OpenSSOAgentConfiguration.template revision 20d6346411620e69843780ad0526325cd7ad94ee
ec79b29695b183f794264bbb578c51e93d1f9b1emartin# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
b39ba1ea90cd1940dcd9e8d0f18c1ff02c187ac1jim# Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
fb8ee8b7a3a2503b95bf47685f9083e0b9834e6fminfrin# The contents of this file are subject to the terms
fb8ee8b7a3a2503b95bf47685f9083e0b9834e6fminfrin# of the Common Development and Distribution License
fb8ee8b7a3a2503b95bf47685f9083e0b9834e6fminfrin# (the License). You may not use this file except in
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd# compliance with the License.
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd# You can obtain a copy of the License at
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd# https://opensso.dev.java.net/public/CDDLv1.0.html or
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd# See the License for the specific language governing
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd# permission and limitations under the License.
5c5e7695fc1e44bebba6b339494a2df4e69b86fcjim# When distributing Covered Code, include this CDDL
5c5e7695fc1e44bebba6b339494a2df4e69b86fcjim# Header Notice in each file and include the License file
4228aba3de67f3d9cce68f7a915d5435faa43adarpluem# If applicable, add the following below the CDDL Header,
4228aba3de67f3d9cce68f7a915d5435faa43adarpluem# with the fields enclosed by brackets [] replaced by
4228aba3de67f3d9cce68f7a915d5435faa43adarpluem# your own identifying information:
78a20a6e7ad3a0229900ee54c7d11a65f647b663niq# "Portions Copyrighted [year] [name of copyright owner]"
9582ad6e149d28b118d4e8571101ecb6f85e0191niq# $Id: OpenSSOAgentConfiguration.template,v 1.2 2009/10/15 23:35:04 leiming Exp $
78a20a6e7ad3a0229900ee54c7d11a65f647b663niq# Portions Copyrighted 2010-2014 ForgeRock AS.
d56bacbfefa5aa883ce5162a115747372fc38d13chrisd#------------------------------------------------------------------------------
d56bacbfefa5aa883ce5162a115747372fc38d13chrisd# Configuration Property File
d56bacbfefa5aa883ce5162a115747372fc38d13chrisd# OpenAM Policy Agent for:
e1a26e8050bf62459a7ef1c5064b714811767417rpluem# GlassFish 2.1
fcee7ee83b1e48f2655c79f176d1ea7627e19937chrisd#------------------------------------------------------------------------------
fcee7ee83b1e48f2655c79f176d1ea7627e19937chrisd# THIS FILE PROVIDES THE CONFIGURATION SETTINGS NECESSARY FOR THE AGENT
53feccc94b923e12db1df6f7069676590097ba2frpluem# TO FUNCTION CORRECTLY. PLEASE REFER TO THE DOCUMENTATION BEFORE
53feccc94b923e12db1df6f7069676590097ba2frpluem# MODIFYING ANY OF THE VALUES IN THIS FILE.
b39ba1ea90cd1940dcd9e8d0f18c1ff02c187ac1jim# Data present in this file provides the necessary configuration
b39ba1ea90cd1940dcd9e8d0f18c1ff02c187ac1jim# settings needed by Agent to work correctly. Invalid configuration
b39ba1ea90cd1940dcd9e8d0f18c1ff02c187ac1jim# data present in this file can lead to malfunction of the Agent, the
d64dd2fd4516c2b1b664c5e59c0628d9aff26984covener# application, and the Application Server.
d64dd2fd4516c2b1b664c5e59c0628d9aff26984covener# WARNING: The contents of this file are classified as an UNSTABLE
ed0d39878e79220baaa50c15b79b1fdf877cb919niq# interface by Sun Microsystems, Inc. As such, they are subject to
1e911973bcb9df6701a4c16c037771ecf25ade13niq# significant, incompatible changes in any future release of the
1e911973bcb9df6701a4c16c037771ecf25ade13niq# software.
1e911973bcb9df6701a4c16c037771ecf25ade13niq# INVALID CONFIGURATION SETTINGS MAY RESULT IN MALFUNCTION OF THE ENTIRE
1e911973bcb9df6701a4c16c037771ecf25ade13niq#------------------------------------------------------------------------------
a55905a382027bdcc3a29248db4176527d36aa9ajim#------------------------------------------------------------------------------
a55905a382027bdcc3a29248db4176527d36aa9ajim# General Notes about the Agent Configuration
a55905a382027bdcc3a29248db4176527d36aa9ajim# -------------------------------------------
5fbd1e97905738791e7359ccbc9b02e913948d2erpluem# HOT-SWAP MECHANISM:
5fbd1e97905738791e7359ccbc9b02e913948d2erpluem# Certain property keys in this configuration are hot-swap enabled.
5fbd1e97905738791e7359ccbc9b02e913948d2erpluem# The value for these keys when altered are dynamically loaded by the
ca33b922ae8ad1b24a8235b656b0ac6f82915355jim# Agent such that it is not necessary to restart the Application
e74519466f1905e7a1b3d34396fbb82717153c90jim# Server in order for these changes to take effect. However, in cases
e74519466f1905e7a1b3d34396fbb82717153c90jim# where the key is explicitly identified as not enabled for hot-swap
e74519466f1905e7a1b3d34396fbb82717153c90jim# or in cases when the hot-swap mechanism is disabled on the system,
ca33b922ae8ad1b24a8235b656b0ac6f82915355jim# the Application Server must be restarted for the changes to take
ca33b922ae8ad1b24a8235b656b0ac6f82915355jim# effect. Please refer to the Agent documentation to further learn
b842b65e0618c5535233b197f03dc917d184adb3jim# about hot-swap configuration of the Agent.
b842b65e0618c5535233b197f03dc917d184adb3jim# LIST CONSTRUCTS:
b842b65e0618c5535233b197f03dc917d184adb3jim# Certain property keys in this configuration are specified as lists.
e47d58d5d983426584c8d16416c50f5c58070746dirkx# A list construct is defined as follows:
e47d58d5d983426584c8d16416c50f5c58070746dirkx# <key>[<index>]=<value>
76f68128bb8fcea0f772d522c05dc7ec872040c2dirkx# key : is the configuration key
33aad3911b15cb5d523075f7df829274fe298a13dirkx# index : is a positive number starting from 0 that increments by 1
433dcb1fbaae82d36634f5120bff71a04296904ddirkx# for every value specified in this list.
433dcb1fbaae82d36634f5120bff71a04296904ddirkx# value : is one of the values specified in this list.
433dcb1fbaae82d36634f5120bff71a04296904ddirkx# - Please refer the Agent documentation for full details on usage.
edb2ad8387e30473e5be09714189441ef94d7f29rpluem# MAP CONSTRUCTS:
edb2ad8387e30473e5be09714189441ef94d7f29rpluem# Certain property keys in this configuration are specified as Maps.
56d3f6035b11f7d2074bcb8368dca5dfd12f9087jim# A Map construct is defined as follows:
64bf71725ee015894b1724bc0dd198e5e24424ecrpluem# <key>[<name>]=<value>
d7fcc79b0bee660d71b0cccfe9bbc2765ee6420erederpj# key : is the configuration key
d7fcc79b0bee660d71b0cccfe9bbc2765ee6420erederpj# name : is a string that forms the lookup key as available in the
d7fcc79b0bee660d71b0cccfe9bbc2765ee6420erederpj# value : is the value associated with the name in the Map
5e48e0ef81c0736649fd7d2884837b32ed678750rpluem# - Please refer the Agent documentation for full details on usage.
33159d1d1291b676697c154830134500e793e66bcovener# com.sun.identity.agents.config.example[AZ] = ARIZONA
33159d1d1291b676697c154830134500e793e66bcovener# APPLICATION SPECIFIC/GLOBAL CONFIGURATION:
33159d1d1291b676697c154830134500e793e66bcovener# Certain property keys in this configuration can be specified per
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx# protected application. This implies that the Agent will use
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx# different values of the same configuration key for different
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx# applications as defined in this configuration file. Properties
40beb03c240a9c60805388592f1005d9bf9d2362fuankg# which are not specified per protected applications are called Global
65cb7f00eca6689c8a89dc809359991ade1285bcwrowe# properties. Application specific properties are defined as follows:
65cb7f00eca6689c8a89dc809359991ade1285bcwrowe# <key>[<appname>]=<value>
475311484e1d0f01d41e0f48bfecf1f4bca2ff07rpluem# key : is the configuration key
475311484e1d0f01d41e0f48bfecf1f4bca2ff07rpluem# appname : is the Application name to which this configuration
ef79eba84348e4f8c99402de06afa2237a856049rpluem# belongs. The application name is the context path of
ef79eba84348e4f8c99402de06afa2237a856049rpluem# the application without the leading forward slash
ef79eba84348e4f8c99402de06afa2237a856049rpluem# character. In case when the application has been
0d529159d06aec095a1e0612e2d629c98dc75512rpluem# deployed at the root-context of the server, the
0d529159d06aec095a1e0612e2d629c98dc75512rpluem# application name should be specified as
0d529159d06aec095a1e0612e2d629c98dc75512rpluem# 'DefaultWebApp'.
39c7699ec0799d394d3f67145d4a12ed82f587b8jorton# value : the value that will be used by the Agent when
39c7699ec0799d394d3f67145d4a12ed82f587b8jorton# protecting the application identified by the given
39c7699ec0799d394d3f67145d4a12ed82f587b8jorton# application name.
3511969853863eeb6e80018afe63831e5bf81447rpluem# - When an application specific configuration is not present, the
c6d33447e28403a90ad817dba4df75fae785be28pquerna# Agent uses different mechanisms to identify a default value. There
c6d33447e28403a90ad817dba4df75fae785be28pquerna# could be configurations where the default value is used as the
439ccf2a084e1da566548931c585cbcc3a9e7f4cminfrin# value specified for the same key without any application specific
439ccf2a084e1da566548931c585cbcc3a9e7f4cminfrin# suffix '[<appname>]'. For example, if the following configuration
439ccf2a084e1da566548931c585cbcc3a9e7f4cminfrin# keys are present:
439ccf2a084e1da566548931c585cbcc3a9e7f4cminfrin# com.sun.identity.agents.config.example[Portal] = value1
439ccf2a084e1da566548931c585cbcc3a9e7f4cminfrin# com.sun.identity.agents.config.example[DefaultWebApp] = value2
795c9499a77c25695bcb9710ed67bbe51492e181rpluem# then, for applications other than the ones deployed on the root
795c9499a77c25695bcb9710ed67bbe51492e181rpluem# context and the context '/Portal', the value of this key will
795c9499a77c25695bcb9710ed67bbe51492e181rpluem# default to 'value3'.
a72ba68ecbbc61e4b513e50d6000245c33f753dcwrowe# - Application Specific configuration properties must follow the
7a079e0cd696baca90ac43e325f64582e2945c68wrowe# rules and syntax of the MAP construct of configuration entries as
a72ba68ecbbc61e4b513e50d6000245c33f753dcwrowe# defined above.
62c53a0dab4c85bfc6a5ab9abfb1b269d9f7458dniq# com.sun.identity.agents.config.example[Portal] = value1
11a0edf478ca9c59d80bf73491d89cf019259feeniq# com.sun.identity.agents.config.example[BankApp] = value2
11a0edf478ca9c59d80bf73491d89cf019259feeniq# com.sun.identity.agents.config.example[DefaultWebApp] = value3
11a0edf478ca9c59d80bf73491d89cf019259feeniq#------------------------------------------------------------------------------
06446302a0a3e40cd8807bb25467c8f776cf2fbatrawick# FILTER OPERATION MODE
06446302a0a3e40cd8807bb25467c8f776cf2fbatrawick# Specifies the mode of operation of the Filter. Valid value is one of:
ecc1538af1c08282fc2773d2eb3f1a54251862f9minfrin# NONE, SSO_ONLY, URL_POLICY, J2EE_POLICY, ALL. This property can also be
ecc1538af1c08282fc2773d2eb3f1a54251862f9minfrin# specified as an application specific property. However, the global
ecc1538af1c08282fc2773d2eb3f1a54251862f9minfrin# property must always be present.
3f5585f7f4a7d74f2f94ec729ea8c1879d419e35rederpj# WHEN THIS PROPERTY IS SET TO 'NONE', THE AGENT WILL GRANT ACCESS TO
3f5585f7f4a7d74f2f94ec729ea8c1879d419e35rederpj# ALL PROTECTED RESOURCES. THIS MODE OF OPERATION SHOULD NOT BE USED
3f5585f7f4a7d74f2f94ec729ea8c1879d419e35rederpj# IN DEPLOYED PRODUCTION SYSTEMS AT ANY TIME AS IT CAN RESULT IN
3f5585f7f4a7d74f2f94ec729ea8c1879d419e35rederpj# UNAUTHORIZED ACCESS TO PROTECTED SYSTEM RESOURCES. THIS MODE OF
3f5585f7f4a7d74f2f94ec729ea8c1879d419e35rederpj# OPERATION IS PROVIDED ONLY TO FACILITATE TROUBLESHOOTING OF THE
e4b96ba15dc8b2b27d251d53e29b86da32cd5066pquerna# APPLICATION IN A WELL CONTROLLED DEVELOPMENT AND TEST ENVIRONMENT
e4b96ba15dc8b2b27d251d53e29b86da32cd5066pquerna# AND SHOULD NOT BE USED IN ANY OTHER ENVIRONMENT.
81bd9331da3bd0f53255d52b1475480ff3a4b395trawick# Hot-Swap Enabled: No
cd3bbd6d2df78d6c75e5d159a81ef8bdd5f70df9trawick# com.sun.identity.agents.config.filter.mode[BankApp] = URL_POLICY
108ebbb87b2a46f4416ec507824471a483c39fe1sctemme# USER MAPPING PROPERTIES
108ebbb87b2a46f4416ec507824471a483c39fe1sctemme# - user.mapping.mode: Specifies the mechanism by which the user-ID
108ebbb87b2a46f4416ec507824471a483c39fe1sctemme# to be used on the protected server for the authenticated user is
7abe34dd5a20fc8fde09dca9116b88e6ddfd55ddjorton# determined by the Agent. Value of this is one of: USER_ID,
7abe34dd5a20fc8fde09dca9116b88e6ddfd55ddjorton# PROFILE_ATTRIBUTE, HTTP_HEADER, SESSION_PROPERTY.
7abe34dd5a20fc8fde09dca9116b88e6ddfd55ddjorton# - user.attribute.name: Specifies the name of the profile attribute,
10d486b9267800c5e376c22f6c0d45dc2ae86f67chrisd# or HTTP header, or Session property which contains the user-ID to
10d486b9267800c5e376c22f6c0d45dc2ae86f67chrisd# be used on the protected server for the authenticated user. This
10d486b9267800c5e376c22f6c0d45dc2ae86f67chrisd# property is not used if the value of user.mapping.mode is set to
3e155218733389e7b1ea3a9ffd0aea533fd929cechrisd# - user.principal: A flag that indicates that the principal of the
3e155218733389e7b1ea3a9ffd0aea533fd929cechrisd# authenticated user be used instead of just the user-ID for
3e155218733389e7b1ea3a9ffd0aea533fd929cechrisd# authenticating the user on the protected server. This property is
3e155218733389e7b1ea3a9ffd0aea533fd929cechrisd# applicable if the user.mapping.mode is set to USER_ID.
dd6199828976e6c7850ca6abd7a1ceba99e9ed16chrisd# - user.token: Specifies a session property name which contains the
dd6199828976e6c7850ca6abd7a1ceba99e9ed16chrisd# user-ID of the authenticated user in session. This property is used
dd6199828976e6c7850ca6abd7a1ceba99e9ed16chrisd# when the user.mapping.mode is set to USER_ID and the user.principal
dd6199828976e6c7850ca6abd7a1ceba99e9ed16chrisd# flag is set to false.
ab43b4a17b2ac31ccb1cf280be8c42a8a314cecbjorton# Hot-Swap Enabled: Yes
ab43b4a17b2ac31ccb1cf280be8c42a8a314cecbjorton# com.sun.identity.agents.config.user.mapping.mode = PROFILE_ATTRIBUTE
67139e2d50d1e11558d87f7042f61cb04bb0d1d2jim# com.sun.identity.agents.config.user.attribute.name = employeenumber
67139e2d50d1e11558d87f7042f61cb04bb0d1d2jimcom.sun.identity.agents.config.user.mapping.mode = USER_ID
67139e2d50d1e11558d87f7042f61cb04bb0d1d2jimcom.sun.identity.agents.config.user.attribute.name = employeenumber
a4ab95921be8ce5de50913cd6505d41b672eb375minfrincom.sun.identity.agents.config.user.token = UserToken
a4ab95921be8ce5de50913cd6505d41b672eb375minfrin# CLIENT IDENTIFICATION PROPERTIES
e605dd6afa940f799c873ffeaa5e25fa4ea9a2c8minfrin# - client.ip.header: Specifies a HTTP header name that holds the IP
e605dd6afa940f799c873ffeaa5e25fa4ea9a2c8minfrin# address of the client. May be left blank if not used.
e605dd6afa940f799c873ffeaa5e25fa4ea9a2c8minfrin# - client.hostname.header: Specifies a HTTP header name that holds the
e605dd6afa940f799c873ffeaa5e25fa4ea9a2c8minfrin# Hostname of the client. May be left blank if not used.
e605dd6afa940f799c873ffeaa5e25fa4ea9a2c8minfrin# Hot-Swap Enabled: Yes
50c06405bc48121db2913925549407fd3e79bcedmturk# com.sun.identity.agents.config.client.ip.header = X-Proxy-Client-IP
dec02391360e503cd3437d16bed765dc653b9de5minfrin# com.sun.identity.agents.config.client.hostname.header = X-Proxy-Client-Host
dec02391360e503cd3437d16bed765dc653b9de5minfrincom.sun.identity.agents.config.client.hostname.header =
1b27a3a26f18191db7ecb4d536cb121ba9520a8eniq# CONFIGURATION RELOAD INTERVAL
686ce4eade942e515b1725d0c9751da36b759a6ctrawick# Specifies the interval in seconds between configuration reloads. When
686ce4eade942e515b1725d0c9751da36b759a6ctrawick# set to 0, the hot-swap mechanism will be disabled.
686ce4eade942e515b1725d0c9751da36b759a6ctrawick# Hot-Swap Enabled: Yes
4bd465052c4a0c8d41e573ee7a90c312d980355fchrisd# LOCALE IDENTIFICATION PROPERTIES
4bd465052c4a0c8d41e573ee7a90c312d980355fchrisd# - locale.language: Specifies the language code for identifying the Locale
4bd465052c4a0c8d41e573ee7a90c312d980355fchrisd# of operation.
4bd465052c4a0c8d41e573ee7a90c312d980355fchrisd# - locale.country: Specifies the country code for identifying the Locale of
27b38d4191d5f638165e2a77ec6e6f567bd7784dniq# operation.
27b38d4191d5f638165e2a77ec6e6f567bd7784dniq# Hot-Swap Enabled: No
a87e2a23083aa62229307482afbb3b802a0c2105mturk# AUDIT LOG PROPERTIES
a87e2a23083aa62229307482afbb3b802a0c2105mturk# - audit.accesstype: Specifies the access type which will be logged by the
8fd638698262130d00458b2c95548f6f94875847rpluem# Agent. Valid value is one of: LOG_NONE, LOG_ALLOW, LOG_DENY, LOG_BOTH.
534611d341a1a48b93c7a1fd5e333dbd261527d3rpluem# - log.disposition: Specifies the audit log mode that the Agent will use
534611d341a1a48b93c7a1fd5e333dbd261527d3rpluem# when writing audit log messages. Valid value is one of: LOCAL, REMOTE,
e99dfd55d29a7b4209b814efc7270d0b74ccee74niq# - remote.logfile: Specifies the file name to be used on the remote server
c3c8103039e36494987aff50451896459826a361rpluem# if the log.disposition is set to REMOTE or ALL.
e99dfd55d29a7b4209b814efc7270d0b74ccee74niq# - local.log.rotate: A flag that indicates if the rotation of audit log
127aef4ce9f7b6b32a95c5ed9a93b796d18755e6rpluem# local file is enabled or disabled.
127aef4ce9f7b6b32a95c5ed9a93b796d18755e6rpluem# - local.log.size: The size in bytes of the local audit log file, beyond
127aef4ce9f7b6b32a95c5ed9a93b796d18755e6rpluem# which the Agent should rotate the log file.
127aef4ce9f7b6b32a95c5ed9a93b796d18755e6rpluem# Hot-Swap Enabled: Yes
79d4b708d021714647aab8b138ae671ed24765cewrowecom.sun.identity.agents.config.audit.accesstype = LOG_NONE
79d4b708d021714647aab8b138ae671ed24765cewrowecom.sun.identity.agents.config.log.disposition = REMOTE
79d4b708d021714647aab8b138ae671ed24765cewrowecom.sun.identity.agents.config.remote.logfile = @AUDIT_LOG_FILENAME@
79d4b708d021714647aab8b138ae671ed24765cewrowecom.sun.identity.agents.config.local.log.rotate = false
88d0e50f16b21d4d0af0a48da7ad28fb5991834crpluemcom.sun.identity.agents.config.local.log.size = 52428800
88d0e50f16b21d4d0af0a48da7ad28fb5991834crpluem# WEB SERVICE PROCESSING PROPERTIES
15264721069299ec26493e21d56bf8ff7faf6f0drpluem# - webservice.enable: A flag that specifies if Web Service processing is
15264721069299ec26493e21d56bf8ff7faf6f0drpluem# enabled or disabled.
15264721069299ec26493e21d56bf8ff7faf6f0drpluem# - webservice.endpoint: A list of Web Application end points that represent
11e1b16b907afb7de0678e28fe4849d9029e2df8rpluem# Web Services.
25a81ea1bca1c89cda713c4d23660e487b1488a0rpluem# - webservice.process.get.enable: A flag that indicates if the processing
25a81ea1bca1c89cda713c4d23660e487b1488a0rpluem# of HTTP GET requests for Web Service endpoints is enabled or disabled.
25a81ea1bca1c89cda713c4d23660e487b1488a0rpluem# - webservice.authenticator: An implementation class that can be used to
48fa058fe468025347930610ac2473094fa0f4e4chrisd# authenticate web-service requests.
48fa058fe468025347930610ac2473094fa0f4e4chrisd# - webservice.internalerror.content: The name of file that contains content
48fa058fe468025347930610ac2473094fa0f4e4chrisd# used by the Agent to generate an internal error fault for clients.
3ec4328f079d8867cc323155e59678ad9437914frooneg# - webservice.autherror.content: The name of file that contains content
3ec4328f079d8867cc323155e59678ad9437914frooneg# used by the Agent to generate an authorization error fault for clients.
3ec4328f079d8867cc323155e59678ad9437914frooneg# Hot-Swap Enabled: Yes
de0d0b50c96fae59c28e09fed61b0d15cfa4147bchrisdcom.sun.identity.agents.config.webservice.enable = false
de0d0b50c96fae59c28e09fed61b0d15cfa4147bchrisdcom.sun.identity.agents.config.webservice.endpoint[0] =
de0d0b50c96fae59c28e09fed61b0d15cfa4147bchrisdcom.sun.identity.agents.config.webservice.process.get.enable = true
de0d0b50c96fae59c28e09fed61b0d15cfa4147bchrisdcom.sun.identity.agents.config.webservice.authenticator =
de0d0b50c96fae59c28e09fed61b0d15cfa4147bchrisdcom.sun.identity.agents.config.webservice.internalerror.content = WSInternalErrorContent.txt
de0d0b50c96fae59c28e09fed61b0d15cfa4147bchrisdcom.sun.identity.agents.config.webservice.autherror.content = WSAuthErrorContent.txt
edf6757df85878dc8ce11fb3840ee4cde6de5b2frooneg# ACCESS DENIED URI
db78659055df54243bca678c35bd2ce7e31a9237rooneg# An application specific (MAP) property that specifies the URI used by
95817edd05387a5276f51fcd5db79fc21b89b55brooneg# the Agent to block unauthorized access requests. May be left unspecified
95817edd05387a5276f51fcd5db79fc21b89b55brooneg# if not available. A global value can also be specified.
63689d77e084e36b8194fb6df5adfc0344965e01trawick# com.sun.identity.agents.config.access.denied.uri[BankApp] = /BankApp/accessdenied.html
63689d77e084e36b8194fb6df5adfc0344965e01trawick# com.sun.identity.agents.config.access.denied.uri = /accessdenied.html
63689d77e084e36b8194fb6df5adfc0344965e01trawick# Hot-Swap Enabled: Yes
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholescom.sun.identity.agents.config.access.denied.uri[] =
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes# FORM LOGIN PROCESSING PROPERTIES
a1a615ca49b162d71d88089210395c9a9cfeb539rpluem# - login.form: A LIST property used by the Agent to identify login
8b67b9d3ce40755d1b58971198a02b2749d8e13dbnicholes# request and take appropriate action. Each entry should be the
8b67b9d3ce40755d1b58971198a02b2749d8e13dbnicholes# absolute URI of the resource specified in the web.xml deployment
8b67b9d3ce40755d1b58971198a02b2749d8e13dbnicholes# descriptor of the protected application in the element
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes# form-login-page.
a1a615ca49b162d71d88089210395c9a9cfeb539rpluem# - login.error.uri: A LIST property used by the Agent to identify
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes# error page request and take appropriate action. Each entry should
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes# be the absolute URI of the resource specified in the web.xml
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes# deployment descriptor of the protected application in the element
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes# form-error-page.
a1a615ca49b162d71d88089210395c9a9cfeb539rpluem# - login.use.internal: A flag that specifies if the Agent should use
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes# internal content for handling form login requests.
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes# - login.content.file: Specifies the name or complete path of the file
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes# that will be used by the Agent for handling form login requests if
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes# the login.use.internal flag is set to true.
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes# Hot-Swap Enabled: Yes
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes# com.sun.identity.agents.config.login.form[0] = /BankApp/jsp/login.jsp
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes# com.sun.identity.agents.config.login.error.uri[0] = /BankApp/jsp/error.jsp
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholescom.sun.identity.agents.config.login.error.uri[0] =
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholescom.sun.identity.agents.config.login.use.internal = true
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholescom.sun.identity.agents.config.login.content.file = FormLoginContent.txt
1b0dce86d7fc8a5aa4c89b05255be26e508c615crpluem# LOCAL AUTHENTICATION PROCESSING PROPERTIES
1b0dce86d7fc8a5aa4c89b05255be26e508c615crpluem# - auth.handler: A MAP property that specifies application
1b0dce86d7fc8a5aa4c89b05255be26e508c615crpluem# specific Authentication Handler to be used by the the
edc5389f50ce4153e6192740f3c7a188c8cf8d67niq# Agent in order to authenticate the logged on user with the
edc5389f50ce4153e6192740f3c7a188c8cf8d67niq# Application server for the particular application.
6c05afd314b4ddd545d63b4ff5de822cc30eec79trawick# - logout.handler: A MAP property that specifies the application
6c05afd314b4ddd545d63b4ff5de822cc30eec79trawick# specific Logout Handler to be used by the Agent in order to logout
6c05afd314b4ddd545d63b4ff5de822cc30eec79trawick# the logged on user within the Application server for the
13cd67e9c1dacbd6b9f040bda337c725cedd98f3brianp# particular application.
13cd67e9c1dacbd6b9f040bda337c725cedd98f3brianp# - verification.handler: A MAP property that specifies the application
a623efbff95aab78da9e030524b0fa69b054f6d0brianp# specific local verification handler used by the agent to validate
a623efbff95aab78da9e030524b0fa69b054f6d0brianp# the user credentials with the local repository.
a623efbff95aab78da9e030524b0fa69b054f6d0brianp# Hot-Swap Enabled: Yes
a623efbff95aab78da9e030524b0fa69b054f6d0brianp# com.sun.identity.agents.config.auth.handler[BankApp] = BankAuthHandler
a623efbff95aab78da9e030524b0fa69b054f6d0brianp# com.sun.identity.agents.config.logout.handler[BankApp] = BankLogoutHandler
0b4b04d8621478ba59f0a6ba2950ddc02ab92b58colm# com.sun.identity.agents.config.verification.handler[BankApp] = BankVerificationHandler
2f1bb5376c5c4022383bb729679ca751dd75a2eabrianpcom.sun.identity.agents.config.verification.handler[] =
ad862ab5716726a2d72a292ba1dfb29566c86153brianp# HTTP SESSION BINDING
17d53ea32c4968e47733f1c2c063ae07d280efd6jerenkrantz# Its default value is false so the agent will not invalidate http session,
17d53ea32c4968e47733f1c2c063ae07d280efd6jerenkrantz# and session data will be maintained.
17d53ea32c4968e47733f1c2c063ae07d280efd6jerenkrantz# If its value is true, then the agent will invalidate the http session when
2d5532b13110a8d85653da92e97795b09cc25cc2trawick# the agent identifies that login has failed, user does not have SSO session
b38565306421ff53e9f7499bc728d6df5cec294dpquerna# or pincipal user name does not match SSO user name.
b38565306421ff53e9f7499bc728d6df5cec294dpquerna# Hot-Swap Enabled: Yes
b38565306421ff53e9f7499bc728d6df5cec294dpquernacom.sun.identity.agents.config.httpsession.binding = false
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim# GOTO PARAMETER NAME
cfa64348224b66dd1c9979b809406c4d15b1c137fielding# This property has been deprecated.
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim# Specifies the goto Parameter name to be used by the Agent when
cfa64348224b66dd1c9979b809406c4d15b1c137fielding# redirecting the user to the appropriate authentication service. The
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim# value of this parameter is used by the authentication service to
cfa64348224b66dd1c9979b809406c4d15b1c137fielding# redirect the user to the original requested destination.
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim# Valid Values:
cfa64348224b66dd1c9979b809406c4d15b1c137fielding# A string value that represents the goto parameter name.
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim# Hot-Swap Enabled: Yes
com.sun.identity.agents.config.login.url[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/UI/Login
com.sun.identity.agents.config.logout.url[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/UI/Logout
# - login.url.prioritized: specifies if the failover sequence for Login URLs
# - login.url.probe.enabled: specifies if agent will check the availability
# - login.url.probe.timeout: this is the connect timeout value in milliseconds
# when login.url.probe.enabled is set to true (or server will be checked).
# - logout.url.prioritized: specifies if the failover sequence for Logout
# - logout.url.probe.enabled: specifies if agent will check the availability
# - logout.url.probe.timeout: this is the connect timeout value in milliseconds
# when logout.url.probe.enabled is set to true (or server will be checked).
# - agent.host: The host name identifying the Agent protected server to
# - agent.port: The port number identifying the Agent protected server
# - cookie.reset.enable: A flag that specifies if cookie reset processing
# - cookie.reset.name: A list of cookie names that will be reset by the
# - cookie.reset.domain: A MAP property with the key being the cookie name
# specified in cookie.reset.name property and the value being the domain
# - cookie.reset.path: A MAP property with the key being the cookie name
# specified in cookie.reset.name property and the value being the path
# - cdsso.enable: A flag that specifies if CDSSO processing is
# - cdsso.redirect.uri: An intermediate URI that is used by the
# - cdsso.cdcservlet.url: A LIST of URLs of the available CDSSO controllers
# - cdsso.clock.skew: Specifies a time in seconds to be used by the
# - cdsso.trusted.id.providers: This property specifies the OpenAM
# Server/ID providers that should be trusted by the agent, when evaluating
# the CDC Liberty Responses. Used when a Load Balancer/Firewall is between
# - cdsso.domain: This property specifies the domains for which cookies have
com.sun.identity.agents.config.cdsso.redirect.uri = @AGENT_APP_URI@/sunwCDSSORedirectURI
com.sun.identity.agents.config.cdsso.cdcservlet.url[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/cdcservlet
com.sun.identity.agents.config.cdsso.trusted.id.provider[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/cdcservlet
# - logout.application.handler: An application specific (MAP) property
# - logout.uri: An application specific (MAP) property that identifies
# - logout.request.param: An application specific (MAP) property that
# - logout.introspect.enabled: A flag that when set allows the Agent
# - logout.entry.uri: An application specific (MAP) property that identifies
# - fqdn.check.enable: A flag that indicates if FQDN checking is enabled
# - fqdn.default: A hostname that represents the default FQDN to be
# - fqdn.mapping: A MAP property that specifies a mapping from an invalid
# Examples of fqdn.mapping:
com.sun.identity.agents.config.fqdn.default = @AGENT_HOST@
# - legacy.support.enable: A flag that specifies if legacy user agent
# - legacy.user.agent: A LIST of user agent header values that identify
# - legacy.redirect.uri: An intermediate URI used by the Agent to
com.sun.identity.agents.config.legacy.user.agent[0] = Mozilla/4.7*
com.sun.identity.agents.config.legacy.redirect.uri = @AGENT_APP_URI@/sunwLegacySupportURI
# com.sun.identity.agents.config.response.header[Cache-Control] = no-cache
# - port.check.enable: A flag that indicates if port check functionality
# - port.check.file: Specifies the name or complete path of a file that
# - port.check.setting: A MAP of port versus protocol entries with the
# Example of port.check.setting:
# com.sun.identity.agents.config.port.check.setting[80] = http
# com.sun.identity.agents.config.port.check.setting[443] = https
com.sun.identity.agents.config.port.check.setting[@AGENT_PREF_PORT@] = @AGENT_PREF_PROTO@
# - notenforced.uri: A LIST of URIs for which protection is not enforced
# - notenforced.uri.invert: A flag that specifies if the list of URIs
# specified by the property notenforced.uri should be inverted. When
# - notenforced.uri.cache.enable: A flag that specifies if the caching of
# - notenforced.uri.cache.size: The size of the cache to be used if
# - notenforced.refresh.session.idletime: A flag that specifies if the opensso
# Example of notenforced.uri:
# com.sun.identity.agents.config.notenforced.uri[1]=/public/*
# com.sun.identity.agents.config.notenforced.uri[2]=/images/*
# - notenforced.ip: A LIST of client IP addresses for which protection is
# - notenforced.ip.invert: A flag that specifies if the list of client IP
# addresses specified by the property notenforced.ip should be inverted.
# - notenforced.ip.cache.enable: A flag that specifies if the caching of
# - notenforced.ip.cache.size: The size of the cache to be used if
# Example of notenforced.ip:
# com.sun.identity.agents.config.notenforced.ip[0]=192.18.145.*
# com.sun.identity.agents.config.notenforced.ip[1]=192.18.146.123
# - attribute.cookie.separator: A character that will be used to separate
# - attribute.cookie.encode: A flag that indicates if the value of the
# - attribute.date.format: The format of date attribute values to be used
# on the definition as provided in java.text.SimpleDateFormat.
com.sun.identity.agents.config.attribute.date.format = EEE, d MMM yyyy hh:mm:ss z
# - profile.attribute.fetch.mode: The mode of fetching profile attributes.
# - profile.attribute.mapping: A MAP that specifies the profile attributes to
# Example of profile.attribute.mapping:
# com.sun.identity.agents.config.profile.attribute.mapping[cn]=CUSTOM-Common-Name
# com.sun.identity.agents.config.profile.attribute.mapping[mail]=CUSTOM-Email
# - session.attribute.fetch.mode: The mode of fetching session attributes.
# - session.attribute.mapping: A MAP that specifies the session attributes to
# Example of session.attribute.mapping:
# com.sun.identity.agents.config.session.attribute.mapping[UserToken]=CUSTOM-userid
# - response.attribute.fetch.mode: The mode of fetching policy response
# - response.attribute.mapping: A MAP that specifies the policy response
# com.sun.identity.agents.config.bypass.principal[0] = guest
# com.sun.identity.agents.config.bypass.principal[1] = testuser
# - default.privileged.attribute: A list of privileged attributes that will
# - privileged.attribute.type: A list of privileged attribute types that will
# - privileged.attribute.tolowercase : A MAP property that specifies if the
# - privileged.session.attribute: A list of session property names which
# com.sun.identity.agents.config.default.privileged.attribute[0] = AUTHENTICATED_USERS
# com.sun.identity.agents.config.privileged.attribute.tolowercase[Group] = false
# com.sun.identity.agents.config.privileged.session.attribute[0] = UserToken
# com.sun.identity.agents.config.privileged.attribute.mapping[id\=manager,ou\=group,dc\=openam,dc\=forgerock,dc\=org] = am_manager_role
# com.sun.identity.agents.config.privileged.attribute.mapping[id\=employee,ou\=group,dc\=openam,dc\=forgerock,dc\=org] = am_employee_role
com.sun.identity.agents.config.default.privileged.attribute[0] = AUTHENTICATED_USERS
com.iplanet.am.cookie.name=iPlanetDirectoryPro
# - com.iplanet.am.session.client.polling.enable: A flag that specifies if
# - com.iplanet.am.session.client.polling.period: Specifies the time in
# notifications is com.sun.identity.client.notification.url
# - com.sun.identity.idm.remote.notification.enabled: A flag that is used to
# enable/disable the notifications for amsdk and IdRepo Caches. If set to
# - com.iplanet.am.sdk.remote.pollingTime: Cache update time in minutes for
# 'com.sun.identity.client.notification.url' or if notifications are
# - com.sun.identity.sm.notification.enabled: A flag that is used to
# enable/disable the notifications for service management caches. If set to
# - com.sun.identity.sm.cacheTime: Cache update time in minutes for service
# 'com.sun.identity.client.notification.url' or if notifications are
com.iplanet.am.server.protocol=@AM_SERVICES_PROTO@
com.iplanet.am.server.host=@AM_SERVICES_HOST@
com.iplanet.am.server.port=@AM_SERVICES_PORT@
# - com.sun.identity.agents.notification.enabled: A flag that specifies
# - com.sun.identity.agents.polling.interval: The duration in minutes
# - com.sun.identity.policy.client.cacheMode: The mode of caching to be
# - com.sun.identity.policy.client.booleanActionValues : boolean action
# - com.sun.identity.policy.client.resourceComparators: Resource Comparators
# - com.sun.identity.policy.client.clockSkew: Specifies time in seconds
# property com.sun.identity.client.notification.url.
com.sun.identity.policy.client.booleanActionValues=iPlanetAMWebAgentService|GET|allow|deny:iPlanetAMWebAgentService|POST|allow|deny
com.sun.identity.policy.client.resourceComparators=serviceType=iPlanetAMWebAgentService|class=com.sun.identity.policy.plugins.HttpURLResourceName|wildcard=*|delimiter=/|caseSensitive=false
# - com.sun.identity.agents.config.policy.env.get.param: A list of HTTP GET
# - com.sun.identity.agents.config.policy.env.post.param: A list of HTTP POST
# - com.sun.identity.agents.config.policy.env.jsession.param: A list of
# com.sun.identity.agents.config.policy.env.get.param[1]=phonenumber
# com.sun.identity.agents.config.policy.env.jsession.param[0]=cardnumber
# GET.name => [bob]
# GET.phonenumber => [1-800-123-4567]
# JSESSION.cardnumber => [12345678]
# -com.sun.identity.client.notification.url: URL for agent to receive
com.sun.identity.client.notification.url=@AGENT_PREF_PROTO@://@AGENT_HOST@:@AGENT_PREF_PORT@@AGENT_APP_URI@/notification
# - com.iplanet.services.debug.level: Specifies the debug level to be used.
com.iplanet.services.debug.level=@DEBUG_LEVEL@