7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# The contents of this file are subject to the terms
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# of the Common Development and Distribution License
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# (the License). You may not use this file except in
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# compliance with the License.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# You can obtain a copy of the License at
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# https://opensso.dev.java.net/public/CDDLv1.0.html or
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# See the License for the specific language governing
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# permission and limitations under the License.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# When distributing Covered Code, include this CDDL
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Header Notice in each file and include the License file
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# If applicable, add the following below the CDDL Header,
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# with the fields enclosed by brackets [] replaced by
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# your own identifying information:
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# "Portions Copyrighted [year] [name of copyright owner]"
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# $Id: OpenSSOAgentConfiguration.template,v 1.2 2009/10/15 23:35:04 leiming Exp $
0595fb660c93faf1fdbaad7e1300eb342b5baf31Mark de Reeper# Portions Copyrighted 2010-2014 ForgeRock AS.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper#------------------------------------------------------------------------------
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Configuration Property File
dca1e5e05c4dc49f6ce1ceb50100476adc3281b1Mark de Reeper# OpenAM Policy Agent for:
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# GlassFish 2.1
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper#------------------------------------------------------------------------------
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# THIS FILE PROVIDES THE CONFIGURATION SETTINGS NECESSARY FOR THE AGENT
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# TO FUNCTION CORRECTLY. PLEASE REFER TO THE DOCUMENTATION BEFORE
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# MODIFYING ANY OF THE VALUES IN THIS FILE.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Data present in this file provides the necessary configuration
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# settings needed by Agent to work correctly. Invalid configuration
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# data present in this file can lead to malfunction of the Agent, the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# application, and the Application Server.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# WARNING: The contents of this file are classified as an UNSTABLE
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# interface by Sun Microsystems, Inc. As such, they are subject to
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# significant, incompatible changes in any future release of the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# INVALID CONFIGURATION SETTINGS MAY RESULT IN MALFUNCTION OF THE ENTIRE
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper#------------------------------------------------------------------------------
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper#------------------------------------------------------------------------------
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# General Notes about the Agent Configuration
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# -------------------------------------------
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# HOT-SWAP MECHANISM:
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Certain property keys in this configuration are hot-swap enabled.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# The value for these keys when altered are dynamically loaded by the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Agent such that it is not necessary to restart the Application
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Server in order for these changes to take effect. However, in cases
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# where the key is explicitly identified as not enabled for hot-swap
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# or in cases when the hot-swap mechanism is disabled on the system,
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# the Application Server must be restarted for the changes to take
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# effect. Please refer to the Agent documentation to further learn
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# about hot-swap configuration of the Agent.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# LIST CONSTRUCTS:
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Certain property keys in this configuration are specified as lists.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# A list construct is defined as follows:
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# <key>[<index>]=<value>
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# key : is the configuration key
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# index : is a positive number starting from 0 that increments by 1
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# for every value specified in this list.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# value : is one of the values specified in this list.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - Please refer the Agent documentation for full details on usage.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.example[0] = value0
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.example[1] = value1
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.example[2] = value2
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# MAP CONSTRUCTS:
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Certain property keys in this configuration are specified as Maps.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# A Map construct is defined as follows:
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# <key>[<name>]=<value>
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# key : is the configuration key
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# name : is a string that forms the lookup key as available in the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# value : is the value associated with the name in the Map
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - Please refer the Agent documentation for full details on usage.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.example[AL] = ALABAMA
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.example[AK] = ALASKA
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.example[AZ] = ARIZONA
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# APPLICATION SPECIFIC/GLOBAL CONFIGURATION:
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Certain property keys in this configuration can be specified per
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# protected application. This implies that the Agent will use
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# different values of the same configuration key for different
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# applications as defined in this configuration file. Properties
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# which are not specified per protected applications are called Global
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# properties. Application specific properties are defined as follows:
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# <key>[<appname>]=<value>
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# key : is the configuration key
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# appname : is the Application name to which this configuration
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# belongs. The application name is the context path of
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# the application without the leading forward slash
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# character. In case when the application has been
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# deployed at the root-context of the server, the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# application name should be specified as
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# 'DefaultWebApp'.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# value : the value that will be used by the Agent when
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# protecting the application identified by the given
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# application name.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - When an application specific configuration is not present, the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Agent uses different mechanisms to identify a default value. There
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# could be configurations where the default value is used as the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# value specified for the same key without any application specific
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# suffix '[<appname>]'. For example, if the following configuration
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# keys are present:
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.example[Portal] = value1
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.example[DefaultWebApp] = value2
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.example = value3
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# then, for applications other than the ones deployed on the root
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# context and the context '/Portal', the value of this key will
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# default to 'value3'.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - Application Specific configuration properties must follow the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# rules and syntax of the MAP construct of configuration entries as
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# defined above.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.example[Portal] = value1
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.example[BankApp] = value2
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.example[DefaultWebApp] = value3
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper#------------------------------------------------------------------------------
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# FILTER OPERATION MODE
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Specifies the mode of operation of the Filter. Valid value is one of:
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# NONE, SSO_ONLY, URL_POLICY, J2EE_POLICY, ALL. This property can also be
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# specified as an application specific property. However, the global
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# property must always be present.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# WHEN THIS PROPERTY IS SET TO 'NONE', THE AGENT WILL GRANT ACCESS TO
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# ALL PROTECTED RESOURCES. THIS MODE OF OPERATION SHOULD NOT BE USED
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# IN DEPLOYED PRODUCTION SYSTEMS AT ANY TIME AS IT CAN RESULT IN
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# UNAUTHORIZED ACCESS TO PROTECTED SYSTEM RESOURCES. THIS MODE OF
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# OPERATION IS PROVIDED ONLY TO FACILITATE TROUBLESHOOTING OF THE
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# APPLICATION IN A WELL CONTROLLED DEVELOPMENT AND TEST ENVIRONMENT
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# AND SHOULD NOT BE USED IN ANY OTHER ENVIRONMENT.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: No
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.filter.mode = ALL
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.filter.mode[BankApp] = URL_POLICY
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.filter.mode = ALL
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# USER MAPPING PROPERTIES
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - user.mapping.mode: Specifies the mechanism by which the user-ID
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# to be used on the protected server for the authenticated user is
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# determined by the Agent. Value of this is one of: USER_ID,
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# PROFILE_ATTRIBUTE, HTTP_HEADER, SESSION_PROPERTY.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - user.attribute.name: Specifies the name of the profile attribute,
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# or HTTP header, or Session property which contains the user-ID to
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# be used on the protected server for the authenticated user. This
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# property is not used if the value of user.mapping.mode is set to
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - user.principal: A flag that indicates that the principal of the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# authenticated user be used instead of just the user-ID for
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# authenticating the user on the protected server. This property is
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# applicable if the user.mapping.mode is set to USER_ID.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - user.token: Specifies a session property name which contains the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# user-ID of the authenticated user in session. This property is used
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# when the user.mapping.mode is set to USER_ID and the user.principal
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# flag is set to false.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.user.mapping.mode = PROFILE_ATTRIBUTE
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.user.attribute.name = employeenumber
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.user.mapping.mode = USER_ID
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.user.attribute.name = employeenumber
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.user.principal = false
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.user.token = UserToken
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# CLIENT IDENTIFICATION PROPERTIES
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - client.ip.header: Specifies a HTTP header name that holds the IP
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# address of the client. May be left blank if not used.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - client.hostname.header: Specifies a HTTP header name that holds the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hostname of the client. May be left blank if not used.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.client.ip.header = X-Proxy-Client-IP
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.client.hostname.header = X-Proxy-Client-Host
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.client.ip.header =
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.client.hostname.header =
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# CONFIGURATION RELOAD INTERVAL
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Specifies the interval in seconds between configuration reloads. When
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# set to 0, the hot-swap mechanism will be disabled.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.load.interval = 3600
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# LOCALE IDENTIFICATION PROPERTIES
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - locale.language: Specifies the language code for identifying the Locale
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# of operation.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - locale.country: Specifies the country code for identifying the Locale of
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: No
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.locale.language = en
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.locale.country = US
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# AUDIT LOG PROPERTIES
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - audit.accesstype: Specifies the access type which will be logged by the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Agent. Valid value is one of: LOG_NONE, LOG_ALLOW, LOG_DENY, LOG_BOTH.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - log.disposition: Specifies the audit log mode that the Agent will use
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# when writing audit log messages. Valid value is one of: LOCAL, REMOTE,
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - remote.logfile: Specifies the file name to be used on the remote server
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# if the log.disposition is set to REMOTE or ALL.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - local.log.rotate: A flag that indicates if the rotation of audit log
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# local file is enabled or disabled.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - local.log.size: The size in bytes of the local audit log file, beyond
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# which the Agent should rotate the log file.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.audit.accesstype = LOG_NONE
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.log.disposition = REMOTE
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.remote.logfile = @AUDIT_LOG_FILENAME@
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.local.log.rotate = false
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.local.log.size = 52428800
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# WEB SERVICE PROCESSING PROPERTIES
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - webservice.enable: A flag that specifies if Web Service processing is
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# enabled or disabled.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - webservice.endpoint: A list of Web Application end points that represent
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Web Services.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - webservice.process.get.enable: A flag that indicates if the processing
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# of HTTP GET requests for Web Service endpoints is enabled or disabled.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - webservice.authenticator: An implementation class that can be used to
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# authenticate web-service requests.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - webservice.internalerror.content: The name of file that contains content
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# used by the Agent to generate an internal error fault for clients.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - webservice.autherror.content: The name of file that contains content
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# used by the Agent to generate an authorization error fault for clients.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.webservice.enable = false
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.webservice.endpoint[0] =
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.webservice.process.get.enable = true
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.webservice.authenticator =
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.webservice.internalerror.content = WSInternalErrorContent.txt
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.webservice.autherror.content = WSAuthErrorContent.txt
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# ACCESS DENIED URI
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# An application specific (MAP) property that specifies the URI used by
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# the Agent to block unauthorized access requests. May be left unspecified
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# if not available. A global value can also be specified.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.access.denied.uri[BankApp] = /BankApp/accessdenied.html
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.access.denied.uri = /accessdenied.html
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.access.denied.uri[] =
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# FORM LOGIN PROCESSING PROPERTIES
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - login.form: A LIST property used by the Agent to identify login
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# request and take appropriate action. Each entry should be the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# absolute URI of the resource specified in the web.xml deployment
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# descriptor of the protected application in the element
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# form-login-page.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - login.error.uri: A LIST property used by the Agent to identify
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# error page request and take appropriate action. Each entry should
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# be the absolute URI of the resource specified in the web.xml
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# deployment descriptor of the protected application in the element
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# form-error-page.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - login.use.internal: A flag that specifies if the Agent should use
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# internal content for handling form login requests.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - login.content.file: Specifies the name or complete path of the file
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# that will be used by the Agent for handling form login requests if
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# the login.use.internal flag is set to true.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.login.form[0] = /BankApp/jsp/login.jsp
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.login.error.uri[0] = /BankApp/jsp/error.jsp
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.login.form[0] =
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.login.error.uri[0] =
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.login.use.internal = true
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.login.content.file = FormLoginContent.txt
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# LOCAL AUTHENTICATION PROCESSING PROPERTIES
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - auth.handler: A MAP property that specifies application
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# specific Authentication Handler to be used by the the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Agent in order to authenticate the logged on user with the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Application server for the particular application.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - logout.handler: A MAP property that specifies the application
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# specific Logout Handler to be used by the Agent in order to logout
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# the logged on user within the Application server for the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# particular application.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - verification.handler: A MAP property that specifies the application
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# specific local verification handler used by the agent to validate
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# the user credentials with the local repository.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.auth.handler[BankApp] = BankAuthHandler
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.logout.handler[BankApp] = BankLogoutHandler
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.verification.handler[BankApp] = BankVerificationHandler
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.auth.handler[] =
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.logout.handler[] =
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.verification.handler[] =
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# HTTP SESSION BINDING
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Its default value is false so the agent will not invalidate http session,
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# and session data will be maintained.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# If its value is true, then the agent will invalidate the http session when
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# the agent identifies that login has failed, user does not have SSO session
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# or pincipal user name does not match SSO user name.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.httpsession.binding = false
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# GOTO PARAMETER NAME
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# This property has been deprecated.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Specifies the goto Parameter name to be used by the Agent when
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# redirecting the user to the appropriate authentication service. The
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# value of this parameter is used by the authentication service to
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# redirect the user to the original requested destination.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Valid Values:
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# A string value that represents the goto parameter name.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.redirect.param = goto
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Specifies the login URLs to be used by the Agent to redirect
dca1e5e05c4dc49f6ce1ceb50100476adc3281b1Mark de Reeper# incoming users without sufficient credentials to the OpenAM
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# authentication service.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.login.url[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/UI/Login
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Specifies the logout URLs to be used by the Agent to log out
dca1e5e05c4dc49f6ce1ceb50100476adc3281b1Mark de Reeper# the authenticated users from the OpenAM authentication service.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.logout.url[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/UI/Logout
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# LOGIN URL, LOGOUT URL, or CDSSO URLs PROPERTIES
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - login.url.prioritized: specifies if the failover sequence for Login URLs
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# or CDSSO URLs should be prioritized as defined in the list with the lowest
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# index having the highest priority.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - login.url.probe.enabled: specifies if agent will check the availability
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# of these urls before redirecting to them.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Default value is true for backward compability, but suggests to set it
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# to false (server will not be checked) in production deployment where agent
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# often can not access login url directly.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - login.url.probe.timeout: this is the connect timeout value in milliseconds
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# when login.url.probe.enabled is set to true (or server will be checked).
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - logout.url.prioritized: specifies if the failover sequence for Logout
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# URLs should be prioritized as defined in the list with the lowest
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# index having the highest priority.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - logout.url.probe.enabled: specifies if agent will check the availability
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# of these urls before redirecting to them.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Default value is true for backward compability, but suggests to set it
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# to false (server will not be checked) in production deployment where agent
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# often can not access logout url directly.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - logout.url.probe.timeout: this is the connect timeout value in milliseconds
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# when logout.url.probe.enabled is set to true (or server will be checked).
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.login.url.prioritized = true
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.login.url.probe.enabled = true
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.login.url.probe.timeout = 2000
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.logout.url.prioritized = true
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.logout.url.probe.enabled = true
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.logout.url.probe.timeout = 2000
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# AGENT SERVER PROPERTIES
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - agent.host: The host name identifying the Agent protected server to
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# the client browsers if different from the actual host name. May be
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# left blank if not used.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - agent.port: The port number identifying the Agent protected server
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# listening port to the client browsers if different from the actual
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# listening port. May be left blank if not used.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - agent.protocol: The protocol being used (http/https) by the client
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# browsers to communicate with the Agent protected server if different
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# from the actual protocol used by the server.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.agent.protocol =
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# LOGIN ATTEMPT LIMIT
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Specifies the number of login attempts that a user can make without
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# success using a single browser session which will trigger the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# blocking of the user request. Setting this value to 0 disables this
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.login.attempt.limit = 0
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# SSO Cache Enable Flag:
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# This property specifies if the SSO Cache is active for the agent. This cache
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# is used through public APIs exposed by the agent SDK.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Valid Values: true, false
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.amsso.cache.enable = true
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# COOKIE RESET PROCESSING PROPERTIES
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - cookie.reset.enable: A flag that specifies if cookie reset processing
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# is enabled or disabled.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - cookie.reset.name: A list of cookie names that will be reset by the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Agent if cookie reset processing is enabled.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - cookie.reset.domain: A MAP property with the key being the cookie name
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# specified in cookie.reset.name property and the value being the domain
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# of this cookie to be used when a reset event occurs.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - cookie.reset.path: A MAP property with the key being the cookie name
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# specified in cookie.reset.name property and the value being the path
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# of this cookie to be used when a reset event occurs.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.cookie.reset.enable = false
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.cookie.reset.name[0] =
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.cookie.reset.domain[] =
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.cookie.reset.path[] =
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# CDSSO PROCESSING PROPERTIES
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - cdsso.enable: A flag that specifies if CDSSO processing is
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# enabled or disabled.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - cdsso.redirect.uri: An intermediate URI that is used by the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Agent for processing CDSSO requests.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - cdsso.cdcservlet.url: A LIST of URLs of the available CDSSO controllers
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# that may be used by the Agent for CDSSO processing.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - cdsso.clock.skew: Specifies a time in seconds to be used by the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Agent to determine the validity of the CDSSO AuthnResponse assertion.
dca1e5e05c4dc49f6ce1ceb50100476adc3281b1Mark de Reeper# - cdsso.trusted.id.providers: This property specifies the OpenAM
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Server/ID providers that should be trusted by the agent, when evaluating
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# the CDC Liberty Responses. Used when a Load Balancer/Firewall is between
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# the agent & server.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - cdsso.domain: This property specifies the domains for which cookies have
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# to be set in a CDSSO scenario. If this property is left blank then the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# fully qualified cookie domain for the agent server will be used for
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# setting the cookie domain. In such case it is a host cookie instead of
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# a domain cookie.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.cdsso.domain[0] = .sun.com
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.cdsso.enable = false
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.cdsso.redirect.uri = @AGENT_APP_URI@/sunwCDSSORedirectURI
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.cdsso.cdcservlet.url[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/cdcservlet
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.cdsso.clock.skew = 0
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.cdsso.trusted.id.provider[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/cdcservlet
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper#com.sun.identity.agents.config.cdsso.domain[0] =
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# LOGOUT PROCESSING PROPERTIES
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - logout.application.handler: An application specific (MAP) property
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# that identifies a handler to be used for logout processing.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - logout.uri: An application specific (MAP) property that identifies
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# a request URI which indicates a logout event.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - logout.request.param: An application specific (MAP) property that
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# identifies a parameter which when present in the HTTP request
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# indicates a logout event.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - logout.introspect.enabled: A flag that when set allows the Agent
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# to search HTTP request body to locate logout parameter.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - logout.entry.uri: An application specific (MAP) property that identifies
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# a URI to be used as an entry point after successful logout and
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# subsequent successful authentication if applicable.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.logout.application.handler[] =
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.logout.request.param[] =
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.logout.introspect.enabled = false
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.logout.entry.uri[] =
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# FQDN PROCESSING PROPERTIES
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - fqdn.check.enable: A flag that indicates if FQDN checking is enabled
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - fqdn.default: A hostname that represents the default FQDN to be
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# used by the Agent when necessary.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - fqdn.mapping: A MAP property that specifies a mapping from an invalid
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# FQDN entry specified as the key to a valid FQDN entry specified as
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.fqdn.mapping[myserver]=myserver.mydomain.com
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.fqdn.check.enable = true
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.fqdn.default = @AGENT_HOST@
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.fqdn.mapping[] =
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# LEGACY USER AGENT PROCESSING PROPERTIES
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# These three properties have been deprecated:
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - legacy.support.enable: A flag that specifies if legacy user agent
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# support is enabled or disabled.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - legacy.user.agent: A LIST of user agent header values that identify
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# legacy browsers. Entries in this list can have wild card character '*'.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - legacy.redirect.uri: An intermediate URI used by the Agent to
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# redirect legacy user agent requests.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.legacy.support.enable = false
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.legacy.user.agent[0] = Mozilla/4.7*
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.legacy.redirect.uri = @AGENT_APP_URI@/sunwLegacySupportURI
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# CUSTOM RESPONSE HEADERS
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# A MAP property that specifies the custom headers that are set by
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# the Agent on the client browser. The key is the header name and the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# value represents the header value.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.response.header[Cache-Control] = no-cache
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.response.header[] =
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# REDIRECT ATTEMPT LIMIT
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Specifies the number of successive single point redirects that a
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# user can make using a single browser session which will trigger the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# blocking of the user request. When set to 0 this feature is disabled.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.redirect.attempt.limit = 0
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# PORT CHECK PROCESSING PROPERTIES
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - port.check.enable: A flag that indicates if port check functionality
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# is enabled or disabled.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - port.check.file: Specifies the name or complete path of a file that
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# has the necessary content needed to handle requests that need port
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - port.check.setting: A MAP of port versus protocol entries with the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# key being the listening port number and value being the listening
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# protocol to be used by the Agent to identify requests with invalid
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# port numbers.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.port.check.setting[80] = http
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.port.check.setting[443] = https
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.port.check.enable = false
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.port.check.file = PortCheckContent.txt
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.port.check.setting[@AGENT_PREF_PORT@] = @AGENT_PREF_PROTO@
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# NOT-ENFORCED URI PROCESSING PROPERTIES
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - notenforced.uri: A LIST of URIs for which protection is not enforced
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# by the Agent.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - notenforced.uri.invert: A flag that specifies if the list of URIs
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# specified by the property notenforced.uri should be inverted. When
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# set to true, it indicates that the URIs specified should be enforced
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# and all other URIs should be not enforced by the Agent. Entries in
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# this list can have wild card character '*'.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - notenforced.uri.cache.enable: A flag that specifies if the caching of
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# of not-enforced URI list evaluation results is enabled or disabled.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - notenforced.uri.cache.size: The size of the cache to be used if
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# caching of not-enforced URI list evaluation results is enabled.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - notenforced.refresh.session.idletime: A flag that specifies if the opensso
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# session idle time is reset or not when accessing the not enforced URIs.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.notenforced.uri[0]=*.gif
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.notenforced.uri[1]=/public/*
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.notenforced.uri[2]=/images/*
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.notenforced.uri[0] =
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.notenforced.uri.invert = false
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.notenforced.uri.cache.enable = true
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.notenforced.uri.cache.size = 1000
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.notenforced.refresh.session.idletime = false
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# NOT-ENFORCED CLIENT IP PROCESSING PROPERTIES
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - notenforced.ip: A LIST of client IP addresses for which protection is
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# not enforced by the Agent.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - notenforced.ip.invert: A flag that specifies if the list of client IP
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# addresses specified by the property notenforced.ip should be inverted.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# When set to true, it indicates that the client IP addresses specified
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# should be enforced and all other client IPs should be not enforced by
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# the Agent. Entries in this list can have wild card character '*'.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - notenforced.ip.cache.enable: A flag that specifies if the caching of
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# of not-enforced IP list evaluation results is enabled or disabled.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - notenforced.ip.cache.size: The size of the cache to be used if
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# caching of not-enforced IP list evaluation results is enabled.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.notenforced.ip[0]=192.18.145.*
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.notenforced.ip[1]=192.18.146.123
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.notenforced.ip[0] =
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.notenforced.ip.invert = false
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.notenforced.ip.cache.enable = true
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.notenforced.ip.cache.size = 1000
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# COMMON ATTRIBUTE FETCH PROCESSING PROPERTIES
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - attribute.cookie.separator: A character that will be used to separate
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# multiple values of the same attribute when it is being set as a cookie.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - attribute.cookie.encode: A flag that indicates if the value of the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# attribute should be URL encoded before being set as a cookie.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - attribute.date.format: The format of date attribute values to be used
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# when the attribute is being set as HTTP header. This format is based
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# on the definition as provided in java.text.SimpleDateFormat.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.attribute.cookie.separator = |
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.attribute.date.format = EEE, d MMM yyyy hh:mm:ss z
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.attribute.cookie.encode = true
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# PROFILE ATTRIBUTE PROCESSING PROPERTIES
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - profile.attribute.fetch.mode: The mode of fetching profile attributes.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# This value is one of: NONE, HTTP_HEADER, REQUEST_ATTRIBUTE, HTTP_COOKIE
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - profile.attribute.mapping: A MAP that specifies the profile attributes to
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# be populated under specific names for the currently authenticated user.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# The key is the profile attribute name and the value is the name under
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# which that attribute will be made available.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.profile.attribute.mapping[cn]=CUSTOM-Common-Name
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.profile.attribute.mapping[mail]=CUSTOM-Email
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.profile.attribute.fetch.mode = NONE
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.profile.attribute.mapping[] =
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# SESSION ATTRIBUTE PROCESSING PROPERTIES
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - session.attribute.fetch.mode: The mode of fetching session attributes.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# This value is one of: NONE, HTTP_HEADER, REQUEST_ATTRIBUTE, HTTP_COOKIE
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - session.attribute.mapping: A MAP that specifies the session attributes to
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# be populated under specific names for the currently authenticated user.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# The key is the session attribute name and the value is the name under
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# which that attribute will be made available.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.session.attribute.mapping[UserToken]=CUSTOM-userid
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.session.attribute.fetch.mode = NONE
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.session.attribute.mapping[] =
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# RESPONSE ATTRIBUTE PROCESSING PROPERTIES
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - response.attribute.fetch.mode: The mode of fetching policy response
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# attributes. This value is one of: NONE, HTTP_HEADER, REQUEST_ATTRIBUTE,
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - response.attribute.mapping: A MAP that specifies the policy response
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# attributes to be populated under specific names for the currently
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# authenticated user. The key is the policy response attribute name and
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# the value is the name under which that attribute will be made available.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.response.attribute.fetch.mode = NONE
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.response.attribute.mapping[] =
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# BYPASS PRINCIPAL LIST
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# This property specifies a list of principals that is bypassed by the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Agent for authentication and search purposes.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.bypass.principal[0] = guest
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.bypass.principal[1] = testuser
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.bypass.principal[0] =
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# PRIVILEGED ATTRIBUTE PROCESSING PROPERTIES
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - default.privileged.attribute: A list of privileged attributes that will
dca1e5e05c4dc49f6ce1ceb50100476adc3281b1Mark de Reeper# be granted to all users who have a valid OpenAM session.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - privileged.attribute.type: A list of privileged attribute types that will
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# be fetched for each user.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - privileged.attribute.tolowercase : A MAP property that specifies if the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# privileged attribute types should be converted to lowercase.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - privileged.session.attribute: A list of session property names which
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# hold privileged attributes for the authenticated user.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.default.privileged.attribute[0] = AUTHENTICATED_USERS
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.privileged.attribute.type[0] = Group
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.privileged.attribute.tolowercase[Group] = false
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.privileged.session.attribute[0] = UserToken
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.privileged.attribute.mapping.enable=true
0595fb660c93faf1fdbaad7e1300eb342b5baf31Mark de Reeper# com.sun.identity.agents.config.privileged.attribute.mapping[id\=manager,ou\=group,dc\=openam,dc\=forgerock,dc\=org] = am_manager_role
0595fb660c93faf1fdbaad7e1300eb342b5baf31Mark de Reeper# com.sun.identity.agents.config.privileged.attribute.mapping[id\=employee,ou\=group,dc\=openam,dc\=forgerock,dc\=org] = am_employee_role
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.default.privileged.attribute[0] = AUTHENTICATED_USERS
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.privileged.attribute.type[0] = Group
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.privileged.attribute.type[1] = Role
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.privileged.attribute.tolowercase[Group] = false
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.privileged.attribute.tolowercase[Role] = false
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.privileged.session.attribute[0] =
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.privileged.attribute.mapping.enable = true
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.privileged.attribute.mapping[] =
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# SSO TOKEN COOKIE NAME
dca1e5e05c4dc49f6ce1ceb50100476adc3281b1Mark de Reeper# The name of the SSO Token cookie used between the OpenAM server and
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: No
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.iplanet.am.cookie.name=iPlanetDirectoryPro
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# SESSION CLIENT PROPERTIES
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - com.iplanet.am.session.client.polling.enable: A flag that specifies if
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# the session client must use polling for updating session information
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# and not depend upon server notifications.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - com.iplanet.am.session.client.polling.period: Specifies the time in
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# seconds after which the session client will request update of cached
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# session information from the server.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Note: the notification url to be used by the Agent to receive session
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# notifications is com.sun.identity.client.notification.url
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: No
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.iplanet.am.session.client.polling.enable=false
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.iplanet.am.session.client.polling.period=180
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# ENCRYPTION PROVIDER
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Specifies the encryption provider implementation to be used by the Agent.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: No
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.iplanet.security.encryptor=com.iplanet.services.util.JCEEncryption
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# USER DATA CACHE PROPERTIES
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - com.sun.identity.idm.remote.notification.enabled: A flag that is used to
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# enable/disable the notifications for amsdk and IdRepo Caches. If set to
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# true notifications are enabled and disabled if set to false.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - com.iplanet.am.sdk.remote.pollingTime: Cache update time in minutes for
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# user management data. If set to '0' no updates happen. This property
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# takes effect only if no notification url is provided by
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# 'com.sun.identity.client.notification.url' or if notifications are
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# disabled. (i.e., com.sun.identity.idm.remote.notification.enabled=false)
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: No
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.idm.remote.notification.enabled=true
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# SERVICE DATA CACHE PROPERTIES
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - com.sun.identity.sm.notification.enabled: A flag that is used to
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# enable/disable the notifications for service management caches. If set to
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# true notifications are enabled and disabled if set to false.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - com.sun.identity.sm.cacheTime: Cache update time in minutes for service
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# configuration data. If set to '0' no updates happen. This property
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# takes effect only if no notification url is provided by
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# 'com.sun.identity.client.notification.url' or if notifications are
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# disabled. (i.e., com.sun.identity.sm.notification.enabled=false).
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: No
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# AUTHENTICATION SERVICE PROPERTIES
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Server protocol, host and port to be used by Authentication Service.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: No
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.iplanet.am.server.protocol=@AM_SERVICES_PROTO@
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# POLICY CLIENT PROPERTIES
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - com.sun.identity.agents.notification.enabled: A flag that specifies
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# if notifications are enabled or disabled for remote policy client.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - com.sun.identity.agents.polling.interval: The duration in minutes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# after which the cached entries are refreshed by remote policy client.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - com.sun.identity.policy.client.cacheMode: The mode of caching to be
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# used by remote policy client. Valid value is one of: subtree, self.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Cache mode subtree is recommended for a small number of policy rules
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# In all other cases, cacheMode self is recommended.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - com.sun.identity.policy.client.booleanActionValues : boolean action
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# values for policy action names.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# format : serviceName|actionName|trueValue|falseValue
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - com.sun.identity.policy.client.resourceComparators: Resource Comparators
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# to be used for different service names.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - com.sun.identity.policy.client.clockSkew: Specifies time in seconds
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# which is allowed to accommodate the time difference between the
dca1e5e05c4dc49f6ce1ceb50100476adc3281b1Mark de Reeper# OpenAM server machine and the remote policy client machine.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Note: the Notification URL for remote policy client is set by the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# property com.sun.identity.client.notification.url.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: No
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.notification.enabled=true
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.policy.client.cacheMode=subtree
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.policy.client.booleanActionValues=iPlanetAMWebAgentService|GET|allow|deny:iPlanetAMWebAgentService|POST|allow|deny
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.policy.client.resourceComparators=serviceType=iPlanetAMWebAgentService|class=com.sun.identity.policy.plugins.HttpURLResourceName|wildcard=*|delimiter=/|caseSensitive=false
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# URL POLICY ENVIRONMENT VARIABLE PROPERTIES
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - com.sun.identity.agents.config.policy.env.get.param: A list of HTTP GET
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# request parameters whose names and values will be set in the environment
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# map for URL policy evaluation at AM server. The key in the map is in the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# format of GET.<parameter-name>, the map value is a set of string values
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# of the parameter.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - com.sun.identity.agents.config.policy.env.post.param: A list of HTTP POST
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# request parameters whose names and values will be set in the environment
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# map for URL policy evaluation at AM server. The key in the map is in the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# format of POST.<parameter-name>, the map value is a set of string values
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# of the parameter.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - com.sun.identity.agents.config.policy.env.jsession.param: A list of
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# HTTP SESSION attributes whose names and values will be set in the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# environment map for URL policy evaluation at AM server. The key in the
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# map is in the format of JSESSION.<parameter-name>, the map value is a
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# set that contains the string value of the parameter.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.policy.env.get.param[0]=name
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.policy.env.get.param[1]=phonenumber
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# com.sun.identity.agents.config.policy.env.jsession.param[0]=cardnumber
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Assuming HTTP GET request parameters "name" and "phonenumber" have their
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# values as "bob" and "1-800-123-4567" respectively. There is a HTTP Session
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# attribute "cardnumber" with its value as "12345678".
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# In the map, the following will be set:
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# GET.phonenumber => [1-800-123-4567]
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.policy.env.get.param[0]=
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.policy.env.post.param[0]=
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.agents.config.policy.env.jsession.param[0]=
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# AGENT NOTIFICATION URL PROPERTY
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# -com.sun.identity.client.notification.url: URL for agent to receive
dca1e5e05c4dc49f6ce1ceb50100476adc3281b1Mark de Reeper# notifications from the OpenAM server for session, policy, and
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# configuration changes.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: No
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.sun.identity.client.notification.url=@AGENT_PREF_PROTO@://@AGENT_HOST@:@AGENT_PREF_PORT@@AGENT_APP_URI@/notification
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# DEBUG SERVICE PROPERTY
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# - com.iplanet.services.debug.level: Specifies the debug level to be used.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# The value is one of: off, error, warning, message.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reepercom.iplanet.services.debug.level=@DEBUG_LEVEL@
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# IGNORE REQUEST URL PATH INFO
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# The path info will be stripped from the request URL while doing Not Enforced
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# List check and url policy evaluation if the value is set to true.
7c7f40dbeab07edfdcb261387a848c36c13f99e0Mark de Reeper# Hot-Swap Enabled: Yes