OpenSSOAgentConfiguration.template revision 20d6346411620e69843780ad0526325cd7ad94ee
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# The contents of this file are subject to the terms
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# of the Common Development and Distribution License
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# (the License). You may not use this file except in
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# compliance with the License.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# You can obtain a copy of the License at
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# https://opensso.dev.java.net/public/CDDLv1.0.html or
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# See the License for the specific language governing
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# permission and limitations under the License.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# When distributing Covered Code, include this CDDL
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Header Notice in each file and include the License file
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# If applicable, add the following below the CDDL Header,
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# with the fields enclosed by brackets [] replaced by
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# your own identifying information:
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# "Portions Copyrighted [year] [name of copyright owner]"
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# $Id: OpenSSOAgentConfiguration.template,v 1.2 2009/10/15 23:35:42 leiming Exp $
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Portions Copyrighted 2013-2014 ForgeRock AS.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen#------------------------------------------------------------------------------
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Configuration Property File
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# OpenAM Policy Agent for:
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen#------------------------------------------------------------------------------
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# THIS FILE PROVIDES THE CONFIGURATION SETTINGS NECESSARY FOR THE AGENT
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# TO FUNCTION CORRECTLY. PLEASE REFER TO THE DOCUMENTATION BEFORE
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# MODIFYING ANY OF THE VALUES IN THIS FILE.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Data present in this file provides the necessary configuration
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# settings needed by Agent to work correctly. Invalid configuration
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# data present in this file can lead to malfunction of the Agent, the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# application, and the Application Server.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# WARNING: The contents of this file are classified as an UNSTABLE
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# interface by Sun Microsystems, Inc. As such, they are subject to
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# significant, incompatible changes in any future release of the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# INVALID CONFIGURATION SETTINGS MAY RESULT IN MALFUNCTION OF THE ENTIRE
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen#------------------------------------------------------------------------------
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen#------------------------------------------------------------------------------
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# General Notes about the Agent Configuration
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# -------------------------------------------
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# HOT-SWAP MECHANISM:
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Certain property keys in this configuration are hot-swap enabled.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# The value for these keys when altered are dynamically loaded by the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Agent such that it is not necessary to restart the Application
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Server in order for these changes to take effect. However, in cases
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# where the key is explicitly identified as not enabled for hot-swap
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# or in cases when the hot-swap mechanism is disabled on the system,
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# the Application Server must be restarted for the changes to take
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# effect. Please refer to the Agent documentation to further learn
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# about hot-swap configuration of the Agent.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# LIST CONSTRUCTS:
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Certain property keys in this configuration are specified as lists.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# A list construct is defined as follows:
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# <key>[<index>]=<value>
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# key : is the configuration key
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# index : is a positive number starting from 0 that increments by 1
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# for every value specified in this list.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# value : is one of the values specified in this list.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - Please refer the Agent documentation for full details on usage.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.example[0] = value0
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.example[1] = value1
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.example[2] = value2
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# MAP CONSTRUCTS:
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Certain property keys in this configuration are specified as Maps.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# A Map construct is defined as follows:
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# <key>[<name>]=<value>
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# key : is the configuration key
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# name : is a string that forms the lookup key as available in the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# value : is the value associated with the name in the Map
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - Please refer the Agent documentation for full details on usage.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.example[AL] = ALABAMA
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.example[AK] = ALASKA
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.example[AZ] = ARIZONA
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# APPLICATION SPECIFIC/GLOBAL CONFIGURATION:
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Certain property keys in this configuration can be specified per
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# protected application. This implies that the Agent will use
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# different values of the same configuration key for different
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# applications as defined in this configuration file. Properties
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# which are not specified per protected applications are called Global
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# properties. Application specific properties are defined as follows:
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# <key>[<appname>]=<value>
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# key : is the configuration key
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# appname : is the Application name to which this configuration
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# belongs. The application name is the context path of
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# the application without the leading forward slash
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# character. In case when the application has been
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# deployed at the root-context of the server, the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# application name should be specified as
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# 'DefaultWebApp'.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# value : the value that will be used by the Agent when
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# protecting the application identified by the given
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# application name.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - When an application specific configuration is not present, the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Agent uses different mechanisms to identify a default value. There
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# could be configurations where the default value is used as the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# value specified for the same key without any application specific
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# suffix '[<appname>]'. For example, if the following configuration
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# keys are present:
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.example[Portal] = value1
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.example[DefaultWebApp] = value2
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.example = value3
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# then, for applications other than the ones deployed on the root
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# context and the context '/Portal', the value of this key will
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# default to 'value3'.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - Application Specific configuration properties must follow the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# rules and syntax of the MAP construct of configuration entries as
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# defined above.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.example[Portal] = value1
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.example[BankApp] = value2
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.example[DefaultWebApp] = value3
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen#------------------------------------------------------------------------------
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# FILTER OPERATION MODE
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Specifies the mode of operation of the Filter. Valid value is one of:
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# NONE, SSO_ONLY, URL_POLICY, J2EE_POLICY, ALL. This property can also be
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# specified as an application specific property. However, the global
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# property must always be present.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# WHEN THIS PROPERTY IS SET TO 'NONE', THE AGENT WILL GRANT ACCESS TO
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# ALL PROTECTED RESOURCES. THIS MODE OF OPERATION SHOULD NOT BE USED
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# IN DEPLOYED PRODUCTION SYSTEMS AT ANY TIME AS IT CAN RESULT IN
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# UNAUTHORIZED ACCESS TO PROTECTED SYSTEM RESOURCES. THIS MODE OF
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# OPERATION IS PROVIDED ONLY TO FACILITATE TROUBLESHOOTING OF THE
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# APPLICATION IN A WELL CONTROLLED DEVELOPMENT AND TEST ENVIRONMENT
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# AND SHOULD NOT BE USED IN ANY OTHER ENVIRONMENT.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: No
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.filter.mode = ALL
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.filter.mode[BankApp] = URL_POLICY
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.filter.mode = ALL
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# USER MAPPING PROPERTIES
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - user.mapping.mode: Specifies the mechanism by which the user-ID
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# to be used on the protected server for the authenticated user is
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# determined by the Agent. Value of this is one of: USER_ID,
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# PROFILE_ATTRIBUTE, HTTP_HEADER, SESSION_PROPERTY.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - user.attribute.name: Specifies the name of the profile attribute,
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# or HTTP header, or Session property which contains the user-ID to
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# be used on the protected server for the authenticated user. This
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# property is not used if the value of user.mapping.mode is set to
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - user.principal: A flag that indicates that the principal of the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# authenticated user be used instead of just the user-ID for
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# authenticating the user on the protected server. This property is
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# applicable if the user.mapping.mode is set to USER_ID.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - user.token: Specifies a session property name which contains the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# user-ID of the authenticated user in session. This property is used
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# when the user.mapping.mode is set to USER_ID and the user.principal
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# flag is set to false.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.user.mapping.mode = PROFILE_ATTRIBUTE
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.user.attribute.name = employeenumber
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.user.mapping.mode = USER_ID
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.user.attribute.name = employeenumber
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.user.principal = false
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.user.token = UserToken
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# CLIENT IDENTIFICATION PROPERTIES
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - client.ip.header: Specifies a HTTP header name that holds the IP
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# address of the client. May be left blank if not used.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - client.hostname.header: Specifies a HTTP header name that holds the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hostname of the client. May be left blank if not used.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.client.ip.header = X-Proxy-Client-IP
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.client.hostname.header = X-Proxy-Client-Host
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.client.ip.header =
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.client.hostname.header =
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# CONFIGURATION RELOAD INTERVAL
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Specifies the interval in seconds between configuration reloads. When
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# set to 0, the hot-swap mechanism will be disabled.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.load.interval = 0
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# LOCALE IDENTIFICATION PROPERTIES
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - locale.language: Specifies the language code for identifying the Locale
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# of operation.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - locale.country: Specifies the country code for identifying the Locale of
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: No
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.locale.language = en
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.locale.country = US
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# AUDIT LOG PROPERTIES
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - audit.accesstype: Specifies the access type which will be logged by the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Agent. Valid value is one of: LOG_NONE, LOG_ALLOW, LOG_DENY, LOG_BOTH.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - log.disposition: Specifies the audit log mode that the Agent will use
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# when writing audit log messages. Valid value is one of: LOCAL, REMOTE,
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - remote.logfile: Specifies the file name to be used on the remote server
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# if the log.disposition is set to REMOTE or ALL.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - local.log.rotate: A flag that indicates if the rotation of audit log
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# local file is enabled or disabled.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - local.log.size: The size in bytes of the local audit log file, beyond
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# which the Agent should rotate the log file.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.audit.accesstype = LOG_NONE
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.log.disposition = REMOTE
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.remote.logfile = @AUDIT_LOG_FILENAME@
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.local.log.rotate = false
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.local.log.size = 52428800
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# WEB SERVICE PROCESSING PROPERTIES
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - webservice.enable: A flag that specifies if Web Service processing is
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# enabled or disabled.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - webservice.endpoint: A list of Web Application end points that represent
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Web Services.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - webservice.process.get.enable: A flag that indicates if the processing
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# of HTTP GET requests for Web Service endpoints is enabled or disabled.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - webservice.authenticator: An implementation class that can be used to
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# authenticate web-service requests.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - webservice.internalerror.content: The name of file that contains content
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# used by the Agent to generate an internal error fault for clients.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - webservice.autherror.content: The name of file that contains content
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# used by the Agent to generate an authorization error fault for clients.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - webservice.responseprocessor: An implementation class that is used to do
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# web-service response processing.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.webservice.enable = false
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.webservice.endpoint[0] =
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.webservice.process.get.enable = true
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.webservice.authenticator =
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.webservice.internalerror.content = WSInternalErrorContent.txt
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.webservice.autherror.content = WSAuthErrorContent.txt
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.webservice.responseprocessor =
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# ACCESS DENIED URI
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# An application specific (MAP) property that specifies the URI used by
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# the Agent to block unauthorized access requests. May be left unspecified
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# if not available. A global value can also be specified.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.access.denied.uri[BankApp] = /BankApp/accessdenied.html
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.access.denied.uri = /accessdenied.html
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.access.denied.uri[] =
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# FORM LOGIN PROCESSING PROPERTIES
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - login.form: A LIST property used by the Agent to identify login
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# request and take appropriate action. Each entry should be the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# absolute URI of the resource specified in the web.xml deployment
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# descriptor of the protected application in the element
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# form-login-page.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - login.error.uri: A LIST property used by the Agent to identify
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# error page request and take appropriate action. Each entry should
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# be the absolute URI of the resource specified in the web.xml
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# deployment descriptor of the protected application in the element
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# form-error-page.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - login.use.internal: A flag that specifies if the Agent should use
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# internal content for handling form login requests.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - login.content.file: Specifies the name or complete path of the file
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# that will be used by the Agent for handling form login requests if
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# the login.use.internal flag is set to true.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.login.form[0] = /BankApp/jsp/login.jsp
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.login.error.uri[0] = /BankApp/jsp/error.jsp
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.login.error.uri[0] =
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.login.use.internal = true
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.login.content.file = FormLoginContent.txt
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# LOCAL AUTHENTICATION PROCESSING PROPERTIES
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - auth.handler: A MAP property that specifies application
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# specific Authentication Handler to be used by the the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Agent in order to authenticate the logged on user with the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Application server for the particular application.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - logout.handler: A MAP property that specifies the application
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# specific Logout Handler to be used by the Agent in order to logout
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# the logged on user within the Application server for the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# particular application.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - verification.handler: A MAP property that specifies the application
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# specific local verification handler used by the agent to validate
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# the user credentials with the local repository.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.auth.handler[BankApp] = BankAuthHandler
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.logout.handler[BankApp] = BankLogoutHandler
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.verification.handler[BankApp] = BankVerificationHandler
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.auth.handler[] =
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.logout.handler[] =
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.verification.handler[] =
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# HTTP SESSION BINDING
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Its default value is false so the agent will not invalidate http session,
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# and session data will be maintained.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# If its value is true, then the agent will invalidate the http session when
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# the agent identifies that login has failed, user does not have SSO session
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# or pincipal user name does not match SSO user name.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.httpsession.binding = true
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# GOTO PARAMETER NAME
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# This property has been deprecated.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Specifies the goto Parameter name to be used by the Agent when
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# redirecting the user to the appropriate authentication service. The
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# value of this parameter is used by the authentication service to
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# redirect the user to the original requested destination.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Valid Values:
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# A string value that represents the goto parameter name.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.redirect.param = goto
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Specifies the login URLs to be used by the Agent to redirect
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# incoming users without sufficient credentials to the OpenAM
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# authentication service.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.login.url[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/UI/Login
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Specifies the logout URLs to be used by the Agent to log out
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# the authenticated users from the OpenAM authentication service.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.logout.url[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/UI/Logout
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# LOGIN URL, LOGOUT URL, or CDSSO URLs PROPERTIES
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - login.url.prioritized: specifies if the failover sequence for Login URLs
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# or CDSSO URLs should be prioritized as defined in the list with the lowest
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# index having the highest priority.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - login.url.probe.enabled: specifies if agent will check the availability
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# of these urls before redirecting to them.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Default value is true for backward compability, but suggests to set it
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# to false (server will not be checked) in production deployment where agent
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# often can not access login url directly.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - login.url.probe.timeout: this is the connect timeout value in milliseconds
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# when login.url.probe.enabled is set to true (or server will be checked).
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - logout.url.prioritized: specifies if the failover sequence for Logout
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# URLs should be prioritized as defined in the list with the lowest
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# index having the highest priority.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - logout.url.probe.enabled: specifies if agent will check the availability
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# of these urls before redirecting to them.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Default value is true for backward compability, but suggests to set it
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# to false (server will not be checked) in production deployment where agent
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# often can not access logout url directly.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - logout.url.probe.timeout: this is the connect timeout value in milliseconds
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# when logout.url.probe.enabled is set to true (or server will be checked).
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.login.url.prioritized = true
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.login.url.probe.enabled = true
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.login.url.probe.timeout = 2000
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.logout.url.prioritized = true
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.logout.url.probe.enabled = true
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.logout.url.probe.timeout = 2000
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# AGENT SERVER PROPERTIES
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - agent.host: The host name identifying the Agent protected server to
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# the client browsers if different from the actual host name. May be
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# left blank if not used.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - agent.port: The port number identifying the Agent protected server
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# listening port to the client browsers if different from the actual
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# listening port. May be left blank if not used.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - agent.protocol: The protocol being used (http/https) by the client
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# browsers to communicate with the Agent protected server if different
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# from the actual protocol used by the server.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.agent.protocol =
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# LOGIN ATTEMPT LIMIT
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Specifies the number of login attempts that a user can make without
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# success using a single browser session which will trigger the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# blocking of the user request. Setting this value to 0 disables this
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.login.attempt.limit = 0
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# SSO Cache Enable Flag:
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# This property specifies if the SSO Cache is active for the agent. This cache
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# is used through public APIs exposed by the agent SDK.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Valid Values: true, false
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.amsso.cache.enable = true
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# COOKIE RESET PROCESSING PROPERTIES
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - cookie.reset.enable: A flag that specifies if cookie reset processing
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# is enabled or disabled.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - cookie.reset.name: A list of cookie names that will be reset by the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Agent if cookie reset processing is enabled.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - cookie.reset.domain: A MAP property with the key being the cookie name
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# specified in cookie.reset.name property and the value being the domain
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# of this cookie to be used when a reset event occurs.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - cookie.reset.path: A MAP property with the key being the cookie name
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# specified in cookie.reset.name property and the value being the path
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# of this cookie to be used when a reset event occurs.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.cookie.reset.enable = false
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.cookie.reset.name[0] =
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.cookie.reset.domain[] =
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.cookie.reset.path[] =
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# CDSSO PROCESSING PROPERTIES
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - cdsso.enable: A flag that specifies if CDSSO processing is
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# enabled or disabled.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - cdsso.redirect.uri: An intermediate URI that is used by the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Agent for processing CDSSO requests.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - cdsso.cdcservlet.url: A LIST of URLs of the available CDSSO controllers
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# that may be used by the Agent for CDSSO processing.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - cdsso.clock.skew: Specifies a time in seconds to be used by the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Agent to determine the validity of the CDSSO AuthnResponse assertion.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - cdsso.trusted.id.providers: This property specifies the OpenAM
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Server/ID providers that should be trusted by the agent, when evaluating
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# the CDC Liberty Responses. Used when a Load Balancer/Firewall is between
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# the agent & server.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - cdsso.secure.enable: A flag that specifies if the SSO Token cookie
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# set by the agent in the different domains in CDSSO mode will be marked
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# secure. When the property is set to true the SSO Token cookie will only
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# be transmitted if the communications channel with the host is a secure one.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - cdsso.domain: This property specifies the domains for which cookies have
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# to be set in a CDSSO scenario. If this property is left blank then the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# fully qualified cookie domain for the agent server will be used for
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# setting the cookie domain. In such case it is a host cookie instead of
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# a domain cookie.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.cdsso.domain[0] = .sun.com
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.cdsso.enable = false
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.cdsso.redirect.uri = @AGENT_APP_URI@/sunwCDSSORedirectURI
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.cdsso.cdcservlet.url[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/cdcservlet
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.cdsso.clock.skew = 0
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.cdsso.trusted.id.provider[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/cdcservlet
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.cdsso.secure.enable = false
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen#com.sun.identity.agents.config.cdsso.domain[0] =
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# LOGOUT PROCESSING PROPERTIES
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - logout.application.handler: An application specific (MAP) property
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# that identifies a handler to be used for logout processing.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - logout.uri: An application specific (MAP) property that identifies
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# a request URI which indicates a logout event.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - logout.request.param: An application specific (MAP) property that
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# identifies a parameter which when present in the HTTP request
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# indicates a logout event.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - logout.introspect.enabled: A flag that when set allows the Agent
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# to search HTTP request body to locate logout parameter.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - logout.entry.uri: An application specific (MAP) property that identifies
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# a URI to be used as an entry point after successful logout and
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# subsequent successful authentication if applicable.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.logout.application.handler[] =
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.logout.request.param[] =
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.logout.introspect.enabled = false
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.logout.entry.uri[] =
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# FQDN PROCESSING PROPERTIES
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - fqdn.check.enable: A flag that indicates if FQDN checking is enabled
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - fqdn.default: A hostname that represents the default FQDN to be
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# used by the Agent when necessary.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - fqdn.mapping: A MAP property that specifies a mapping from an invalid
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# FQDN entry specified as the key to a valid FQDN entry specified as
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.fqdn.mapping[myserver]=myserver.mydomain.com
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.fqdn.check.enable = true
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.fqdn.default = @AGENT_HOST@
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.fqdn.mapping[] =
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# LEGACY USER AGENT PROCESSING PROPERTIES
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# These three properties have been deprecated:
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - legacy.support.enable: A flag that specifies if legacy user agent
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# support is enabled or disabled.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - legacy.user.agent: A LIST of user agent header values that identify
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# legacy browsers. Entries in this list can have wild card character '*'.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - legacy.redirect.uri: An intermediate URI used by the Agent to
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# redirect legacy user agent requests.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.legacy.support.enable = false
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.legacy.user.agent[0] = Mozilla/4.7*
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.legacy.redirect.uri = @AGENT_APP_URI@/sunwLegacySupportURI
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# CUSTOM RESPONSE HEADERS
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# A MAP property that specifies the custom headers that are set by
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# the Agent on the client browser. The key is the header name and the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# value represents the header value.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.response.header[Cache-Control] = no-cache
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.response.header[] =
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# REDIRECT ATTEMPT LIMIT
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Specifies the number of successive single point redirects that a
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# user can make using a single browser session which will trigger the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# blocking of the user request. When set to 0 this feature is disabled.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.redirect.attempt.limit = 0
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# PORT CHECK PROCESSING PROPERTIES
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - port.check.enable: A flag that indicates if port check functionality
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# is enabled or disabled.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - port.check.file: Specifies the name or complete path of a file that
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# has the necessary content needed to handle requests that need port
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - port.check.setting: A MAP of port versus protocol entries with the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# key being the listening port number and value being the listening
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# protocol to be used by the Agent to identify requests with invalid
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# port numbers.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.port.check.setting[80] = http
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.port.check.setting[443] = https
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.port.check.enable = false
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.port.check.file = PortCheckContent.txt
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.port.check.setting[@AGENT_PREF_PORT@] = @AGENT_PREF_PROTO@
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# NOT-ENFORCED URI PROCESSING PROPERTIES
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - notenforced.uri: A LIST of URIs for which protection is not enforced
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# by the Agent.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - notenforced.uri.invert: A flag that specifies if the list of URIs
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# specified by the property notenforced.uri should be inverted. When
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# set to true, it indicates that the URIs specified should be enforced
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# and all other URIs should be not enforced by the Agent. Entries in
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# this list can have wild card character '*'.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - notenforced.uri.cache.enable: A flag that specifies if the caching of
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# of not-enforced URI list evaluation results is enabled or disabled.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - notenforced.uri.cache.size: The size of the cache to be used if
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# caching of not-enforced URI list evaluation results is enabled.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - notenforced.refresh.session.idletime: A flag that specifies if the OpenAM
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# session idle time is reset or not when accessing the not enforced URIs.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.notenforced.uri[0]=*.gif
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.notenforced.uri[1]=/public/*
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.notenforced.uri[2]=/images/*
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.notenforced.uri[0] =
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.notenforced.uri.invert = false
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.notenforced.uri.cache.enable = true
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.notenforced.uri.cache.size = 1000
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.notenforced.refresh.session.idletime = false
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# NOT-ENFORCED CLIENT IP PROCESSING PROPERTIES
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - notenforced.ip: A LIST of client IP addresses for which protection is
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# not enforced by the Agent.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - notenforced.ip.invert: A flag that specifies if the list of client IP
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# addresses specified by the property notenforced.ip should be inverted.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# When set to true, it indicates that the client IP addresses specified
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# should be enforced and all other client IPs should be not enforced by
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# the Agent. Entries in this list can have wild card character '*'.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - notenforced.ip.cache.enable: A flag that specifies if the caching of
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# of not-enforced IP list evaluation results is enabled or disabled.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - notenforced.ip.cache.size: The size of the cache to be used if
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# caching of not-enforced IP list evaluation results is enabled.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.notenforced.ip[0]=192.18.145.*
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.notenforced.ip[1]=192.18.146.123
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.notenforced.ip[0] =
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.notenforced.ip.invert = false
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.notenforced.ip.cache.enable = true
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.notenforced.ip.cache.size = 1000
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# COMMON ATTRIBUTE FETCH PROCESSING PROPERTIES
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - attribute.cookie.separator: A character that will be used to separate
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# multiple values of the same attribute when it is being set as a cookie.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - attribute.cookie.encode: A flag that indicates if the value of the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# attribute should be URL encoded before being set as a cookie.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - attribute.date.format: The format of date attribute values to be used
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# when the attribute is being set as HTTP header. This format is based
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# on the definition as provided in java.text.SimpleDateFormat.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.attribute.cookie.separator = |
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.attribute.date.format = EEE, d MMM yyyy hh:mm:ss z
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.attribute.cookie.encode = true
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# PROFILE ATTRIBUTE PROCESSING PROPERTIES
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - profile.attribute.fetch.mode: The mode of fetching profile attributes.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# This value is one of: NONE, HTTP_HEADER, REQUEST_ATTRIBUTE, HTTP_COOKIE
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - profile.attribute.mapping: A MAP that specifies the profile attributes to
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# be populated under specific names for the currently authenticated user.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# The key is the profile attribute name and the value is the name under
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# which that attribute will be made available.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.profile.attribute.mapping[cn]=CUSTOM-Common-Name
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.profile.attribute.mapping[mail]=CUSTOM-Email
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.profile.attribute.fetch.mode = NONE
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.profile.attribute.mapping[] =
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# SESSION ATTRIBUTE PROCESSING PROPERTIES
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - session.attribute.fetch.mode: The mode of fetching session attributes.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# This value is one of: NONE, HTTP_HEADER, REQUEST_ATTRIBUTE, HTTP_COOKIE
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - session.attribute.mapping: A MAP that specifies the session attributes to
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# be populated under specific names for the currently authenticated user.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# The key is the session attribute name and the value is the name under
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# which that attribute will be made available.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.session.attribute.mapping[UserToken]=CUSTOM-userid
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.session.attribute.fetch.mode = NONE
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.session.attribute.mapping[] =
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# RESPONSE ATTRIBUTE PROCESSING PROPERTIES
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - response.attribute.fetch.mode: The mode of fetching policy response
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# attributes. This value is one of: NONE, HTTP_HEADER, REQUEST_ATTRIBUTE,
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - response.attribute.mapping: A MAP that specifies the policy response
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# attributes to be populated under specific names for the currently
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# authenticated user. The key is the policy response attribute name and
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# the value is the name under which that attribute will be made available.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.response.attribute.fetch.mode = NONE
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.response.attribute.mapping[] =
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# BYPASS PRINCIPAL LIST
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# This property specifies a list of principals that is bypassed by the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Agent for authentication and search purposes.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.bypass.principal[0] = guest
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.bypass.principal[1] = testuser
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.bypass.principal[0] =
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# PRIVILEGED ATTRIBUTE PROCESSING PROPERTIES
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - default.privileged.attribute: A list of privileged attributes that will
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# be granted to all users who have a valid OpenAM session.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - privileged.attribute.type: A list of privileged attribute types that will
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# be fetched for each user.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - privileged.attribute.tolowercase : A MAP property that specifies if the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# privileged attribute types should be converted to lowercase.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - privileged.session.attribute: A list of session property names which
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# hold privileged attributes for the authenticated user.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - privileged.attribute.mapping.enable: A flag to specify whether
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# a mapping from an attibute's original value to another value is
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# enabled. This mapping may be necessary to satisfy container-specific
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# restrictions on character set being used in certain configuration files.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - privileged.attribute.mapping: A map property that specifies the above
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# mentioned mapping; Note that if a key contains "=" or ":", then these
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# special character needs to be escaped by "\".
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.default.privileged.attribute[0] = AUTHENTICATED_USERS
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.privileged.attribute.type[0] = Group
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.privileged.attribute.tolowercase[Group] = false
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.privileged.session.attribute[0] = UserToken
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.privileged.attribute.mapping.enable=true
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.privileged.attribute.mapping[id\=manager,ou\=group,dc\=openam,dc\=forgerock,dc\=org] = am_manager_role
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.privileged.attribute.mapping[id\=employee,ou\=group,dc\=openam,dc\=forgerock,dc\=org] = am_employee_role
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.default.privileged.attribute[0] = AUTHENTICATED_USERS
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.privileged.attribute.type[0] = Group
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.privileged.attribute.type[1] = Role
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.privileged.attribute.tolowercase[Group] = false
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.privileged.attribute.tolowercase[Role] = false
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.privileged.session.attribute[0] =
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.privileged.attribute.mapping.enable = true
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.privileged.attribute.mapping[] =
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# SSO TOKEN COOKIE NAME
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# The name of the SSO Token cookie used between the OpenAM server and
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: No
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.iplanet.am.cookie.name=iPlanetDirectoryPro
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# SESSION CLIENT PROPERTIES
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - com.iplanet.am.session.client.polling.enable: A flag that specifies if
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# the session client must use polling for updating session information
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# and not depend upon server notifications.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - com.iplanet.am.session.client.polling.period: Specifies the time in
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# seconds after which the session client will request update of cached
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# session information from the server.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Note: the notification url to be used by the Agent to receive session
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# notifications is com.sun.identity.client.notification.url
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: No
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.iplanet.am.session.client.polling.enable=false
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.iplanet.am.session.client.polling.period=180
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# ENCRYPTION PROVIDER
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Specifies the encryption provider implementation to be used by the Agent.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: No
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.iplanet.security.encryptor=com.iplanet.services.util.JCEEncryption
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# USER DATA CACHE PROPERTIES
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - com.sun.identity.idm.remote.notification.enabled: A flag that is used to
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# enable/disable the notifications for amsdk and IdRepo Caches. If set to
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# true notifications are enabled and disabled if set to false.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - com.iplanet.am.sdk.remote.pollingTime: Cache update time in minutes for
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# user management data. If set to '0' no updates happen. This property
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# takes effect only if no notification url is provided by
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# 'com.sun.identity.client.notification.url' or if notifications are
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# disabled. (i.e., com.sun.identity.idm.remote.notification.enabled=false)
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: No
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.idm.remote.notification.enabled=true
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# SERVICE DATA CACHE PROPERTIES
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - com.sun.identity.sm.notification.enabled: A flag that is used to
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# enable/disable the notifications for service management caches. If set to
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# true notifications are enabled and disabled if set to false.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - com.sun.identity.sm.cacheTime: Cache update time in minutes for service
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# configuration data. If set to '0' no updates happen. This property
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# takes effect only if no notification url is provided by
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# 'com.sun.identity.client.notification.url' or if notifications are
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# disabled. (i.e., com.sun.identity.sm.notification.enabled=false).
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: No
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# AUTHENTICATION SERVICE PROPERTIES
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Server protocol, host and port to be used by Authentication Service.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: No
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.iplanet.am.server.protocol=@AM_SERVICES_PROTO@
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# POLICY CLIENT PROPERTIES
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - com.sun.identity.agents.notification.enabled: A flag that specifies
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# if notifications are enabled or disabled for remote policy client.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - com.sun.identity.agents.polling.interval: The duration in minutes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# after which the cached entries are refreshed by remote policy client.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - com.sun.identity.policy.client.cacheMode: The mode of caching to be
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# used by remote policy client. Valid value is one of: subtree, self.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Cache mode subtree is recommended for a small number of policy rules
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# In all other cases, cacheMode self is recommended.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - com.sun.identity.policy.client.booleanActionValues : boolean action
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# values for policy action names.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# format : serviceName|actionName|trueValue|falseValue
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - com.sun.identity.policy.client.resourceComparators: Resource Comparators
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# to be used for different service names.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - com.sun.identity.policy.client.clockSkew: Specifies time in seconds
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# which is allowed to accommodate the time difference between the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# OpenAM server machine and the remote policy client machine.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Note: the Notification URL for remote policy client is set by the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# property com.sun.identity.client.notification.url.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: No
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.notification.enabled=true
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.policy.client.cacheMode=subtree
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.policy.client.booleanActionValues=iPlanetAMWebAgentService|GET|allow|deny:iPlanetAMWebAgentService|POST|allow|deny
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.policy.client.resourceComparators=serviceType=iPlanetAMWebAgentService|class=com.sun.identity.policy.plugins.HttpURLResourceName|wildcard=*|delimiter=/|caseSensitive=false
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# URL POLICY ENVIRONMENT VARIABLE PROPERTIES
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - com.sun.identity.agents.config.policy.env.get.param: A list of HTTP GET
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# request parameters whose names and values will be set in the environment
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# map for URL policy evaluation at AM server. The key in the map is in the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# format of GET.<parameter-name>, the map value is a set of string values
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# of the parameter.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - com.sun.identity.agents.config.policy.env.post.param: A list of HTTP POST
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# request parameters whose names and values will be set in the environment
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# map for URL policy evaluation at AM server. The key in the map is in the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# format of POST.<parameter-name>, the map value is a set of string values
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# of the parameter.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - com.sun.identity.agents.config.policy.env.jsession.param: A list of
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# HTTP SESSION attributes whose names and values will be set in the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# environment map for URL policy evaluation at AM server. The key in the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# map is in the format of JSESSION.<parameter-name>, the map value is a
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# set that contains the string value of the parameter.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.policy.env.get.param[0]=name
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.policy.env.get.param[1]=phonenumber
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# com.sun.identity.agents.config.policy.env.jsession.param[0]=cardnumber
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Assuming HTTP GET request parameters "name" and "phonenumber" have their
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# values as "bob" and "1-800-123-4567" respectively. There is a HTTP Session
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# attribute "cardnumber" with its value as "12345678".
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# In the map, the following will be set:
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# GET.phonenumber => [1-800-123-4567]
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.policy.env.get.param[0]=
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.policy.env.post.param[0]=
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.agents.config.policy.env.jsession.param[0]=
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# AGENT NOTIFICATION URL PROPERTY
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# -com.sun.identity.client.notification.url: URL for agent to receive
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# notifications from the OpenAM server for session, policy, and
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# configuration changes.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: No
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencom.sun.identity.client.notification.url=@AGENT_PREF_PROTO@://@AGENT_HOST@:@AGENT_PREF_PORT@@AGENT_APP_URI@/notification
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# DEBUG SERVICE PROPERTY
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# - com.iplanet.services.debug.level: Specifies the debug level to be used.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# The value is one of: off, error, warning, message.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# IGNORE REQUEST URL PATH INFO
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# The path info will be stripped from the request URL while doing Not Enforced
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# List check and url policy evaluation if the value is set to true.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Hot-Swap Enabled: Yes