86886a7197Evan Huntcom.sun.identity.agents.config.redirect.param = goto
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt# Specifies the login URLs to be used by the Agent to redirect
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt# incoming users without sufficient credentials to the OpenAM
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt# authentication service.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt# Hot-Swap Enabled: Yes
591389c7d44e5ca20c357627dd179772cfefaaccEvan Huntcom.sun.identity.agents.config.login.url[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/UI/Login
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt# Specifies the logout URLs to be used by the Agent to log out
1059bc2e42e8214f8b73d3b4cd181d8394a94a6aFrancis Dupont# the authenticated users from the OpenAM authentication service.
1059bc2e42e8214f8b73d3b4cd181d8394a94a6aFrancis Dupont# Hot-Swap Enabled: Yes
1059bc2e42e8214f8b73d3b4cd181d8394a94a6aFrancis Dupontcom.sun.identity.agents.config.logout.url[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/UI/Logout
801fb8b894c75fc1e3fa0284e096ade6dcdc1110Evan Hunt# LOGIN URL, LOGOUT URL, or CDSSO URLs PROPERTIES
801fb8b894c75fc1e3fa0284e096ade6dcdc1110Evan Hunt# - login.url.prioritized: specifies if the failover sequence for Login URLs
801fb8b894c75fc1e3fa0284e096ade6dcdc1110Evan Hunt# or CDSSO URLs should be prioritized as defined in the list with the lowest
4eefa351cc5549a2cebb45d274f10249e31f6945Mukund Sivaraman# index having the highest priority.
4eefa351cc5549a2cebb45d274f10249e31f6945Mukund Sivaraman# - login.url.probe.enabled: specifies if agent will check the availability
fe12a8f1077c1556922f1a3be2f592c761917838Mukund Sivaraman# of these urls before redirecting to them.
fe12a8f1077c1556922f1a3be2f592c761917838Mukund Sivaraman# Default value is true for backward compability, but suggests to set it
b82963f96b452e2acbdf2ebd3d96de0ff0859a68Evan Hunt# to false (server will not be checked) in production deployment where agent
b82963f96b452e2acbdf2ebd3d96de0ff0859a68Evan Hunt# often can not access login url directly.
d8890e779c0a74a8738a746f130a4bed6d6954caEvan Hunt# - login.url.probe.timeout: this is the connect timeout value in milliseconds
e77ef50a57091eeb70d0a6d021638c92442c8f0aMark Andrews# when login.url.probe.enabled is set to true (or server will be checked).
e77ef50a57091eeb70d0a6d021638c92442c8f0aMark Andrews# - logout.url.prioritized: specifies if the failover sequence for Logout
4b36b9c1fff56d836feeaa1dc7eb1d4676d9c8bbMark Andrews# URLs should be prioritized as defined in the list with the lowest
4b36b9c1fff56d836feeaa1dc7eb1d4676d9c8bbMark Andrews# index having the highest priority.
9175a4ed6325e611d4c95d74f6e447a3f4b50fa0Evan Hunt# - logout.url.probe.enabled: specifies if agent will check the availability
9175a4ed6325e611d4c95d74f6e447a3f4b50fa0Evan Hunt# of these urls before redirecting to them.
9175a4ed6325e611d4c95d74f6e447a3f4b50fa0Evan Hunt# Default value is true for backward compability, but suggests to set it
9175a4ed6325e611d4c95d74f6e447a3f4b50fa0Evan Hunt# to false (server will not be checked) in production deployment where agent
84ee90b52d4fb443c796f4e1481f98d5a95b5614Evan Hunt# often can not access logout url directly.
84ee90b52d4fb443c796f4e1481f98d5a95b5614Evan Hunt# - logout.url.probe.timeout: this is the connect timeout value in milliseconds
84ee90b52d4fb443c796f4e1481f98d5a95b5614Evan Hunt# when logout.url.probe.enabled is set to true (or server will be checked).
875574f1e4e87d8412b682084991954c10c20e35Mark Andrews# Hot-Swap Enabled: Yes
875574f1e4e87d8412b682084991954c10c20e35Mark Andrewscom.sun.identity.agents.config.login.url.prioritized = true
626ba6609dd45cd543a05910dd503ff712355c88Evan Huntcom.sun.identity.agents.config.login.url.probe.enabled = true
626ba6609dd45cd543a05910dd503ff712355c88Evan Huntcom.sun.identity.agents.config.login.url.probe.timeout = 2000
17dc146c7c2399e7bd64e776775535b9484ad1d5Mark Andrewscom.sun.identity.agents.config.logout.url.prioritized = true
39f68d7b64dce25e19f7132f6c46b3beabeed492Tinderbox Usercom.sun.identity.agents.config.logout.url.probe.enabled = true
2817aa56ca12139849ba1017ff978833174f6294Evan Huntcom.sun.identity.agents.config.logout.url.probe.timeout = 2000
22e3e00ac95ec1ba89200c5d0e05670ed5ad8fefMark Andrews# AGENT SERVER PROPERTIES
22e3e00ac95ec1ba89200c5d0e05670ed5ad8fefMark Andrews# - agent.host: The host name identifying the Agent protected server to
22e3e00ac95ec1ba89200c5d0e05670ed5ad8fefMark Andrews# the client browsers if different from the actual host name. May be
ff62d4458acda2110a3763ec576a4f728450662cEvan Hunt# left blank if not used.
ff62d4458acda2110a3763ec576a4f728450662cEvan Hunt# - agent.port: The port number identifying the Agent protected server
ff62d4458acda2110a3763ec576a4f728450662cEvan Hunt# listening port to the client browsers if different from the actual
ff62d4458acda2110a3763ec576a4f728450662cEvan Hunt# listening port. May be left blank if not used.
761d135ed686601f36fe3d0d4aaa6bf41287bb0fEvan Hunt# - agent.protocol: The protocol being used (http/https) by the client
b88b75c2b88618f9c885c61e1ab0bd1cddd4474eEvan Hunt# browsers to communicate with the Agent protected server if different
b88b75c2b88618f9c885c61e1ab0bd1cddd4474eEvan Hunt# from the actual protocol used by the server.
b88b75c2b88618f9c885c61e1ab0bd1cddd4474eEvan Hunt# Hot-Swap Enabled: Yes
cc0a48a38173637f7a833e2da52bcfbcecb960b4Mark Andrews# LOGIN ATTEMPT LIMIT
cc0a48a38173637f7a833e2da52bcfbcecb960b4Mark Andrews# Specifies the number of login attempts that a user can make without
cc0a48a38173637f7a833e2da52bcfbcecb960b4Mark Andrews# success using a single browser session which will trigger the
f8eb4e5bfd1129d7639af5c2c768f53f0895952aMark Andrews# blocking of the user request. Setting this value to 0 disables this
f8eb4e5bfd1129d7639af5c2c768f53f0895952aMark Andrews# Hot-Swap Enabled: Yes
b05a50c852608a40d1a06d6124bafb9b500c10c1Mukund Sivaramancom.sun.identity.agents.config.login.attempt.limit = 0
b05a50c852608a40d1a06d6124bafb9b500c10c1Mukund Sivaraman# SSO Cache Enable Flag:
f91c369b4ac84fad07e3106c5c00a15d87250d1eMukund Sivaraman# This property specifies if the SSO Cache is active for the agent. This cache
f91c369b4ac84fad07e3106c5c00a15d87250d1eMukund Sivaraman# is used through public APIs exposed by the agent SDK.
f91c369b4ac84fad07e3106c5c00a15d87250d1eMukund Sivaraman# Valid Values: true, false
f91c369b4ac84fad07e3106c5c00a15d87250d1eMukund Sivaraman# Hot-Swap Enabled: Yes
a6f0e9c985220f0e4509777e6528afb64e0ad576Mukund Sivaramancom.sun.identity.agents.config.amsso.cache.enable = true
a6f0e9c985220f0e4509777e6528afb64e0ad576Mukund Sivaraman# COOKIE RESET PROCESSING PROPERTIES
a6f0e9c985220f0e4509777e6528afb64e0ad576Mukund Sivaraman# - cookie.reset.enable: A flag that specifies if cookie reset processing
f4dda9cf28f8be880097ee931b3237e09731a28aMark Andrews# is enabled or disabled.
f4dda9cf28f8be880097ee931b3237e09731a28aMark Andrews# - cookie.reset.name: A list of cookie names that will be reset by the
f4dda9cf28f8be880097ee931b3237e09731a28aMark Andrews# Agent if cookie reset processing is enabled.
79521569952d5e2475f05e4397dc976f4685056eMark Andrews# - cookie.reset.domain: A MAP property with the key being the cookie name
79521569952d5e2475f05e4397dc976f4685056eMark Andrews# specified in cookie.reset.name property and the value being the domain
79521569952d5e2475f05e4397dc976f4685056eMark Andrews# of this cookie to be used when a reset event occurs.
79521569952d5e2475f05e4397dc976f4685056eMark Andrews# - cookie.reset.path: A MAP property with the key being the cookie name
d1f1f13c7fc1f1515930053508f1645cfafaa478Mark Andrews# specified in cookie.reset.name property and the value being the path
d1f1f13c7fc1f1515930053508f1645cfafaa478Mark Andrews# of this cookie to be used when a reset event occurs.
d1f1f13c7fc1f1515930053508f1645cfafaa478Mark Andrews# Hot-Swap Enabled: Yes
74eb2f5cbc98d9646bcd13ffcb17688f0db5ab8dEvan Huntcom.sun.identity.agents.config.cookie.reset.enable = false
74eb2f5cbc98d9646bcd13ffcb17688f0db5ab8dEvan Huntcom.sun.identity.agents.config.cookie.reset.name[0] =
74eb2f5cbc98d9646bcd13ffcb17688f0db5ab8dEvan Huntcom.sun.identity.agents.config.cookie.reset.domain[] =
74eb2f5cbc98d9646bcd13ffcb17688f0db5ab8dEvan Huntcom.sun.identity.agents.config.cookie.reset.path[] =
74eb2f5cbc98d9646bcd13ffcb17688f0db5ab8dEvan Hunt# CDSSO PROCESSING PROPERTIES
74eb2f5cbc98d9646bcd13ffcb17688f0db5ab8dEvan Hunt# - cdsso.enable: A flag that specifies if CDSSO processing is
b0c18fffd3c81d3cb617dbba4d222d49ae266f28Mark Andrews# enabled or disabled.
b0c18fffd3c81d3cb617dbba4d222d49ae266f28Mark Andrews# - cdsso.redirect.uri: An intermediate URI that is used by the
b0c18fffd3c81d3cb617dbba4d222d49ae266f28Mark Andrews# Agent for processing CDSSO requests.
b0c18fffd3c81d3cb617dbba4d222d49ae266f28Mark Andrews# - cdsso.cdcservlet.url: A LIST of URLs of the available CDSSO controllers
511ec77fca2e2df66b36f4756fd2459cfe7998d9Mark Andrews# that may be used by the Agent for CDSSO processing.
511ec77fca2e2df66b36f4756fd2459cfe7998d9Mark Andrews# - cdsso.clock.skew: Specifies a time in seconds to be used by the
44032d3918d4aeb2f0cff3bb90e4a44569016559Mark Andrews# Agent to determine the validity of the CDSSO AuthnResponse assertion.
44032d3918d4aeb2f0cff3bb90e4a44569016559Mark Andrews# - cdsso.trusted.id.providers: This property specifies the OpenAM
d8f2dd46cba3a16c2433e85657a5b15543013ca6Mark Andrews# Server/ID providers that should be trusted by the agent, when evaluating
d8f2dd46cba3a16c2433e85657a5b15543013ca6Mark Andrews# the CDC Liberty Responses. Used when a Load Balancer/Firewall is between
1e0ed0c6f5c359df88767e2c4f0fda24f2da0468Mark Andrews# the agent & server.
1e0ed0c6f5c359df88767e2c4f0fda24f2da0468Mark Andrews# - cdsso.secure.enable: A flag that specifies if the SSO Token cookie
1e0ed0c6f5c359df88767e2c4f0fda24f2da0468Mark Andrews# set by the agent in the different domains in CDSSO mode will be marked
1e0ed0c6f5c359df88767e2c4f0fda24f2da0468Mark Andrews# secure. When the property is set to true the SSO Token cookie will only
1e0ed0c6f5c359df88767e2c4f0fda24f2da0468Mark Andrews# be transmitted if the communications channel with the host is a secure one.
1e0ed0c6f5c359df88767e2c4f0fda24f2da0468Mark Andrews# - cdsso.domain: This property specifies the domains for which cookies have
1e0ed0c6f5c359df88767e2c4f0fda24f2da0468Mark Andrews# to be set in a CDSSO scenario. If this property is left blank then the
3bdcd91c456adec12ee9f69cfe6b0f79174f78c4Evan Hunt# fully qualified cookie domain for the agent server will be used for
1e0ed0c6f5c359df88767e2c4f0fda24f2da0468Mark Andrews# setting the cookie domain. In such case it is a host cookie instead of
1e0ed0c6f5c359df88767e2c4f0fda24f2da0468Mark Andrews# a domain cookie.
2ce24e13faacaf73286298f0068a7e7f0d03fdacMark Andrews# com.sun.identity.agents.config.cdsso.domain[0] = .sun.com
1e0ed0c6f5c359df88767e2c4f0fda24f2da0468Mark Andrews# Hot-Swap Enabled: Yes
1e0ed0c6f5c359df88767e2c4f0fda24f2da0468Mark Andrewscom.sun.identity.agents.config.cdsso.enable = false
47d837a49967a6a1b290024f5efb0669276013b1Mukund Sivaramancom.sun.identity.agents.config.cdsso.redirect.uri = @AGENT_APP_URI@/sunwCDSSORedirectURI
47d837a49967a6a1b290024f5efb0669276013b1Mukund Sivaramancom.sun.identity.agents.config.cdsso.cdcservlet.url[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/cdcservlet
47d837a49967a6a1b290024f5efb0669276013b1Mukund Sivaramancom.sun.identity.agents.config.cdsso.clock.skew = 0
47d837a49967a6a1b290024f5efb0669276013b1Mukund Sivaramancom.sun.identity.agents.config.cdsso.trusted.id.provider[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/cdcservlet
47d837a49967a6a1b290024f5efb0669276013b1Mukund Sivaramancom.sun.identity.agents.config.cdsso.secure.enable = false
2317d1f835217db65808826b72a47920963c59fdTinderbox User#com.sun.identity.agents.config.cdsso.domain[0] =
be7fba80190c33b0e50f086509b42bb319bb95b4Evan Hunt# LOGOUT PROCESSING PROPERTIES
03fd9cb81c2a92cf54baab5103db10e8ef9d524aMark Andrews# - logout.application.handler: An application specific (MAP) property
03fd9cb81c2a92cf54baab5103db10e8ef9d524aMark Andrews# that identifies a handler to be used for logout processing.
03fd9cb81c2a92cf54baab5103db10e8ef9d524aMark Andrews# - logout.uri: An application specific (MAP) property that identifies
03fd9cb81c2a92cf54baab5103db10e8ef9d524aMark Andrews# a request URI which indicates a logout event.
017aa9aef63aaef6a370c180f6290b8388deda01Mark Andrews# - logout.request.param: An application specific (MAP) property that
dc5e29a7d216b4233c80bec8967015aa9c05962eTinderbox User# identifies a parameter which when present in the HTTP request
017aa9aef63aaef6a370c180f6290b8388deda01Mark Andrews# indicates a logout event.
017aa9aef63aaef6a370c180f6290b8388deda01Mark Andrews# - logout.introspect.enabled: A flag that when set allows the Agent
017aa9aef63aaef6a370c180f6290b8388deda01Mark Andrews# to search HTTP request body to locate logout parameter.
017aa9aef63aaef6a370c180f6290b8388deda01Mark Andrews# - logout.entry.uri: An application specific (MAP) property that identifies
09290020bc9b3cd787f1a19e400413a6ca6827e3Evan Hunt# a URI to be used as an entry point after successful logout and
2ce24e13faacaf73286298f0068a7e7f0d03fdacMark Andrews# subsequent successful authentication if applicable.
693d70f96fc2b3c1830580edcc29146afd6a9f61Mark Andrews# Hot-Swap Enabled: Yes
c5e9423340dff77b2d3b79fcd4908708770a49c3Mukund Sivaramancom.sun.identity.agents.config.logout.application.handler[] =
c5e9423340dff77b2d3b79fcd4908708770a49c3Mukund Sivaramancom.sun.identity.agents.config.logout.uri[] =
ea3aa401bc74d34560af190a4009d436054d1bfaMark Andrewscom.sun.identity.agents.config.logout.request.param[] =
ea3aa401bc74d34560af190a4009d436054d1bfaMark Andrewscom.sun.identity.agents.config.logout.introspect.enabled = false
ea3aa401bc74d34560af190a4009d436054d1bfaMark Andrewscom.sun.identity.agents.config.logout.entry.uri[] =
6444de08d1aacf7396663b7a82d62eedf534c3d7Mark Andrews# FQDN PROCESSING PROPERTIES
6444de08d1aacf7396663b7a82d62eedf534c3d7Mark Andrews# - fqdn.check.enable: A flag that indicates if FQDN checking is enabled
5c5c6d289db78e41f714007426a387498e15963cFrancis Dupont# - fqdn.default: A hostname that represents the default FQDN to be
5c5c6d289db78e41f714007426a387498e15963cFrancis Dupont# used by the Agent when necessary.
5c5c6d289db78e41f714007426a387498e15963cFrancis Dupont# - fqdn.mapping: A MAP property that specifies a mapping from an invalid
5c5c6d289db78e41f714007426a387498e15963cFrancis Dupont# FQDN entry specified as the key to a valid FQDN entry specified as
5c5c6d289db78e41f714007426a387498e15963cFrancis Dupont# Hot-Swap Enabled: Yes
fc63119c8b7aa8827fad9e3e45e50c69bc2630e8Francis Dupont# com.sun.identity.agents.config.fqdn.mapping[myserver]=myserver.mydomain.com
fc63119c8b7aa8827fad9e3e45e50c69bc2630e8Francis Dupontcom.sun.identity.agents.config.fqdn.check.enable = true
fc63119c8b7aa8827fad9e3e45e50c69bc2630e8Francis Dupontcom.sun.identity.agents.config.fqdn.default = @AGENT_HOST@
5c5c6d289db78e41f714007426a387498e15963cFrancis Dupont# LEGACY USER AGENT PROCESSING PROPERTIES
5c5c6d289db78e41f714007426a387498e15963cFrancis Dupont# These three properties have been deprecated:
092d3b76db6b93b8029bd7d083e74fc80fb41858Mark Andrews# - legacy.support.enable: A flag that specifies if legacy user agent
92384667ff3bc059237849b3afd4c715c9164435Evan Hunt# support is enabled or disabled.
92384667ff3bc059237849b3afd4c715c9164435Evan Hunt# - legacy.user.agent: A LIST of user agent header values that identify
13fe015cbfab3019ded0def054a1b09159bb3101Evan Hunt# legacy browsers. Entries in this list can have wild card character '*'.
13fe015cbfab3019ded0def054a1b09159bb3101Evan Hunt# - legacy.redirect.uri: An intermediate URI used by the Agent to
64d715c22acbed195703bb9b96aac2b938a83de2Mark Andrews# redirect legacy user agent requests.
64d715c22acbed195703bb9b96aac2b938a83de2Mark Andrews# Hot-Swap Enabled: Yes
3230429e175dcaafe9c59967124d44c02ca0ccadEvan Huntcom.sun.identity.agents.config.legacy.support.enable = false
3230429e175dcaafe9c59967124d44c02ca0ccadEvan Huntcom.sun.identity.agents.config.legacy.user.agent[0] = Mozilla/4.7*
3230429e175dcaafe9c59967124d44c02ca0ccadEvan Huntcom.sun.identity.agents.config.legacy.redirect.uri = @AGENT_APP_URI@/sunwLegacySupportURI
3230429e175dcaafe9c59967124d44c02ca0ccadEvan Hunt# CUSTOM RESPONSE HEADERS
3230429e175dcaafe9c59967124d44c02ca0ccadEvan Hunt# A MAP property that specifies the custom headers that are set by
3230429e175dcaafe9c59967124d44c02ca0ccadEvan Hunt# the Agent on the client browser. The key is the header name and the
c4f54e5bd1cd09f601252627b5b26768ab797742Evan Hunt# value represents the header value.
4ccffa13aa1f87d8d3dbdf7a74cf29b1c323ad52Tinderbox User# Hot-Swap Enabled: Yes
e32d354f754a5d7847a0862bcd6302827ea225bfEvan Hunt# com.sun.identity.agents.config.response.header[Cache-Control] = no-cache
e32d354f754a5d7847a0862bcd6302827ea225bfEvan Hunt# REDIRECT ATTEMPT LIMIT
e32d354f754a5d7847a0862bcd6302827ea225bfEvan Hunt# Specifies the number of successive single point redirects that a
c4abb197160a74f7cd4ad23ebc63fbe0194010abEvan Hunt# user can make using a single browser session which will trigger the
c4abb197160a74f7cd4ad23ebc63fbe0194010abEvan Hunt# blocking of the user request. When set to 0 this feature is disabled.
c4abb197160a74f7cd4ad23ebc63fbe0194010abEvan Hunt# Hot-Swap Enabled: Yes
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Huntcom.sun.identity.agents.config.redirect.attempt.limit = 0
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt# PORT CHECK PROCESSING PROPERTIES
90fc237a1fdf1680ef254f16b497f90ac759f71bEvan Hunt# - port.check.enable: A flag that indicates if port check functionality
0c3f2ff9738efe01c4e9cf62592516f27774b9d4Evan Hunt# is enabled or disabled.
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt# - port.check.file: Specifies the name or complete path of a file that
90fc237a1fdf1680ef254f16b497f90ac759f71bEvan Hunt# has the necessary content needed to handle requests that need port
90fc237a1fdf1680ef254f16b497f90ac759f71bEvan Hunt# correction.
0c3f2ff9738efe01c4e9cf62592516f27774b9d4Evan Hunt# - port.check.setting: A MAP of port versus protocol entries with the
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt# key being the listening port number and value being the listening
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt# protocol to be used by the Agent to identify requests with invalid
90fc237a1fdf1680ef254f16b497f90ac759f71bEvan Hunt# port numbers.
90fc237a1fdf1680ef254f16b497f90ac759f71bEvan Hunt# Hot-Swap Enabled: Yes
3cc8c7d63040a3eafde2b00e1f60465e7053208aEvan Hunt# com.sun.identity.agents.config.port.check.setting[80] = http
3cc8c7d63040a3eafde2b00e1f60465e7053208aEvan Hunt# com.sun.identity.agents.config.port.check.setting[443] = https
ce96d4326c872c8165b5e3a81ac5b49950c782c6Evan Huntcom.sun.identity.agents.config.port.check.enable = false
ce96d4326c872c8165b5e3a81ac5b49950c782c6Evan Huntcom.sun.identity.agents.config.port.check.file = PortCheckContent.txt
ce96d4326c872c8165b5e3a81ac5b49950c782c6Evan Huntcom.sun.identity.agents.config.port.check.setting[@AGENT_PREF_PORT@] = @AGENT_PREF_PROTO@
ce96d4326c872c8165b5e3a81ac5b49950c782c6Evan Hunt# NOT-ENFORCED URI PROCESSING PROPERTIES
ce96d4326c872c8165b5e3a81ac5b49950c782c6Evan Hunt# - notenforced.uri: A LIST of URIs for which protection is not enforced
ce96d4326c872c8165b5e3a81ac5b49950c782c6Evan Hunt# by the Agent.
ce96d4326c872c8165b5e3a81ac5b49950c782c6Evan Hunt# - notenforced.uri.invert: A flag that specifies if the list of URIs
ce96d4326c872c8165b5e3a81ac5b49950c782c6Evan Hunt# specified by the property notenforced.uri should be inverted. When
ce96d4326c872c8165b5e3a81ac5b49950c782c6Evan Hunt# set to true, it indicates that the URIs specified should be enforced
b976c39c07f7672bd1293e878b3306c7decf8afeMark Andrews# and all other URIs should be not enforced by the Agent. Entries in
c3f6fd0e1983fc19e5fa735f52d2af8df74a69c3Evan Hunt# this list can have wild card character '*'.
b976c39c07f7672bd1293e878b3306c7decf8afeMark Andrews# - notenforced.uri.cache.enable: A flag that specifies if the caching of
1feee79e1f8b946af9ebcc9dc31514aafb872438Mark Andrews# of not-enforced URI list evaluation results is enabled or disabled.
1feee79e1f8b946af9ebcc9dc31514aafb872438Mark Andrews# - notenforced.uri.cache.size: The size of the cache to be used if
c2f8108123c40f9be5c7d8255300e578ca8a47a6Mark Andrews# caching of not-enforced URI list evaluation results is enabled.
c2f8108123c40f9be5c7d8255300e578ca8a47a6Mark Andrews# - notenforced.refresh.session.idletime: A flag that specifies if the OpenAM
c2f8108123c40f9be5c7d8255300e578ca8a47a6Mark Andrews# session idle time is reset or not when accessing the not enforced URIs.
4e59131f1838d31eac9b355da467516ecd291752Mark Andrews# Hot-Swap Enabled: Yes
4e59131f1838d31eac9b355da467516ecd291752Mark Andrews# com.sun.identity.agents.config.notenforced.uri[0]=*.gif
f0a54842b1a50dac0b020958eb6025ed676f9a34Mark Andrews# com.sun.identity.agents.config.notenforced.uri[1]=/public/*
f0a54842b1a50dac0b020958eb6025ed676f9a34Mark Andrews# com.sun.identity.agents.config.notenforced.uri[2]=/images/*
0f5144163c44a67d9be986383769852a0dae502aMark Andrewscom.sun.identity.agents.config.notenforced.uri[0] =
9208b81867e8d11a641065d55ee40d24512a8452Mark Andrewscom.sun.identity.agents.config.notenforced.uri.invert = false
9208b81867e8d11a641065d55ee40d24512a8452Mark Andrewscom.sun.identity.agents.config.notenforced.uri.cache.enable = true
9208b81867e8d11a641065d55ee40d24512a8452Mark Andrewscom.sun.identity.agents.config.notenforced.uri.cache.size = 1000
9208b81867e8d11a641065d55ee40d24512a8452Mark Andrewscom.sun.identity.agents.config.notenforced.refresh.session.idletime = false
f274cbeaed0e4c5fdbde9f5c30833d7f1da37cd3Mark Andrews# NOT-ENFORCED CLIENT IP PROCESSING PROPERTIES
f274cbeaed0e4c5fdbde9f5c30833d7f1da37cd3Mark Andrews# - notenforced.ip: A LIST of client IP addresses for which protection is
00fb0253c9df8a4686115745ae91d501f62c7451Mark Andrews# not enforced by the Agent.
00fb0253c9df8a4686115745ae91d501f62c7451Mark Andrews# - notenforced.ip.invert: A flag that specifies if the list of client IP
00fb0253c9df8a4686115745ae91d501f62c7451Mark Andrews# addresses specified by the property notenforced.ip should be inverted.
a5c7cfbac4e401c41741c123347739ab87c80a52Mark Andrews# When set to true, it indicates that the client IP addresses specified
a5c7cfbac4e401c41741c123347739ab87c80a52Mark Andrews# should be enforced and all other client IPs should be not enforced by
a5c7cfbac4e401c41741c123347739ab87c80a52Mark Andrews# the Agent. Entries in this list can have wild card character '*'.
2ce24e13faacaf73286298f0068a7e7f0d03fdacMark Andrews# - notenforced.ip.cache.enable: A flag that specifies if the caching of
eb5243365c8d5b2dd172f9cbd7c29166716caa3fMark Andrews# of not-enforced IP list evaluation results is enabled or disabled.
d84a4d216d513bec15e83ec6c6e7863a24ff548bMark Andrews# - notenforced.ip.cache.size: The size of the cache to be used if
c6e22bbaefce98c37c1def3f971d214a9a147ad5Evan Hunt# caching of not-enforced IP list evaluation results is enabled.
c6e22bbaefce98c37c1def3f971d214a9a147ad5Evan Hunt# Hot-Swap Enabled: Yes
d84a4d216d513bec15e83ec6c6e7863a24ff548bMark Andrews# com.sun.identity.agents.config.notenforced.ip[0]=192.18.145.*
d84a4d216d513bec15e83ec6c6e7863a24ff548bMark Andrews# com.sun.identity.agents.config.notenforced.ip[1]=192.18.146.123
6932de75eff5f92475027d294264c80478c3c070Tinderbox Usercom.sun.identity.agents.config.notenforced.ip[0] =
dd66b77417aff9a7805f52b1e37ac48e647e0102Evan Huntcom.sun.identity.agents.config.notenforced.ip.invert = false
dd66b77417aff9a7805f52b1e37ac48e647e0102Evan Huntcom.sun.identity.agents.config.notenforced.ip.cache.enable = true
40b28f54029a5399fc17d895dd9e8bbcd97d6b70Mark Andrewscom.sun.identity.agents.config.notenforced.ip.cache.size = 1000
7fbfa379e25b675ec46ae30925b4b2923a07c893Francis Dupont# COMMON ATTRIBUTE FETCH PROCESSING PROPERTIES
7fbfa379e25b675ec46ae30925b4b2923a07c893Francis Dupont# - attribute.cookie.separator: A character that will be used to separate
7fbfa379e25b675ec46ae30925b4b2923a07c893Francis Dupont# multiple values of the same attribute when it is being set as a cookie.
498b0610312364afc5698b2e4caaa4dcc836133aEvan Hunt# - attribute.cookie.encode: A flag that indicates if the value of the
498b0610312364afc5698b2e4caaa4dcc836133aEvan Hunt# attribute should be URL encoded before being set as a cookie.
498b0610312364afc5698b2e4caaa4dcc836133aEvan Hunt# - attribute.date.format: The format of date attribute values to be used
7caeff39c28e82ec720c75d86528bb903dae77d4Jeremy C. Reed# when the attribute is being set as HTTP header. This format is based
498b0610312364afc5698b2e4caaa4dcc836133aEvan Hunt# on the definition as provided in java.text.SimpleDateFormat.
90e0af6bc6c1bcafad126e1779fc478c0aeaeb8fEvan Hunt# Hot-Swap Enabled: Yes
90e0af6bc6c1bcafad126e1779fc478c0aeaeb8fEvan Huntcom.sun.identity.agents.config.attribute.cookie.separator = |
72775a79fedd13e19a567432ace70d7ead28e433Mark Andrewscom.sun.identity.agents.config.attribute.date.format = EEE, d MMM yyyy hh:mm:ss z
72775a79fedd13e19a567432ace70d7ead28e433Mark Andrewscom.sun.identity.agents.config.attribute.cookie.encode = true
871f3c8beeb2134b17414ec167b90a57adb8e122Mark Andrews# PROFILE ATTRIBUTE PROCESSING PROPERTIES
871f3c8beeb2134b17414ec167b90a57adb8e122Mark Andrews# - profile.attribute.fetch.mode: The mode of fetching profile attributes.
6a6821668d0ff38c34303d63f727fcd11cc36863Evan Hunt# This value is one of: NONE, HTTP_HEADER, REQUEST_ATTRIBUTE, HTTP_COOKIE
48f97c23b7d59c925fc3f4280972e50b8ef67c35Mark Andrews# - profile.attribute.mapping: A MAP that specifies the profile attributes to
48f97c23b7d59c925fc3f4280972e50b8ef67c35Mark Andrews# be populated under specific names for the currently authenticated user.
188690149b54145e1936898e565eb9eec139bbfeEvan Hunt# The key is the profile attribute name and the value is the name under
188690149b54145e1936898e565eb9eec139bbfeEvan Hunt# which that attribute will be made available.
188690149b54145e1936898e565eb9eec139bbfeEvan Hunt# Hot-Swap Enabled: Yes
27174d90ccf7d15539b9384744dbbe7beae1723cEvan Hunt# com.sun.identity.agents.config.profile.attribute.mapping[cn]=CUSTOM-Common-Name
27174d90ccf7d15539b9384744dbbe7beae1723cEvan Hunt# com.sun.identity.agents.config.profile.attribute.mapping[mail]=CUSTOM-Email
eb6d61d5e02946e1a7a959bac37eae9dbbc2051bEvan Huntcom.sun.identity.agents.config.profile.attribute.fetch.mode = NONE
eb6d61d5e02946e1a7a959bac37eae9dbbc2051bEvan Huntcom.sun.identity.agents.config.profile.attribute.mapping[] =
79921aeec24a15883cf3c22a15c77837e69a46beMark Andrews# SESSION ATTRIBUTE PROCESSING PROPERTIES
79921aeec24a15883cf3c22a15c77837e69a46beMark Andrews# - session.attribute.fetch.mode: The mode of fetching session attributes.
79921aeec24a15883cf3c22a15c77837e69a46beMark Andrews# This value is one of: NONE, HTTP_HEADER, REQUEST_ATTRIBUTE, HTTP_COOKIE
188690149b54145e1936898e565eb9eec139bbfeEvan Hunt# - session.attribute.mapping: A MAP that specifies the session attributes to
58a1051e92d46638306e2c17806307c04065c2b3Mark Andrews# be populated under specific names for the currently authenticated user.
58a1051e92d46638306e2c17806307c04065c2b3Mark Andrews# The key is the session attribute name and the value is the name under
8197ef7cb5619160600bf1c6e5e8374a6c10838fEvan Hunt# which that attribute will be made available.
8197ef7cb5619160600bf1c6e5e8374a6c10838fEvan Hunt# Hot-Swap Enabled: Yes
8197ef7cb5619160600bf1c6e5e8374a6c10838fEvan Hunt# com.sun.identity.agents.config.session.attribute.mapping[UserToken]=CUSTOM-userid
c12c746e3abad9e4100c6694118adc1df398f0bcMark Andrewscom.sun.identity.agents.config.session.attribute.fetch.mode = NONE
c12c746e3abad9e4100c6694118adc1df398f0bcMark Andrewscom.sun.identity.agents.config.session.attribute.mapping[] =
c81d56c03effca6303a4ba07c74163a2031b36e9Mark Andrews# RESPONSE ATTRIBUTE PROCESSING PROPERTIES
48f97c23b7d59c925fc3f4280972e50b8ef67c35Mark Andrews# - response.attribute.fetch.mode: The mode of fetching policy response
5d722dead43a8c087afde46f958b1d3351a2125bTinderbox User# attributes. This value is one of: NONE, HTTP_HEADER, REQUEST_ATTRIBUTE,
1c182f1516d3d14de6df81f4103ebfe538a519f6Evan Hunt# HTTP_COOKIE
12002ea49e5a5a6f7b9c22280dd2cb1f3f44abcfEvan Hunt# - response.attribute.mapping: A MAP that specifies the policy response
12002ea49e5a5a6f7b9c22280dd2cb1f3f44abcfEvan Hunt# attributes to be populated under specific names for the currently
6979ebf549b9c0ccd115bbf8c0d905600086f292Mark Andrews# authenticated user. The key is the policy response attribute name and
6979ebf549b9c0ccd115bbf8c0d905600086f292Mark Andrews# the value is the name under which that attribute will be made available.
6979ebf549b9c0ccd115bbf8c0d905600086f292Mark Andrews# Hot-Swap Enabled: Yes
b24061719ced97ecdbc7cfcf925c217d0dd80834Mark Andrewscom.sun.identity.agents.config.response.attribute.fetch.mode = NONE
b24061719ced97ecdbc7cfcf925c217d0dd80834Mark Andrewscom.sun.identity.agents.config.response.attribute.mapping[] =
9c0589bc8b1401e02c9b557737cb756e86b094ffMark Andrews# BYPASS PRINCIPAL LIST
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews# This property specifies a list of principals that is bypassed by the
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews# Agent for authentication and search purposes.
dda69168ead4bb44f5a23949a04ee2069b7d4ef0Mark Andrews# Hot-Swap Enabled: Yes
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrews# com.sun.identity.agents.config.bypass.principal[0] = guest
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrews# com.sun.identity.agents.config.bypass.principal[1] = testuser
7b04216015f6984fa43fc96f1c741ec287f84917Evan Huntcom.sun.identity.agents.config.bypass.principal[0] =
7d891eaf911e5cab1f704615f8f1ef87c8716f46Mark Andrews# PRIVILEGED ATTRIBUTE PROCESSING PROPERTIES
7d891eaf911e5cab1f704615f8f1ef87c8716f46Mark Andrews# - default.privileged.attribute: A list of privileged attributes that will
ffeaac1d826b541af39d7b20b9b68ff19ff01832Mark Andrews# be granted to all users who have a valid OpenAM session.
ffeaac1d826b541af39d7b20b9b68ff19ff01832Mark Andrews# - privileged.attribute.type: A list of privileged attribute types that will
ffeaac1d826b541af39d7b20b9b68ff19ff01832Mark Andrews# be fetched for each user.
c83b91fb6345464807161cc36c5d9046a15d5866Mark Andrews# - privileged.attribute.tolowercase : A MAP property that specifies if the
c83b91fb6345464807161cc36c5d9046a15d5866Mark Andrews# privileged attribute types should be converted to lowercase.
fa827173df3418bc56774aa528f7ca30fd0ee17cMark Andrews# - privileged.session.attribute: A list of session property names which
fa827173df3418bc56774aa528f7ca30fd0ee17cMark Andrews# hold privileged attributes for the authenticated user.
fa827173df3418bc56774aa528f7ca30fd0ee17cMark Andrews# - privileged.attribute.mapping.enable: A flag to specify whether
1c5990c2f98abf0c2adf7f54a531d8a4a3965414Mark Andrews# a mapping from an attibute's original value to another value is
1c5990c2f98abf0c2adf7f54a531d8a4a3965414Mark Andrews# enabled. This mapping may be necessary to satisfy container-specific
1c5990c2f98abf0c2adf7f54a531d8a4a3965414Mark Andrews# restrictions on character set being used in certain configuration files.
80169c379dd4e0a6e164b7cac4bf5fa013c91138Mark Andrews# - privileged.attribute.mapping: A map property that specifies the above
80169c379dd4e0a6e164b7cac4bf5fa013c91138Mark Andrews# mentioned mapping; Note that if a key contains "=" or ":", then these
80169c379dd4e0a6e164b7cac4bf5fa013c91138Mark Andrews# special character needs to be escaped by "\".
10c12aa5493f34920585164c5fb54a7ac9109fbdMark Andrews# Hot-Swap Enabled: Yes
10c12aa5493f34920585164c5fb54a7ac9109fbdMark Andrews# com.sun.identity.agents.config.default.privileged.attribute[0] = AUTHENTICATED_USERS
10c12aa5493f34920585164c5fb54a7ac9109fbdMark Andrews# com.sun.identity.agents.config.privileged.attribute.type[0] = Group
10c12aa5493f34920585164c5fb54a7ac9109fbdMark Andrews# com.sun.identity.agents.config.privileged.attribute.tolowercase[Group] = false
10c12aa5493f34920585164c5fb54a7ac9109fbdMark Andrews# com.sun.identity.agents.config.privileged.session.attribute[0] = UserToken
6b6d6509f6d80afae74eeb9f2e5baba696e29f32Mark Andrews# com.sun.identity.agents.config.privileged.attribute.mapping.enable=true
6b6d6509f6d80afae74eeb9f2e5baba696e29f32Mark Andrews# com.sun.identity.agents.config.privileged.attribute.mapping[id\=manager,ou\=group,dc\=openam,dc\=forgerock,dc\=org] = am_manager_role
9a36fb86f5019f25705d25ea729d03fcf8ecaa95Mark Andrews# com.sun.identity.agents.config.privileged.attribute.mapping[id\=employee,ou\=group,dc\=openam,dc\=forgerock,dc\=org] = am_employee_role
a266ab205bfd1c510022e2cd2a8cb62988242593Mark Andrewscom.sun.identity.agents.config.default.privileged.attribute[0] = AUTHENTICATED_USERS
a266ab205bfd1c510022e2cd2a8cb62988242593Mark Andrewscom.sun.identity.agents.config.privileged.attribute.type[0] = Group
a266ab205bfd1c510022e2cd2a8cb62988242593Mark Andrewscom.sun.identity.agents.config.privileged.attribute.type[1] = Role
3867312e4cc5c53d20f4020cc5b2459154406135Mark Andrewscom.sun.identity.agents.config.privileged.attribute.tolowercase[Group] = false
3867312e4cc5c53d20f4020cc5b2459154406135Mark Andrewscom.sun.identity.agents.config.privileged.attribute.tolowercase[Role] = false
3867312e4cc5c53d20f4020cc5b2459154406135Mark Andrewscom.sun.identity.agents.config.privileged.session.attribute[0] =
8dba0e7d87d192deef8b2aac197e4f508043a30cEvan Huntcom.sun.identity.agents.config.privileged.attribute.mapping.enable = true
8dba0e7d87d192deef8b2aac197e4f508043a30cEvan Huntcom.sun.identity.agents.config.privileged.attribute.mapping[] =
947cf282a721b089c1106780f13ae8e6298bddb1Mark Andrews# SSO TOKEN COOKIE NAME
947cf282a721b089c1106780f13ae8e6298bddb1Mark Andrews# The name of the SSO Token cookie used between the OpenAM server and
947cf282a721b089c1106780f13ae8e6298bddb1Mark Andrews# Hot-Swap Enabled: No
947cf282a721b089c1106780f13ae8e6298bddb1Mark Andrewscom.iplanet.am.cookie.name=iPlanetDirectoryPro
52131a835133a76cb62d4a7d8bcf5fe7bf858858Mark Andrews# SESSION CLIENT PROPERTIES
52131a835133a76cb62d4a7d8bcf5fe7bf858858Mark Andrews# - com.iplanet.am.session.client.polling.enable: A flag that specifies if
f687e639f00a31e0884fb2c95a627b10b50c364bEvan Hunt# the session client must use polling for updating session information
f687e639f00a31e0884fb2c95a627b10b50c364bEvan Hunt# and not depend upon server notifications.
f687e639f00a31e0884fb2c95a627b10b50c364bEvan Hunt# - com.iplanet.am.session.client.polling.period: Specifies the time in
523f3d630243211ddfda852f5224f7eff681d3a5Evan Hunt# seconds after which the session client will request update of cached
523f3d630243211ddfda852f5224f7eff681d3a5Evan Hunt# session information from the server.
2fa1fc53324c0fca978c902e883c7cc011210536Mark Andrews# Note: the notification url to be used by the Agent to receive session
2fa1fc53324c0fca978c902e883c7cc011210536Mark Andrews# notifications is com.sun.identity.client.notification.url
2fa1fc53324c0fca978c902e883c7cc011210536Mark Andrews# Hot-Swap Enabled: No
a8783019814daa36dd57afe3f527462822834c3bEvan Hunt# ENCRYPTION PROVIDER
a8783019814daa36dd57afe3f527462822834c3bEvan Hunt# Specifies the encryption provider implementation to be used by the Agent.
948c80ffa8f4efbade049f49d9751675f6937cf4Tinderbox User# Hot-Swap Enabled: No
fec7998314cbdaf1dc89513ffff5b45fc8ed73fdMark Andrewscom.iplanet.security.encryptor=com.iplanet.services.util.JCEEncryption
7ae9399897c55d35cb6764277bce4b91d052e0dcEvan Hunt# USER DATA CACHE PROPERTIES
7ae9399897c55d35cb6764277bce4b91d052e0dcEvan Hunt# - com.sun.identity.idm.remote.notification.enabled: A flag that is used to
3d066288ad6c6fe2ec2a54475f541a305a085068Evan Hunt# enable/disable the notifications for amsdk and IdRepo Caches. If set to
3d066288ad6c6fe2ec2a54475f541a305a085068Evan Hunt# true notifications are enabled and disabled if set to false.
3d066288ad6c6fe2ec2a54475f541a305a085068Evan Hunt# - com.iplanet.am.sdk.remote.pollingTime: Cache update time in minutes for
74717eef53ba5d6aefc80eb262bbb090ff4bb3b5Mark Andrews# user management data. If set to '0' no updates happen. This property
74717eef53ba5d6aefc80eb262bbb090ff4bb3b5Mark Andrews# takes effect only if no notification url is provided by
74717eef53ba5d6aefc80eb262bbb090ff4bb3b5Mark Andrews# 'com.sun.identity.client.notification.url' or if notifications are
1479200aa05414b2acf33607dbd1682c16f58c51Evan Hunt# disabled. (i.e., com.sun.identity.idm.remote.notification.enabled=false)
1479200aa05414b2acf33607dbd1682c16f58c51Evan Hunt# Hot-Swap Enabled: No
1479200aa05414b2acf33607dbd1682c16f58c51Evan Huntcom.sun.identity.idm.remote.notification.enabled=true
1479200aa05414b2acf33607dbd1682c16f58c51Evan Hunt# SERVICE DATA CACHE PROPERTIES
1479200aa05414b2acf33607dbd1682c16f58c51Evan Hunt# - com.sun.identity.sm.notification.enabled: A flag that is used to
1479200aa05414b2acf33607dbd1682c16f58c51Evan Hunt# enable/disable the notifications for service management caches. If set to
1479200aa05414b2acf33607dbd1682c16f58c51Evan Hunt# true notifications are enabled and disabled if set to false.
1479200aa05414b2acf33607dbd1682c16f58c51Evan Hunt# - com.sun.identity.sm.cacheTime: Cache update time in minutes for service
1479200aa05414b2acf33607dbd1682c16f58c51Evan Hunt# configuration data. If set to '0' no updates happen. This property
1479200aa05414b2acf33607dbd1682c16f58c51Evan Hunt# takes effect only if no notification url is provided by
1479200aa05414b2acf33607dbd1682c16f58c51Evan Hunt# 'com.sun.identity.client.notification.url' or if notifications are
1479200aa05414b2acf33607dbd1682c16f58c51Evan Hunt# disabled. (i.e., com.sun.identity.sm.notification.enabled=false).
1479200aa05414b2acf33607dbd1682c16f58c51Evan Hunt# Hot-Swap Enabled: No
c5379f197647b6e20d5bf48276c8c3b9f676c447Evan Hunt# AUTHENTICATION SERVICE PROPERTIES
f5c24a7f48cd68337c21dea47a448ae2ff2ccb8cEvan Hunt# Server protocol, host and port to be used by Authentication Service.
f5c24a7f48cd68337c21dea47a448ae2ff2ccb8cEvan Hunt# Hot-Swap Enabled: No
f5c24a7f48cd68337c21dea47a448ae2ff2ccb8cEvan Huntcom.iplanet.am.server.protocol=@AM_SERVICES_PROTO@
d46855caedd5cb101795707f6f467fa363ef1448Evan Huntcom.iplanet.am.server.host=@AM_SERVICES_HOST@
d46855caedd5cb101795707f6f467fa363ef1448Evan Huntcom.iplanet.am.server.port=@AM_SERVICES_PORT@
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt# POLICY CLIENT PROPERTIES
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt# - com.sun.identity.agents.notification.enabled: A flag that specifies
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt# if notifications are enabled or disabled for remote policy client.
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt# - com.sun.identity.agents.polling.interval: The duration in minutes
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt# after which the cached entries are refreshed by remote policy client.
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt# - com.sun.identity.policy.client.cacheMode: The mode of caching to be
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt# used by remote policy client. Valid value is one of: subtree, self.
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt# Cache mode subtree is recommended for a small number of policy rules
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt# In all other cases, cacheMode self is recommended.
2548678376b5171567c902ef2d1768d2fc57f233Evan Hunt# - com.sun.identity.policy.client.booleanActionValues : boolean action
2548678376b5171567c902ef2d1768d2fc57f233Evan Hunt# values for policy action names.
2548678376b5171567c902ef2d1768d2fc57f233Evan Hunt# format : serviceName|actionName|trueValue|falseValue
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt# - com.sun.identity.policy.client.resourceComparators: Resource Comparators
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt# to be used for different service names.
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt# - com.sun.identity.policy.client.clockSkew: Specifies time in seconds
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt# which is allowed to accommodate the time difference between the
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt# OpenAM server machine and the remote policy client machine.
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt# Note: the Notification URL for remote policy client is set by the
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt# property com.sun.identity.client.notification.url.
180319f572fb6c1ca7000d22ea79a8dd77ae3f91Evan Hunt# Hot-Swap Enabled: No
7c73ac5e130db18837724ab53d46b23ddb98ce6eMark Andrewscom.sun.identity.policy.client.booleanActionValues=iPlanetAMWebAgentService|GET|allow|deny:iPlanetAMWebAgentService|POST|allow|deny
9ba4efa4ac6d2d687cf1377bc9733d08d84da64cMark Andrewscom.sun.identity.policy.client.resourceComparators=serviceType=iPlanetAMWebAgentService|class=com.sun.identity.policy.plugins.HttpURLResourceName|wildcard=*|delimiter=/|caseSensitive=false
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Hunt# URL POLICY ENVIRONMENT VARIABLE PROPERTIES
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Hunt# - com.sun.identity.agents.config.policy.env.get.param: A list of HTTP GET
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Hunt# request parameters whose names and values will be set in the environment
c3bb8bb228bc8a914abc77a411faace9861632eaMark Andrews# map for URL policy evaluation at AM server. The key in the map is in the
11649973111d83027faf08ed4fb36a2b3c29c875Mark Andrews# format of GET.<parameter-name>, the map value is a set of string values
74745c760c8ac4462aceb2fa6e55bc545621c66dEvan Hunt# of the parameter.
74745c760c8ac4462aceb2fa6e55bc545621c66dEvan Hunt# - com.sun.identity.agents.config.policy.env.post.param: A list of HTTP POST
74745c760c8ac4462aceb2fa6e55bc545621c66dEvan Hunt# request parameters whose names and values will be set in the environment
905ba39e10a8f483d167b992ec31f4c0bf34326eMark Andrews# map for URL policy evaluation at AM server. The key in the map is in the
905ba39e10a8f483d167b992ec31f4c0bf34326eMark Andrews# format of POST.<parameter-name>, the map value is a set of string values
087b3e8d90c482600c20f1bd6958697419c4e77dEvan Hunt# of the parameter.
087b3e8d90c482600c20f1bd6958697419c4e77dEvan Hunt# - com.sun.identity.agents.config.policy.env.jsession.param: A list of
24aaa0440116357eef3ab3796ebe53318b03b1ecEvan Hunt# HTTP SESSION attributes whose names and values will be set in the
24aaa0440116357eef3ab3796ebe53318b03b1ecEvan Hunt# environment map for URL policy evaluation at AM server. The key in the
24aaa0440116357eef3ab3796ebe53318b03b1ecEvan Hunt# map is in the format of JSESSION.<parameter-name>, the map value is a
a0707b6acf359b78e06fd06228ebeec5758e7e1dJeremy C. Reed# set that contains the string value of the parameter.
a0707b6acf359b78e06fd06228ebeec5758e7e1dJeremy C. Reed# Hot-Swap Enabled: Yes
251be6e99493754700f868e0021c48b82d1c670cMark Andrews# com.sun.identity.agents.config.policy.env.get.param[0]=name
d4859b0b2a0510d8c4f3c48c606a5568a3b0c1d8Mark Andrews# com.sun.identity.agents.config.policy.env.get.param[1]=phonenumber
53f91cbd80dc353ecb7e8914dae84a6cd85c67c6Mark Andrews# com.sun.identity.agents.config.policy.env.jsession.param[0]=cardnumber
53f91cbd80dc353ecb7e8914dae84a6cd85c67c6Mark Andrews# Assuming HTTP GET request parameters "name" and "phonenumber" have their
eeb13c7cd2ddde29b8605b9444451ea6e235e06aEvan Hunt# values as "bob" and "1-800-123-4567" respectively. There is a HTTP Session
eeb13c7cd2ddde29b8605b9444451ea6e235e06aEvan Hunt# attribute "cardnumber" with its value as "12345678".
48f97c23b7d59c925fc3f4280972e50b8ef67c35Mark Andrews# In the map, the following will be set:
eeb13c7cd2ddde29b8605b9444451ea6e235e06aEvan Hunt# GET.phonenumber => [1-800-123-4567]
3d66a979b531b8549b412d9b592a6906fbb40143Mark Andrewscom.sun.identity.agents.config.policy.env.get.param[0]=
e0421bf2c57e3bb8cee8fa33470bfcf450305867Evan Huntcom.sun.identity.agents.config.policy.env.post.param[0]=
3d66a979b531b8549b412d9b592a6906fbb40143Mark Andrewscom.sun.identity.agents.config.policy.env.jsession.param[0]=
fea81a5e0e9485b24262b6a7271a4643a4d2bad4Tinderbox User# AGENT NOTIFICATION URL PROPERTY
d90344224afc80459778e4c3412fd1f9463e24d4Mark Andrews# -com.sun.identity.client.notification.url: URL for agent to receive
d90344224afc80459778e4c3412fd1f9463e24d4Mark Andrews# notifications from the OpenAM server for session, policy, and
f5695ad0e1a6cc8e19bfec7b71476e138de6cb6cMark Andrews# configuration changes.
f5695ad0e1a6cc8e19bfec7b71476e138de6cb6cMark Andrews# Hot-Swap Enabled: No
f5695ad0e1a6cc8e19bfec7b71476e138de6cb6cMark Andrewscom.sun.identity.client.notification.url=@AGENT_PREF_PROTO@://@AGENT_HOST@:@AGENT_PREF_PORT@@AGENT_APP_URI@/notification
58f1ac8dadf2c1f215343a0b2d1df2df954c4b19Mark Andrews# DEBUG SERVICE PROPERTY
58f1ac8dadf2c1f215343a0b2d1df2df954c4b19Mark Andrews# - com.iplanet.services.debug.level: Specifies the debug level to be used.
5244e505adc08719e1387392c6eb85c453729256Mark Andrews# The value is one of: off, error, warning, message.
5244e505adc08719e1387392c6eb85c453729256Mark Andrews# Hot-Swap Enabled: Yes
493f3eb297ea90ad2eb349591f1cb88194dce46dMark Andrews# IGNORE REQUEST URL PATH INFO
c5734964e6400f9e6d8c3f057fcccab596929deaMark Andrews# The path info will be stripped from the request URL while doing Not Enforced
c5734964e6400f9e6d8c3f057fcccab596929deaMark Andrews# List check and url policy evaluation if the value is set to true.
eaa2277753c6e7e642e83b2ccd27671a15336310Evan Hunt# Hot-Swap Enabled: Yes
eaa2277753c6e7e642e83b2ccd27671a15336310Evan Huntcom.sun.identity.agents.config.ignore.path.info = false
a338c2d94781f676283f1b110f7802c71e2015bdMukund Sivaraman# WEBAUTHENTICATION AVAILABLE PROPERTY
fffcc1b13582447c9f94e498f4aaf43329c531d2Evan Hunt# This property need to be set to true when the Agent is installed on JBoss-4.2.x.GA
3e90f6c373d2e6c9c9909b112468975c4c86544eMark Andrews# and it should be set to false when the Agent is installed on JBoss-4.0.5.GA