FederationClient.properties revision 2fe1e6ab330f5f88e97684012ff29cde7e61c9c4
# Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
# The contents of this file are subject to the terms
# of the Common Development and Distribution License
# (the License). You may not use this file except in
# compliance with the License.
# You can obtain a copy of the License at
# See the License for the specific language governing
# permission and limitations under the License.
# When distributing Covered Code, include this CDDL
# Header Notice in each file and include the License file
# If applicable, add the following below the CDDL Header,
# with the fields enclosed by brackets [] replaced by
# your own identifying information:
# "Portions Copyrighted [year] [name of copyright owner]"
# $Id: FederationClient.properties,v 1.7 2009/08/29 07:59:17 mallas Exp $
# Portions Copyrighted [2015] [ForgeRock AS]
# Specify implementation class for
# Specify implementation class for
# com.sun.identity.plugin.datastore.DataStoreProvider interface.
# This property defines the default datastore provider.
# Specify implementation class for
# com.sun.identity.plugin.session.SessionProvider interface.
# Specify XML signature provider class
# Specify XML key provider implementation class
# Identify SAML XML signature keystore file, keystore password file
# and key password file
# Specify type of KeyStore used for saml xml signature. Default is JKS.
# Flag for checking the Certificate which is embedded in the
# KeyInfo against the certificates in the keystore (specified
# by the "com.sun.identity.saml.xmlsig.keystore" property).
# Possible values for the key are: on|off. If the flag is "on",
# the certification must be presented in the keystore for
# XML signature validation. If the flag is "off", skip
# the presence checking.
# XML cannonicalization algorithm. Used for SAML XML signature generation
# and verification. When not specified, or value is empty, default value
# will be used. The following is the list of supported algorithms:
# http://www.w3.org/2001/10/xml-exc-c14n# (default)
# http://www.w3.org/2001/10/xml-exc-c14n#WithComments
# http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
# XML signature algorithm. Used for SAML XML Signature generation and
# verification. When not specified, or value is empty, default value will be
# used. The following is the list of supported algorithms:
# http://www.w3.org/2000/09/xmldsig#rsa-sha1 (default)
# http://www.w3.org/2000/09/xmldsig#hmac-sha1
# http://www.w3.org/2000/09/xmldsig#dsa-sha1
# http://www.w3.org/2001/04/xmldsig-more#rsa-md5
# http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160
# http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
# http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
# http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
# http://www.w3.org/2001/04/xmldsig-more#hmac-md5
# http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160
# http://www.w3.org/2001/04/xmldsig-more#hmac-sha256
# http://www.w3.org/2001/04/xmldsig-more#hmac-sha384
# http://www.w3.org/2001/04/xmldsig-more#hmac-sha512
# XML transformation algorithm. Used for SAML XML signature generation
# and verification. When not specified, or value is empty, default value
# will be used. The following is the list of supported algorithms:
# http://www.w3.org/2001/10/xml-exc-c14n# (default)
# http://www.w3.org/2001/10/xml-exc-c14n#WithComments
# http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
# http://www.w3.org/2000/09/xmldsig#base64
# http://www.w3.org/2000/09/xmldsig#enveloped-signature
# http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter
# SAML2 XML Encryption Provider Implementation class
# SAML2 XML Signing Provider Implementation class.
# SAML2 XML Signing Certificate Validation.
# SAML2 XML Signing Certificate Validation.
# Client ceritificate alias that will be used in SSL connection for Liberty
# SOAP Binding
# If the message timestamp is before current timestamp by this amount
# (millisec), it is considered a stale message.
# All the messageID of a valid message will be stored in a cache with the it
# is received to avoid duplicate messages. If the current time minus the
# received time is greater than the above staleTimeLimit, it should be removed
# from the cache. The is property specify the interval(millisec) that a
# cleanup thread should check the cache and remove those messageID.
# Supported SOAP actors. Each actor must be seperated by '|'
# Namespace prefix mapping used when marshalling a JAXB content tree to a
# DOM tree. The syntax is
# <prefix>=<namespace>|<prefix>=<namespace>|..........
# JAXB package list used when constructing JAXBContext. Each package must be
# seperated by ':'.
# Liberty ID-WSF security profile,
# com.sun.identity.liberty.ws.wsc.certalias specifies default certificate
# alias for issuing web service security token for this web service client
# com.sun.identity.liberty.ws.ta.certalias specifies certificate
# alias for trusted authority that will be used to sign SAML or SAML
# BEARER token of response message.
# com.sun.identity.liberty.ws.trustedca.certaliases specifies certificate
# aliases for trusted CA. SAML or SAML BEARER token of incoming request
# message needs to be signed by a trusted CA in this list. The syntax is
# <cert alias 1>[:<issuer 1>]|<cert alias 2>[:<issuer 2>]|.....
# For example, 'myalias1:myissuer1|myalias2|myalias3:myissuer3
# 'issuer' is used when the token doesn't have a KeyInfo inside the
# signature. The 'issuer' of the token needs to be in this list and the
# corresponding cert alias will be used to verify signature. If KeyInfo
# exists, the keystore needs to contain a cert alias that matches the
# KeyInfo and the cert alias needs to be in this list.
# implementation for security token provider
# URL for WSPRedirectHandlerServlet to handle Liberty WSF WSP-resource owner
# interactions based on user agent redirects. This should be running in
# the same JVM where Liberty SP is running
# indicates whether WSC would participate in interaction
# valid values are interactIfNeeded | doNotInteract | doNotInteractForData
# default value:interactIfNeeded
# value used if an invalid value is specified:interactIfNeeded
# indicates whether WSC would include userInteractionHeader
# valid values are yes|no (case ignored)
# default value:yes
# value used if no value is specified:yes
# indicates whether WSC would redirect user for interaction
# valid values are yes|no
# default value:yes
# value used if no value is specified:yes
# WSC's preference on the acceptable duration for interaction(in seconds)
# default value if the value is not specified or a non integer value is
# specified : 60
# indicates whether WSC would enforce that redirected to URL is https
# valid values are yes|no (case ignored)
# liberty specification require the value to be yes
# default value:yes
# value used if no value is specified:yes
# This property is used to determine the Liberty identity web services framework
# to be used when the framework can not determine from the in-bound message or
# from the resource offering when AM is acting as the WSC.
# The default version is 1.1, but the possible values are 1.0 or 1.1
# Web Services Security Client Properties
# Login URL for WSS end user authentication use cases
# Login URL redirection ("goto") paramter name for WSS end user authentication use cases
# Authentication web service URL for WSS Liberty use cases