OpenSSOAgentConfiguration.template revision 504576c0cd21165cc879543ca89164d214acf996
0N/A#
1N/A# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
1N/A#
1N/A# Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
1N/A#
1N/A# The contents of this file are subject to the terms
1N/A# of the Common Development and Distribution License
1N/A# (the License). You may not use this file except in
1N/A# compliance with the License.
1N/A#
1N/A# You can obtain a copy of the License at
1N/A# https://opensso.dev.java.net/public/CDDLv1.0.html or
1N/A# opensso/legal/CDDLv1.0.txt
1N/A# See the License for the specific language governing
1N/A# permission and limitations under the License.
1N/A#
1N/A# When distributing Covered Code, include this CDDL
1N/A# Header Notice in each file and include the License file
1N/A# at opensso/legal/CDDLv1.0.txt.
1N/A# If applicable, add the following below the CDDL Header,
1N/A# with the fields enclosed by brackets [] replaced by
221N/A# your own identifying information:
1N/A# "Portions Copyrighted [year] [name of copyright owner]"
1N/A#
22N/A# $Id: OpenSSOAgentConfiguration.template,v 1.3 2009/10/15 23:34:10 leiming Exp $
22N/A#
0N/A# Portions Copyrighted 2013 ForgeRock Inc.
0N/A
221N/A#------------------------------------------------------------------------------
14N/A# Configuration Property File
14N/A#
221N/A# OpenAM Policy Agent for:
14N/A# Jboss server 7.x
14N/A#
221N/A# Version: 3.0
14N/A
14N/A#------------------------------------------------------------------------------
22N/A#
22N/A# THIS FILE PROVIDES THE CONFIGURATION SETTINGS NECESSARY FOR THE AGENT
22N/A# TO FUNCTION CORRECTLY. PLEASE REFER TO THE DOCUMENTATION BEFORE
22N/A# MODIFYING ANY OF THE VALUES IN THIS FILE.
22N/A#
22N/A# Note:
14N/A# Data present in this file provides the necessary configuration
0N/A# settings needed by Agent to work correctly. Invalid configuration
116N/A# data present in this file can lead to malfunction of the Agent, the
204N/A# application, and the Application Server.
0N/A#
0N/A# INVALID CONFIGURATION SETTINGS MAY RESULT IN MALFUNCTION OF THE ENTIRE
0N/A# SYSTEM.
192N/A#------------------------------------------------------------------------------
0N/A
0N/A#------------------------------------------------------------------------------
285N/A# General Notes about the Agent Configuration
0N/A# -------------------------------------------
26N/A#
50N/A# HOT-SWAP MECHANISM:
119N/A# Certain property keys in this configuration are hot-swap enabled.
235N/A# The value for these keys when altered are dynamically loaded by the
26N/A# Agent such that it is not necessary to restart the Application
0N/A# Server in order for these changes to take effect. However, in cases
192N/A# where the key is explicitly identified as not enabled for hot-swap
0N/A# or in cases when the hot-swap mechanism is disabled on the system,
0N/A# the Application Server must be restarted for the changes to take
0N/A# effect. Please refer to the Agent documentation to further learn
0N/A# about hot-swap configuration of the Agent.
215N/A#
235N/A# LIST CONSTRUCTS:
235N/A# Certain property keys in this configuration are specified as lists.
162N/A# A list construct is defined as follows:
242N/A#
221N/A# Format:
165N/A# <key>[<index>]=<value>
204N/A#
221N/A# Where:
235N/A# key : is the configuration key
104N/A# index : is a positive number starting from 0 that increments by 1
285N/A# for every value specified in this list.
235N/A# value : is one of the values specified in this list.
26N/A#
0N/A# Notes:
22N/A# - Please refer the Agent documentation for full details on usage.
0N/A#
0N/A# Example:
0N/A# com.sun.identity.agents.config.example[0] = value0
22N/A# com.sun.identity.agents.config.example[1] = value1
116N/A# com.sun.identity.agents.config.example[2] = value2
0N/A#
0N/A# MAP CONSTRUCTS:
104N/A# Certain property keys in this configuration are specified as Maps.
104N/A# A Map construct is defined as follows:
104N/A#
104N/A# Format:
104N/A# <key>[<name>]=<value>
104N/A#
219N/A# Where:
221N/A# key : is the configuration key
219N/A# name : is a string that forms the lookup key as available in the
221N/A# Map
219N/A# value : is the value associated with the name in the Map
221N/A#
221N/A# Notes:
219N/A# - Please refer the Agent documentation for full details on usage.
219N/A#
219N/A# Example:
219N/A# com.sun.identity.agents.config.example[AL] = ALABAMA
221N/A# com.sun.identity.agents.config.example[AK] = ALASKA
221N/A# com.sun.identity.agents.config.example[AZ] = ARIZONA
219N/A#
219N/A# APPLICATION SPECIFIC/GLOBAL CONFIGURATION:
219N/A# Certain property keys in this configuration can be specified per
219N/A# protected application. This implies that the Agent will use
219N/A# different values of the same configuration key for different
219N/A# applications as defined in this configuration file. Properties
219N/A# which are not specified per protected applications are called Global
219N/A# properties. Application specific properties are defined as follows:
219N/A#
219N/A# Format:
235N/A# <key>[<appname>]=<value>
219N/A#
219N/A# Where:
219N/A# key : is the configuration key
219N/A# appname : is the Application name to which this configuration
219N/A# belongs. The application name is the context path of
219N/A# the application without the leading forward slash
219N/A# character. In case when the application has been
219N/A# deployed at the root-context of the server, the
221N/A# application name should be specified as
221N/A# 'DefaultWebApp'.
221N/A# value : the value that will be used by the Agent when
221N/A# protecting the application identified by the given
221N/A# application name.
219N/A#
219N/A# Notes:
219N/A# - When an application specific configuration is not present, the
219N/A# Agent uses different mechanisms to identify a default value. There
219N/A# could be configurations where the default value is used as the
219N/A# value specified for the same key without any application specific
219N/A# suffix '[<appname>]'. For example, if the following configuration
219N/A# keys are present:
219N/A#
219N/A# com.sun.identity.agents.config.example[Portal] = value1
219N/A# com.sun.identity.agents.config.example[DefaultWebApp] = value2
219N/A# com.sun.identity.agents.config.example = value3
219N/A#
219N/A# then, for applications other than the ones deployed on the root
221N/A# context and the context '/Portal', the value of this key will
219N/A# default to 'value3'.
219N/A#
219N/A# - Application Specific configuration properties must follow the
219N/A# rules and syntax of the MAP construct of configuration entries as
219N/A# defined above.
219N/A#
219N/A# Example:
219N/A# com.sun.identity.agents.config.example[Portal] = value1
219N/A# com.sun.identity.agents.config.example[BankApp] = value2
219N/A# com.sun.identity.agents.config.example[DefaultWebApp] = value3
219N/A#------------------------------------------------------------------------------
221N/A
32N/A#
235N/A# FILTER OPERATION MODE
235N/A# Specifies the mode of operation of the Filter. Valid value is one of:
235N/A# NONE, SSO_ONLY, URL_POLICY, J2EE_POLICY, ALL. This property can also be
235N/A# specified as an application specific property. However, the global
235N/A# property must always be present.
236N/A# WARNING:
251N/A# WHEN THIS PROPERTY IS SET TO 'NONE', THE AGENT WILL GRANT ACCESS TO
236N/A# ALL PROTECTED RESOURCES. THIS MODE OF OPERATION SHOULD NOT BE USED
235N/A# IN DEPLOYED PRODUCTION SYSTEMS AT ANY TIME AS IT CAN RESULT IN
235N/A# UNAUTHORIZED ACCESS TO PROTECTED SYSTEM RESOURCES. THIS MODE OF
222N/A# OPERATION IS PROVIDED ONLY TO FACILITATE TROUBLESHOOTING OF THE
235N/A# APPLICATION IN A WELL CONTROLLED DEVELOPMENT AND TEST ENVIRONMENT
235N/A# AND SHOULD NOT BE USED IN ANY OTHER ENVIRONMENT.
235N/A# Hot-Swap Enabled: No
235N/A# Example:
235N/A# com.sun.identity.agents.config.filter.mode = ALL
235N/A# com.sun.identity.agents.config.filter.mode[BankApp] = URL_POLICY
222N/A#
227N/Acom.sun.identity.agents.config.filter.mode = ALL
235N/A
235N/A#
227N/A# USER MAPPING PROPERTIES
227N/A# - user.mapping.mode: Specifies the mechanism by which the user-ID
227N/A# to be used on the protected server for the authenticated user is
227N/A# determined by the Agent. Value of this is one of: USER_ID,
235N/A# PROFILE_ATTRIBUTE, HTTP_HEADER, SESSION_PROPERTY.
235N/A# - user.attribute.name: Specifies the name of the profile attribute,
235N/A# or HTTP header, or Session property which contains the user-ID to
235N/A# be used on the protected server for the authenticated user. This
235N/A# property is not used if the value of user.mapping.mode is set to
235N/A# USER_ID.
235N/A# - user.principal: A flag that indicates that the principal of the
235N/A# authenticated user be used instead of just the user-ID for
235N/A# authenticating the user on the protected server. This property is
235N/A# applicable if the user.mapping.mode is set to USER_ID.
222N/A# - user.token: Specifies a session property name which contains the
266N/A# user-ID of the authenticated user in session. This property is used
266N/A# when the user.mapping.mode is set to USER_ID and the user.principal
227N/A# flag is set to false.
235N/A# Hot-Swap Enabled: Yes
227N/A# Examples:
227N/A# com.sun.identity.agents.config.user.mapping.mode = PROFILE_ATTRIBUTE
227N/A# com.sun.identity.agents.config.user.attribute.name = employeenumber
227N/A#
227N/Acom.sun.identity.agents.config.user.mapping.mode = USER_ID
235N/Acom.sun.identity.agents.config.user.attribute.name = employeenumber
227N/Acom.sun.identity.agents.config.user.principal = false
227N/Acom.sun.identity.agents.config.user.token = UserToken
227N/A
227N/A#
227N/A# CLIENT IDENTIFICATION PROPERTIES
222N/A# - client.ip.header: Specifies a HTTP header name that holds the IP
227N/A# address of the client. May be left blank if not used.
222N/A# - client.hostname.header: Specifies a HTTP header name that holds the
235N/A# Hostname of the client. May be left blank if not used.
235N/A# Hot-Swap Enabled: Yes
227N/A# Example:
227N/A# com.sun.identity.agents.config.client.ip.header = X-Proxy-Client-IP
235N/A# com.sun.identity.agents.config.client.hostname.header = X-Proxy-Client-Host
235N/A#
235N/Acom.sun.identity.agents.config.client.ip.header =
235N/Acom.sun.identity.agents.config.client.hostname.header =
235N/A
235N/A#
227N/A# CONFIGURATION RELOAD INTERVAL
235N/A# Specifies the interval in seconds between configuration reloads. When
235N/A# set to 0, the hot-swap mechanism will be disabled.
235N/A# Hot-Swap Enabled: Yes
235N/A#
235N/Acom.sun.identity.agents.config.load.interval = 3600
235N/A
227N/A#
235N/A# LOCALE IDENTIFICATION PROPERTIES
235N/A# - locale.language: Specifies the language code for identifying the Locale
235N/A# of operation.
235N/A# - locale.country: Specifies the country code for identifying the Locale of
235N/A# operation.
227N/A# Hot-Swap Enabled: No
235N/A#
235N/Acom.sun.identity.agents.config.locale.language = en
235N/Acom.sun.identity.agents.config.locale.country = US
235N/A
222N/A#
227N/A# AUDIT LOG PROPERTIES
222N/A# - audit.accesstype: Specifies the access type which will be logged by the
235N/A# Agent. Valid value is one of: LOG_NONE, LOG_ALLOW, LOG_DENY, LOG_BOTH.
227N/A# - log.disposition: Specifies the audit log mode that the Agent will use
227N/A# when writing audit log messages. Valid value is one of: LOCAL, REMOTE,
227N/A# ALL.
222N/A# - remote.logfile: Specifies the file name to be used on the remote server
222N/A# if the log.disposition is set to REMOTE or ALL.
172N/A# - local.log.rotate: A flag that indicates if the rotation of audit log
172N/A# local file is enabled or disabled.
172N/A# - local.log.size: The size in bytes of the local audit log file, beyond
172N/A# which the Agent should rotate the log file.
172N/A# Hot-Swap Enabled: Yes
172N/A#
172N/Acom.sun.identity.agents.config.audit.accesstype = LOG_NONE
172N/Acom.sun.identity.agents.config.log.disposition = REMOTE
235N/Acom.sun.identity.agents.config.remote.logfile = @AUDIT_LOG_FILENAME@
172N/Acom.sun.identity.agents.config.local.log.rotate = false
242N/Acom.sun.identity.agents.config.local.log.size = 52428800
172N/A
172N/A#
172N/A# WEB SERVICE PROCESSING PROPERTIES
172N/A# - webservice.enable: A flag that specifies if Web Service processing is
172N/A# enabled or disabled.
172N/A# - webservice.endpoint: A list of Web Application end points that represent
235N/A# Web Services.
235N/A# - webservice.process.get.enable: A flag that indicates if the processing
235N/A# of HTTP GET requests for Web Service endpoints is enabled or disabled.
172N/A# - webservice.authenticator: An implementation class that can be used to
235N/A# authenticate web-service requests.
235N/A# - webservice.internalerror.content: The name of file that contains content
235N/A# used by the Agent to generate an internal error fault for clients.
172N/A# - webservice.autherror.content: The name of file that contains content
172N/A# used by the Agent to generate an authorization error fault for clients.
172N/A# Hot-Swap Enabled: Yes
235N/A#
172N/Acom.sun.identity.agents.config.webservice.enable = false
172N/Acom.sun.identity.agents.config.webservice.endpoint[0] =
221N/Acom.sun.identity.agents.config.webservice.process.get.enable = true
251N/Acom.sun.identity.agents.config.webservice.authenticator =
251N/Acom.sun.identity.agents.config.webservice.internalerror.content = WSInternalErrorContent.txt
251N/Acom.sun.identity.agents.config.webservice.autherror.content = WSAuthErrorContent.txt
251N/A
251N/A#
172N/A# ACCESS DENIED URI
104N/A# An application specific (MAP) property that specifies the URI used by
50N/A# the Agent to block unauthorized access requests. May be left unspecified
104N/A# if not available. A global value can also be specified.
32N/A# Example:
104N/A# com.sun.identity.agents.config.access.denied.uri[BankApp] = /BankApp/accessdenied.html
104N/A# com.sun.identity.agents.config.access.denied.uri = /accessdenied.html
235N/A# Hot-Swap Enabled: Yes
32N/A#
242N/Acom.sun.identity.agents.config.access.denied.uri[] =
111N/A
32N/A#
242N/A# FORM LOGIN PROCESSING PROPERTIES
63N/A# - login.form: A LIST property used by the Agent to identify login
63N/A# request and take appropriate action. Each entry should be the
63N/A# absolute URI of the resource specified in the web.xml deployment
119N/A# descriptor of the protected application in the element
235N/A# form-login-page.
111N/A# - login.error.uri: A LIST property used by the Agent to identify
111N/A# error page request and take appropriate action. Each entry should
235N/A# be the absolute URI of the resource specified in the web.xml
235N/A# deployment descriptor of the protected application in the element
32N/A# form-error-page.
235N/A# - login.use.internal: A flag that specifies if the Agent should use
36N/A# internal content for handling form login requests.
235N/A# - login.content.file: Specifies the name or complete path of the file
50N/A# that will be used by the Agent for handling form login requests if
172N/A# the login.use.internal flag is set to true.
172N/A# Hot-Swap Enabled: Yes
39N/A# Examples:
172N/A# com.sun.identity.agents.config.login.form[0] = /BankApp/jsp/login.jsp
235N/A# com.sun.identity.agents.config.login.error.uri[0] = /BankApp/jsp/error.jsp
235N/A#
172N/Acom.sun.identity.agents.config.login.form[0] =
219N/Acom.sun.identity.agents.config.login.error.uri[0] =
251N/Acom.sun.identity.agents.config.login.use.internal = true
271N/Acom.sun.identity.agents.config.login.content.file = FormLoginContent.txt
271N/A
271N/A#
251N/A# LOCAL AUTHENTICATION PROCESSING PROPERTIES
251N/A# - auth.handler: A MAP property that specifies application
271N/A# specific Authentication Handler to be used by the the
271N/A# Agent in order to authenticate the logged on user with the
251N/A# Application server for the particular application.
0N/A# - logout.handler: A MAP property that specifies the application
104N/A# specific Logout Handler to be used by the Agent in order to logout
14N/A# the logged on user within the Application server for the
66N/A# particular application.
235N/A# - verification.handler: A MAP property that specifies the application
66N/A# specific local verification handler used by the agent to validate
235N/A# the user credentials with the local repository.
66N/A# Hot-Swap Enabled: Yes
66N/A# Example:
66N/A# com.sun.identity.agents.config.auth.handler[BankApp] = BankAuthHandler
67N/A# com.sun.identity.agents.config.logout.handler[BankApp] = BankLogoutHandler
67N/A# com.sun.identity.agents.config.verification.handler[BankApp] = BankVerificationHandler
66N/A#
66N/Acom.sun.identity.agents.config.auth.handler[] =
235N/Acom.sun.identity.agents.config.logout.handler[] =
235N/Acom.sun.identity.agents.config.verification.handler[] =
66N/A
235N/A#
66N/A# HTTP SESSION BINDING
235N/A# Its default value is false so the agent will not invalidate http session,
235N/A# and session data will be maintained.
235N/A# If its value is true, then the agent will invalidate the http session when
66N/A# the agent identifies that login has failed, user does not have SSO session
219N/A# or pincipal user name does not match SSO user name.
219N/A# Hot-Swap Enabled: Yes
66N/Acom.sun.identity.agents.config.httpsession.binding = false
66N/A
66N/A#
66N/A# GOTO PARAMETER NAME
66N/A# This property has been deprecated.
161N/A# Specifies the goto Parameter name to be used by the Agent when
66N/A# redirecting the user to the appropriate authentication service. The
192N/A# value of this parameter is used by the authentication service to
192N/A# redirect the user to the original requested destination.
66N/A# Valid Values:
66N/A# A string value that represents the goto parameter name.
66N/A# Hot-Swap Enabled: Yes
221N/A#
66N/Acom.sun.identity.agents.config.redirect.param = goto
66N/A
192N/A#
192N/A# LOGIN URL
221N/A# Specifies the login URLs to be used by the Agent to redirect
66N/A# incoming users without sufficient credentials to the OpenAM
66N/A# authentication service.
66N/A# Hot-Swap Enabled: Yes
66N/A#
192N/Acom.sun.identity.agents.config.login.url[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/UI/Login
192N/A
66N/A#
66N/A# LOGOUT URL
221N/A# Specifies the logout URLs to be used by the Agent to log out
66N/A# the authenticated users from the OpenAM authentication service.
66N/A# Hot-Swap Enabled: Yes
116N/A#
66N/Acom.sun.identity.agents.config.logout.url[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/UI/Logout
66N/A
66N/A#
66N/A# LOGIN URL, LOGOUT URL, or CDSSO URLs PROPERTIES
66N/A# - login.url.prioritized: specifies if the failover sequence for Login URLs
116N/A# or CDSSO URLs should be prioritized as defined in the list with the lowest
66N/A# index having the highest priority.
66N/A# - login.url.probe.enabled: specifies if agent will check the availability
66N/A# of these urls before redirecting to them.
66N/A# Default value is true for backward compability, but suggests to set it
0N/A# to false (server will not be checked) in production deployment where agent
219N/A# often can not access login url directly.
219N/A# - login.url.probe.timeout: this is the connect timeout value in milliseconds
104N/A# when login.url.probe.enabled is set to true (or server will be checked).
14N/A# - logout.url.prioritized: specifies if the failover sequence for Logout
116N/A# URLs should be prioritized as defined in the list with the lowest
219N/A# index having the highest priority.
0N/A# - logout.url.probe.enabled: specifies if agent will check the availability
104N/A# of these urls before redirecting to them.
30N/A# Default value is true for backward compability, but suggests to set it
30N/A# to false (server will not be checked) in production deployment where agent
219N/A# often can not access logout url directly.
30N/A# - logout.url.probe.timeout: this is the connect timeout value in milliseconds
104N/A# when logout.url.probe.enabled is set to true (or server will be checked).
60N/A# Hot-Swap Enabled: Yes
60N/A#
204N/Acom.sun.identity.agents.config.login.url.prioritized = true
204N/Acom.sun.identity.agents.config.login.url.probe.enabled = true
204N/Acom.sun.identity.agents.config.login.url.probe.timeout = 2000
204N/Acom.sun.identity.agents.config.logout.url.prioritized = true
204N/Acom.sun.identity.agents.config.logout.url.probe.enabled = true
204N/Acom.sun.identity.agents.config.logout.url.probe.timeout = 2000
204N/A
222N/A#
204N/A# AGENT SERVER PROPERTIES
204N/A# - agent.host: The host name identifying the Agent protected server to
204N/A# the client browsers if different from the actual host name. May be
204N/A# left blank if not used.
204N/A# - agent.port: The port number identifying the Agent protected server
204N/A# listening port to the client browsers if different from the actual
204N/A# listening port. May be left blank if not used.
204N/A# - agent.protocol: The protocol being used (http/https) by the client
204N/A# browsers to communicate with the Agent protected server if different
204N/A# from the actual protocol used by the server.
204N/A# Hot-Swap Enabled: Yes
204N/A#
204N/Acom.sun.identity.agents.config.agent.host =
204N/Acom.sun.identity.agents.config.agent.port =
204N/Acom.sun.identity.agents.config.agent.protocol =
204N/A
204N/A#
204N/A# LOGIN ATTEMPT LIMIT
204N/A# Specifies the number of login attempts that a user can make without
204N/A# success using a single browser session which will trigger the
204N/A# blocking of the user request. Setting this value to 0 disables this
204N/A# feature.
204N/A# Hot-Swap Enabled: Yes
204N/A#
204N/Acom.sun.identity.agents.config.login.attempt.limit = 0
204N/A
204N/A# SSO Cache Enable Flag:
204N/A# This property specifies if the SSO Cache is active for the agent. This cache
204N/A# is used through public APIs exposed by the agent SDK.
204N/A# Valid Values: true, false
204N/A# Hot-Swap Enabled: Yes
204N/Acom.sun.identity.agents.config.amsso.cache.enable = true
204N/A
204N/A#
204N/A# COOKIE RESET PROCESSING PROPERTIES
204N/A# - cookie.reset.enable: A flag that specifies if cookie reset processing
204N/A# is enabled or disabled.
204N/A# - cookie.reset.name: A list of cookie names that will be reset by the
204N/A# Agent if cookie reset processing is enabled.
204N/A# - cookie.reset.domain: A MAP property with the key being the cookie name
60N/A# specified in cookie.reset.name property and the value being the domain
162N/A# of this cookie to be used when a reset event occurs.
162N/A# - cookie.reset.path: A MAP property with the key being the cookie name
172N/A# specified in cookie.reset.name property and the value being the path
162N/A# of this cookie to be used when a reset event occurs.
162N/A# Hot-Swap Enabled: Yes
162N/A#
195N/Acom.sun.identity.agents.config.cookie.reset.enable = false
195N/Acom.sun.identity.agents.config.cookie.reset.name[0] =
195N/Acom.sun.identity.agents.config.cookie.reset.domain[] =
195N/Acom.sun.identity.agents.config.cookie.reset.path[] =
227N/A
162N/A#
242N/A# CDSSO PROCESSING PROPERTIES
162N/A# - cdsso.enable: A flag that specifies if CDSSO processing is
227N/A# enabled or disabled.
227N/A# - cdsso.redirect.uri: An intermediate URI that is used by the
227N/A# Agent for processing CDSSO requests.
162N/A# - cdsso.cdcservlet.url: A LIST of URLs of the available CDSSO controllers
162N/A# that may be used by the Agent for CDSSO processing.
235N/A# - cdsso.clock.skew: Specifies a time in seconds to be used by the
162N/A# Agent to determine the validity of the CDSSO AuthnResponse assertion.
221N/A# - cdsso.trusted.id.providers: This property specifies the OpenAM
221N/A# Server/ID providers that should be trusted by the agent, when evaluating
221N/A# the CDC Liberty Responses. Used when a Load Balancer/Firewall is between
221N/A# the agent & server.
221N/A# - cdsso.secure.enable: A flag that specifies if the SSO Token cookie
221N/A# set by the agent in the different domains in CDSSO mode will be marked
221N/A# secure. When the property is set to true the SSO Token cookie will only
221N/A# be transmitted if the communications channel with the host is a secure one.
221N/A# - cdsso.domain: This property specifies the domains for which cookies have
162N/A# to be set in a CDSSO scenario. If this property is left blank then the
221N/A# fully qualified cookie domain for the agent server will be used for
162N/A# setting the cookie domain. In such case it is a host cookie instead of
162N/A# a domain cookie.
219N/A# Example:
162N/A# com.sun.identity.agents.config.cdsso.domain[0] = .sun.com
177N/A# Hot-Swap Enabled: Yes
162N/A#
162N/Acom.sun.identity.agents.config.cdsso.enable = false
162N/Acom.sun.identity.agents.config.cdsso.redirect.uri = @AGENT_APP_URI@/sunwCDSSORedirectURI
162N/Acom.sun.identity.agents.config.cdsso.cdcservlet.url[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/cdcservlet
242N/Acom.sun.identity.agents.config.cdsso.clock.skew = 0
162N/Acom.sun.identity.agents.config.cdsso.trusted.id.provider[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/cdcservlet
219N/Acom.sun.identity.agents.config.cdsso.secure.enable = false
219N/A#com.sun.identity.agents.config.cdsso.domain[0] =
242N/A
227N/A#
227N/A# LOGOUT PROCESSING PROPERTIES
227N/A# - logout.application.handler: An application specific (MAP) property
227N/A# that identifies a handler to be used for logout processing.
162N/A# - logout.uri: An application specific (MAP) property that identifies
205N/A# a request URI which indicates a logout event.
162N/A# - logout.request.param: An application specific (MAP) property that
162N/A# identifies a parameter which when present in the HTTP request
162N/A# indicates a logout event.
162N/A# - logout.introspect.enabled: A flag that when set allows the Agent
162N/A# to search HTTP request body to locate logout parameter.
162N/A# - logout.entry.uri: An application specific (MAP) property that identifies
162N/A# a URI to be used as an entry point after successful logout and
162N/A# subsequent successful authentication if applicable.
162N/A# Hot-Swap Enabled: Yes
177N/A#
177N/Acom.sun.identity.agents.config.logout.application.handler[] =
177N/Acom.sun.identity.agents.config.logout.uri[] =
162N/Acom.sun.identity.agents.config.logout.request.param[] =
162N/Acom.sun.identity.agents.config.logout.introspect.enabled = false
221N/Acom.sun.identity.agents.config.logout.entry.uri[] =
221N/A
221N/A#
221N/A# FQDN PROCESSING PROPERTIES
221N/A# - fqdn.check.enable: A flag that indicates if FQDN checking is enabled
221N/A# or not.
162N/A# - fqdn.default: A hostname that represents the default FQDN to be
195N/A# used by the Agent when necessary.
195N/A# - fqdn.mapping: A MAP property that specifies a mapping from an invalid
195N/A# FQDN entry specified as the key to a valid FQDN entry specified as
221N/A# its value.
162N/A# Hot-Swap Enabled: Yes
221N/A# Examples of fqdn.mapping:
162N/A# com.sun.identity.agents.config.fqdn.mapping[myserver]=myserver.mydomain.com
162N/A#
162N/Acom.sun.identity.agents.config.fqdn.check.enable = true
162N/Acom.sun.identity.agents.config.fqdn.default = @AGENT_HOST@
221N/Acom.sun.identity.agents.config.fqdn.mapping[] =
221N/A
221N/A#
162N/A# LEGACY USER AGENT PROCESSING PROPERTIES
162N/A# These three properties have been deprecated:
162N/A# - legacy.support.enable: A flag that specifies if legacy user agent
162N/A# support is enabled or disabled.
162N/A# - legacy.user.agent: A LIST of user agent header values that identify
162N/A# legacy browsers. Entries in this list can have wild card character '*'.
235N/A# - legacy.redirect.uri: An intermediate URI used by the Agent to
162N/A# redirect legacy user agent requests.
221N/A# Hot-Swap Enabled: Yes
221N/A#
221N/Acom.sun.identity.agents.config.legacy.support.enable = false
221N/Acom.sun.identity.agents.config.legacy.user.agent[0] = Mozilla/4.7*
221N/Acom.sun.identity.agents.config.legacy.redirect.uri = @AGENT_APP_URI@/sunwLegacySupportURI
221N/A
221N/A#
221N/A# CUSTOM RESPONSE HEADERS
221N/A# A MAP property that specifies the custom headers that are set by
243N/A# the Agent on the client browser. The key is the header name and the
162N/A# value represents the header value.
221N/A# Hot-Swap Enabled: Yes
221N/A# Example:
221N/A# com.sun.identity.agents.config.response.header[Cache-Control] = no-cache
221N/A#
221N/Acom.sun.identity.agents.config.response.header[] =
162N/A
162N/A#
162N/A# REDIRECT ATTEMPT LIMIT
162N/A# Specifies the number of successive single point redirects that a
162N/A# user can make using a single browser session which will trigger the
162N/A# blocking of the user request. When set to 0 this feature is disabled.
162N/A# Hot-Swap Enabled: Yes
162N/A#
162N/Acom.sun.identity.agents.config.redirect.attempt.limit = 0
162N/A
162N/A#
162N/A# PORT CHECK PROCESSING PROPERTIES
162N/A# - port.check.enable: A flag that indicates if port check functionality
162N/A# is enabled or disabled.
162N/A# - port.check.file: Specifies the name or complete path of a file that
162N/A# has the necessary content needed to handle requests that need port
162N/A# correction.
219N/A# - port.check.setting: A MAP of port versus protocol entries with the
162N/A# key being the listening port number and value being the listening
177N/A# protocol to be used by the Agent to identify requests with invalid
162N/A# port numbers.
162N/A# Hot-Swap Enabled: Yes
162N/A# Example of port.check.setting:
162N/A# com.sun.identity.agents.config.port.check.setting[80] = http
162N/A# com.sun.identity.agents.config.port.check.setting[443] = https
162N/A#
221N/Acom.sun.identity.agents.config.port.check.enable = false
221N/Acom.sun.identity.agents.config.port.check.file = PortCheckContent.txt
221N/Acom.sun.identity.agents.config.port.check.setting[@AGENT_PREF_PORT@] = @AGENT_PREF_PROTO@
221N/A
162N/A#
162N/A# NOT-ENFORCED URI PROCESSING PROPERTIES
162N/A# - notenforced.uri: A LIST of URIs for which protection is not enforced
162N/A# by the Agent.
162N/A# - notenforced.uri.invert: A flag that specifies if the list of URIs
162N/A# specified by the property notenforced.uri should be inverted. When
162N/A# set to true, it indicates that the URIs specified should be enforced
162N/A# and all other URIs should be not enforced by the Agent. Entries in
162N/A# this list can have wild card character '*'.
162N/A# - notenforced.uri.cache.enable: A flag that specifies if the caching of
162N/A# of not-enforced URI list evaluation results is enabled or disabled.
162N/A# - notenforced.uri.cache.size: The size of the cache to be used if
162N/A# caching of not-enforced URI list evaluation results is enabled.
162N/A# - notenforced.refresh.session.idletime: A flag that specifies if the OpenAM
162N/A# session idle time is reset or not when accessing the not enforced URIs.
162N/A# Hot-Swap Enabled: Yes
162N/A# Example of notenforced.uri:
162N/A# com.sun.identity.agents.config.notenforced.uri[0]=*.gif
162N/A# com.sun.identity.agents.config.notenforced.uri[1]=/public/*
162N/A# com.sun.identity.agents.config.notenforced.uri[2]=/images/*
162N/A#
162N/Acom.sun.identity.agents.config.notenforced.uri[0] =
162N/Acom.sun.identity.agents.config.notenforced.uri.invert = false
162N/Acom.sun.identity.agents.config.notenforced.uri.cache.enable = true
162N/Acom.sun.identity.agents.config.notenforced.uri.cache.size = 1000
162N/Acom.sun.identity.agents.config.notenforced.refresh.session.idletime = false
162N/A
162N/A#
162N/A# NOT-ENFORCED CLIENT IP PROCESSING PROPERTIES
162N/A# - notenforced.ip: A LIST of client IP addresses for which protection is
162N/A# not enforced by the Agent.
162N/A# - notenforced.ip.invert: A flag that specifies if the list of client IP
162N/A# addresses specified by the property notenforced.ip should be inverted.
162N/A# When set to true, it indicates that the client IP addresses specified
162N/A# should be enforced and all other client IPs should be not enforced by
162N/A# the Agent. Entries in this list can have wild card character '*'.
162N/A# - notenforced.ip.cache.enable: A flag that specifies if the caching of
162N/A# of not-enforced IP list evaluation results is enabled or disabled.
162N/A# - notenforced.ip.cache.size: The size of the cache to be used if
162N/A# caching of not-enforced IP list evaluation results is enabled.
162N/A# Hot-Swap Enabled: Yes
162N/A# Example of notenforced.ip:
162N/A# com.sun.identity.agents.config.notenforced.ip[0]=192.18.145.*
162N/A# com.sun.identity.agents.config.notenforced.ip[1]=192.18.146.123
162N/A#
162N/Acom.sun.identity.agents.config.notenforced.ip[0] =
162N/Acom.sun.identity.agents.config.notenforced.ip.invert = false
162N/Acom.sun.identity.agents.config.notenforced.ip.cache.enable = true
162N/Acom.sun.identity.agents.config.notenforced.ip.cache.size = 1000
162N/A
162N/A#
162N/A# COMMON ATTRIBUTE FETCH PROCESSING PROPERTIES
162N/A# - attribute.cookie.separator: A character that will be used to separate
162N/A# multiple values of the same attribute when it is being set as a cookie.
162N/A# - attribute.cookie.encode: A flag that indicates if the value of the
162N/A# attribute should be URL encoded before being set as a cookie.
162N/A# - attribute.date.format: The format of date attribute values to be used
162N/A# when the attribute is being set as HTTP header. This format is based
162N/A# on the definition as provided in java.text.SimpleDateFormat.
162N/A# Hot-Swap Enabled: Yes
162N/A#
162N/Acom.sun.identity.agents.config.attribute.cookie.separator = |
221N/Acom.sun.identity.agents.config.attribute.date.format = EEE, d MMM yyyy hh:mm:ss z
221N/Acom.sun.identity.agents.config.attribute.cookie.encode = true
221N/A
221N/A#
221N/A# PROFILE ATTRIBUTE PROCESSING PROPERTIES
221N/A# - profile.attribute.fetch.mode: The mode of fetching profile attributes.
221N/A# This value is one of: NONE, HTTP_HEADER, REQUEST_ATTRIBUTE, HTTP_COOKIE
221N/A# - profile.attribute.mapping: A MAP that specifies the profile attributes to
221N/A# be populated under specific names for the currently authenticated user.
162N/A# The key is the profile attribute name and the value is the name under
162N/A# which that attribute will be made available.
162N/A# Hot-Swap Enabled: Yes
219N/A# Example of profile.attribute.mapping:
219N/A# com.sun.identity.agents.config.profile.attribute.mapping[cn]=CUSTOM-Common-Name
259N/A# com.sun.identity.agents.config.profile.attribute.mapping[mail]=CUSTOM-Email
259N/A#
259N/Acom.sun.identity.agents.config.profile.attribute.fetch.mode = NONE
259N/Acom.sun.identity.agents.config.profile.attribute.mapping[] =
259N/A
259N/A#
259N/A# SESSION ATTRIBUTE PROCESSING PROPERTIES
259N/A# - session.attribute.fetch.mode: The mode of fetching session attributes.
259N/A# This value is one of: NONE, HTTP_HEADER, REQUEST_ATTRIBUTE, HTTP_COOKIE
259N/A# - session.attribute.mapping: A MAP that specifies the session attributes to
259N/A# be populated under specific names for the currently authenticated user.
259N/A# The key is the session attribute name and the value is the name under
259N/A# which that attribute will be made available.
259N/A# Hot-Swap Enabled: Yes
259N/A# Example of session.attribute.mapping:
259N/A# com.sun.identity.agents.config.session.attribute.mapping[UserToken]=CUSTOM-userid
259N/A#
285N/Acom.sun.identity.agents.config.session.attribute.fetch.mode = NONE
259N/Acom.sun.identity.agents.config.session.attribute.mapping[] =
259N/A
259N/A#
259N/A# RESPONSE ATTRIBUTE PROCESSING PROPERTIES
259N/A# - response.attribute.fetch.mode: The mode of fetching policy response
259N/A# attributes. This value is one of: NONE, HTTP_HEADER, REQUEST_ATTRIBUTE,
259N/A# HTTP_COOKIE
259N/A# - response.attribute.mapping: A MAP that specifies the policy response
259N/A# attributes to be populated under specific names for the currently
259N/A# authenticated user. The key is the policy response attribute name and
259N/A# the value is the name under which that attribute will be made available.
259N/A# Hot-Swap Enabled: Yes
259N/A#
259N/Acom.sun.identity.agents.config.response.attribute.fetch.mode = NONE
259N/Acom.sun.identity.agents.config.response.attribute.mapping[] =
259N/A
259N/A#
259N/A# BYPASS PRINCIPAL LIST
259N/A# This property specifies a list of principals that is bypassed by the
259N/A# Agent for authentication and search purposes.
259N/A# Hot-Swap Enabled: Yes
259N/A# Example:
259N/A# com.sun.identity.agents.config.bypass.principal[0] = guest
259N/A# com.sun.identity.agents.config.bypass.principal[1] = testuser
259N/A#
259N/Acom.sun.identity.agents.config.bypass.principal[0] =
259N/A
259N/A#
259N/A# PRIVILEGED ATTRIBUTE PROCESSING PROPERTIES
259N/A# - default.privileged.attribute: A list of privileged attributes that will
259N/A# be granted to all users who have a valid OpenAM session.
259N/A# - privileged.attribute.type: A list of privileged attribute types that will
259N/A# be fetched for each user.
259N/A# - privileged.attribute.tolowercase : A MAP property that specifies if the
259N/A# privileged attribute types should be converted to lowercase.
172N/A# - privileged.session.attribute: A list of session property names which
116N/A# hold privileged attributes for the authenticated user.
116N/A# - privileged.attribute.mapping.enable: A flag to specify whether
116N/A# a mapping from an attibute's original value to another value is
116N/A# enabled. This mapping may be necessary to satisfy container-specific
116N/A# restrictions on character set being used in certain configuration files.
116N/A# - privileged.attribute.mapping: A map property that specifies the above
116N/A# mentioned mapping; Note that if a key contains "=" or ":", then these
30N/A# special character needs to be escaped by "\".
104N/A#
104N/A# Hot-Swap Enabled: Yes
242N/A# Examples:
104N/A# com.sun.identity.agents.config.default.privileged.attribute[0] = AUTHENTICATED_USERS
104N/A# com.sun.identity.agents.config.privileged.attribute.type[0] = Group
104N/A# com.sun.identity.agents.config.privileged.attribute.tolowercase[Group] = false
30N/A# com.sun.identity.agents.config.privileged.session.attribute[0] = UserToken
221N/A# com.sun.identity.agents.config.privileged.attribute.mapping.enable=true
221N/A# com.sun.identity.agents.config.privileged.attribute.mapping[id\=manager,ou\=group,dc\=opensso,dc\=java,dc\=net] = am_manager_role
30N/A# com.sun.identity.agents.config.privileged.attribute.mapping[id\=employee,ou\=group,dc\=opensso,dc\=java,dc\=net] = am_employee_role
30N/A#
221N/Acom.sun.identity.agents.config.default.privileged.attribute[0] = AUTHENTICATED_USERS
242N/Acom.sun.identity.agents.config.privileged.attribute.type[0] = Group
221N/Acom.sun.identity.agents.config.privileged.attribute.type[1] = Role
242N/Acom.sun.identity.agents.config.privileged.attribute.tolowercase[Group] = false
221N/Acom.sun.identity.agents.config.privileged.attribute.tolowercase[Role] = false
242N/Acom.sun.identity.agents.config.privileged.session.attribute[0] =
221N/Acom.sun.identity.agents.config.privileged.attribute.mapping.enable = true
104N/Acom.sun.identity.agents.config.privileged.attribute.mapping[] =
221N/A
285N/A#
285N/A# SSO TOKEN COOKIE NAME
285N/A# The name of the SSO Token cookie used between the OpenAM server and
285N/A# the Agent.
285N/A# Hot-Swap Enabled: No
285N/Acom.iplanet.am.cookie.name=iPlanetDirectoryPro
285N/A
285N/A#
30N/A# SESSION CLIENT PROPERTIES
221N/A# - com.iplanet.am.session.client.polling.enable: A flag that specifies if
221N/A# the session client must use polling for updating session information
221N/A# and not depend upon server notifications.
221N/A# - com.iplanet.am.session.client.polling.period: Specifies the time in
285N/A# seconds after which the session client will request update of cached
285N/A# session information from the server.
285N/A#
285N/A# Note: the notification url to be used by the Agent to receive session
285N/A# notifications is com.sun.identity.client.notification.url
285N/A# Hot-Swap Enabled: No
285N/A#
285N/Acom.iplanet.am.session.client.polling.enable=false
285N/Acom.iplanet.am.session.client.polling.period=180
285N/A
285N/A#
285N/A# ENCRYPTION PROVIDER
285N/A# Specifies the encryption provider implementation to be used by the Agent.
285N/A# Hot-Swap Enabled: No
285N/A#
285N/Acom.iplanet.security.encryptor=com.iplanet.services.util.JCEEncryption
30N/A
153N/A#
153N/A# USER DATA CACHE PROPERTIES
259N/A# - com.sun.identity.idm.remote.notification.enabled: A flag that is used to
259N/A# enable/disable the notifications for amsdk and IdRepo Caches. If set to
259N/A# true notifications are enabled and disabled if set to false.
259N/A# - com.iplanet.am.sdk.remote.pollingTime: Cache update time in minutes for
259N/A# user management data. If set to '0' no updates happen. This property
259N/A# takes effect only if no notification url is provided by
259N/A# 'com.sun.identity.client.notification.url' or if notifications are
0N/A# disabled. (i.e., com.sun.identity.idm.remote.notification.enabled=false)
242N/A# Hot-Swap Enabled: No
251N/A#
0N/Acom.sun.identity.idm.remote.notification.enabled=true
116N/Acom.iplanet.am.sdk.remote.pollingTime=1
116N/A
116N/A#
0N/A# SERVICE DATA CACHE PROPERTIES
192N/A# - com.sun.identity.sm.notification.enabled: A flag that is used to
52N/A# enable/disable the notifications for service management caches. If set to
192N/A# true notifications are enabled and disabled if set to false.
192N/A# - com.sun.identity.sm.cacheTime: Cache update time in minutes for service
0N/A# configuration data. If set to '0' no updates happen. This property
0N/A# takes effect only if no notification url is provided by
22N/A# 'com.sun.identity.client.notification.url' or if notifications are
0N/A# disabled. (i.e., com.sun.identity.sm.notification.enabled=false).
0N/A# Hot-Swap Enabled: No
0N/A#
0N/Acom.sun.identity.sm.notification.enabled=true
0N/Acom.sun.identity.sm.cacheTime=1
63N/A
29N/A#
104N/A# AUTHENTICATION SERVICE PROPERTIES
221N/A# Server protocol, host and port to be used by Authentication Service.
221N/A# Hot-Swap Enabled: No
221N/A#
221N/Acom.iplanet.am.server.protocol=@AM_SERVICES_PROTO@
192N/Acom.iplanet.am.server.host=@AM_SERVICES_HOST@
192N/Acom.iplanet.am.server.port=@AM_SERVICES_PORT@
192N/A
221N/A#
50N/A# POLICY CLIENT PROPERTIES
63N/A# - com.sun.identity.agents.notification.enabled: A flag that specifies
63N/A# if notifications are enabled or disabled for remote policy client.
242N/A# - com.sun.identity.agents.polling.interval: The duration in minutes
63N/A# after which the cached entries are refreshed by remote policy client.
242N/A# - com.sun.identity.policy.client.cacheMode: The mode of caching to be
63N/A# used by remote policy client. Valid value is one of: subtree, self.
242N/A# Cache mode subtree is recommended for a small number of policy rules
63N/A# In all other cases, cacheMode self is recommended.
242N/A# - com.sun.identity.policy.client.booleanActionValues : boolean action
63N/A# values for policy action names.
63N/A# format : serviceName|actionName|trueValue|falseValue
242N/A# - com.sun.identity.policy.client.resourceComparators: Resource Comparators
63N/A# to be used for different service names.
192N/A# - com.sun.identity.policy.client.clockSkew: Specifies time in seconds
242N/A# which is allowed to accommodate the time difference between the
192N/A# OpenAM server machine and the remote policy client machine.
50N/A#
104N/A# Note: the Notification URL for remote policy client is set by the
104N/A# property com.sun.identity.client.notification.url.
192N/A# Hot-Swap Enabled: No
192N/A#
201N/Acom.sun.identity.agents.notification.enabled=true
192N/Acom.sun.identity.agents.polling.interval=3
219N/Acom.sun.identity.policy.client.cacheMode=subtree
192N/Acom.sun.identity.policy.client.booleanActionValues=iPlanetAMWebAgentService|GET|allow|deny:iPlanetAMWebAgentService|POST|allow|deny
219N/Acom.sun.identity.policy.client.resourceComparators=serviceType=iPlanetAMWebAgentService|class=com.sun.identity.policy.plugins.HttpURLResourceName|wildcard=*|delimiter=/|caseSensitive=false
192N/Acom.sun.identity.policy.client.clockSkew=10
219N/A
192N/A#
219N/A# URL POLICY ENVIRONMENT VARIABLE PROPERTIES
192N/A# - com.sun.identity.agents.config.policy.env.get.param: A list of HTTP GET
219N/A# request parameters whose names and values will be set in the environment
192N/A# map for URL policy evaluation at AM server. The key in the map is in the
219N/A# format of GET.<parameter-name>, the map value is a set of string values
192N/A# of the parameter.
204N/A# - com.sun.identity.agents.config.policy.env.post.param: A list of HTTP POST
192N/A# request parameters whose names and values will be set in the environment
219N/A# map for URL policy evaluation at AM server. The key in the map is in the
192N/A# format of POST.<parameter-name>, the map value is a set of string values
219N/A# of the parameter.
227N/A# - com.sun.identity.agents.config.policy.env.jsession.param: A list of
227N/A# HTTP SESSION attributes whose names and values will be set in the
192N/A# environment map for URL policy evaluation at AM server. The key in the
192N/A# map is in the format of JSESSION.<parameter-name>, the map value is a
192N/A# set that contains the string value of the parameter.
192N/A# Hot-Swap Enabled: Yes
192N/A#
192N/A# Examples:
192N/A# com.sun.identity.agents.config.policy.env.get.param[0]=name
192N/A# com.sun.identity.agents.config.policy.env.get.param[1]=phonenumber
0N/A# com.sun.identity.agents.config.policy.env.jsession.param[0]=cardnumber
192N/A# Assuming HTTP GET request parameters "name" and "phonenumber" have their
192N/A# values as "bob" and "1-800-123-4567" respectively. There is a HTTP Session
192N/A# attribute "cardnumber" with its value as "12345678".
192N/A# In the map, the following will be set:
192N/A# GET.name => [bob]
192N/A# GET.phonenumber => [1-800-123-4567]
192N/A# JSESSION.cardnumber => [12345678]
221N/A#
221N/Acom.sun.identity.agents.config.policy.env.get.param[0]=
221N/Acom.sun.identity.agents.config.policy.env.post.param[0]=
221N/Acom.sun.identity.agents.config.policy.env.jsession.param[0]=
221N/A
221N/A# AGENT NOTIFICATION URL PROPERTY
221N/A# -com.sun.identity.client.notification.url: URL for agent to receive
221N/A# notifications from the OpenAM server for session, policy, and
221N/A# configuration changes.
221N/A# Hot-Swap Enabled: No
221N/A#
com.sun.identity.client.notification.url=@AGENT_PREF_PROTO@://@AGENT_HOST@:@AGENT_PREF_PORT@@AGENT_APP_URI@/notification
#
# DEBUG SERVICE PROPERTY
# - com.iplanet.services.debug.level: Specifies the debug level to be used.
# The value is one of: off, error, warning, message.
# Hot-Swap Enabled: Yes
#
com.iplanet.services.debug.level=@DEBUG_LEVEL@
#
# IGNORE REQUEST URL PATH INFO
# The path info will be stripped from the request URL while doing Not Enforced
# List check and url policy evaluation if the value is set to true.
#
# Hot-Swap Enabled: Yes
#
com.sun.identity.agents.config.ignore.path.info = false
#
# WEBAUTHENTICATION AVAILABLE PROPERTY
# This property need to be set to true when the Agent is installed on JBoss-4.2.x.GA
# and it should be set to false when the Agent is installed on JBoss-4.0.5.GA
#
com.sun.identity.agents.config.jboss.webauth.available=false