OpenSSOAgentConfiguration.template revision dca1e5e05c4dc49f6ce1ceb50100476adc3281b1
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# The contents of this file are subject to the terms
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# of the Common Development and Distribution License
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# (the License). You may not use this file except in
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# compliance with the License.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# You can obtain a copy of the License at
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# https://opensso.dev.java.net/public/CDDLv1.0.html or
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# See the License for the specific language governing
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# permission and limitations under the License.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# When distributing Covered Code, include this CDDL
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# Header Notice in each file and include the License file
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# If applicable, add the following below the CDDL Header,
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# with the fields enclosed by brackets [] replaced by
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# your own identifying information:
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# "Portions Copyrighted [year] [name of copyright owner]"
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# $Id: OpenSSOAgentConfiguration.template,v 1.2 2009/10/15 23:35:04 leiming Exp $
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# Portions Copyrighted 2010-2013 ForgeRock AS.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync#------------------------------------------------------------------------------
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# Configuration Property File
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# OpenAM Policy Agent for:
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# GlassFish 2.1
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# Version: 3.0
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync#------------------------------------------------------------------------------
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# THIS FILE PROVIDES THE CONFIGURATION SETTINGS NECESSARY FOR THE AGENT
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# TO FUNCTION CORRECTLY. PLEASE REFER TO THE DOCUMENTATION BEFORE
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# MODIFYING ANY OF THE VALUES IN THIS FILE.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# Data present in this file provides the necessary configuration
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# settings needed by Agent to work correctly. Invalid configuration
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# data present in this file can lead to malfunction of the Agent, the
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# application, and the Application Server.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# WARNING: The contents of this file are classified as an UNSTABLE
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# interface by Sun Microsystems, Inc. As such, they are subject to
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# significant, incompatible changes in any future release of the
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# INVALID CONFIGURATION SETTINGS MAY RESULT IN MALFUNCTION OF THE ENTIRE
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync#------------------------------------------------------------------------------
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync#------------------------------------------------------------------------------
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# General Notes about the Agent Configuration
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# -------------------------------------------
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# HOT-SWAP MECHANISM:
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# Certain property keys in this configuration are hot-swap enabled.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# The value for these keys when altered are dynamically loaded by the
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# Agent such that it is not necessary to restart the Application
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# Server in order for these changes to take effect. However, in cases
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# where the key is explicitly identified as not enabled for hot-swap
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# or in cases when the hot-swap mechanism is disabled on the system,
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# the Application Server must be restarted for the changes to take
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# effect. Please refer to the Agent documentation to further learn
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# about hot-swap configuration of the Agent.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# LIST CONSTRUCTS:
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# Certain property keys in this configuration are specified as lists.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# A list construct is defined as follows:
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# <key>[<index>]=<value>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# key : is the configuration key
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# index : is a positive number starting from 0 that increments by 1
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# for every value specified in this list.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# value : is one of the values specified in this list.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# - Please refer the Agent documentation for full details on usage.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# com.sun.identity.agents.config.example[0] = value0
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# com.sun.identity.agents.config.example[1] = value1
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# com.sun.identity.agents.config.example[2] = value2
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# MAP CONSTRUCTS:
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# Certain property keys in this configuration are specified as Maps.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# A Map construct is defined as follows:
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# <key>[<name>]=<value>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# key : is the configuration key
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# name : is a string that forms the lookup key as available in the
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# value : is the value associated with the name in the Map
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# - Please refer the Agent documentation for full details on usage.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# com.sun.identity.agents.config.example[AL] = ALABAMA
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# com.sun.identity.agents.config.example[AK] = ALASKA
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# com.sun.identity.agents.config.example[AZ] = ARIZONA
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# APPLICATION SPECIFIC/GLOBAL CONFIGURATION:
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# Certain property keys in this configuration can be specified per
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# protected application. This implies that the Agent will use
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# different values of the same configuration key for different
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# applications as defined in this configuration file. Properties
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# which are not specified per protected applications are called Global
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# properties. Application specific properties are defined as follows:
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# <key>[<appname>]=<value>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# key : is the configuration key
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# appname : is the Application name to which this configuration
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# belongs. The application name is the context path of
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# the application without the leading forward slash
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# character. In case when the application has been
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# deployed at the root-context of the server, the
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# application name should be specified as
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# 'DefaultWebApp'.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# value : the value that will be used by the Agent when
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# protecting the application identified by the given
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# application name.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# - When an application specific configuration is not present, the
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# Agent uses different mechanisms to identify a default value. There
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# could be configurations where the default value is used as the
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# value specified for the same key without any application specific
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# suffix '[<appname>]'. For example, if the following configuration
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# keys are present:
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# com.sun.identity.agents.config.example[Portal] = value1
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# com.sun.identity.agents.config.example[DefaultWebApp] = value2
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# then, for applications other than the ones deployed on the root
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# context and the context '/Portal', the value of this key will
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# default to 'value3'.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# - Application Specific configuration properties must follow the
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# rules and syntax of the MAP construct of configuration entries as
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# defined above.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# com.sun.identity.agents.config.example[Portal] = value1
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# com.sun.identity.agents.config.example[BankApp] = value2
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# com.sun.identity.agents.config.example[DefaultWebApp] = value3
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync#------------------------------------------------------------------------------
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# FILTER OPERATION MODE
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# Specifies the mode of operation of the Filter. Valid value is one of:
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# NONE, SSO_ONLY, URL_POLICY, J2EE_POLICY, ALL. This property can also be
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# specified as an application specific property. However, the global
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# property must always be present.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# WHEN THIS PROPERTY IS SET TO 'NONE', THE AGENT WILL GRANT ACCESS TO
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# ALL PROTECTED RESOURCES. THIS MODE OF OPERATION SHOULD NOT BE USED
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# IN DEPLOYED PRODUCTION SYSTEMS AT ANY TIME AS IT CAN RESULT IN
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# UNAUTHORIZED ACCESS TO PROTECTED SYSTEM RESOURCES. THIS MODE OF
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# OPERATION IS PROVIDED ONLY TO FACILITATE TROUBLESHOOTING OF THE
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# APPLICATION IN A WELL CONTROLLED DEVELOPMENT AND TEST ENVIRONMENT
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# AND SHOULD NOT BE USED IN ANY OTHER ENVIRONMENT.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# Hot-Swap Enabled: No
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# com.sun.identity.agents.config.filter.mode[BankApp] = URL_POLICY
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# USER MAPPING PROPERTIES
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# - user.mapping.mode: Specifies the mechanism by which the user-ID
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# to be used on the protected server for the authenticated user is
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# determined by the Agent. Value of this is one of: USER_ID,
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# PROFILE_ATTRIBUTE, HTTP_HEADER, SESSION_PROPERTY.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# - user.attribute.name: Specifies the name of the profile attribute,
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# or HTTP header, or Session property which contains the user-ID to
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# be used on the protected server for the authenticated user. This
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# property is not used if the value of user.mapping.mode is set to
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# - user.principal: A flag that indicates that the principal of the
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# authenticated user be used instead of just the user-ID for
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# authenticating the user on the protected server. This property is
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# applicable if the user.mapping.mode is set to USER_ID.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# - user.token: Specifies a session property name which contains the
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# user-ID of the authenticated user in session. This property is used
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# when the user.mapping.mode is set to USER_ID and the user.principal
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# flag is set to false.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# Hot-Swap Enabled: Yes
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# com.sun.identity.agents.config.user.mapping.mode = PROFILE_ATTRIBUTE
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# com.sun.identity.agents.config.user.attribute.name = employeenumber
1b33c96954667ba382fa595baf7b31290bfdd517vboxsynccom.sun.identity.agents.config.user.mapping.mode = USER_ID
1b33c96954667ba382fa595baf7b31290bfdd517vboxsynccom.sun.identity.agents.config.user.attribute.name = employeenumber
1b33c96954667ba382fa595baf7b31290bfdd517vboxsynccom.sun.identity.agents.config.user.principal = false
1b33c96954667ba382fa595baf7b31290bfdd517vboxsynccom.sun.identity.agents.config.user.token = UserToken
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# CLIENT IDENTIFICATION PROPERTIES
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# - client.ip.header: Specifies a HTTP header name that holds the IP
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# address of the client. May be left blank if not used.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# - client.hostname.header: Specifies a HTTP header name that holds the
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# Hostname of the client. May be left blank if not used.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# Hot-Swap Enabled: Yes
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# com.sun.identity.agents.config.client.ip.header = X-Proxy-Client-IP
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# com.sun.identity.agents.config.client.hostname.header = X-Proxy-Client-Host
1b33c96954667ba382fa595baf7b31290bfdd517vboxsynccom.sun.identity.agents.config.client.hostname.header =
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# CONFIGURATION RELOAD INTERVAL
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# Specifies the interval in seconds between configuration reloads. When
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# set to 0, the hot-swap mechanism will be disabled.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# Hot-Swap Enabled: Yes
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# LOCALE IDENTIFICATION PROPERTIES
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# - locale.language: Specifies the language code for identifying the Locale
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# of operation.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# - locale.country: Specifies the country code for identifying the Locale of
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# operation.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# Hot-Swap Enabled: No
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# AUDIT LOG PROPERTIES
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# - audit.accesstype: Specifies the access type which will be logged by the
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# Agent. Valid value is one of: LOG_NONE, LOG_ALLOW, LOG_DENY, LOG_BOTH.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# - log.disposition: Specifies the audit log mode that the Agent will use
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# when writing audit log messages. Valid value is one of: LOCAL, REMOTE,
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# - remote.logfile: Specifies the file name to be used on the remote server
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# if the log.disposition is set to REMOTE or ALL.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# - local.log.rotate: A flag that indicates if the rotation of audit log
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# local file is enabled or disabled.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# - local.log.size: The size in bytes of the local audit log file, beyond
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# which the Agent should rotate the log file.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# Hot-Swap Enabled: Yes
1b33c96954667ba382fa595baf7b31290bfdd517vboxsynccom.sun.identity.agents.config.audit.accesstype = LOG_NONE
1b33c96954667ba382fa595baf7b31290bfdd517vboxsynccom.sun.identity.agents.config.log.disposition = REMOTE
1b33c96954667ba382fa595baf7b31290bfdd517vboxsynccom.sun.identity.agents.config.remote.logfile = @AUDIT_LOG_FILENAME@
1b33c96954667ba382fa595baf7b31290bfdd517vboxsynccom.sun.identity.agents.config.local.log.rotate = false
1b33c96954667ba382fa595baf7b31290bfdd517vboxsynccom.sun.identity.agents.config.local.log.size = 52428800
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# WEB SERVICE PROCESSING PROPERTIES
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# - webservice.enable: A flag that specifies if Web Service processing is
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# enabled or disabled.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# - webservice.endpoint: A list of Web Application end points that represent
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# Web Services.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# - webservice.process.get.enable: A flag that indicates if the processing
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# of HTTP GET requests for Web Service endpoints is enabled or disabled.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# - webservice.authenticator: An implementation class that can be used to
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# authenticate web-service requests.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# - webservice.internalerror.content: The name of file that contains content
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# used by the Agent to generate an internal error fault for clients.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# - webservice.autherror.content: The name of file that contains content
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# used by the Agent to generate an authorization error fault for clients.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# Hot-Swap Enabled: Yes
1b33c96954667ba382fa595baf7b31290bfdd517vboxsynccom.sun.identity.agents.config.webservice.enable = false
1b33c96954667ba382fa595baf7b31290bfdd517vboxsynccom.sun.identity.agents.config.webservice.endpoint[0] =
1b33c96954667ba382fa595baf7b31290bfdd517vboxsynccom.sun.identity.agents.config.webservice.process.get.enable = true
1b33c96954667ba382fa595baf7b31290bfdd517vboxsynccom.sun.identity.agents.config.webservice.authenticator =
1b33c96954667ba382fa595baf7b31290bfdd517vboxsynccom.sun.identity.agents.config.webservice.internalerror.content = WSInternalErrorContent.txt
1b33c96954667ba382fa595baf7b31290bfdd517vboxsynccom.sun.identity.agents.config.webservice.autherror.content = WSAuthErrorContent.txt
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# ACCESS DENIED URI
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# An application specific (MAP) property that specifies the URI used by
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# the Agent to block unauthorized access requests. May be left unspecified
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# if not available. A global value can also be specified.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# com.sun.identity.agents.config.access.denied.uri[BankApp] = /BankApp/accessdenied.html
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# com.sun.identity.agents.config.access.denied.uri = /accessdenied.html
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# Hot-Swap Enabled: Yes
1b33c96954667ba382fa595baf7b31290bfdd517vboxsynccom.sun.identity.agents.config.access.denied.uri[] =
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# FORM LOGIN PROCESSING PROPERTIES
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# - login.form: A LIST property used by the Agent to identify login
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync# request and take appropriate action. Each entry should be the
# absolute URI of the resource specified in the web.xml deployment
# - login.error.uri: A LIST property used by the Agent to identify
# be the absolute URI of the resource specified in the web.xml
# - login.use.internal: A flag that specifies if the Agent should use
# - login.content.file: Specifies the name or complete path of the file
# the login.use.internal flag is set to true.
# - auth.handler: A MAP property that specifies application
# - logout.handler: A MAP property that specifies the application
# - verification.handler: A MAP property that specifies the application
# com.sun.identity.agents.config.auth.handler[BankApp] = BankAuthHandler
# com.sun.identity.agents.config.logout.handler[BankApp] = BankLogoutHandler
# com.sun.identity.agents.config.verification.handler[BankApp] = BankVerificationHandler
com.sun.identity.agents.config.login.url[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/UI/Login
com.sun.identity.agents.config.logout.url[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/UI/Logout
# - login.url.prioritized: specifies if the failover sequence for Login URLs
# - login.url.probe.enabled: specifies if agent will check the availability
# - login.url.probe.timeout: this is the connect timeout value in milliseconds
# when login.url.probe.enabled is set to true (or server will be checked).
# - logout.url.prioritized: specifies if the failover sequence for Logout
# - logout.url.probe.enabled: specifies if agent will check the availability
# - logout.url.probe.timeout: this is the connect timeout value in milliseconds
# when logout.url.probe.enabled is set to true (or server will be checked).
# - agent.host: The host name identifying the Agent protected server to
# - agent.port: The port number identifying the Agent protected server
# - cookie.reset.enable: A flag that specifies if cookie reset processing
# - cookie.reset.name: A list of cookie names that will be reset by the
# - cookie.reset.domain: A MAP property with the key being the cookie name
# specified in cookie.reset.name property and the value being the domain
# - cookie.reset.path: A MAP property with the key being the cookie name
# specified in cookie.reset.name property and the value being the path
# - cdsso.enable: A flag that specifies if CDSSO processing is
# - cdsso.redirect.uri: An intermediate URI that is used by the
# - cdsso.cdcservlet.url: A LIST of URLs of the available CDSSO controllers
# - cdsso.clock.skew: Specifies a time in seconds to be used by the
# - cdsso.trusted.id.providers: This property specifies the OpenAM
# Server/ID providers that should be trusted by the agent, when evaluating
# the CDC Liberty Responses. Used when a Load Balancer/Firewall is between
# - cdsso.domain: This property specifies the domains for which cookies have
com.sun.identity.agents.config.cdsso.redirect.uri = @AGENT_APP_URI@/sunwCDSSORedirectURI
com.sun.identity.agents.config.cdsso.cdcservlet.url[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/cdcservlet
com.sun.identity.agents.config.cdsso.trusted.id.provider[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/cdcservlet
# - logout.application.handler: An application specific (MAP) property
# - logout.uri: An application specific (MAP) property that identifies
# - logout.request.param: An application specific (MAP) property that
# - logout.introspect.enabled: A flag that when set allows the Agent
# - logout.entry.uri: An application specific (MAP) property that identifies
# - fqdn.check.enable: A flag that indicates if FQDN checking is enabled
# - fqdn.default: A hostname that represents the default FQDN to be
# - fqdn.mapping: A MAP property that specifies a mapping from an invalid
# Examples of fqdn.mapping:
com.sun.identity.agents.config.fqdn.default = @AGENT_HOST@
# - legacy.support.enable: A flag that specifies if legacy user agent
# - legacy.user.agent: A LIST of user agent header values that identify
# - legacy.redirect.uri: An intermediate URI used by the Agent to
com.sun.identity.agents.config.legacy.user.agent[0] = Mozilla/4.7*
com.sun.identity.agents.config.legacy.redirect.uri = @AGENT_APP_URI@/sunwLegacySupportURI
# com.sun.identity.agents.config.response.header[Cache-Control] = no-cache
# - port.check.enable: A flag that indicates if port check functionality
# - port.check.file: Specifies the name or complete path of a file that
# - port.check.setting: A MAP of port versus protocol entries with the
# Example of port.check.setting:
# com.sun.identity.agents.config.port.check.setting[80] = http
# com.sun.identity.agents.config.port.check.setting[443] = https
com.sun.identity.agents.config.port.check.setting[@AGENT_PREF_PORT@] = @AGENT_PREF_PROTO@
# - notenforced.uri: A LIST of URIs for which protection is not enforced
# - notenforced.uri.invert: A flag that specifies if the list of URIs
# specified by the property notenforced.uri should be inverted. When
# - notenforced.uri.cache.enable: A flag that specifies if the caching of
# - notenforced.uri.cache.size: The size of the cache to be used if
# - notenforced.refresh.session.idletime: A flag that specifies if the opensso
# Example of notenforced.uri:
# com.sun.identity.agents.config.notenforced.uri[1]=/public/*
# com.sun.identity.agents.config.notenforced.uri[2]=/images/*
# - notenforced.ip: A LIST of client IP addresses for which protection is
# - notenforced.ip.invert: A flag that specifies if the list of client IP
# addresses specified by the property notenforced.ip should be inverted.
# - notenforced.ip.cache.enable: A flag that specifies if the caching of
# - notenforced.ip.cache.size: The size of the cache to be used if
# Example of notenforced.ip:
# com.sun.identity.agents.config.notenforced.ip[0]=192.18.145.*
# com.sun.identity.agents.config.notenforced.ip[1]=192.18.146.123
# - attribute.cookie.separator: A character that will be used to separate
# - attribute.cookie.encode: A flag that indicates if the value of the
# - attribute.date.format: The format of date attribute values to be used
# on the definition as provided in java.text.SimpleDateFormat.
com.sun.identity.agents.config.attribute.date.format = EEE, d MMM yyyy hh:mm:ss z
# - profile.attribute.fetch.mode: The mode of fetching profile attributes.
# - profile.attribute.mapping: A MAP that specifies the profile attributes to
# Example of profile.attribute.mapping:
# com.sun.identity.agents.config.profile.attribute.mapping[cn]=CUSTOM-Common-Name
# com.sun.identity.agents.config.profile.attribute.mapping[mail]=CUSTOM-Email
# - session.attribute.fetch.mode: The mode of fetching session attributes.
# - session.attribute.mapping: A MAP that specifies the session attributes to
# Example of session.attribute.mapping:
# com.sun.identity.agents.config.session.attribute.mapping[UserToken]=CUSTOM-userid
# - response.attribute.fetch.mode: The mode of fetching policy response
# - response.attribute.mapping: A MAP that specifies the policy response
# com.sun.identity.agents.config.bypass.principal[0] = guest
# com.sun.identity.agents.config.bypass.principal[1] = testuser
# - default.privileged.attribute: A list of privileged attributes that will
# - privileged.attribute.type: A list of privileged attribute types that will
# - privileged.attribute.tolowercase : A MAP property that specifies if the
# - privileged.session.attribute: A list of session property names which
# com.sun.identity.agents.config.default.privileged.attribute[0] = AUTHENTICATED_USERS
# com.sun.identity.agents.config.privileged.attribute.tolowercase[Group] = false
# com.sun.identity.agents.config.privileged.session.attribute[0] = UserToken
# com.sun.identity.agents.config.privileged.attribute.mapping[id\=manager,ou\=group,dc\=opensso,dc\=java,dc\=net] = am_manager_role
# com.sun.identity.agents.config.privileged.attribute.mapping[id\=employee,ou\=group,dc\=opensso,dc\=java,dc\=net] = am_employee_role
com.sun.identity.agents.config.default.privileged.attribute[0] = AUTHENTICATED_USERS
com.iplanet.am.cookie.name=iPlanetDirectoryPro
# - com.iplanet.am.session.client.polling.enable: A flag that specifies if
# - com.iplanet.am.session.client.polling.period: Specifies the time in
# notifications is com.sun.identity.client.notification.url
# - com.sun.identity.idm.remote.notification.enabled: A flag that is used to
# enable/disable the notifications for amsdk and IdRepo Caches. If set to
# - com.iplanet.am.sdk.remote.pollingTime: Cache update time in minutes for
# 'com.sun.identity.client.notification.url' or if notifications are
# - com.sun.identity.sm.notification.enabled: A flag that is used to
# enable/disable the notifications for service management caches. If set to
# - com.sun.identity.sm.cacheTime: Cache update time in minutes for service
# 'com.sun.identity.client.notification.url' or if notifications are
com.iplanet.am.server.protocol=@AM_SERVICES_PROTO@
com.iplanet.am.server.host=@AM_SERVICES_HOST@
com.iplanet.am.server.port=@AM_SERVICES_PORT@
# - com.sun.identity.agents.notification.enabled: A flag that specifies
# - com.sun.identity.agents.polling.interval: The duration in minutes
# - com.sun.identity.policy.client.cacheMode: The mode of caching to be
# - com.sun.identity.policy.client.booleanActionValues : boolean action
# - com.sun.identity.policy.client.resourceComparators: Resource Comparators
# - com.sun.identity.policy.client.clockSkew: Specifies time in seconds
# property com.sun.identity.client.notification.url.
com.sun.identity.policy.client.booleanActionValues=iPlanetAMWebAgentService|GET|allow|deny:iPlanetAMWebAgentService|POST|allow|deny
com.sun.identity.policy.client.resourceComparators=serviceType=iPlanetAMWebAgentService|class=com.sun.identity.policy.plugins.HttpURLResourceName|wildcard=*|delimiter=/|caseSensitive=false
# - com.sun.identity.agents.config.policy.env.get.param: A list of HTTP GET
# - com.sun.identity.agents.config.policy.env.post.param: A list of HTTP POST
# - com.sun.identity.agents.config.policy.env.jsession.param: A list of
# com.sun.identity.agents.config.policy.env.get.param[1]=phonenumber
# com.sun.identity.agents.config.policy.env.jsession.param[0]=cardnumber
# GET.name => [bob]
# GET.phonenumber => [1-800-123-4567]
# JSESSION.cardnumber => [12345678]
# -com.sun.identity.client.notification.url: URL for agent to receive
com.sun.identity.client.notification.url=@AGENT_PREF_PROTO@://@AGENT_HOST@:@AGENT_PREF_PORT@@AGENT_APP_URI@/notification
# - com.iplanet.services.debug.level: Specifies the debug level to be used.
com.iplanet.services.debug.level=@DEBUG_LEVEL@