OpenSSOAgentConfiguration.template revision 56443cf7fbca96bc184ca8d386c3f7fc6f947f42
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
13c6532dc104d23061e6901783ceb1ff8872c206Timo Sirainen# Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# The contents of this file are subject to the terms
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# of the Common Development and Distribution License
a40d26f83af808a0ea1e212c001d682a96d870b0Timo Sirainen# (the License). You may not use this file except in
a40d26f83af808a0ea1e212c001d682a96d870b0Timo Sirainen# compliance with the License.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# You can obtain a copy of the License at
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# https://opensso.dev.java.net/public/CDDLv1.0.html or
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen# See the License for the specific language governing
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen# permission and limitations under the License.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# When distributing Covered Code, include this CDDL
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# Header Notice in each file and include the License file
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# If applicable, add the following below the CDDL Header,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# with the fields enclosed by brackets [] replaced by
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# your own identifying information:
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# "Portions Copyrighted [year] [name of copyright owner]"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# $Id: OpenSSOAgentConfiguration.template,v 1.2 2009/10/15 23:35:42 leiming Exp $
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# Portions Copyrighted 2013 ForgeRock Inc.
0a51697f82fbd45a511710479e99efd42dc18453Timo Sirainen#------------------------------------------------------------------------------
0a51697f82fbd45a511710479e99efd42dc18453Timo Sirainen# Configuration Property File
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# OpenAM Policy Agent for:
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# Version: 3.0
1098fc409a45e7603701dc94635927a673bee0c1Timo Sirainen#------------------------------------------------------------------------------
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# THIS FILE PROVIDES THE CONFIGURATION SETTINGS NECESSARY FOR THE AGENT
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen# TO FUNCTION CORRECTLY. PLEASE REFER TO THE DOCUMENTATION BEFORE
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen# MODIFYING ANY OF THE VALUES IN THIS FILE.
a40d26f83af808a0ea1e212c001d682a96d870b0Timo Sirainen# Data present in this file provides the necessary configuration
a40d26f83af808a0ea1e212c001d682a96d870b0Timo Sirainen# settings needed by Agent to work correctly. Invalid configuration
a40d26f83af808a0ea1e212c001d682a96d870b0Timo Sirainen# data present in this file can lead to malfunction of the Agent, the
811f2e26d9782d9cb99fdf82e18ffa0a77564fe2Timo Sirainen# application, and the Application Server.
811f2e26d9782d9cb99fdf82e18ffa0a77564fe2Timo Sirainen# WARNING: The contents of this file are classified as an UNSTABLE
a40d26f83af808a0ea1e212c001d682a96d870b0Timo Sirainen# interface by Sun Microsystems, Inc. As such, they are subject to
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# significant, incompatible changes in any future release of the
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# INVALID CONFIGURATION SETTINGS MAY RESULT IN MALFUNCTION OF THE ENTIRE
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen#------------------------------------------------------------------------------
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#------------------------------------------------------------------------------
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# General Notes about the Agent Configuration
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen# -------------------------------------------
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# HOT-SWAP MECHANISM:
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen# Certain property keys in this configuration are hot-swap enabled.
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen# The value for these keys when altered are dynamically loaded by the
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen# Agent such that it is not necessary to restart the Application
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen# Server in order for these changes to take effect. However, in cases
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen# where the key is explicitly identified as not enabled for hot-swap
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen# or in cases when the hot-swap mechanism is disabled on the system,
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen# the Application Server must be restarted for the changes to take
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen# effect. Please refer to the Agent documentation to further learn
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen# about hot-swap configuration of the Agent.
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen# LIST CONSTRUCTS:
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen# Certain property keys in this configuration are specified as lists.
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen# A list construct is defined as follows:
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen# <key>[<index>]=<value>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# key : is the configuration key
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# index : is a positive number starting from 0 that increments by 1
4bbee99b3aef449a9a2a11a5b5cf1ca486915c49Timo Sirainen# for every value specified in this list.
4bbee99b3aef449a9a2a11a5b5cf1ca486915c49Timo Sirainen# value : is one of the values specified in this list.
4bbee99b3aef449a9a2a11a5b5cf1ca486915c49Timo Sirainen# - Please refer the Agent documentation for full details on usage.
4bbee99b3aef449a9a2a11a5b5cf1ca486915c49Timo Sirainen# com.sun.identity.agents.config.example[0] = value0
4bbee99b3aef449a9a2a11a5b5cf1ca486915c49Timo Sirainen# com.sun.identity.agents.config.example[1] = value1
4bbee99b3aef449a9a2a11a5b5cf1ca486915c49Timo Sirainen# com.sun.identity.agents.config.example[2] = value2
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# MAP CONSTRUCTS:
a40d26f83af808a0ea1e212c001d682a96d870b0Timo Sirainen# Certain property keys in this configuration are specified as Maps.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# A Map construct is defined as follows:
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# <key>[<name>]=<value>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen# key : is the configuration key
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen# name : is a string that forms the lookup key as available in the
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen# value : is the value associated with the name in the Map
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen# - Please refer the Agent documentation for full details on usage.
4bbee99b3aef449a9a2a11a5b5cf1ca486915c49Timo Sirainen# com.sun.identity.agents.config.example[AL] = ALABAMA
4bbee99b3aef449a9a2a11a5b5cf1ca486915c49Timo Sirainen# com.sun.identity.agents.config.example[AK] = ALASKA
4bbee99b3aef449a9a2a11a5b5cf1ca486915c49Timo Sirainen# com.sun.identity.agents.config.example[AZ] = ARIZONA
e96fb85799dc95603bb1a6b4d3685df2d042a2f8Timo Sirainen# APPLICATION SPECIFIC/GLOBAL CONFIGURATION:
4bbee99b3aef449a9a2a11a5b5cf1ca486915c49Timo Sirainen# Certain property keys in this configuration can be specified per
4bbee99b3aef449a9a2a11a5b5cf1ca486915c49Timo Sirainen# protected application. This implies that the Agent will use
4bbee99b3aef449a9a2a11a5b5cf1ca486915c49Timo Sirainen# different values of the same configuration key for different
4bbee99b3aef449a9a2a11a5b5cf1ca486915c49Timo Sirainen# applications as defined in this configuration file. Properties
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# which are not specified per protected applications are called Global
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# properties. Application specific properties are defined as follows:
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# <key>[<appname>]=<value>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# key : is the configuration key
1098fc409a45e7603701dc94635927a673bee0c1Timo Sirainen# appname : is the Application name to which this configuration
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# belongs. The application name is the context path of
1098fc409a45e7603701dc94635927a673bee0c1Timo Sirainen# the application without the leading forward slash
13c6532dc104d23061e6901783ceb1ff8872c206Timo Sirainen# character. In case when the application has been
13c6532dc104d23061e6901783ceb1ff8872c206Timo Sirainen# deployed at the root-context of the server, the
13c6532dc104d23061e6901783ceb1ff8872c206Timo Sirainen# application name should be specified as
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# 'DefaultWebApp'.
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen# value : the value that will be used by the Agent when
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen# protecting the application identified by the given
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# application name.
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen# - When an application specific configuration is not present, the
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen# Agent uses different mechanisms to identify a default value. There
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen# could be configurations where the default value is used as the
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# value specified for the same key without any application specific
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen# suffix '[<appname>]'. For example, if the following configuration
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen# keys are present:
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen# com.sun.identity.agents.config.example[Portal] = value1
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainen# com.sun.identity.agents.config.example[DefaultWebApp] = value2
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen# com.sun.identity.agents.config.example = value3
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# then, for applications other than the ones deployed on the root
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# context and the context '/Portal', the value of this key will
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# default to 'value3'.
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen# - Application Specific configuration properties must follow the
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# rules and syntax of the MAP construct of configuration entries as
992a13add4eea0810e4db0f042a595dddf85536aTimo Sirainen# defined above.
287ba82a8da3eaa473b5735d4eeac2fb4c5d8117Timo Sirainen# com.sun.identity.agents.config.example[Portal] = value1
287ba82a8da3eaa473b5735d4eeac2fb4c5d8117Timo Sirainen# com.sun.identity.agents.config.example[BankApp] = value2
58febed28f2af78b2d8a281c851d9b67160c4bd3Timo Sirainen# com.sun.identity.agents.config.example[DefaultWebApp] = value3
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen#------------------------------------------------------------------------------
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen# FILTER OPERATION MODE
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen# Specifies the mode of operation of the Filter. Valid value is one of:
992a13add4eea0810e4db0f042a595dddf85536aTimo Sirainen# NONE, SSO_ONLY, URL_POLICY, J2EE_POLICY, ALL. This property can also be
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen# specified as an application specific property. However, the global
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# property must always be present.
ca316aeb7648d3f1bcf45231f73ddeb1b67a6961Timo Sirainen# WHEN THIS PROPERTY IS SET TO 'NONE', THE AGENT WILL GRANT ACCESS TO
4edf90751f075cc6ab3d6f53fc78b656efa80922Timo Sirainen# ALL PROTECTED RESOURCES. THIS MODE OF OPERATION SHOULD NOT BE USED
ca316aeb7648d3f1bcf45231f73ddeb1b67a6961Timo Sirainen# IN DEPLOYED PRODUCTION SYSTEMS AT ANY TIME AS IT CAN RESULT IN
ca316aeb7648d3f1bcf45231f73ddeb1b67a6961Timo Sirainen# UNAUTHORIZED ACCESS TO PROTECTED SYSTEM RESOURCES. THIS MODE OF
ca316aeb7648d3f1bcf45231f73ddeb1b67a6961Timo Sirainen# OPERATION IS PROVIDED ONLY TO FACILITATE TROUBLESHOOTING OF THE
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen# APPLICATION IN A WELL CONTROLLED DEVELOPMENT AND TEST ENVIRONMENT
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen# AND SHOULD NOT BE USED IN ANY OTHER ENVIRONMENT.
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen# Hot-Swap Enabled: No
a817fdcc43aedf423e2134091d5f83f91d64bcc9Timo Sirainen# com.sun.identity.agents.config.filter.mode = ALL
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen# com.sun.identity.agents.config.filter.mode[BankApp] = URL_POLICY
dbd9604da561399cc6255289d5b6f6f662ab2d00Timo Sirainencom.sun.identity.agents.config.filter.mode = ALL
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen# USER MAPPING PROPERTIES
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen# - user.mapping.mode: Specifies the mechanism by which the user-ID
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen# to be used on the protected server for the authenticated user is
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen# determined by the Agent. Value of this is one of: USER_ID,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# PROFILE_ATTRIBUTE, HTTP_HEADER, SESSION_PROPERTY.
fcfb528483369975066c6adf1c55c16e6fb6e91fTimo Sirainen# - user.attribute.name: Specifies the name of the profile attribute,
fcfb528483369975066c6adf1c55c16e6fb6e91fTimo Sirainen# or HTTP header, or Session property which contains the user-ID to
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# be used on the protected server for the authenticated user. This
992a13add4eea0810e4db0f042a595dddf85536aTimo Sirainen# property is not used if the value of user.mapping.mode is set to
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# - user.principal: A flag that indicates that the principal of the
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen# authenticated user be used instead of just the user-ID for
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen# authenticating the user on the protected server. This property is
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# applicable if the user.mapping.mode is set to USER_ID.
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen# - user.token: Specifies a session property name which contains the
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainen# user-ID of the authenticated user in session. This property is used
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen# when the user.mapping.mode is set to USER_ID and the user.principal
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainen# flag is set to false.
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen# Hot-Swap Enabled: Yes
a40d26f83af808a0ea1e212c001d682a96d870b0Timo Sirainen# com.sun.identity.agents.config.user.mapping.mode = PROFILE_ATTRIBUTE
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen# com.sun.identity.agents.config.user.attribute.name = employeenumber
a40d26f83af808a0ea1e212c001d682a96d870b0Timo Sirainencom.sun.identity.agents.config.user.mapping.mode = USER_ID
992a13add4eea0810e4db0f042a595dddf85536aTimo Sirainencom.sun.identity.agents.config.user.attribute.name = employeenumber
6931e77051716370803d2d69bdeb6c7dff7d559dTimo Sirainencom.sun.identity.agents.config.user.principal = false
992a13add4eea0810e4db0f042a595dddf85536aTimo Sirainencom.sun.identity.agents.config.user.token = UserToken
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen# CLIENT IDENTIFICATION PROPERTIES
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen# - client.ip.header: Specifies a HTTP header name that holds the IP
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen# address of the client. May be left blank if not used.
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen# - client.hostname.header: Specifies a HTTP header name that holds the
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen# Hostname of the client. May be left blank if not used.
f23298fea47eecbeded985ee2537a34c4c4ef56bTimo Sirainen# Hot-Swap Enabled: Yes
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# com.sun.identity.agents.config.client.ip.header = X-Proxy-Client-IP
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# com.sun.identity.agents.config.client.hostname.header = X-Proxy-Client-Host
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainencom.sun.identity.agents.config.client.ip.header =
# - locale.language: Specifies the language code for identifying the Locale
# - locale.country: Specifies the country code for identifying the Locale of
# - audit.accesstype: Specifies the access type which will be logged by the
# - log.disposition: Specifies the audit log mode that the Agent will use
# - remote.logfile: Specifies the file name to be used on the remote server
# if the log.disposition is set to REMOTE or ALL.
# - local.log.rotate: A flag that indicates if the rotation of audit log
# - local.log.size: The size in bytes of the local audit log file, beyond
com.sun.identity.agents.config.remote.logfile = @AUDIT_LOG_FILENAME@
# - webservice.enable: A flag that specifies if Web Service processing is
# - webservice.endpoint: A list of Web Application end points that represent
# - webservice.process.get.enable: A flag that indicates if the processing
# - webservice.authenticator: An implementation class that can be used to
# - webservice.internalerror.content: The name of file that contains content
# - webservice.autherror.content: The name of file that contains content
# - webservice.responseprocessor: An implementation class that is used to do
# - login.form: A LIST property used by the Agent to identify login
# absolute URI of the resource specified in the web.xml deployment
# - login.error.uri: A LIST property used by the Agent to identify
# be the absolute URI of the resource specified in the web.xml
# - login.use.internal: A flag that specifies if the Agent should use
# - login.content.file: Specifies the name or complete path of the file
# the login.use.internal flag is set to true.
# - auth.handler: A MAP property that specifies application
# - logout.handler: A MAP property that specifies the application
# - verification.handler: A MAP property that specifies the application
# com.sun.identity.agents.config.auth.handler[BankApp] = BankAuthHandler
# com.sun.identity.agents.config.logout.handler[BankApp] = BankLogoutHandler
# com.sun.identity.agents.config.verification.handler[BankApp] = BankVerificationHandler
com.sun.identity.agents.config.login.url[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/UI/Login
com.sun.identity.agents.config.logout.url[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/UI/Logout
# - login.url.prioritized: specifies if the failover sequence for Login URLs
# - login.url.probe.enabled: specifies if agent will check the availability
# - login.url.probe.timeout: this is the connect timeout value in milliseconds
# when login.url.probe.enabled is set to true (or server will be checked).
# - logout.url.prioritized: specifies if the failover sequence for Logout
# - logout.url.probe.enabled: specifies if agent will check the availability
# - logout.url.probe.timeout: this is the connect timeout value in milliseconds
# when logout.url.probe.enabled is set to true (or server will be checked).
# - agent.host: The host name identifying the Agent protected server to
# - agent.port: The port number identifying the Agent protected server
# - cookie.reset.enable: A flag that specifies if cookie reset processing
# - cookie.reset.name: A list of cookie names that will be reset by the
# - cookie.reset.domain: A MAP property with the key being the cookie name
# specified in cookie.reset.name property and the value being the domain
# - cookie.reset.path: A MAP property with the key being the cookie name
# specified in cookie.reset.name property and the value being the path
# - cdsso.enable: A flag that specifies if CDSSO processing is
# - cdsso.redirect.uri: An intermediate URI that is used by the
# - cdsso.cdcservlet.url: A LIST of URLs of the available CDSSO controllers
# - cdsso.clock.skew: Specifies a time in seconds to be used by the
# - cdsso.trusted.id.providers: This property specifies the OpenAM
# Server/ID providers that should be trusted by the agent, when evaluating
# the CDC Liberty Responses. Used when a Load Balancer/Firewall is between
# - cdsso.secure.enable: A flag that specifies if the SSO Token cookie
# - cdsso.domain: This property specifies the domains for which cookies have
com.sun.identity.agents.config.cdsso.redirect.uri = @AGENT_APP_URI@/sunwCDSSORedirectURI
com.sun.identity.agents.config.cdsso.cdcservlet.url[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/cdcservlet
com.sun.identity.agents.config.cdsso.trusted.id.provider[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/cdcservlet
# - logout.application.handler: An application specific (MAP) property
# - logout.uri: An application specific (MAP) property that identifies
# - logout.request.param: An application specific (MAP) property that
# - logout.introspect.enabled: A flag that when set allows the Agent
# - logout.entry.uri: An application specific (MAP) property that identifies
# - fqdn.check.enable: A flag that indicates if FQDN checking is enabled
# - fqdn.default: A hostname that represents the default FQDN to be
# - fqdn.mapping: A MAP property that specifies a mapping from an invalid
# Examples of fqdn.mapping:
com.sun.identity.agents.config.fqdn.default = @AGENT_HOST@
# - legacy.support.enable: A flag that specifies if legacy user agent
# - legacy.user.agent: A LIST of user agent header values that identify
# - legacy.redirect.uri: An intermediate URI used by the Agent to
com.sun.identity.agents.config.legacy.user.agent[0] = Mozilla/4.7*
com.sun.identity.agents.config.legacy.redirect.uri = @AGENT_APP_URI@/sunwLegacySupportURI
# com.sun.identity.agents.config.response.header[Cache-Control] = no-cache
# - port.check.enable: A flag that indicates if port check functionality
# - port.check.file: Specifies the name or complete path of a file that
# - port.check.setting: A MAP of port versus protocol entries with the
# Example of port.check.setting:
# com.sun.identity.agents.config.port.check.setting[80] = http
# com.sun.identity.agents.config.port.check.setting[443] = https
com.sun.identity.agents.config.port.check.setting[@AGENT_PREF_PORT@] = @AGENT_PREF_PROTO@
# - notenforced.uri: A LIST of URIs for which protection is not enforced
# - notenforced.uri.invert: A flag that specifies if the list of URIs
# specified by the property notenforced.uri should be inverted. When
# - notenforced.uri.cache.enable: A flag that specifies if the caching of
# - notenforced.uri.cache.size: The size of the cache to be used if
# - notenforced.refresh.session.idletime: A flag that specifies if the OpenAM
# Example of notenforced.uri:
# com.sun.identity.agents.config.notenforced.uri[1]=/public/*
# com.sun.identity.agents.config.notenforced.uri[2]=/images/*
# - notenforced.ip: A LIST of client IP addresses for which protection is
# - notenforced.ip.invert: A flag that specifies if the list of client IP
# addresses specified by the property notenforced.ip should be inverted.
# - notenforced.ip.cache.enable: A flag that specifies if the caching of
# - notenforced.ip.cache.size: The size of the cache to be used if
# Example of notenforced.ip:
# com.sun.identity.agents.config.notenforced.ip[0]=192.18.145.*
# com.sun.identity.agents.config.notenforced.ip[1]=192.18.146.123
# - attribute.cookie.separator: A character that will be used to separate
# - attribute.cookie.encode: A flag that indicates if the value of the
# - attribute.date.format: The format of date attribute values to be used
# on the definition as provided in java.text.SimpleDateFormat.
com.sun.identity.agents.config.attribute.date.format = EEE, d MMM yyyy hh:mm:ss z
# - profile.attribute.fetch.mode: The mode of fetching profile attributes.
# - profile.attribute.mapping: A MAP that specifies the profile attributes to
# Example of profile.attribute.mapping:
# com.sun.identity.agents.config.profile.attribute.mapping[cn]=CUSTOM-Common-Name
# com.sun.identity.agents.config.profile.attribute.mapping[mail]=CUSTOM-Email
# - session.attribute.fetch.mode: The mode of fetching session attributes.
# - session.attribute.mapping: A MAP that specifies the session attributes to
# Example of session.attribute.mapping:
# com.sun.identity.agents.config.session.attribute.mapping[UserToken]=CUSTOM-userid
# - response.attribute.fetch.mode: The mode of fetching policy response
# - response.attribute.mapping: A MAP that specifies the policy response
# com.sun.identity.agents.config.bypass.principal[0] = guest
# com.sun.identity.agents.config.bypass.principal[1] = testuser
# - default.privileged.attribute: A list of privileged attributes that will
# - privileged.attribute.type: A list of privileged attribute types that will
# - privileged.attribute.tolowercase : A MAP property that specifies if the
# - privileged.session.attribute: A list of session property names which
# - privileged.attribute.mapping.enable: A flag to specify whether
# - privileged.attribute.mapping: A map property that specifies the above
# com.sun.identity.agents.config.default.privileged.attribute[0] = AUTHENTICATED_USERS
# com.sun.identity.agents.config.privileged.attribute.tolowercase[Group] = false
# com.sun.identity.agents.config.privileged.session.attribute[0] = UserToken
# com.sun.identity.agents.config.privileged.attribute.mapping[id\=manager,ou\=group,dc\=opensso,dc\=java,dc\=net] = am_manager_role
# com.sun.identity.agents.config.privileged.attribute.mapping[id\=employee,ou\=group,dc\=opensso,dc\=java,dc\=net] = am_employee_role
com.sun.identity.agents.config.default.privileged.attribute[0] = AUTHENTICATED_USERS
com.iplanet.am.cookie.name=iPlanetDirectoryPro
# - com.iplanet.am.session.client.polling.enable: A flag that specifies if
# - com.iplanet.am.session.client.polling.period: Specifies the time in
# notifications is com.sun.identity.client.notification.url
# - com.sun.identity.idm.remote.notification.enabled: A flag that is used to
# enable/disable the notifications for amsdk and IdRepo Caches. If set to
# - com.iplanet.am.sdk.remote.pollingTime: Cache update time in minutes for
# 'com.sun.identity.client.notification.url' or if notifications are
# - com.sun.identity.sm.notification.enabled: A flag that is used to
# enable/disable the notifications for service management caches. If set to
# - com.sun.identity.sm.cacheTime: Cache update time in minutes for service
# 'com.sun.identity.client.notification.url' or if notifications are
com.iplanet.am.server.protocol=@AM_SERVICES_PROTO@
com.iplanet.am.server.host=@AM_SERVICES_HOST@
com.iplanet.am.server.port=@AM_SERVICES_PORT@
# - com.sun.identity.agents.notification.enabled: A flag that specifies
# - com.sun.identity.agents.polling.interval: The duration in minutes
# - com.sun.identity.policy.client.cacheMode: The mode of caching to be
# - com.sun.identity.policy.client.booleanActionValues : boolean action
# - com.sun.identity.policy.client.resourceComparators: Resource Comparators
# - com.sun.identity.policy.client.clockSkew: Specifies time in seconds
# property com.sun.identity.client.notification.url.
com.sun.identity.policy.client.booleanActionValues=iPlanetAMWebAgentService|GET|allow|deny:iPlanetAMWebAgentService|POST|allow|deny
com.sun.identity.policy.client.resourceComparators=serviceType=iPlanetAMWebAgentService|class=com.sun.identity.policy.plugins.HttpURLResourceName|wildcard=*|delimiter=/|caseSensitive=false
# - com.sun.identity.agents.config.policy.env.get.param: A list of HTTP GET
# - com.sun.identity.agents.config.policy.env.post.param: A list of HTTP POST
# - com.sun.identity.agents.config.policy.env.jsession.param: A list of
# com.sun.identity.agents.config.policy.env.get.param[1]=phonenumber
# com.sun.identity.agents.config.policy.env.jsession.param[0]=cardnumber
# GET.name => [bob]
# GET.phonenumber => [1-800-123-4567]
# JSESSION.cardnumber => [12345678]
# -com.sun.identity.client.notification.url: URL for agent to receive
com.sun.identity.client.notification.url=@AGENT_PREF_PROTO@://@AGENT_HOST@:@AGENT_PREF_PORT@@AGENT_APP_URI@/notification
# - com.iplanet.services.debug.level: Specifies the debug level to be used.
com.iplanet.services.debug.level=@DEBUG_LEVEL@