amAuthCert.xml revision eaa5beaafb54d343aa1db6a1fcaa98905f8b4db7
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt<?xml version="1.0" encoding="ISO-8859-1"?>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<!--
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt The contents of this file are subject to the terms
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt of the Common Development and Distribution License
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt (the License). You may not use this file except in
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt compliance with the License.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt You can obtain a copy of the License at
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt https://opensso.dev.java.net/public/CDDLv1.0.html or
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt opensso/legal/CDDLv1.0.txt
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt See the License for the specific language governing
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt permission and limitations under the License.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt When distributing Covered Code, include this CDDL
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt Header Notice in each file and include the License file
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt at opensso/legal/CDDLv1.0.txt.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt If applicable, add the following below the CDDL Header,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt with the fields enclosed by brackets [] replaced by
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt your own identifying information:
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt "Portions Copyrighted [year] [name of copyright owner]"
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt $Id: amAuthCert.xml,v 1.9 2008/06/25 05:45:41 qcheng Exp $
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt Portions Copyrighted 2011-2015 ForgeRock AS.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt-->
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<!DOCTYPE ServicesConfiguration
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt PUBLIC "=//iPlanet//Service Management Services (SMS) 1.0 DTD//EN"
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt "jar://com/sun/identity/sm/sms.dtd">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<ServicesConfiguration>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <Service name="iPlanetAMAuthCertService" version="1.0">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <Schema
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt serviceHierarchy="/DSAMEConfig/authentication/iPlanetAMAuthCertService"
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt i18nFileName="amAuthCert"
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt revisionNumber="40"
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt i18nKey="iplanet-am-auth-cert-service-description"
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt resourceName="certificate">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <Organization>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <AttributeSchema name="iplanet-am-auth-cert-check-cert-in-ldap"
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt type="single"
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt syntax="boolean"
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt i18nKey="a101"
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt resourceName="matchCertificateInLdap">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <DefaultValues>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <Value>false</Value>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </DefaultValues>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </AttributeSchema>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <AttributeSchema name="iplanet-am-auth-cert-attr-check-ldap"
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt type="single"
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt syntax="string"
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt i18nKey="a1011"
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt resourceName="ldapCertificateAttribute">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <DefaultValues>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <Value>CN</Value>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </DefaultValues>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </AttributeSchema>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <AttributeSchema name="iplanet-am-auth-cert-check-crl"
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt type="single"
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt syntax="boolean"
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt i18nKey="a102"
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt resourceName="matchCertificateToCRL">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <DefaultValues>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <Value>false</Value>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </DefaultValues>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </AttributeSchema>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <AttributeSchema name="sunAMValidateCACert"
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt type="single"
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt syntax="boolean"
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt i18nKey="a1023"
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt resourceName="matchCACertificateToCRL">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <DefaultValues>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <Value>false</Value>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </DefaultValues>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </AttributeSchema>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <AttributeSchema name="iplanet-am-auth-cert-attr-check-crl"
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt type="single"
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt syntax="string"
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt i18nKey="a1021"
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt resourceName="crlMatchingCertificateAttribute">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <DefaultValues>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <Value>CN</Value>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </DefaultValues>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </AttributeSchema>
<AttributeSchema name="openam-am-auth-cert-attr-cache-crl"
type="single"
syntax="boolean"
i18nKey="a1024"
resourceName="cacheCRLsInMemory">
<DefaultValues>
<Value>true</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="iplanet-am-auth-cert-param-get-crl"
type="single"
syntax="string"
i18nKey="a1022"
resourceName="crlHttpParameters">
<DefaultValues>
<Value></Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="openam-am-auth-cert-update-crl"
type="single"
syntax="boolean"
i18nKey="a1025"
resourceName="updateCRLsFromDistributionPoint">
<DefaultValues>
<Value>true</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="iplanet-am-auth-cert-check-ocsp"
type="single"
syntax="boolean"
i18nKey="a103"
resourceName="ocspValidationEnabled">
<DefaultValues>
<Value>false</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="iplanet-am-auth-cert-ldap-provider-url"
type="list"
syntax="string"
i18nKey="a104"
resourceName="certificateLdapServers">
<DefaultValues>
<Value>@UM_DIRECTORY_SERVER@:@UM_DIRECTORY_PORT@</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="iplanet-am-auth-cert-start-search-loc"
type="list"
syntax="string"
i18nKey="a105"
resourceName="ldapSearchStartDN">
</AttributeSchema>
<AttributeSchema name="iplanet-am-auth-cert-security-type"
type="single_choice"
syntax="string"
i18nKey="">
<ChoiceValues>
<ChoiceValue i18nKey="choiceNone">none</ChoiceValue>
<ChoiceValue i18nKey="choiceSimple">simple</ChoiceValue>
<ChoiceValue i18nKey="choiceCRAM-MD5">CRAM-MD5</ChoiceValue>
</ChoiceValues>
<DefaultValues>
<Value>none</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="iplanet-am-auth-cert-principal-user"
type="single"
syntax="string"
i18nKey="a107"
resourceName="userBindDN">
<DefaultValues>
<Value>@UM_DS_DIRMGRDN@</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="iplanet-am-auth-cert-principal-passwd"
type="single"
syntax="password"
i18nKey="a108"
resourceName="userBindPassword">
</AttributeSchema>
<AttributeSchema name="iplanet-am-auth-cert-use-ssl"
type="single"
syntax="boolean"
i18nKey="a110"
resourceName="sslEnabled">
<DefaultValues>
<Value>false</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="iplanet-am-auth-cert-user-profile-mapper"
type="single_choice"
syntax="string"
i18nKey="a111"
resourceName="certificateAttributeToProfileMapping">
<ChoiceValues>
<ChoiceValue i18nKey="choiceSubjectDN">subject DN</ChoiceValue>
<ChoiceValue i18nKey="choiceSubjectCN">subject CN</ChoiceValue>
<ChoiceValue i18nKey="choiceSubjectUID">subject UID</ChoiceValue>
<ChoiceValue i18nKey="choiceEmail">email address</ChoiceValue>
<ChoiceValue i18nKey="choiceOther">other</ChoiceValue>
<ChoiceValue i18nKey="choiceNone">none</ChoiceValue>
</ChoiceValues>
<DefaultValues>
<Value>subject CN</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="iplanet-am-auth-cert-user-profile-mapper-other"
type="single"
syntax="string"
i18nKey="a1111"
resourceName="otherCertificateAttributeToProfileMapping">
</AttributeSchema>
<AttributeSchema name="iplanet-am-auth-cert-user-profile-mapper-ext"
type="single_choice"
syntax="string"
i18nKey="a1112"
resourceName="certificateAttributeProfileMappingExtension">
<ChoiceValues>
<ChoiceValue i18nKey="choiceNone">none</ChoiceValue>
<ChoiceValue i18nKey="choiceRFC822Name">RFC822Name</ChoiceValue>
<ChoiceValue i18nKey="choiceUPN">UPN</ChoiceValue>
</ChoiceValues>
<DefaultValues>
<Value>none</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="iplanet-am-auth-cert-auth-level"
type="single"
syntax="number_range" rangeStart="0" rangeEnd="2147483647"
i18nKey="a500"
resourceName="authenticationLevel">
<DefaultValues>
<Value>0</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="iplanet-am-auth-cert-gw-cert-auth-enabled"
type="list"
syntax="string"
i18nKey="a113"
resourceName="trustedRemoteHosts">
<DefaultValues>
<Value>none</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="sunAMHttpParamName"
type="single"
syntax="string"
validator="no"
i18nKey="a115"
resourceName="clientCertificateHttpHeaderName">
<DefaultValues>
<Value></Value>
</DefaultValues>
</AttributeSchema>
<SubSchema name="serverconfig" inheritance="multiple" resourceName="USE-PARENT">
<AttributeSchema name="iplanet-am-auth-cert-check-cert-in-ldap"
type="single"
syntax="boolean"
i18nKey="a101"
resourceName="matchCertificateInLdap">
<DefaultValues>
<Value>false</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="iplanet-am-auth-cert-attr-check-ldap"
type="single"
syntax="string"
i18nKey="a1011"
resourceName="ldapCertificateAttribute">
<DefaultValues>
<Value>CN</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="iplanet-am-auth-cert-check-crl"
type="single"
syntax="boolean"
i18nKey="a102"
resourceName="matchCertificateToCRL">
<DefaultValues>
<Value>false</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="sunAMValidateCACert"
type="single"
syntax="boolean"
i18nKey="a1023"
resourceName="matchCACertificateToCRL">
<DefaultValues>
<Value>false</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="iplanet-am-auth-cert-attr-check-crl"
type="single"
syntax="string"
i18nKey="a1021"
resourceName="crlMatchingCertificateAttribute">
<DefaultValues>
<Value>CN</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="openam-am-auth-cert-attr-cache-crl"
type="single"
syntax="boolean"
i18nKey="a1024"
resourceName="cacheCRLsInMemory">
<DefaultValues>
<Value>true</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="iplanet-am-auth-cert-param-get-crl"
type="single"
syntax="string"
i18nKey="a1022"
resourceName="crlHttpParameters">
<DefaultValues>
<Value></Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="openam-am-auth-cert-update-crl"
type="single"
syntax="boolean"
i18nKey="a1025"
resourceName="updateCRLsFromDistributionPoint">
<DefaultValues>
<Value>true</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="iplanet-am-auth-cert-check-ocsp"
type="single"
syntax="boolean"
i18nKey="a103"
resourceName="ocspValidationEnabled">
<DefaultValues>
<Value>false</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="iplanet-am-auth-cert-ldap-provider-url"
type="list"
syntax="string"
i18nKey="a104"
resourceName="certificateLdapServers">
<DefaultValues>
<Value>@UM_DIRECTORY_SERVER@:@UM_DIRECTORY_PORT@</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="iplanet-am-auth-cert-start-search-loc"
type="list"
syntax="string"
i18nKey="a105"
resourceName="ldapSearchStartDN">
</AttributeSchema>
<AttributeSchema name="iplanet-am-auth-cert-security-type"
type="single_choice"
syntax="string"
i18nKey="">
<ChoiceValues>
<ChoiceValue i18nKey="choiceNone">none</ChoiceValue>
<ChoiceValue i18nKey="choiceSimple">simple</ChoiceValue>
<ChoiceValue i18nKey="choiceCRAM-MD5">CRAM-MD5</ChoiceValue>
</ChoiceValues>
<DefaultValues>
<Value>none</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="iplanet-am-auth-cert-principal-user"
type="single"
syntax="string"
i18nKey="a107"
resourceName="userBindDN">
<DefaultValues>
<Value>@UM_DS_DIRMGRDN@</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="iplanet-am-auth-cert-principal-passwd"
type="single"
syntax="password"
i18nKey="a108"
resourceName="userBindPassword">
</AttributeSchema>
<AttributeSchema name="iplanet-am-auth-cert-use-ssl"
type="single"
syntax="boolean"
i18nKey="a110"
resourceName="sslEnabled">
<DefaultValues>
<Value>false</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="iplanet-am-auth-cert-user-profile-mapper"
type="single_choice"
syntax="string"
i18nKey="a111"
resourceName="certificateAttributeToProfileMapping">
<ChoiceValues>
<ChoiceValue i18nKey="choiceSubjectDN">subject DN</ChoiceValue>
<ChoiceValue i18nKey="choiceSubjectCN">subject CN</ChoiceValue>
<ChoiceValue i18nKey="choiceSubjectUID">subject UID</ChoiceValue>
<ChoiceValue i18nKey="choiceEmail">email address</ChoiceValue>
<ChoiceValue i18nKey="choiceOther">other</ChoiceValue>
<ChoiceValue i18nKey="choiceNone">none</ChoiceValue>
</ChoiceValues>
<DefaultValues>
<Value>subject CN</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="iplanet-am-auth-cert-user-profile-mapper-other"
type="single"
syntax="string"
i18nKey="a1111"
resourceName="otherCertificateAttributeToProfileMapping">
</AttributeSchema>
<AttributeSchema name="iplanet-am-auth-cert-user-profile-mapper-ext"
type="single_choice"
syntax="string"
i18nKey="a1112"
resourceName="certificateAttributeProfileMappingExtension">
<ChoiceValues>
<ChoiceValue i18nKey="choiceNone">none</ChoiceValue>
<ChoiceValue i18nKey="choiceRFC822Name">RFC822Name</ChoiceValue>
<ChoiceValue i18nKey="choiceUPN">UPN</ChoiceValue>
</ChoiceValues>
<DefaultValues>
<Value>none</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="iplanet-am-auth-cert-auth-level"
type="single"
syntax="number_range" rangeStart="0" rangeEnd="2147483647"
i18nKey="a500"
resourceName="authenticationLevel">
<DefaultValues>
<Value>0</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="iplanet-am-auth-cert-gw-cert-auth-enabled"
type="list"
syntax="string"
i18nKey="a113"
resourceName="trustedRemoteHosts">
<DefaultValues>
<Value>none</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="sunAMHttpParamName"
type="single"
syntax="string"
validator="no"
i18nKey="a115"
resourceName="clientCertificateHttpHeaderName">
<DefaultValues>
<Value></Value>
</DefaultValues>
</AttributeSchema>
</SubSchema>
</Organization>
</Schema>
</Service>
</ServicesConfiguration>