OpenSSOAgentConfiguration.template revision 504576c0cd21165cc879543ca89164d214acf996
7781f25078c491a9650dec555bdc86cb0ed49861Tatuya JINMEI 神明達哉# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
7781f25078c491a9650dec555bdc86cb0ed49861Tatuya JINMEI 神明達哉# Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
609f86163a9e80aa5ce0db79b67ee0b6e2a34b34Tatuya JINMEI 神明達哉# The contents of this file are subject to the terms
609f86163a9e80aa5ce0db79b67ee0b6e2a34b34Tatuya JINMEI 神明達哉# of the Common Development and Distribution License
609f86163a9e80aa5ce0db79b67ee0b6e2a34b34Tatuya JINMEI 神明達哉# (the License). You may not use this file except in
1879dbe0d962f6f929417b02bf07f64ed41b1aabFrancis Dupont# compliance with the License.
b393e55a763d2bb0f326706b3851a2a22fc389d5Francis Dupont# You can obtain a copy of the License at
b393e55a763d2bb0f326706b3851a2a22fc389d5Francis Dupont# https://opensso.dev.java.net/public/CDDLv1.0.html or
52cee51063613b9be335d3078f13863fd0cad2cfMark Andrews# See the License for the specific language governing
52cee51063613b9be335d3078f13863fd0cad2cfMark Andrews# permission and limitations under the License.
ddb35cf2f301ae1c3fa601792034f6d349efc8c5Mark Andrews# When distributing Covered Code, include this CDDL
4aa174ddd5556f6c1792c69546679b17f1ceec83Tatuya JINMEI 神明達哉# Header Notice in each file and include the License file
4aa174ddd5556f6c1792c69546679b17f1ceec83Tatuya JINMEI 神明達哉# If applicable, add the following below the CDDL Header,
09d7358c48bb032566e5bb70703c2c3ea35a0cb2Mark Andrews# with the fields enclosed by brackets [] replaced by
10a6f640ed599cbe4a8b98c46b71a61d24e5bbe7Tatuya JINMEI 神明達哉# your own identifying information:
10a6f640ed599cbe4a8b98c46b71a61d24e5bbe7Tatuya JINMEI 神明達哉# "Portions Copyrighted [year] [name of copyright owner]"
10a6f640ed599cbe4a8b98c46b71a61d24e5bbe7Tatuya JINMEI 神明達哉# $Id: OpenSSOAgentConfiguration.template,v 1.7 2009/10/15 23:36:06 leiming Exp $
1ee054ca444765a3d1b98208c83115b4f34bebc2Mark Andrews# Portions Copyrighted 2013 ForgeRock AS.
7f658603910358db7ee27ffb9783096250afab62Tatuya JINMEI 神明達哉#------------------------------------------------------------------------------
10a6f640ed599cbe4a8b98c46b71a61d24e5bbe7Tatuya JINMEI 神明達哉# Configuration Property File
7f658603910358db7ee27ffb9783096250afab62Tatuya JINMEI 神明達哉# OpenAM Policy Agent for:
cb30636abd508693d0095e1956c9d91f87513a51Tatuya JINMEI 神明達哉# BEA WebLogic 10.0 Server/Portal
8bf0c05627a8175750f941db30e9df2c699aa90aMark Andrews#------------------------------------------------------------------------------
8bf0c05627a8175750f941db30e9df2c699aa90aMark Andrews# THIS FILE PROVIDES THE CONFIGURATION SETTINGS NECESSARY FOR THE AGENT
96465858fa1165860353dfdd4d5db348388d191eTatuya JINMEI 神明達哉# TO FUNCTION CORRECTLY. PLEASE REFER TO THE DOCUMENTATION BEFORE
10a6f640ed599cbe4a8b98c46b71a61d24e5bbe7Tatuya JINMEI 神明達哉# MODIFYING ANY OF THE VALUES IN THIS FILE.
96465858fa1165860353dfdd4d5db348388d191eTatuya JINMEI 神明達哉# Data present in this file provides the necessary configuration
24450ad58d545e165c051fff24b320118fc00350Mark Andrews# settings needed by Agent to work correctly. Invalid configuration
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews# data present in this file can lead to malfunction of the Agent, the
47d89fcd4fb850b066f87dc3313afe1cfe92cd99Mark Andrews# application, and the Application Server.
a5746c4ec14e5dbcb6a2431aa86cc86c21387e6bMark Andrews# WARNING: The contents of this file are classified as an UNSTABLE
a5746c4ec14e5dbcb6a2431aa86cc86c21387e6bMark Andrews# interface by Sun Microsystems, Inc. As such, they are subject to
a5746c4ec14e5dbcb6a2431aa86cc86c21387e6bMark Andrews# significant, incompatible changes in any future release of the
8684cd3a6f1437a3c1ff6ca852e1db6d40ce6303Mark Andrews# INVALID CONFIGURATION SETTINGS MAY RESULT IN MALFUNCTION OF THE ENTIRE
92241b04f16e1095a53f2c75e7987381dd0773afMark Andrews#------------------------------------------------------------------------------
43c68170fe528dfbe153e5813049f129e12d0620Tatuya JINMEI 神明達哉#------------------------------------------------------------------------------
43c68170fe528dfbe153e5813049f129e12d0620Tatuya JINMEI 神明達哉# General Notes about the Agent Configuration
69f0cf898e3ca5c701fb34d7074cc9897d71f4a0Mark Andrews# -------------------------------------------
69f0cf898e3ca5c701fb34d7074cc9897d71f4a0Mark Andrews# HOT-SWAP MECHANISM:
69f0cf898e3ca5c701fb34d7074cc9897d71f4a0Mark Andrews# Certain property keys in this configuration are hot-swap enabled.
9908cbc06f89c8d44f092708a43ae3a6e7a4416cMark Andrews# The value for these keys when altered are dynamically loaded by the
9908cbc06f89c8d44f092708a43ae3a6e7a4416cMark Andrews# Agent such that it is not necessary to restart the Application
9908cbc06f89c8d44f092708a43ae3a6e7a4416cMark Andrews# Server in order for these changes to take effect. However, in cases
2e61d171bc1fa47ea4d551b87546ebcf78f61e4aMark Andrews# where the key is explicitly identified as not enabled for hot-swap
2e61d171bc1fa47ea4d551b87546ebcf78f61e4aMark Andrews# or in cases when the hot-swap mechanism is disabled on the system,
2e61d171bc1fa47ea4d551b87546ebcf78f61e4aMark Andrews# the Application Server must be restarted for the changes to take
d8fc8514b117e636b791bef429d64a7c7a75a4cfMark Andrews# effect. Please refer to the Agent documentation to further learn
d8fc8514b117e636b791bef429d64a7c7a75a4cfMark Andrews# about hot-swap configuration of the Agent.
9935447b51456f598b45246d0114b8006049244dMark Andrews# LIST CONSTRUCTS:
9935447b51456f598b45246d0114b8006049244dMark Andrews# Certain property keys in this configuration are specified as lists.
175a8bd2b798bbc568cd912b72c8a026cfca8527Mark Andrews# A list construct is defined as follows:
46018d5d233cffdea765b3298ac8153c77b26383Mark Andrews# <key>[<index>]=<value>
46018d5d233cffdea765b3298ac8153c77b26383Mark Andrews# key : is the configuration key
47d9a2bec1fee2f6c7a9cee3ca922140840223eeMark Andrews# index : is a positive number starting from 0 that increments by 1
47d9a2bec1fee2f6c7a9cee3ca922140840223eeMark Andrews# for every value specified in this list.
47d9a2bec1fee2f6c7a9cee3ca922140840223eeMark Andrews# value : is one of the values specified in this list.
ac4b736ab20cc1098448028c4ae3db7a50e96123Mark Andrews# - Please refer the Agent documentation for full details on usage.
eb8265942b3019d34e365432314b63decc84728fTatuya JINMEI 神明達哉# com.sun.identity.agents.config.example[0] = value0
eb8265942b3019d34e365432314b63decc84728fTatuya JINMEI 神明達哉# com.sun.identity.agents.config.example[1] = value1
eb8265942b3019d34e365432314b63decc84728fTatuya JINMEI 神明達哉# com.sun.identity.agents.config.example[2] = value2
eb8265942b3019d34e365432314b63decc84728fTatuya JINMEI 神明達哉# MAP CONSTRUCTS:
e7ba4d8dc4559ff47f7f8298dad1469275ed0f1eMark Andrews# Certain property keys in this configuration are specified as Maps.
e7ba4d8dc4559ff47f7f8298dad1469275ed0f1eMark Andrews# A Map construct is defined as follows:
81e5de17419f2e6f80ce76c333159ca9feb67b8cMark Andrews# <key>[<name>]=<value>
da2d57c8cf7e18c8ab1fbcc8e5f2001fb2f02cb1Mark Andrews# key : is the configuration key
da2d57c8cf7e18c8ab1fbcc8e5f2001fb2f02cb1Mark Andrews# name : is a string that forms the lookup key as available in the
b58d2c6a1cfe8f06548763a139579f270d9014a6Jeremy Reed# value : is the value associated with the name in the Map
d5be219ff773a91c839c660fee54f1df7448adfaMark Andrews# - Please refer the Agent documentation for full details on usage.
7d89c53f6e8dcbac40334156aa999a13e6af189cMark Andrews# com.sun.identity.agents.config.example[AL] = ALABAMA
96b3cb85d3b06d99323a6ea7ae04f4eb3d74e8bcMark Andrews# com.sun.identity.agents.config.example[AK] = ALASKA
96b3cb85d3b06d99323a6ea7ae04f4eb3d74e8bcMark Andrews# com.sun.identity.agents.config.example[AZ] = ARIZONA
dc143a8f5cc8b2893f5b63077224f091f8c51862Mark Andrews# APPLICATION SPECIFIC/GLOBAL CONFIGURATION:
dc143a8f5cc8b2893f5b63077224f091f8c51862Mark Andrews# Certain property keys in this configuration can be specified per
dc143a8f5cc8b2893f5b63077224f091f8c51862Mark Andrews# protected application. This implies that the Agent will use
f99fd90097c3260a14eca9ee5aa8c4c4d50ebca7Tatuya JINMEI 神明達哉# different values of the same configuration key for different
f99fd90097c3260a14eca9ee5aa8c4c4d50ebca7Tatuya JINMEI 神明達哉# applications as defined in this configuration file. Properties
f99fd90097c3260a14eca9ee5aa8c4c4d50ebca7Tatuya JINMEI 神明達哉# which are not specified per protected applications are called Global
f99fd90097c3260a14eca9ee5aa8c4c4d50ebca7Tatuya JINMEI 神明達哉# properties. Application specific properties are defined as follows:
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews# <key>[<appname>]=<value>
09b45f7b5800c4dbb86846dea35e8aba0a25b0d0Mark Andrews# key : is the configuration key
09b45f7b5800c4dbb86846dea35e8aba0a25b0d0Mark Andrews# appname : is the Application name to which this configuration
f6f1672b4e460571c418e43ae3bd0fae97e4c149Mark Andrews# belongs. The application name is the context path of
f6f1672b4e460571c418e43ae3bd0fae97e4c149Mark Andrews# the application without the leading forward slash
f6f1672b4e460571c418e43ae3bd0fae97e4c149Mark Andrews# character. In case when the application has been
f6f1672b4e460571c418e43ae3bd0fae97e4c149Mark Andrews# deployed at the root-context of the server, the
f6f1672b4e460571c418e43ae3bd0fae97e4c149Mark Andrews# application name should be specified as
f6f1672b4e460571c418e43ae3bd0fae97e4c149Mark Andrews# 'DefaultWebApp'.
f6f1672b4e460571c418e43ae3bd0fae97e4c149Mark Andrews# value : the value that will be used by the Agent when
f6f1672b4e460571c418e43ae3bd0fae97e4c149Mark Andrews# protecting the application identified by the given
f6f1672b4e460571c418e43ae3bd0fae97e4c149Mark Andrews# application name.
1f3e0508c2146b473838899429f44e72c52b32f4Mark Andrews# - When an application specific configuration is not present, the
1f3e0508c2146b473838899429f44e72c52b32f4Mark Andrews# Agent uses different mechanisms to identify a default value. There
a14aff6984062f01b6d88f485f0a3f68d99fc174Mark Andrews# could be configurations where the default value is used as the
a14aff6984062f01b6d88f485f0a3f68d99fc174Mark Andrews# value specified for the same key without any application specific
a14aff6984062f01b6d88f485f0a3f68d99fc174Mark Andrews# suffix '[<appname>]'. For example, if the following configuration
a14aff6984062f01b6d88f485f0a3f68d99fc174Mark Andrews# keys are present:
7b1a7a098b51381f06277860a40bd7f062c8ec19Francis Dupont# com.sun.identity.agents.config.example[Portal] = value1
bc3b1dbd69840bd7f2f0b6af2610603f334b369bFrancis Dupont# com.sun.identity.agents.config.example[DefaultWebApp] = value2
bc3b1dbd69840bd7f2f0b6af2610603f334b369bFrancis Dupont# com.sun.identity.agents.config.example = value3
c19a57667e9b2ad12cc0df9a370fe0b8e87f0622Mark Andrews# then, for applications other than the ones deployed on the root
c19a57667e9b2ad12cc0df9a370fe0b8e87f0622Mark Andrews# context and the context '/Portal', the value of this key will
736e6a6709b778d4d228441d9ac3b366e0dceb99Mark Andrews# default to 'value3'.
736e6a6709b778d4d228441d9ac3b366e0dceb99Mark Andrews# - Application Specific configuration properties must follow the
736e6a6709b778d4d228441d9ac3b366e0dceb99Mark Andrews# rules and syntax of the MAP construct of configuration entries as
736e6a6709b778d4d228441d9ac3b366e0dceb99Mark Andrews# defined above.
e597f9f376d79c8962f2373d4eb98a441e6c70caMark Andrews# com.sun.identity.agents.config.example[Portal] = value1
b58d2c6a1cfe8f06548763a139579f270d9014a6Jeremy Reed# com.sun.identity.agents.config.example[BankApp] = value2
d1ec77294eb543bbca128d8683bdf9680cbedb61Mark Andrews# com.sun.identity.agents.config.example[DefaultWebApp] = value3
9d02618ca6b4d2e1737ba441449f61c1f04be685Mark Andrews#------------------------------------------------------------------------------
a21884ae7bec40b6fc2227ff112ecf5a7cffc4fdMark Andrews# FILTER OPERATION MODE
a21884ae7bec40b6fc2227ff112ecf5a7cffc4fdMark Andrews# Specifies the mode of operation of the Filter. Valid value is one of:
d63cfbfbf947d08d67561f4bef3bf7b688dfcbfaJeremy Reed# NONE, SSO_ONLY, URL_POLICY, J2EE_POLICY, ALL. This property can also be
d63cfbfbf947d08d67561f4bef3bf7b688dfcbfaJeremy Reed# specified as an application specific property. However, the global
d63cfbfbf947d08d67561f4bef3bf7b688dfcbfaJeremy Reed# property must always be present.
275b170cc47c897d25204fe23169dac810283f79Mark Andrews# WHEN THIS PROPERTY IS SET TO 'NONE', THE AGENT WILL GRANT ACCESS TO
86ee7433b38bb023912a73d842bdcef3d4871a90Mark Andrews# ALL PROTECTED RESOURCES. THIS MODE OF OPERATION SHOULD NOT BE USED
06a230fe9fa2087a778ae0f199bda1b8fdd1e05cEvan Hunt# IN DEPLOYED PRODUCTION SYSTEMS AT ANY TIME AS IT CAN RESULT IN
06a230fe9fa2087a778ae0f199bda1b8fdd1e05cEvan Hunt# UNAUTHORIZED ACCESS TO PROTECTED SYSTEM RESOURCES. THIS MODE OF
06a230fe9fa2087a778ae0f199bda1b8fdd1e05cEvan Hunt# OPERATION IS PROVIDED ONLY TO FACILITATE TROUBLESHOOTING OF THE
6d54a6fc180acaf8772c9447cb925b31f39c7158Mark Andrews# APPLICATION IN A WELL CONTROLLED DEVELOPMENT AND TEST ENVIRONMENT
6d54a6fc180acaf8772c9447cb925b31f39c7158Mark Andrews# AND SHOULD NOT BE USED IN ANY OTHER ENVIRONMENT.
6d54a6fc180acaf8772c9447cb925b31f39c7158Mark Andrews# Hot-Swap Enabled: No
6d54a6fc180acaf8772c9447cb925b31f39c7158Mark Andrews# com.sun.identity.agents.config.filter.mode = ALL
7ca0cdd7ecff4c0396970ed957df7d5d8c639abfMark Andrews# com.sun.identity.agents.config.filter.mode[BankApp] = URL_POLICY
7ca0cdd7ecff4c0396970ed957df7d5d8c639abfMark Andrewscom.sun.identity.agents.config.filter.mode = ALL
455ada05af05e39cdeb63297d60d36a0eca062e1Mark Andrews# USER MAPPING PROPERTIES
0d444dc136a1a8df89a329d7ad43c74e1db8dfbeMark Andrews# - user.mapping.mode: Specifies the mechanism by which the user-ID
ff30270d6ccc27a7ce45853eb5637b6d69d8a5ebMark Andrews# to be used on the protected server for the authenticated user is
0d444dc136a1a8df89a329d7ad43c74e1db8dfbeMark Andrews# determined by the Agent. Value of this is one of: USER_ID,
4e9775118dbf128dd296f01638733ba221f76c34Mark Andrews# PROFILE_ATTRIBUTE, HTTP_HEADER, SESSION_PROPERTY.
4e9775118dbf128dd296f01638733ba221f76c34Mark Andrews# - user.attribute.name: Specifies the name of the profile attribute,
4e9775118dbf128dd296f01638733ba221f76c34Mark Andrews# or HTTP header, or Session property which contains the user-ID to
35378bcc6a6c95495e70bad92f245b6fa9c8292aTatuya JINMEI 神明達哉# be used on the protected server for the authenticated user. This
35378bcc6a6c95495e70bad92f245b6fa9c8292aTatuya JINMEI 神明達哉# property is not used if the value of user.mapping.mode is set to
b05585dcfe270c40e309ff7304cf6b69d7390bdaTatuya JINMEI 神明達哉# - user.principal: A flag that indicates that the principal of the
b05585dcfe270c40e309ff7304cf6b69d7390bdaTatuya JINMEI 神明達哉# authenticated user be used instead of just the user-ID for
1f030ca8a3df943d8016cac39bc3018f5952126aJeremy Reed# authenticating the user on the protected server. This property is
1f030ca8a3df943d8016cac39bc3018f5952126aJeremy Reed# applicable if the user.mapping.mode is set to USER_ID.
1f030ca8a3df943d8016cac39bc3018f5952126aJeremy Reed# - user.token: Specifies a session property name which contains the
698a4dcc8ae5c2a62a254ab2aff7b16d52598cc0Mark Andrews# user-ID of the authenticated user in session. This property is used
698a4dcc8ae5c2a62a254ab2aff7b16d52598cc0Mark Andrews# when the user.mapping.mode is set to USER_ID and the user.principal
698a4dcc8ae5c2a62a254ab2aff7b16d52598cc0Mark Andrews# flag is set to false.
88674be66567d3c7db91e717cd5972655e2e2488Mark Andrews# Hot-Swap Enabled: Yes
88674be66567d3c7db91e717cd5972655e2e2488Mark Andrews# com.sun.identity.agents.config.user.mapping.mode = PROFILE_ATTRIBUTE
d7896edb4e93c4785a9281ea86afba86b758e813Mark Andrews# com.sun.identity.agents.config.user.attribute.name = employeenumber
d7896edb4e93c4785a9281ea86afba86b758e813Mark Andrewscom.sun.identity.agents.config.user.mapping.mode = USER_ID
1f3e0508c2146b473838899429f44e72c52b32f4Mark Andrewscom.sun.identity.agents.config.user.attribute.name = employeenumber
1f3e0508c2146b473838899429f44e72c52b32f4Mark Andrewscom.sun.identity.agents.config.user.principal = false
d7896edb4e93c4785a9281ea86afba86b758e813Mark Andrewscom.sun.identity.agents.config.user.token = UserToken
0db6bf459f7afa1f9dc0690a521df19955c89dbfJeremy Reed# CLIENT IDENTIFICATION PROPERTIES
0db6bf459f7afa1f9dc0690a521df19955c89dbfJeremy Reed# - client.ip.header: Specifies a HTTP header name that holds the IP
0db6bf459f7afa1f9dc0690a521df19955c89dbfJeremy Reed# address of the client. May be left blank if not used.
99a522dad7623549cd5e32a4968e6de8eca46ff1Mark Andrews# - client.hostname.header: Specifies a HTTP header name that holds the
99a522dad7623549cd5e32a4968e6de8eca46ff1Mark Andrews# Hostname of the client. May be left blank if not used.
b90d59882c3b0bbe5dafe27c51c274f0b5912f65Mark Andrews# Hot-Swap Enabled: Yes
b90d59882c3b0bbe5dafe27c51c274f0b5912f65Mark Andrews# com.sun.identity.agents.config.client.ip.header = X-Proxy-Client-IP
b90d59882c3b0bbe5dafe27c51c274f0b5912f65Mark Andrews# com.sun.identity.agents.config.client.hostname.header = X-Proxy-Client-Host
cd6555930b6829ebce8bbf2adc7ba05111edf595Mark Andrewscom.sun.identity.agents.config.client.ip.header =
cd6555930b6829ebce8bbf2adc7ba05111edf595Mark Andrewscom.sun.identity.agents.config.client.hostname.header =
369e148f307a322206a460f9fd470927bcc756d0Tatuya JINMEI 神明達哉# CONFIGURATION RELOAD INTERVAL
2be6798f93e7ba1f4c4082e7b0837c7668a06dcaTatuya JINMEI 神明達哉# Specifies the interval in seconds between configuration reloads. When
2be6798f93e7ba1f4c4082e7b0837c7668a06dcaTatuya JINMEI 神明達哉# set to 0, the hot-swap mechanism will be disabled.
c5ead8c25b6c1f51180ec6899c421fc9d074e6cbTatuya JINMEI 神明達哉# Hot-Swap Enabled: Yes
b0bf1ad5b0b1d29b4cdf5de9789405aec5e0844cEvan Huntcom.sun.identity.agents.config.load.interval = 3600
b0bf1ad5b0b1d29b4cdf5de9789405aec5e0844cEvan Hunt# LOCALE IDENTIFICATION PROPERTIES
275b170cc47c897d25204fe23169dac810283f79Mark Andrews# - locale.language: Specifies the language code for identifying the Locale
eab4a5c29ddda688d975ad59a55a965b16534432Mark Andrews# of operation.
eab4a5c29ddda688d975ad59a55a965b16534432Mark Andrews# - locale.country: Specifies the country code for identifying the Locale of
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews# Hot-Swap Enabled: No
5737b74d34b1eab413f4a5734714bb176c5cc849Mark Andrewscom.sun.identity.agents.config.locale.language = en
5737b74d34b1eab413f4a5734714bb176c5cc849Mark Andrewscom.sun.identity.agents.config.locale.country = US
19e4588ed76d6832be4de0813b6108a292ef413aMark Andrews# AUDIT LOG PROPERTIES
19e4588ed76d6832be4de0813b6108a292ef413aMark Andrews# - audit.accesstype: Specifies the access type which will be logged by the
48a866144e3b14efa6c51af05ef7641b23c7516dJeremy Reed# Agent. Valid value is one of: LOG_NONE, LOG_ALLOW, LOG_DENY, LOG_BOTH.
48a866144e3b14efa6c51af05ef7641b23c7516dJeremy Reed# - log.disposition: Specifies the audit log mode that the Agent will use
48a866144e3b14efa6c51af05ef7641b23c7516dJeremy Reed# when writing audit log messages. Valid value is one of: LOCAL, REMOTE,
143852efc066b3e3cd16eeec679016adbd450474Mark Andrews# - remote.logfile: Specifies the file name to be used on the remote server
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews# if the log.disposition is set to REMOTE or ALL.
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews# - local.log.rotate: A flag that indicates if the rotation of audit log
275b170cc47c897d25204fe23169dac810283f79Mark Andrews# local file is enabled or disabled.
11dbf2fc38eea8c5d3fe7123718bf197a8bb2e6bMark Andrews# - local.log.size: The size in bytes of the local audit log file, beyond
eeaa2277ead6df7253a8958ee2d786f73e05b8beTatuya JINMEI 神明達哉# which the Agent should rotate the log file.
eeaa2277ead6df7253a8958ee2d786f73e05b8beTatuya JINMEI 神明達哉# Hot-Swap Enabled: Yes
eeaa2277ead6df7253a8958ee2d786f73e05b8beTatuya JINMEI 神明達哉com.sun.identity.agents.config.audit.accesstype = LOG_NONE
cfef3799266c3955a3e19df5794b7994d4dd7bdbMark Andrewscom.sun.identity.agents.config.log.disposition = REMOTE
cfef3799266c3955a3e19df5794b7994d4dd7bdbMark Andrewscom.sun.identity.agents.config.remote.logfile = @AUDIT_LOG_FILENAME@
cfef3799266c3955a3e19df5794b7994d4dd7bdbMark Andrewscom.sun.identity.agents.config.local.log.rotate = false
cfef3799266c3955a3e19df5794b7994d4dd7bdbMark Andrewscom.sun.identity.agents.config.local.log.size = 52428800
c6c09f77f85860b6e084b0daad066ded08729b3eMark Andrews# WEB SERVICE PROCESSING PROPERTIES
467e6fd1672fb35968f522e1ef11a7e2e0cb701eMichael Graff# - webservice.enable: A flag that specifies if Web Service processing is
467e6fd1672fb35968f522e1ef11a7e2e0cb701eMichael Graff# enabled or disabled.
467e6fd1672fb35968f522e1ef11a7e2e0cb701eMichael Graff# - webservice.endpoint: A list of Web Application end points that represent
467e6fd1672fb35968f522e1ef11a7e2e0cb701eMichael Graff# Web Services.
467e6fd1672fb35968f522e1ef11a7e2e0cb701eMichael Graff# - webservice.process.get.enable: A flag that indicates if the processing
896f88361ec8a15a20688eb533a65977ee698974Mark Andrews# of HTTP GET requests for Web Service endpoints is enabled or disabled.
896f88361ec8a15a20688eb533a65977ee698974Mark Andrews# - webservice.authenticator: An implementation class that can be used to
5ce9206eb95c2b818a7f863dd26d9b7a2c3d9261Evan Hunt# authenticate web-service requests.
5ce9206eb95c2b818a7f863dd26d9b7a2c3d9261Evan Hunt# - webservice.internalerror.content: The name of file that contains content
5ce9206eb95c2b818a7f863dd26d9b7a2c3d9261Evan Hunt# used by the Agent to generate an internal error fault for clients.
5ce9206eb95c2b818a7f863dd26d9b7a2c3d9261Evan Hunt# - webservice.autherror.content: The name of file that contains content
5ce9206eb95c2b818a7f863dd26d9b7a2c3d9261Evan Hunt# used by the Agent to generate an authorization error fault for clients.
5ce9206eb95c2b818a7f863dd26d9b7a2c3d9261Evan Hunt# - webservice.responseprocessor: An implementation class that is used to do
5ce9206eb95c2b818a7f863dd26d9b7a2c3d9261Evan Hunt# web-service response processing.
5ce9206eb95c2b818a7f863dd26d9b7a2c3d9261Evan Hunt# Hot-Swap Enabled: Yes
691f1f7731d175c7b2e21fbcc8d16a0c323e209aMark Andrewscom.sun.identity.agents.config.webservice.enable = false
8760bb9e0c48dad3765571b6e1ce193548fc5e37Evan Huntcom.sun.identity.agents.config.webservice.endpoint[0] =
593bb6464621c50ceec0e5550045f4b405558548Evan Huntcom.sun.identity.agents.config.webservice.process.get.enable = true
593bb6464621c50ceec0e5550045f4b405558548Evan Huntcom.sun.identity.agents.config.webservice.authenticator =
593bb6464621c50ceec0e5550045f4b405558548Evan Huntcom.sun.identity.agents.config.webservice.internalerror.content = WSInternalErrorContent.txt
691f1f7731d175c7b2e21fbcc8d16a0c323e209aMark Andrewscom.sun.identity.agents.config.webservice.autherror.content = WSAuthErrorContent.txt
b247f77228f00e16dd43b4d570ad0fb15e88f3edMark Andrewscom.sun.identity.agents.config.webservice.responseprocessor =
691f1f7731d175c7b2e21fbcc8d16a0c323e209aMark Andrews# ACCESS DENIED URI
691f1f7731d175c7b2e21fbcc8d16a0c323e209aMark Andrews# An application specific (MAP) property that specifies the URI used by
baeed3c40fc0a2f30ef399899e16ded472f04c06Evan Hunt# the Agent to block unauthorized access requests. May be left unspecified
f5662f41e73c27cc6e7fd29323c8dddf54dff982Mark Andrews# if not available. A global value can also be specified.
691f1f7731d175c7b2e21fbcc8d16a0c323e209aMark Andrews# com.sun.identity.agents.config.access.denied.uri[BankApp] = /BankApp/accessdenied.html
691f1f7731d175c7b2e21fbcc8d16a0c323e209aMark Andrews# com.sun.identity.agents.config.access.denied.uri = /accessdenied.html
691f1f7731d175c7b2e21fbcc8d16a0c323e209aMark Andrews# Hot-Swap Enabled: Yes
275b170cc47c897d25204fe23169dac810283f79Mark Andrewscom.sun.identity.agents.config.access.denied.uri[] =
36440d1ec6cf1ff0cbb0b5b2fb39423e4e0bd450Evan Hunt# FORM LOGIN PROCESSING PROPERTIES
470212919fb8a92cd7eb621e981905348eb73ccaMark Andrews# - login.form: A LIST property used by the Agent to identify login
470212919fb8a92cd7eb621e981905348eb73ccaMark Andrews# request and take appropriate action. Each entry should be the
e72c1e7e465822fc9b5067b2dd3cf047f6132214Mark Andrews# absolute URI of the resource specified in the web.xml deployment
e72c1e7e465822fc9b5067b2dd3cf047f6132214Mark Andrews# descriptor of the protected application in the element
e72c1e7e465822fc9b5067b2dd3cf047f6132214Mark Andrews# form-login-page.
e72c1e7e465822fc9b5067b2dd3cf047f6132214Mark Andrews# - login.error.uri: A LIST property used by the Agent to identify
a8f6b2aa46f882c7c680b7bdab1dfb78a76787eaMark Andrews# error page request and take appropriate action. Each entry should
a8f6b2aa46f882c7c680b7bdab1dfb78a76787eaMark Andrews# be the absolute URI of the resource specified in the web.xml
a8f6b2aa46f882c7c680b7bdab1dfb78a76787eaMark Andrews# deployment descriptor of the protected application in the element
c6a1797aff73b707b4b7a71fdaa303136953d2a3Mark Andrews# form-error-page.
c6a1797aff73b707b4b7a71fdaa303136953d2a3Mark Andrews# - login.use.internal: A flag that specifies if the Agent should use
c6a1797aff73b707b4b7a71fdaa303136953d2a3Mark Andrews# internal content for handling form login requests.
1e0209137159d4e16e4459cc8e804d657aad1af1Mark Andrews# - login.content.file: Specifies the name or complete path of the file
1e0209137159d4e16e4459cc8e804d657aad1af1Mark Andrews# that will be used by the Agent for handling form login requests if
1e0209137159d4e16e4459cc8e804d657aad1af1Mark Andrews# the login.use.internal flag is set to true.
5e3f390f057801d245680b07dc2b2d64939183d4Mark Andrews# Hot-Swap Enabled: Yes
5e3f390f057801d245680b07dc2b2d64939183d4Mark Andrews# com.sun.identity.agents.config.login.form[0] = /BankApp/jsp/login.jsp
5e3f390f057801d245680b07dc2b2d64939183d4Mark Andrews# com.sun.identity.agents.config.login.error.uri[0] = /BankApp/jsp/error.jsp
ebacb7908afe3d62fe341f7ef9efed63d0c651a2Tatuya JINMEI 神明達哉com.sun.identity.agents.config.login.form[0] =
ebacb7908afe3d62fe341f7ef9efed63d0c651a2Tatuya JINMEI 神明達哉com.sun.identity.agents.config.login.error.uri[0] =
3dfa202e4fea6b985bcf8761e2d11c176baa40d1Mark Andrewscom.sun.identity.agents.config.login.use.internal = true
3dfa202e4fea6b985bcf8761e2d11c176baa40d1Mark Andrewscom.sun.identity.agents.config.login.content.file = FormLoginContent.txt
3dfa202e4fea6b985bcf8761e2d11c176baa40d1Mark Andrews# LOCAL AUTHENTICATION PROCESSING PROPERTIES
5ce9206eb95c2b818a7f863dd26d9b7a2c3d9261Evan Hunt# - auth.handler: A MAP property that specifies application
a45f57a2d5fa5a4cb50c4232c09dd7676a256599Evan Hunt# specific Authentication Handler to be used by the the
a45f57a2d5fa5a4cb50c4232c09dd7676a256599Evan Hunt# Agent in order to authenticate the logged on user with the
a45f57a2d5fa5a4cb50c4232c09dd7676a256599Evan Hunt# Application server for the particular application.
a45f57a2d5fa5a4cb50c4232c09dd7676a256599Evan Hunt# - logout.handler: A MAP property that specifies the application
a45f57a2d5fa5a4cb50c4232c09dd7676a256599Evan Hunt# specific Logout Handler to be used by the Agent in order to logout
a45f57a2d5fa5a4cb50c4232c09dd7676a256599Evan Hunt# the logged on user within the Application server for the
1bfe8851c0a2eb1d7e15556bfa21291cd62ee2bcMark Andrews# particular application.
1bfe8851c0a2eb1d7e15556bfa21291cd62ee2bcMark Andrews# - verification.handler: A MAP property that specifies the application
a45f57a2d5fa5a4cb50c4232c09dd7676a256599Evan Hunt# specific local verification handler used by the agent to validate
13d9b8ce94aee267761cd297a583e280df262d60Tatuya JINMEI 神明達哉# the user credentials with the local repository.
13d9b8ce94aee267761cd297a583e280df262d60Tatuya JINMEI 神明達哉# Hot-Swap Enabled: Yes
13d9b8ce94aee267761cd297a583e280df262d60Tatuya JINMEI 神明達哉# com.sun.identity.agents.config.auth.handler[BankApp] = BankAuthHandler
691f1f7731d175c7b2e21fbcc8d16a0c323e209aMark Andrews# com.sun.identity.agents.config.logout.handler[BankApp] = BankLogoutHandler
b58d2c6a1cfe8f06548763a139579f270d9014a6Jeremy Reed# com.sun.identity.agents.config.verification.handler[BankApp] = BankVerificationHandler
691f1f7731d175c7b2e21fbcc8d16a0c323e209aMark Andrewscom.sun.identity.agents.config.logout.handler[] =
691f1f7731d175c7b2e21fbcc8d16a0c323e209aMark Andrewscom.sun.identity.agents.config.verification.handler[] =
2f420f33bbd5a84eee03b5f9b608e79acf06cb29Mark Andrews# HTTP SESSION BINDING
2f420f33bbd5a84eee03b5f9b608e79acf06cb29Mark Andrews# Its default value is false so the agent will not invalidate http session,
2f420f33bbd5a84eee03b5f9b608e79acf06cb29Mark Andrews# and session data will be maintained.
b049b8ce6a70f13f8cc8e33bfb16e1871282f700Tatuya JINMEI 神明達哉# If its value is true, then the agent will invalidate the http session when
b049b8ce6a70f13f8cc8e33bfb16e1871282f700Tatuya JINMEI 神明達哉# the agent identifies that login has failed, user does not have SSO session
b049b8ce6a70f13f8cc8e33bfb16e1871282f700Tatuya JINMEI 神明達哉# or pincipal user name does not match SSO user name.
e2fe1fda755f24f593406dc26fed87e8ea1bb502Tatuya JINMEI 神明達哉# Hot-Swap Enabled: Yes
e2fe1fda755f24f593406dc26fed87e8ea1bb502Tatuya JINMEI 神明達哉com.sun.identity.agents.config.httpsession.binding = false
cf225ed6cd51f9acc901a60520a9368e14224a4dTatuya JINMEI 神明達哉# GOTO PARAMETER NAME
cf225ed6cd51f9acc901a60520a9368e14224a4dTatuya JINMEI 神明達哉# This property has been deprecated.
cf225ed6cd51f9acc901a60520a9368e14224a4dTatuya JINMEI 神明達哉# Specifies the goto Parameter name to be used by the Agent when
52d5489b9563ae7a0b89aafbce6829802255b151Tatuya JINMEI 神明達哉# redirecting the user to the appropriate authentication service. The
52d5489b9563ae7a0b89aafbce6829802255b151Tatuya JINMEI 神明達哉# value of this parameter is used by the authentication service to
52d5489b9563ae7a0b89aafbce6829802255b151Tatuya JINMEI 神明達哉# redirect the user to the original requested destination.
515ada69db06a727ca1197e2aa1f6a286d278228Tatuya JINMEI 神明達哉# Valid Values:
515ada69db06a727ca1197e2aa1f6a286d278228Tatuya JINMEI 神明達哉# A string value that represents the goto parameter name.
515ada69db06a727ca1197e2aa1f6a286d278228Tatuya JINMEI 神明達哉# Hot-Swap Enabled: Yes
387bca7a55c0581dc36edb4a5071cb5e1d1c34f6Tatuya JINMEI 神明達哉com.sun.identity.agents.config.redirect.param = goto
cd9bebfc4c225931391c7d9ce1cfd88394b23f20Tatuya JINMEI 神明達哉# Specifies the login URLs to be used by the Agent to redirect
cd9bebfc4c225931391c7d9ce1cfd88394b23f20Tatuya JINMEI 神明達哉# incoming users without sufficient credentials to the OpenAM
cd9bebfc4c225931391c7d9ce1cfd88394b23f20Tatuya JINMEI 神明達哉# authentication service.
cd9bebfc4c225931391c7d9ce1cfd88394b23f20Tatuya JINMEI 神明達哉# Hot-Swap Enabled: Yes
476de6f1566ce5ec057ab39f361907da355296b1Tatuya JINMEI 神明達哉com.sun.identity.agents.config.login.url[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/UI/Login
04115a59c176759177545c72376e844e10dc557cMark Andrews# Specifies the logout URLs to be used by the Agent to log out
b1f7d25ee1792838aa5e5d81f4433b474d4565a2Mark Andrews# the authenticated users from the OpenAM authentication service.
4db36a15c5716050d40aa8e709e8c8e9475ea25bMark Andrews# Hot-Swap Enabled: Yes
a9579d3386009446d7527ef52fa28251ab8c3c2cTatuya JINMEI 神明達哉com.sun.identity.agents.config.logout.url[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/UI/Logout
a9579d3386009446d7527ef52fa28251ab8c3c2cTatuya JINMEI 神明達哉# LOGIN URL, LOGOUT URL, or CDSSO URLs PROPERTIES
146484aced3e6c1b9cc88db5e75b8cbfd166f701Mark Andrews# - login.url.prioritized: specifies if the failover sequence for Login URLs
146484aced3e6c1b9cc88db5e75b8cbfd166f701Mark Andrews# or CDSSO URLs should be prioritized as defined in the list with the lowest
593bb6464621c50ceec0e5550045f4b405558548Evan Hunt# index having the highest priority.
dbe9f900ecbefb34e960b69b41b9ecde36e0a256Tatuya JINMEI 神明達哉# - login.url.probe.enabled: specifies if agent will check the availability
e43b095921450c34288cadc3406f49c84a0e4d46Evan Hunt# of these urls before redirecting to them.
e43b095921450c34288cadc3406f49c84a0e4d46Evan Hunt# Default value is true for backward compability, but suggests to set it
e43b095921450c34288cadc3406f49c84a0e4d46Evan Hunt# to false (server will not be checked) in production deployment where agent
e43b095921450c34288cadc3406f49c84a0e4d46Evan Hunt# often can not access login url directly.
7999db4215b9398d4598ac0156ff097cda40402bMark Andrews# - login.url.probe.timeout: this is the connect timeout value in milliseconds
7999db4215b9398d4598ac0156ff097cda40402bMark Andrews# when login.url.probe.enabled is set to true (or server will be checked).
481e9b573b8233f8678c1dd4549c8c949312e81dMark Andrews# - logout.url.prioritized: specifies if the failover sequence for Logout
481e9b573b8233f8678c1dd4549c8c949312e81dMark Andrews# URLs should be prioritized as defined in the list with the lowest
cbb8a1b7cbab933795ddee4f05f4eb5074a68e6cFrancis Dupont# index having the highest priority.
cbb8a1b7cbab933795ddee4f05f4eb5074a68e6cFrancis Dupont# - logout.url.probe.enabled: specifies if agent will check the availability
bd7e02a3378274436e30beecca33bf7889182776Francis Dupont# of these urls before redirecting to them.
bd7e02a3378274436e30beecca33bf7889182776Francis Dupont# Default value is true for backward compability, but suggests to set it
bd7e02a3378274436e30beecca33bf7889182776Francis Dupont# to false (server will not be checked) in production deployment where agent
09477e188f874c8c43a90f050733b114385992dcTatuya JINMEI 神明達哉# often can not access logout url directly.
0cdb53f093f5814b40a68848025dd8d7e9ef2e9bTatuya JINMEI 神明達哉# - logout.url.probe.timeout: this is the connect timeout value in milliseconds
0cdb53f093f5814b40a68848025dd8d7e9ef2e9bTatuya JINMEI 神明達哉# when logout.url.probe.enabled is set to true (or server will be checked).
05b8187cb3cf03fbd75af1afdacc4aefb373e37bTatuya JINMEI 神明達哉# Hot-Swap Enabled: Yes
0eeaaaf0ae1ae2856b94886fa80f94c21e6f1bfdMark Andrewscom.sun.identity.agents.config.login.url.prioritized = true
f5662f41e73c27cc6e7fd29323c8dddf54dff982Mark Andrewscom.sun.identity.agents.config.login.url.probe.enabled = true
f5662f41e73c27cc6e7fd29323c8dddf54dff982Mark Andrewscom.sun.identity.agents.config.login.url.probe.timeout = 2000
f5662f41e73c27cc6e7fd29323c8dddf54dff982Mark Andrewscom.sun.identity.agents.config.logout.url.prioritized = true
0eeaaaf0ae1ae2856b94886fa80f94c21e6f1bfdMark Andrewscom.sun.identity.agents.config.logout.url.probe.enabled = true
0eeaaaf0ae1ae2856b94886fa80f94c21e6f1bfdMark Andrewscom.sun.identity.agents.config.logout.url.probe.timeout = 2000
9de0f9b0aed432ee357dbba8d1d807525f4b6d4aMark Andrews# AGENT SERVER PROPERTIES
ee6c0ce79e83039c9f8692bfb6196e0bb591ff98Mark Andrews# - agent.host: The host name identifying the Agent protected server to
ee6c0ce79e83039c9f8692bfb6196e0bb591ff98Mark Andrews# the client browsers if different from the actual host name. May be
ee6c0ce79e83039c9f8692bfb6196e0bb591ff98Mark Andrews# left blank if not used.
07d0f86c8a1591c0ee785d6728af69cb40f1da61Francis Dupont# - agent.port: The port number identifying the Agent protected server
07d0f86c8a1591c0ee785d6728af69cb40f1da61Francis Dupont# listening port to the client browsers if different from the actual
07d0f86c8a1591c0ee785d6728af69cb40f1da61Francis Dupont# listening port. May be left blank if not used.
2ca30c1774245f3aa7e8a1f3781cb965152373d8Evan Hunt# - agent.protocol: The protocol being used (http/https) by the client
07d0f86c8a1591c0ee785d6728af69cb40f1da61Francis Dupont# browsers to communicate with the Agent protected server if different
07d0f86c8a1591c0ee785d6728af69cb40f1da61Francis Dupont# from the actual protocol used by the server.
07d0f86c8a1591c0ee785d6728af69cb40f1da61Francis Dupont# Hot-Swap Enabled: Yes
7ed4399c6598276b76df95e6dc91ed7b2834abc6Evan Hunt# LOGIN ATTEMPT LIMIT
2f76108082f11d4979048f1c22602391c5733c88Tatuya JINMEI 神明達哉# Specifies the number of login attempts that a user can make without
2f76108082f11d4979048f1c22602391c5733c88Tatuya JINMEI 神明達哉# success using a single browser session which will trigger the
7ed4399c6598276b76df95e6dc91ed7b2834abc6Evan Hunt# blocking of the user request. Setting this value to 0 disables this
efe34b8ddbecf45d1671efbcba30bdb75410c98aMark Andrews# Hot-Swap Enabled: Yes
7c60401dbd4dce617dffc685c269fca224c589adTatuya JINMEI 神明達哉com.sun.identity.agents.config.login.attempt.limit = 0
d923262186a3111a6ac7aae5dcd9996e01115a44Mark Andrews# SSO Cache Enable Flag:
d923262186a3111a6ac7aae5dcd9996e01115a44Mark Andrews# This property specifies if the SSO Cache is active for the agent. This cache
d923262186a3111a6ac7aae5dcd9996e01115a44Mark Andrews# is used through public APIs exposed by the agent SDK.
f92c897cb69fbb8b7400a5df93271b0743fe9adeTatuya JINMEI 神明達哉# Valid Values: true, false
f92c897cb69fbb8b7400a5df93271b0743fe9adeTatuya JINMEI 神明達哉# Hot-Swap Enabled: Yes
158f256a14b629c4157fe0da779a4ff0e3402e48Tatuya JINMEI 神明達哉com.sun.identity.agents.config.amsso.cache.enable = true
77514242b09538db8f3a8f96f7f3d368cff6ebbaTatuya JINMEI 神明達哉# COOKIE RESET PROCESSING PROPERTIES
8aae2264818e1511fa30c3ef5c3dc7669e347d3cTatuya JINMEI 神明達哉# - cookie.reset.enable: A flag that specifies if cookie reset processing
8aae2264818e1511fa30c3ef5c3dc7669e347d3cTatuya JINMEI 神明達哉# is enabled or disabled.
8aae2264818e1511fa30c3ef5c3dc7669e347d3cTatuya JINMEI 神明達哉# - cookie.reset.name: A list of cookie names that will be reset by the
0f39ff74a85e16cbfd30354e24403b1ee50e1104Tatuya JINMEI 神明達哉# Agent if cookie reset processing is enabled.
0f39ff74a85e16cbfd30354e24403b1ee50e1104Tatuya JINMEI 神明達哉# - cookie.reset.domain: A MAP property with the key being the cookie name
05e2cc844530031e4dd4e25b3826bece7a183ee1Tatuya JINMEI 神明達哉# specified in cookie.reset.name property and the value being the domain
0f39ff74a85e16cbfd30354e24403b1ee50e1104Tatuya JINMEI 神明達哉# of this cookie to be used when a reset event occurs.
7ecbfb6c0f566894fb7050e021cded6822771789Mark Andrews# - cookie.reset.path: A MAP property with the key being the cookie name
7ecbfb6c0f566894fb7050e021cded6822771789Mark Andrews# specified in cookie.reset.name property and the value being the path
7ecbfb6c0f566894fb7050e021cded6822771789Mark Andrews# of this cookie to be used when a reset event occurs.
8ef7b7f3f68a26cb60f98da398562f8d1c616f96Mark Andrews# Hot-Swap Enabled: Yes
8ef7b7f3f68a26cb60f98da398562f8d1c616f96Mark Andrewscom.sun.identity.agents.config.cookie.reset.enable = false
8ef7b7f3f68a26cb60f98da398562f8d1c616f96Mark Andrewscom.sun.identity.agents.config.cookie.reset.name[0] =
538a0a40a2c308a004ea40a9efd31c9aecb0f041Mark Andrewscom.sun.identity.agents.config.cookie.reset.domain[] =
538a0a40a2c308a004ea40a9efd31c9aecb0f041Mark Andrewscom.sun.identity.agents.config.cookie.reset.path[] =
538a0a40a2c308a004ea40a9efd31c9aecb0f041Mark Andrews# CDSSO PROCESSING PROPERTIES
250dcb4cf5c356bb492c849edff5fe3c81f61f77Tatuya JINMEI 神明達哉# - cdsso.enable: A flag that specifies if CDSSO processing is
250dcb4cf5c356bb492c849edff5fe3c81f61f77Tatuya JINMEI 神明達哉# enabled or disabled.
250dcb4cf5c356bb492c849edff5fe3c81f61f77Tatuya JINMEI 神明達哉# - cdsso.redirect.uri: An intermediate URI that is used by the
4875b50dca297a5d2082f503da31eaab896b3a8fTatuya JINMEI 神明達哉# Agent for processing CDSSO requests.
4875b50dca297a5d2082f503da31eaab896b3a8fTatuya JINMEI 神明達哉# - cdsso.cdcservlet.url: A LIST of URLs of the available CDSSO controllers
4875b50dca297a5d2082f503da31eaab896b3a8fTatuya JINMEI 神明達哉# that may be used by the Agent for CDSSO processing.
d87ad693fc0e91168da01f887cc6ae318b6b7f3eMark Andrews# - cdsso.clock.skew: Specifies a time in seconds to be used by the
d87ad693fc0e91168da01f887cc6ae318b6b7f3eMark Andrews# Agent to determine the validity of the CDSSO AuthnResponse assertion.
ae6942e3d1fc7327ba5df9d638e0af15a908f8fbMark Andrews# - cdsso.trusted.id.providers: This property specifies the OpenAM
58253bddc4c33507ba28654b9c4a36ca1053730cMark Andrews# Server/ID providers that should be trusted by the agent, when evaluating
8aae2264818e1511fa30c3ef5c3dc7669e347d3cTatuya JINMEI 神明達哉# the CDC Liberty Responses. Used when a Load Balancer/Firewall is between
ae6942e3d1fc7327ba5df9d638e0af15a908f8fbMark Andrews# the agent & server.
ae6942e3d1fc7327ba5df9d638e0af15a908f8fbMark Andrews# - cdsso.secure.enable: A flag that specifies if the SSO Token cookie
080a964a3f0622f2e343f114aa1cc066372c06caEvan Hunt# set by the agent in the different domains in CDSSO mode will be marked
080a964a3f0622f2e343f114aa1cc066372c06caEvan Hunt# secure. When the property is set to true the SSO Token cookie will only
ae6942e3d1fc7327ba5df9d638e0af15a908f8fbMark Andrews# be transmitted if the communications channel with the host is a secure one.
5a17fe2916ce37793c12b243ab08c16095a59cf7Evan Hunt# - cdsso.domain: This property specifies the domains for which cookies have
5a17fe2916ce37793c12b243ab08c16095a59cf7Evan Hunt# to be set in a CDSSO scenario. If this property is left blank then the
d230b29aba3ce1d0362194801c34321ed22f5aa5Evan Hunt# fully qualified cookie domain for the agent server will be used for
ae6942e3d1fc7327ba5df9d638e0af15a908f8fbMark Andrews# setting the cookie domain. In such case it is a host cookie instead of
5a17fe2916ce37793c12b243ab08c16095a59cf7Evan Hunt# a domain cookie.
aed0e61611268afd72a023a7fbba88698bc6bbebEvan Hunt# com.sun.identity.agents.config.cdsso.domain[0] = .sun.com
ae6942e3d1fc7327ba5df9d638e0af15a908f8fbMark Andrews# Hot-Swap Enabled: Yes
c72279e756e6578dc8f09ceac5158d80a8a61ce5Evan Huntcom.sun.identity.agents.config.cdsso.enable = false
e1aeb1569a0ae08c97dd76acb00376e4246e59b8Mark Andrewscom.sun.identity.agents.config.cdsso.redirect.uri = @AGENT_APP_URI@/sunwCDSSORedirectURI
e1aeb1569a0ae08c97dd76acb00376e4246e59b8Mark Andrewscom.sun.identity.agents.config.cdsso.cdcservlet.url[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/cdcservlet
e1aeb1569a0ae08c97dd76acb00376e4246e59b8Mark Andrewscom.sun.identity.agents.config.cdsso.clock.skew = 0
ae6942e3d1fc7327ba5df9d638e0af15a908f8fbMark Andrewscom.sun.identity.agents.config.cdsso.trusted.id.provider[0] = @AM_SERVICES_PROTO@://@AM_SERVICES_HOST@:@AM_SERVICES_PORT@@AM_SERVICES_DEPLOY_URI@/cdcservlet
ae6942e3d1fc7327ba5df9d638e0af15a908f8fbMark Andrewscom.sun.identity.agents.config.cdsso.secure.enable = false
69ec1b7eb3be37f06b53f572f6c33622e95a7935Evan Hunt# LOGOUT PROCESSING PROPERTIES
816496b22114ee7c2c15321c2c6cc4be77fdf822Mark Andrews# - logout.application.handler: An application specific (MAP) property
816496b22114ee7c2c15321c2c6cc4be77fdf822Mark Andrews# that identifies a handler to be used for logout processing.
ae6942e3d1fc7327ba5df9d638e0af15a908f8fbMark Andrews# - logout.uri: An application specific (MAP) property that identifies
ae6942e3d1fc7327ba5df9d638e0af15a908f8fbMark Andrews# a request URI which indicates a logout event.
28ad0be64ee756013c0f6a474fc447ee613ee0d1Evan Hunt# - logout.request.param: An application specific (MAP) property that
229442301442890aee044a0df54d3787acd68e65Mark Andrews# identifies a parameter which when present in the HTTP request
229442301442890aee044a0df54d3787acd68e65Mark Andrews# indicates a logout event.
229442301442890aee044a0df54d3787acd68e65Mark Andrews# - logout.introspect.enabled: A flag that when set allows the Agent
8b56b8956fc1e6c70efacb4f71db28d0d1f0c577Mark Andrews# to search HTTP request body to locate logout parameter.
8b56b8956fc1e6c70efacb4f71db28d0d1f0c577Mark Andrews# - logout.entry.uri: An application specific (MAP) property that identifies
8b56b8956fc1e6c70efacb4f71db28d0d1f0c577Mark Andrews# a URI to be used as an entry point after successful logout and
ae6942e3d1fc7327ba5df9d638e0af15a908f8fbMark Andrews# subsequent successful authentication if applicable.
ae6942e3d1fc7327ba5df9d638e0af15a908f8fbMark Andrews# Hot-Swap Enabled: Yes
2284b84d74cdfd62ecb962feb850de981bbc2196Evan Huntcom.sun.identity.agents.config.logout.application.handler[] =
bf64a0d5d9469c42622401bc5d55cf9888eeef44Tatuya JINMEI 神明達哉com.sun.identity.agents.config.logout.uri[] =
bf64a0d5d9469c42622401bc5d55cf9888eeef44Tatuya JINMEI 神明達哉com.sun.identity.agents.config.logout.request.param[] =
bf64a0d5d9469c42622401bc5d55cf9888eeef44Tatuya JINMEI 神明達哉com.sun.identity.agents.config.logout.introspect.enabled = false
00c93a6214214772d4952cd4327aa34670c763bcMichael Graffcom.sun.identity.agents.config.logout.entry.uri[] =
375e2c913a21cb852310418785f359a6b21b851dMark Andrews# FQDN PROCESSING PROPERTIES
375e2c913a21cb852310418785f359a6b21b851dMark Andrews# - fqdn.check.enable: A flag that indicates if FQDN checking is enabled
52cb865cf00db3437c33b57de0a17c807f9ba67eMark Andrews# - fqdn.default: A hostname that represents the default FQDN to be
0f4a4d46abe13df2c367aa8dffaad685c20eaadaMark Andrews# used by the Agent when necessary.
0f4a4d46abe13df2c367aa8dffaad685c20eaadaMark Andrews# - fqdn.mapping: A MAP property that specifies a mapping from an invalid
0f4a4d46abe13df2c367aa8dffaad685c20eaadaMark Andrews# FQDN entry specified as the key to a valid FQDN entry specified as
c4fadc88619959582ac89b841c489be0519ae79dTatuya JINMEI 神明達哉# Hot-Swap Enabled: Yes
8907d8fa04fdaa65baf0bc6b01230b2ebde93106Mark Andrews# com.sun.identity.agents.config.fqdn.mapping[myserver]=myserver.mydomain.com
8907d8fa04fdaa65baf0bc6b01230b2ebde93106Mark Andrewscom.sun.identity.agents.config.fqdn.check.enable = true
68cd13fff2b45c8a941ed8ac3efa0698798dcc96Mark Andrewscom.sun.identity.agents.config.fqdn.default = @AGENT_HOST@
db30f4bdcb66afb7eb1ab0c6882cc70be9a53d79Mark Andrews# LEGACY USER AGENT PROCESSING PROPERTIES
db30f4bdcb66afb7eb1ab0c6882cc70be9a53d79Mark Andrews# These three properties have been deprecated:
db30f4bdcb66afb7eb1ab0c6882cc70be9a53d79Mark Andrews# - legacy.support.enable: A flag that specifies if legacy user agent
db30f4bdcb66afb7eb1ab0c6882cc70be9a53d79Mark Andrews# support is enabled or disabled.
db30f4bdcb66afb7eb1ab0c6882cc70be9a53d79Mark Andrews# - legacy.user.agent: A LIST of user agent header values that identify
db30f4bdcb66afb7eb1ab0c6882cc70be9a53d79Mark Andrews# legacy browsers. Entries in this list can have wild card character '*'.
887ef2682c6f66f9dcd6604c4ccf8f87894ef2a9Mark Andrews# - legacy.redirect.uri: An intermediate URI used by the Agent to
887ef2682c6f66f9dcd6604c4ccf8f87894ef2a9Mark Andrews# redirect legacy user agent requests.
420ed91d3ed516bc9d5edf2e942ae792d17d11b4Mark Andrews# Hot-Swap Enabled: Yes
07555e64d9102eae058efd58f872b4a3b9ddff61Mark Andrewscom.sun.identity.agents.config.legacy.support.enable = false
07555e64d9102eae058efd58f872b4a3b9ddff61Mark Andrewscom.sun.identity.agents.config.legacy.user.agent[0] = Mozilla/4.7*
a76b380643a22f23a67a9df284e86cd7ef7608c1Mark Andrewscom.sun.identity.agents.config.legacy.redirect.uri = @AGENT_APP_URI@/sunwLegacySupportURI
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont# CUSTOM RESPONSE HEADERS
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont# A MAP property that specifies the custom headers that are set by
8d460bed78e2684fbb0cb150bbf800dcc4d29c54Mark Andrews# the Agent on the client browser. The key is the header name and the
fe3f310e2ed5cc5d7401ddfa5d222730a405dcf5Mark Andrews# value represents the header value.
fe3f310e2ed5cc5d7401ddfa5d222730a405dcf5Mark Andrews# Hot-Swap Enabled: Yes
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont# com.sun.identity.agents.config.response.header[Cache-Control] = no-cache
4a253e12fc611763cd7c1b793e78a00d47894399Francis Dupontcom.sun.identity.agents.config.response.header[] =
cffe96e26744abcf33494837b234219046a631d8Mark Andrews# REDIRECT ATTEMPT LIMIT
cffe96e26744abcf33494837b234219046a631d8Mark Andrews# Specifies the number of successive single point redirects that a
f703353673abc17ef76c89561a1fbf3555d38927Mark Andrews# user can make using a single browser session which will trigger the
f703353673abc17ef76c89561a1fbf3555d38927Mark Andrews# blocking of the user request. When set to 0 this feature is disabled.
f703353673abc17ef76c89561a1fbf3555d38927Mark Andrews# Hot-Swap Enabled: Yes
7e26a2a646877bcd5e03fce6d7347e88f059011eMark Andrewscom.sun.identity.agents.config.redirect.attempt.limit = 0
a95a9de45ca739dab17ec1263186dbaaaba50d97Tatuya JINMEI 神明達哉# PORT CHECK PROCESSING PROPERTIES
a95a9de45ca739dab17ec1263186dbaaaba50d97Tatuya JINMEI 神明達哉# - port.check.enable: A flag that indicates if port check functionality
a95a9de45ca739dab17ec1263186dbaaaba50d97Tatuya JINMEI 神明達哉# is enabled or disabled.
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews# - port.check.file: Specifies the name or complete path of a file that
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews# has the necessary content needed to handle requests that need port
55f580c7fc4b99316a54ef54ed79c58efca5fff1Mark Andrews# correction.
55f580c7fc4b99316a54ef54ed79c58efca5fff1Mark Andrews# - port.check.setting: A MAP of port versus protocol entries with the
55f580c7fc4b99316a54ef54ed79c58efca5fff1Mark Andrews# key being the listening port number and value being the listening
d9936b218d9d0fd7c6a1a418e5b91b356190ea12Mark Andrews# protocol to be used by the Agent to identify requests with invalid
d9936b218d9d0fd7c6a1a418e5b91b356190ea12Mark Andrews# port numbers.
4074b8e7342618ff38ffe3773a2699ee1734f1adMark Andrews# Hot-Swap Enabled: Yes
0283e511317cae3785a9d48e236289a234a25368Mark Andrews# com.sun.identity.agents.config.port.check.setting[80] = http
664e11f0b14c78cef7cf6b8c70323a1da494e351Mark Andrews# com.sun.identity.agents.config.port.check.setting[443] = https
0283e511317cae3785a9d48e236289a234a25368Mark Andrewscom.sun.identity.agents.config.port.check.enable = false
016c4317500eb565b82b27d00ba6b621c6e29110Mark Andrewscom.sun.identity.agents.config.port.check.file = PortCheckContent.txt
ce9c1558a6c81b49a5cedf55d168f889aeb5d310Mark Andrewscom.sun.identity.agents.config.port.check.setting[@AGENT_PREF_PORT@] = @AGENT_PREF_PROTO@
ce9c1558a6c81b49a5cedf55d168f889aeb5d310Mark Andrews# NOT-ENFORCED URI PROCESSING PROPERTIES
0f3264c8d1b66de8dedd137d53615b8a8556adfaMark Andrews# - notenforced.uri: A LIST of URIs for which protection is not enforced
0f3264c8d1b66de8dedd137d53615b8a8556adfaMark Andrews# by the Agent.
0f3264c8d1b66de8dedd137d53615b8a8556adfaMark Andrews# - notenforced.uri.invert: A flag that specifies if the list of URIs
0e30609d7b3e31e3ff249d185041b9140b5410baMark Andrews# specified by the property notenforced.uri should be inverted. When
0e30609d7b3e31e3ff249d185041b9140b5410baMark Andrews# set to true, it indicates that the URIs specified should be enforced
0e30609d7b3e31e3ff249d185041b9140b5410baMark Andrews# and all other URIs should be not enforced by the Agent. Entries in
9e8947d9e606b967d0792d0ab1ee7afac5e5f39dMark Andrews# this list can have wild card character '*'.
9e8947d9e606b967d0792d0ab1ee7afac5e5f39dMark Andrews# - notenforced.uri.cache.enable: A flag that specifies if the caching of
9e8947d9e606b967d0792d0ab1ee7afac5e5f39dMark Andrews# of not-enforced URI list evaluation results is enabled or disabled.
3cff31d890bf0815b6b2c7603d1e5c37dc3f26b7Mark Andrews# - notenforced.uri.cache.size: The size of the cache to be used if
3cff31d890bf0815b6b2c7603d1e5c37dc3f26b7Mark Andrews# caching of not-enforced URI list evaluation results is enabled.
2005c3b37bb39a37dc0b034bb2149006df7e3759Mark Andrews# - notenforced.refresh.session.idletime: A flag that specifies if the OpenAM
aef875b27e94586a1f3644d53705e6f5ea4b5dafMark Andrews# session idle time is reset or not when accessing the not enforced URIs.
aef875b27e94586a1f3644d53705e6f5ea4b5dafMark Andrews# Hot-Swap Enabled: Yes
9a7d202077fae00fbdca610d8a8d90689e30f331Mark Andrews# com.sun.identity.agents.config.notenforced.uri[0]=*.gif
9a7d202077fae00fbdca610d8a8d90689e30f331Mark Andrews# com.sun.identity.agents.config.notenforced.uri[1]=/public/*
9a7d202077fae00fbdca610d8a8d90689e30f331Mark Andrews# com.sun.identity.agents.config.notenforced.uri[2]=/images/*
9a7d202077fae00fbdca610d8a8d90689e30f331Mark Andrewscom.sun.identity.agents.config.notenforced.uri[0] =
9a7d202077fae00fbdca610d8a8d90689e30f331Mark Andrewscom.sun.identity.agents.config.notenforced.uri.invert = false
9a7d202077fae00fbdca610d8a8d90689e30f331Mark Andrewscom.sun.identity.agents.config.notenforced.uri.cache.enable = true
4a5b30c24ca7ceefec4ca142069b886f3d4ab9f9Mark Andrewscom.sun.identity.agents.config.notenforced.uri.cache.size = 1000
4a5b30c24ca7ceefec4ca142069b886f3d4ab9f9Mark Andrewscom.sun.identity.agents.config.notenforced.refresh.session.idletime = false
f1d6c77eccf502398ae5954fb884bde70764a047Mark Andrews# NOT-ENFORCED CLIENT IP PROCESSING PROPERTIES
f1d6c77eccf502398ae5954fb884bde70764a047Mark Andrews# - notenforced.ip: A LIST of client IP addresses for which protection is
f1d6c77eccf502398ae5954fb884bde70764a047Mark Andrews# not enforced by the Agent.
7adca0ea2fcd44641861523b718d6980c0666103Mark Andrews# - notenforced.ip.invert: A flag that specifies if the list of client IP
68cd13fff2b45c8a941ed8ac3efa0698798dcc96Mark Andrews# addresses specified by the property notenforced.ip should be inverted.
7adca0ea2fcd44641861523b718d6980c0666103Mark Andrews# When set to true, it indicates that the client IP addresses specified
9dcc44d7b309b61e89083807d47af471ec6bae1fMark Andrews# should be enforced and all other client IPs should be not enforced by
5badfc7e00b2ec2c7b93657906b8609114ee00ccMark Andrews# the Agent. Entries in this list can have wild card character '*'.
5badfc7e00b2ec2c7b93657906b8609114ee00ccMark Andrews# - notenforced.ip.cache.enable: A flag that specifies if the caching of
5badfc7e00b2ec2c7b93657906b8609114ee00ccMark Andrews# of not-enforced IP list evaluation results is enabled or disabled.
dc2a0aa7aaa8b85398ae183c7274c0eeec5009afMark Andrews# - notenforced.ip.cache.size: The size of the cache to be used if
dc2a0aa7aaa8b85398ae183c7274c0eeec5009afMark Andrews# caching of not-enforced IP list evaluation results is enabled.
2005c3b37bb39a37dc0b034bb2149006df7e3759Mark Andrews# Hot-Swap Enabled: Yes
7539c231d47677250008737b0691f9518111f3f5Mark Andrews# com.sun.identity.agents.config.notenforced.ip[0]=192.18.145.*
7539c231d47677250008737b0691f9518111f3f5Mark Andrews# com.sun.identity.agents.config.notenforced.ip[1]=192.18.146.123
7ae2fa27e921ff5a2de4b0bb3aef5013315e92a8Tatuya JINMEI 神明達哉com.sun.identity.agents.config.notenforced.ip[0] =
7ae2fa27e921ff5a2de4b0bb3aef5013315e92a8Tatuya JINMEI 神明達哉com.sun.identity.agents.config.notenforced.ip.invert = false
7fe86a54252bab063030512a0e4150e1b7814effMark Andrewscom.sun.identity.agents.config.notenforced.ip.cache.enable = true
7fe86a54252bab063030512a0e4150e1b7814effMark Andrewscom.sun.identity.agents.config.notenforced.ip.cache.size = 1000
1c3ed2a83d176d9023b51b60dfc96c133f678362Tatuya JINMEI 神明達哉# COMMON ATTRIBUTE FETCH PROCESSING PROPERTIES
e951a79d901cc9b72a4882c38f02b568eed6bf24Mark Andrews# - attribute.cookie.separator: A character that will be used to separate
fc53f564caa9d40f4b73a2808260b1dc07e86fddEvan Hunt# multiple values of the same attribute when it is being set as a cookie.
e951a79d901cc9b72a4882c38f02b568eed6bf24Mark Andrews# - attribute.cookie.encode: A flag that indicates if the value of the
9a727082a0f4959d4ad5ee91c171c2fad92ac996Mark Andrews# attribute should be URL encoded before being set as a cookie.
a59640bf27db16e02e01484297e36b7456e163bbMark Andrews# - attribute.date.format: The format of date attribute values to be used
4462e590791925b6a5efceacbff054a6b5fe35edMark Andrews# when the attribute is being set as HTTP header. This format is based
4462e590791925b6a5efceacbff054a6b5fe35edMark Andrews# on the definition as provided in java.text.SimpleDateFormat.
9925249931480c9e422b70c948b2665264ec46f5Mark Andrews# Hot-Swap Enabled: Yes
9925249931480c9e422b70c948b2665264ec46f5Mark Andrewscom.sun.identity.agents.config.attribute.cookie.separator = |
fc7043d7d1294478c9988c10af9a7fb8fd810338Evan Huntcom.sun.identity.agents.config.attribute.date.format = EEE, d MMM yyyy hh:mm:ss z
fc7043d7d1294478c9988c10af9a7fb8fd810338Evan Huntcom.sun.identity.agents.config.attribute.cookie.encode = true
cef715b6556ca1207b85aa1eac6ce817af2be44eMark Andrews# PROFILE ATTRIBUTE PROCESSING PROPERTIES
cef715b6556ca1207b85aa1eac6ce817af2be44eMark Andrews# - profile.attribute.fetch.mode: The mode of fetching profile attributes.
5497de6931b5ac26f65c2343b0318614f73933baMark Andrews# This value is one of: NONE, HTTP_HEADER, REQUEST_ATTRIBUTE, HTTP_COOKIE
5497de6931b5ac26f65c2343b0318614f73933baMark Andrews# - profile.attribute.mapping: A MAP that specifies the profile attributes to
5497de6931b5ac26f65c2343b0318614f73933baMark Andrews# be populated under specific names for the currently authenticated user.
f86c5d30de5d2bf4a4aab98f72295309d62e92eeMark Andrews# The key is the profile attribute name and the value is the name under
f86c5d30de5d2bf4a4aab98f72295309d62e92eeMark Andrews# which that attribute will be made available.
f86c5d30de5d2bf4a4aab98f72295309d62e92eeMark Andrews# Hot-Swap Enabled: Yes
262c39b2366bf79062f7f86b218947523dd1cbacEvan Hunt# com.sun.identity.agents.config.profile.attribute.mapping[cn]=CUSTOM-Common-Name
262c39b2366bf79062f7f86b218947523dd1cbacEvan Hunt# com.sun.identity.agents.config.profile.attribute.mapping[mail]=CUSTOM-Email
b1e32169ac5cf21fca540fa122a546db71090491Mark Andrewscom.sun.identity.agents.config.profile.attribute.fetch.mode = NONE
827572e191fad1326c624593bf35d8eb1928f607Mark Andrewscom.sun.identity.agents.config.profile.attribute.mapping[] =
1aba9fe67899522364a9dbc3ee5a14da081f0314Evan Hunt# SESSION ATTRIBUTE PROCESSING PROPERTIES
546c2bf791782df1077217bdaf1865235fa95a93Mark Andrews# - session.attribute.fetch.mode: The mode of fetching session attributes.
546c2bf791782df1077217bdaf1865235fa95a93Mark Andrews# This value is one of: NONE, HTTP_HEADER, REQUEST_ATTRIBUTE, HTTP_COOKIE
546c2bf791782df1077217bdaf1865235fa95a93Mark Andrews# - session.attribute.mapping: A MAP that specifies the session attributes to
6c7f722d31d12cf83964c8132f0a59ef70e34cb5Mark Andrews# be populated under specific names for the currently authenticated user.
6c7f722d31d12cf83964c8132f0a59ef70e34cb5Mark Andrews# The key is the session attribute name and the value is the name under
fcc2a57e13fbecf085e9d11702709b3d5a49b043Mark Andrews# which that attribute will be made available.
fcc2a57e13fbecf085e9d11702709b3d5a49b043Mark Andrews# Hot-Swap Enabled: Yes
fcdafc1e30dd4d10184b56201ea2fc3bab711e5eMark Andrews# com.sun.identity.agents.config.session.attribute.mapping[UserToken]=CUSTOM-userid
f1263d2aa405087e74caf001cd443079f50ee903Mark Andrewscom.sun.identity.agents.config.session.attribute.fetch.mode = NONE
f1263d2aa405087e74caf001cd443079f50ee903Mark Andrewscom.sun.identity.agents.config.session.attribute.mapping[] =
b1d21f6c93c93bd27492fc41f1c3205c39ab2167Mark Andrews# RESPONSE ATTRIBUTE PROCESSING PROPERTIES
b1d21f6c93c93bd27492fc41f1c3205c39ab2167Mark Andrews# - response.attribute.fetch.mode: The mode of fetching policy response
efb3fa669f00ccfd9aada997b426616b6b0ce044Mark Andrews# attributes. This value is one of: NONE, HTTP_HEADER, REQUEST_ATTRIBUTE,
efb3fa669f00ccfd9aada997b426616b6b0ce044Mark Andrews# HTTP_COOKIE
034f775ae1bbc260d88bc372f01fdf4b50554514Mark Andrews# - response.attribute.mapping: A MAP that specifies the policy response
034f775ae1bbc260d88bc372f01fdf4b50554514Mark Andrews# attributes to be populated under specific names for the currently
034f775ae1bbc260d88bc372f01fdf4b50554514Mark Andrews# authenticated user. The key is the policy response attribute name and
80f20cb452989a423ed0ab84cfbf67d258b92247Mark Andrews# the value is the name under which that attribute will be made available.
80f20cb452989a423ed0ab84cfbf67d258b92247Mark Andrews# Hot-Swap Enabled: Yes
93ee06cbe34294c300834d383ff89162ad5c241aMark Andrewscom.sun.identity.agents.config.response.attribute.fetch.mode = NONE
93ee06cbe34294c300834d383ff89162ad5c241aMark Andrewscom.sun.identity.agents.config.response.attribute.mapping[] =
494143860bbe118050f46ecac3d196c779d4b7b0Mark Andrews# BYPASS PRINCIPAL LIST
494143860bbe118050f46ecac3d196c779d4b7b0Mark Andrews# This property specifies a list of principals that is bypassed by the
400a1b6604ede895cc8d67a7aa66796a5dbc75e4Mark Andrews# Agent for authentication and search purposes.
400a1b6604ede895cc8d67a7aa66796a5dbc75e4Mark Andrews# Hot-Swap Enabled: Yes
c0fb34e8156aea6b7fde8488e7440524c703f22eMark Andrews# com.sun.identity.agents.config.bypass.principal[0] = guest
c0fb34e8156aea6b7fde8488e7440524c703f22eMark Andrews# com.sun.identity.agents.config.bypass.principal[1] = testuser
48fa5940280d65a83b020cca12769b4cd0422e91Mark Andrewscom.sun.identity.agents.config.bypass.principal[0] =
bfcc5ae79a46c5c55e6cf1a9fe4d70a957712d2bTatuya JINMEI 神明達哉# PRIVILEGED ATTRIBUTE PROCESSING PROPERTIES
bfcc5ae79a46c5c55e6cf1a9fe4d70a957712d2bTatuya JINMEI 神明達哉# - default.privileged.attribute: A list of privileged attributes that will
bfcc5ae79a46c5c55e6cf1a9fe4d70a957712d2bTatuya JINMEI 神明達哉# be granted to all users who have a valid OpenAM session.
bfcc5ae79a46c5c55e6cf1a9fe4d70a957712d2bTatuya JINMEI 神明達哉# - privileged.attribute.type: A list of privileged attribute types that will
68cd13fff2b45c8a941ed8ac3efa0698798dcc96Mark Andrews# be fetched for each user.
20837e74f5e68a8108c25bb341a3ef1c1ca22711Tatuya JINMEI 神明達哉# - privileged.attribute.tolowercase : A MAP property that specifies if the
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews# privileged attribute types should be converted to lowercase.
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews# - privileged.session.attribute: A list of session property names which
f61a7c87bf36b189d8f04ea4c8ab3ec55778355cMark Andrews# hold privileged attributes for the authenticated user.
f61a7c87bf36b189d8f04ea4c8ab3ec55778355cMark Andrews# - privileged.attribute.mapping.enable: A flag to specify whether
f61a7c87bf36b189d8f04ea4c8ab3ec55778355cMark Andrews# a mapping from an attibute's original value to another value is
f61a7c87bf36b189d8f04ea4c8ab3ec55778355cMark Andrews# enabled. This mapping may be necessary to satisfy container-specific
f61a7c87bf36b189d8f04ea4c8ab3ec55778355cMark Andrews# restrictions on character set being used in certain configuration files.
f61a7c87bf36b189d8f04ea4c8ab3ec55778355cMark Andrews# - privileged.attribute.mapping: A map property that specifies the above
2678fccde3453facce53f857d95fec30ca4a284fMark Andrews# mentioned mapping; Note that if a key contains "=" or ":", then these
2678fccde3453facce53f857d95fec30ca4a284fMark Andrews# special character needs to be escaped by "\".
562460463b6f4c4d6f815c58c129451c82d66823Mark Andrews# Hot-Swap Enabled: Yes
562460463b6f4c4d6f815c58c129451c82d66823Mark Andrews# com.sun.identity.agents.config.default.privileged.attribute[0] = AUTHENTICATED_USERS
577272cf7935770fa2ea817e656a572cdcd94eccMark Andrews# com.sun.identity.agents.config.privileged.attribute.type[0] = Group
577272cf7935770fa2ea817e656a572cdcd94eccMark Andrews# com.sun.identity.agents.config.privileged.attribute.tolowercase[Group] = false
577272cf7935770fa2ea817e656a572cdcd94eccMark Andrews# com.sun.identity.agents.config.privileged.session.attribute[0] = UserToken
8486ce1efa5deded85415d21d5696e5a51c63357Mark Andrews# com.sun.identity.agents.config.privileged.attribute.mapping.enable=true
8486ce1efa5deded85415d21d5696e5a51c63357Mark Andrews# com.sun.identity.agents.config.privileged.attribute.mapping[id\=manager,ou\=group,dc\=opensso,dc\=java,dc\=net] = am_manager_role
92f60809e854ccf5f115883c6347e370da048848Mark Andrews# com.sun.identity.agents.config.privileged.attribute.mapping[id\=employee,ou\=group,dc\=opensso,dc\=java,dc\=net] = am_employee_role
92f60809e854ccf5f115883c6347e370da048848Mark Andrewscom.sun.identity.agents.config.default.privileged.attribute[0] = AUTHENTICATED_USERS
92f60809e854ccf5f115883c6347e370da048848Mark Andrewscom.sun.identity.agents.config.privileged.attribute.type[0] = Group
92f60809e854ccf5f115883c6347e370da048848Mark Andrewscom.sun.identity.agents.config.privileged.attribute.type[1] = Role
f5d0f495847eb4eb9f0058e73051f855800bee0bMark Andrewscom.sun.identity.agents.config.privileged.attribute.tolowercase[Group] = false
f5d0f495847eb4eb9f0058e73051f855800bee0bMark Andrewscom.sun.identity.agents.config.privileged.attribute.tolowercase[Role] = false
f5d0f495847eb4eb9f0058e73051f855800bee0bMark Andrewscom.sun.identity.agents.config.privileged.session.attribute[0] =
dc0ecf08dbea81b6ebfcd3a18b52aa974472b1baMark Andrewscom.sun.identity.agents.config.privileged.attribute.mapping.enable = true
dc0ecf08dbea81b6ebfcd3a18b52aa974472b1baMark Andrewscom.sun.identity.agents.config.privileged.attribute.mapping[] =
dc19dcbc236bc876a6cdb426ec7c5fab964f8dfcMark Andrews# SSO TOKEN COOKIE NAME
dc19dcbc236bc876a6cdb426ec7c5fab964f8dfcMark Andrews# The name of the SSO Token cookie used between the OpenAM server and
dc19dcbc236bc876a6cdb426ec7c5fab964f8dfcMark Andrews# Hot-Swap Enabled: No
114c14f8adfc249cf2e5cdcb9007af46fed257e3Mark Andrewscom.iplanet.am.cookie.name=iPlanetDirectoryPro
3d78993c6d415f600f57520d1566627b5535d715Mark Andrews# SESSION CLIENT PROPERTIES
3d78993c6d415f600f57520d1566627b5535d715Mark Andrews# - com.iplanet.am.session.client.polling.enable: A flag that specifies if
8c850a29eda020642c84038e449d60f124c6123bMark Andrews# the session client must use polling for updating session information
8c850a29eda020642c84038e449d60f124c6123bMark Andrews# and not depend upon server notifications.
8c850a29eda020642c84038e449d60f124c6123bMark Andrews# - com.iplanet.am.session.client.polling.period: Specifies the time in
da31aff2f2a2163dafeea65c63f16d8f3fca05c5Mark Andrews# seconds after which the session client will request update of cached
da31aff2f2a2163dafeea65c63f16d8f3fca05c5Mark Andrews# session information from the server.
da31aff2f2a2163dafeea65c63f16d8f3fca05c5Mark Andrews# Note: the notification url to be used by the Agent to receive session
e8ca2abed76b550fd3baddcfb17f2c9a630d6b71Mark Andrews# notifications is com.sun.identity.client.notification.url
68cd13fff2b45c8a941ed8ac3efa0698798dcc96Mark Andrews# Hot-Swap Enabled: No
81d9d7a10e52b421d7f4784c48ae995b13203c59Mark Andrewscom.iplanet.am.session.client.polling.enable=false
81d9d7a10e52b421d7f4784c48ae995b13203c59Mark Andrewscom.iplanet.am.session.client.polling.period=180
301f6ffbbeabcbf765f8163f4ffb7f6f0146b926Mark Andrews# ENCRYPTION PROVIDER
9e4b25fc3eb5777202147634d789345d893b4539Mark Andrews# Specifies the encryption provider implementation to be used by the Agent.
9e4b25fc3eb5777202147634d789345d893b4539Mark Andrews# Hot-Swap Enabled: No
28c49640dcb25102e5040b8d957edd905ddf82f8Mark Andrewscom.iplanet.security.encryptor=com.iplanet.services.util.JCEEncryption
541b9722d8031485922ab11221c2e747c0262cf5Mark Andrews# USER DATA CACHE PROPERTIES
541b9722d8031485922ab11221c2e747c0262cf5Mark Andrews# - com.sun.identity.idm.remote.notification.enabled: A flag that is used to
ddaeaddf2b9148ce3e6ec5fecc48f64ea5826faeMark Andrews# enable/disable the notifications for amsdk and IdRepo Caches. If set to
ddaeaddf2b9148ce3e6ec5fecc48f64ea5826faeMark Andrews# true notifications are enabled and disabled if set to false.
ddaeaddf2b9148ce3e6ec5fecc48f64ea5826faeMark Andrews# - com.iplanet.am.sdk.remote.pollingTime: Cache update time in minutes for
a6f7fdcc039de75e9a20da90044caa814f0357a3Michael Graff# user management data. If set to '0' no updates happen. This property
a6f7fdcc039de75e9a20da90044caa814f0357a3Michael Graff# takes effect only if no notification url is provided by
d7e8610d31d83ff863e8b2dc05c238376c35e949Mark Andrews# 'com.sun.identity.client.notification.url' or if notifications are
d7e8610d31d83ff863e8b2dc05c238376c35e949Mark Andrews# disabled. (i.e., com.sun.identity.idm.remote.notification.enabled=false)
d7e8610d31d83ff863e8b2dc05c238376c35e949Mark Andrews# Hot-Swap Enabled: No
7e8214191899dc8043babdfbe9235ba14c825005Mark Andrewscom.sun.identity.idm.remote.notification.enabled=true
9429f5a8318bd2142280c949d4af05998ca348a2Evan Hunt# SERVICE DATA CACHE PROPERTIES
9429f5a8318bd2142280c949d4af05998ca348a2Evan Hunt# - com.sun.identity.sm.notification.enabled: A flag that is used to
0899d16ebd6a70bb027e7899c53e7f542ebc987bEvan Hunt# enable/disable the notifications for service management caches. If set to
0899d16ebd6a70bb027e7899c53e7f542ebc987bEvan Hunt# true notifications are enabled and disabled if set to false.
0899d16ebd6a70bb027e7899c53e7f542ebc987bEvan Hunt# - com.sun.identity.sm.cacheTime: Cache update time in minutes for service
0899d16ebd6a70bb027e7899c53e7f542ebc987bEvan Hunt# configuration data. If set to '0' no updates happen. This property
d2e440ca30f27468443ccc7e21db0b8e10c4faf8Mark Andrews# takes effect only if no notification url is provided by
d2e440ca30f27468443ccc7e21db0b8e10c4faf8Mark Andrews# 'com.sun.identity.client.notification.url' or if notifications are
d2e440ca30f27468443ccc7e21db0b8e10c4faf8Mark Andrews# disabled. (i.e., com.sun.identity.sm.notification.enabled=false).
404df30f4fcbd318dd1e3cc027d2b5abff3ab6d5Mark Andrews# Hot-Swap Enabled: No
1f2635d3f7b3f0b3bf0d0310fe880d95e84f09fcMark Andrews# AUTHENTICATION SERVICE PROPERTIES
1f2635d3f7b3f0b3bf0d0310fe880d95e84f09fcMark Andrews# Server protocol, host and port to be used by Authentication Service.
802760773ca5224b29a610741a7f2e0a7d6e031bMark Andrews# Hot-Swap Enabled: No
802760773ca5224b29a610741a7f2e0a7d6e031bMark Andrewscom.iplanet.am.server.protocol=@AM_SERVICES_PROTO@
b6d496d53851e5ab5ba82e800062a431b05310cbEvan Huntcom.iplanet.am.server.host=@AM_SERVICES_HOST@
b6d496d53851e5ab5ba82e800062a431b05310cbEvan Huntcom.iplanet.am.server.port=@AM_SERVICES_PORT@
d813808a01d5629110b8df483ccc2dff9ec2a84fMark Andrews# POLICY CLIENT PROPERTIES
67213ca3d0594588a6fac32d8188efc68b0ad572Shane Kerr# - com.sun.identity.agents.notification.enabled: A flag that specifies
67213ca3d0594588a6fac32d8188efc68b0ad572Shane Kerr# if notifications are enabled or disabled for remote policy client.
d813808a01d5629110b8df483ccc2dff9ec2a84fMark Andrews# - com.sun.identity.agents.polling.interval: The duration in minutes
d813808a01d5629110b8df483ccc2dff9ec2a84fMark Andrews# after which the cached entries are refreshed by remote policy client.
33170a4b2b2765583df543efbb13a01e7b664037Mark Andrews# - com.sun.identity.policy.client.cacheMode: The mode of caching to be
33170a4b2b2765583df543efbb13a01e7b664037Mark Andrews# used by remote policy client. Valid value is one of: subtree, self.
33170a4b2b2765583df543efbb13a01e7b664037Mark Andrews# Cache mode subtree is recommended for a small number of policy rules
2cc262c0932a193b261e6e6a172855bd8f898c6dMark Andrews# In all other cases, cacheMode self is recommended.
2cc262c0932a193b261e6e6a172855bd8f898c6dMark Andrews# - com.sun.identity.policy.client.booleanActionValues : boolean action
2cc262c0932a193b261e6e6a172855bd8f898c6dMark Andrews# values for policy action names.
76a378884f628f9b23bff16490e39dcd69b6ef0eMark Andrews# format : serviceName|actionName|trueValue|falseValue
76a378884f628f9b23bff16490e39dcd69b6ef0eMark Andrews# - com.sun.identity.policy.client.resourceComparators: Resource Comparators
76a378884f628f9b23bff16490e39dcd69b6ef0eMark Andrews# to be used for different service names.
c368f28dad471c70213b41f7a0ad1b4ef4d8c543Mark Andrews# - com.sun.identity.policy.client.clockSkew: Specifies time in seconds
03745451370778a867e46fdbe315eb958745a391Mark Andrews# which is allowed to accommodate the time difference between the
f183f4c0cd40354f423bdb129e7a0c9badb5082cMark Andrews# OpenAM server machine and the remote policy client machine.
f183f4c0cd40354f423bdb129e7a0c9badb5082cMark Andrews# Note: the Notification URL for remote policy client is set by the
f183f4c0cd40354f423bdb129e7a0c9badb5082cMark Andrews# property com.sun.identity.client.notification.url.
f183f4c0cd40354f423bdb129e7a0c9badb5082cMark Andrews# Hot-Swap Enabled: No
71f4918fd8a5ec4f0a05aac657b614fdf2467bebMark Andrewscom.sun.identity.agents.notification.enabled=true
dabe7f50bb61d75841b535b91edb8f323f82f826Evan Huntcom.sun.identity.policy.client.booleanActionValues=iPlanetAMWebAgentService|GET|allow|deny:iPlanetAMWebAgentService|POST|allow|deny
a1e2170ad5c5018fbe8f7b8449d8885d5d298e88Mark Andrewscom.sun.identity.policy.client.resourceComparators=serviceType=iPlanetAMWebAgentService|class=com.sun.identity.policy.plugins.HttpURLResourceName|wildcard=*|delimiter=/|caseSensitive=false
a1e2170ad5c5018fbe8f7b8449d8885d5d298e88Mark Andrews# URL POLICY ENVIRONMENT VARIABLE PROPERTIES
a1e2170ad5c5018fbe8f7b8449d8885d5d298e88Mark Andrews# - com.sun.identity.agents.config.policy.env.get.param: A list of HTTP GET
a1e2170ad5c5018fbe8f7b8449d8885d5d298e88Mark Andrews# request parameters whose names and values will be set in the environment
05d2776f6fa8e3628555463b06cb43288c9ee68eEvan Hunt# map for URL policy evaluation at AM server. The key in the map is in the
05d2776f6fa8e3628555463b06cb43288c9ee68eEvan Hunt# format of GET.<parameter-name>, the map value is a set of string values
05d2776f6fa8e3628555463b06cb43288c9ee68eEvan Hunt# of the parameter.
8327cdb88fdbf306eb4c37fe00a29aac4c2f55c5Evan Hunt# - com.sun.identity.agents.config.policy.env.post.param: A list of HTTP POST
8327cdb88fdbf306eb4c37fe00a29aac4c2f55c5Evan Hunt# request parameters whose names and values will be set in the environment
f2d8c4a4c3dfa212ddcf5b86d4c5fced4965e52eMark Andrews# map for URL policy evaluation at AM server. The key in the map is in the
f2d8c4a4c3dfa212ddcf5b86d4c5fced4965e52eMark Andrews# format of POST.<parameter-name>, the map value is a set of string values
8c76634f88c5b3169b61505925e10b997ea08e54Mark Andrews# of the parameter.
8c76634f88c5b3169b61505925e10b997ea08e54Mark Andrews# - com.sun.identity.agents.config.policy.env.jsession.param: A list of
8c76634f88c5b3169b61505925e10b997ea08e54Mark Andrews# HTTP SESSION attributes whose names and values will be set in the
8bedd9647f4d6894e12a8c94d3ccc624dddcee50Mark Andrews# environment map for URL policy evaluation at AM server. The key in the
8bedd9647f4d6894e12a8c94d3ccc624dddcee50Mark Andrews# map is in the format of JSESSION.<parameter-name>, the map value is a
8bedd9647f4d6894e12a8c94d3ccc624dddcee50Mark Andrews# set that contains the string value of the parameter.
ca84283333d22c64abfbcb87872dd5e6d9172c5aMark Andrews# Hot-Swap Enabled: Yes
ca84283333d22c64abfbcb87872dd5e6d9172c5aMark Andrews# com.sun.identity.agents.config.policy.env.get.param[0]=name
e6555b046798b1900e93c3208d26301872f50ca5Shane Kerr# com.sun.identity.agents.config.policy.env.get.param[1]=phonenumber
e6555b046798b1900e93c3208d26301872f50ca5Shane Kerr# com.sun.identity.agents.config.policy.env.jsession.param[0]=cardnumber
e6555b046798b1900e93c3208d26301872f50ca5Shane Kerr# Assuming HTTP GET request parameters "name" and "phonenumber" have their
9a41f786b167a2a6df498d5e9c699f9835e1e9dcMark Andrews# values as "bob" and "1-800-123-4567" respectively. There is a HTTP Session
9a41f786b167a2a6df498d5e9c699f9835e1e9dcMark Andrews# attribute "cardnumber" with its value as "12345678".
9a41f786b167a2a6df498d5e9c699f9835e1e9dcMark Andrews# In the map, the following will be set:
68cd13fff2b45c8a941ed8ac3efa0698798dcc96Mark Andrews# GET.phonenumber => [1-800-123-4567]
bf98702c1941f368e54c499dd1ff59ee684cf125Mark Andrewscom.sun.identity.agents.config.policy.env.get.param[0]=
bf98702c1941f368e54c499dd1ff59ee684cf125Mark Andrewscom.sun.identity.agents.config.policy.env.post.param[0]=
bf98702c1941f368e54c499dd1ff59ee684cf125Mark Andrewscom.sun.identity.agents.config.policy.env.jsession.param[0]=
bf98702c1941f368e54c499dd1ff59ee684cf125Mark Andrews# AGENT NOTIFICATION URL PROPERTY
68cd13fff2b45c8a941ed8ac3efa0698798dcc96Mark Andrews# -com.sun.identity.client.notification.url: URL for agent to receive
65391557db5d7dc725ed3f2b759248fea31a2445Mark Andrews# notifications from the OpenAM server for session, policy, and
e2c3f8059e77a8e11c4378d22e5d8e78b423a28fMark Andrews# configuration changes.
68cd13fff2b45c8a941ed8ac3efa0698798dcc96Mark Andrews# Hot-Swap Enabled: No
a7b7a4ebc38ec7460e95da6d3d70ffe7b59573b8Mark Andrewscom.sun.identity.client.notification.url=@AGENT_PREF_PROTO@://@AGENT_HOST@:@AGENT_PREF_PORT@@AGENT_APP_URI@/notification
6f1b09965f26ab0d6c38dec4a38f67bb34ebddceMark Andrews# DEBUG SERVICE PROPERTY
23450c23fd19138cfad95b6c7728e2965abfc154Mark Andrews# - com.iplanet.services.debug.level: Specifies the debug level to be used.
de05f7d061abfe0ce555e0d0f2089f1261b031b6Mark Andrews# The value is one of: off, error, warning, message.
de05f7d061abfe0ce555e0d0f2089f1261b031b6Mark Andrews# Hot-Swap Enabled: Yes
68cd13fff2b45c8a941ed8ac3efa0698798dcc96Mark Andrews# IGNORE REQUEST URL PATH INFO
c7e266b7e5675e12d1ca3cc929f24b3e86d41f8eEvan Hunt# The path info will be stripped from the request URL while doing Not Enforced
85db2b5fb360ccd2aeec1e6e22336b3d654bb39aMark Andrews# List check and url policy evaluation if the value is set to true.
85db2b5fb360ccd2aeec1e6e22336b3d654bb39aMark Andrews# Hot-Swap Enabled: Yes