FederationClient.properties revision a688bcbb4bcff5398fdd29b86f83450257dc0df4
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe#
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe#
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe#
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# The contents of this file are subject to the terms
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# of the Common Development and Distribution License
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# (the License). You may not use this file except in
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# compliance with the License.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe#
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# You can obtain a copy of the License at
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# https://opensso.dev.java.net/public/CDDLv1.0.html or
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# opensso/legal/CDDLv1.0.txt
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# See the License for the specific language governing
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# permission and limitations under the License.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe#
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# When distributing Covered Code, include this CDDL
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# Header Notice in each file and include the License file
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# at opensso/legal/CDDLv1.0.txt.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# If applicable, add the following below the CDDL Header,
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# with the fields enclosed by brackets [] replaced by
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# your own identifying information:
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# "Portions Copyrighted [year] [name of copyright owner]"
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe#
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# $Id: FederationClient.properties,v 1.7 2009/08/29 07:59:17 mallas Exp $
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe#
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe#
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# Specify implementation class for
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# com.sun.identity.plugin.configuration.ConfigurationInstance interface.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowecom.sun.identity.plugin.configuration.class=@CONFIGURATION_PROVIDER_CLASS@
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe#
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# Specify implementation class for
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# com.sun.identity.plugin.datastore.DataStoreProvider interface.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# This property defines the default datastore provider.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowecom.sun.identity.plugin.datastore.class.default=@DATASTORE_PROVIDER_CLASS@
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe#
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# Specify implementation class for
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# com.sun.identity.plugin.session.SessionProvider interface.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowecom.sun.identity.plugin.session.class=@SESSION_PROVIDER_CLASS@
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe#
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# Specify XML signature provider class
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowecom.sun.identity.saml.xmlsig.signatureprovider.class=com.sun.identity.saml.xmlsig.AMSignatureProvider
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe#
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# Specify XML key provider implementation class
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowecom.sun.identity.saml.xmlsig.keyprovider.class=com.sun.identity.saml.xmlsig.JKSKeyProvider
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe#
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# Identify SAML XML signature keystore file, keystore password file
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# and key password file
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowecom.sun.identity.saml.xmlsig.keystore=@BASE_DIR@/keystore.jks
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowecom.sun.identity.saml.xmlsig.storepass=@BASE_DIR@/.storepass
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowecom.sun.identity.saml.xmlsig.keypass=@BASE_DIR@/.keypass
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowecom.sun.identity.saml.xmlsig.certalias=test
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe#
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# Specify type of KeyStore used for saml xml signature. Default is JKS.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# com.sun.identity.saml.xmlsig.storetype=JKS
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe#
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# Flag for checking the Certificate which is embedded in the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# KeyInfo against the certificates in the keystore (specified
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# by the "com.sun.identity.saml.xmlsig.keystore" property).
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# Possible values for the key are: on|off. If the flag is "on",
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# the certification must be presented in the keystore for
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# XML signature validation. If the flag is "off", skip
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# the presence checking.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowecom.sun.identity.saml.checkcert=on
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe#
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# XML cannonicalization algorithm. Used for SAML XML signature generation
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# and verification. When not specified, or value is empty, default value
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# will be used. The following is the list of supported algorithms:
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# http://www.w3.org/2001/10/xml-exc-c14n# (default)
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# http://www.w3.org/2001/10/xml-exc-c14n#WithComments
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# http://www.w3.org/TR/2001/REC-xml-c14n-20010315
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowecom.sun.identity.saml.xmlsig.c14nMethod=http://www.w3.org/2001/10/xml-exc-c14n#
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe#
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# XML signature algorithm. Used for SAML XML Signature generation and
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# verification. When not specified, or value is empty, default value will be
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# used. The following is the list of supported algorithms:
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# http://www.w3.org/2000/09/xmldsig#rsa-sha1 (default)
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# http://www.w3.org/2000/09/xmldsig#hmac-sha1
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# http://www.w3.org/2000/09/xmldsig#dsa-sha1
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# http://www.w3.org/2001/04/xmldsig-more#rsa-md5
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# http://www.w3.org/2001/04/xmldsig-more#hmac-md5
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# http://www.w3.org/2001/04/xmldsig-more#hmac-sha256
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# http://www.w3.org/2001/04/xmldsig-more#hmac-sha384
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# http://www.w3.org/2001/04/xmldsig-more#hmac-sha512
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowecom.sun.identity.saml.xmlsig.xmlSigAlgorithm=
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe#
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# XML transformation algorithm. Used for SAML XML signature generation
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# and verification. When not specified, or value is empty, default value
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# will be used. The following is the list of supported algorithms:
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# http://www.w3.org/2001/10/xml-exc-c14n# (default)
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# http://www.w3.org/2001/10/xml-exc-c14n#WithComments
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# http://www.w3.org/TR/2001/REC-xml-c14n-20010315
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# http://www.w3.org/TR/1999/REC-xslt-19991116
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# http://www.w3.org/2000/09/xmldsig#base64
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# http://www.w3.org/TR/1999/REC-xpath-19991116
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# http://www.w3.org/2000/09/xmldsig#enveloped-signature
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# http://www.w3.org/TR/2001/WD-xptr-20010108
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# http://www.w3.org/2002/04/xmldsig-filter2
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# http://www.w3.org/2002/06/xmldsig-filter2
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowecom.sun.identity.saml.xmlsig.transformAlg=http://www.w3.org/2001/10/xml-exc-c14n#
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe#
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# SAML2 XML Encryption Provider Implementation class
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowecom.sun.identity.saml2.xmlenc.EncryptionProvider=com.sun.identity.saml2.xmlenc.FMEncProvider
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe#
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# SAML2 XML Signing Provider Implementation class.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowecom.sun.identity.saml2.xmlsig.SignatureProvider=com.sun.identity.saml2.xmlsig.FMSigProvider
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe#
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# SAML2 XML Signing Certificate Validation.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowecom.sun.identity.saml2.crl.check=false
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe#
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# SAML2 XML Signing Certificate Validation.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowecom.sun.identity.saml2.crl.check.ca=false
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe#
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# Client ceritificate alias that will be used in SSL connection for Liberty
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# SOAP Binding
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowecom.sun.identity.liberty.ws.soap.certalias=
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe#
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# If the message timestamp is before current timestamp by this amount
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# (millisec), it is considered a stale message.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowecom.sun.identity.liberty.ws.soap.staleTimeLimit=300000
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe#
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# All the messageID of a valid message will be stored in a cache with the it
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# is received to avoid duplicate messages. If the current time minus the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# received time is greater than the above staleTimeLimit, it should be removed
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# from the cache. The is property specify the interval(millisec) that a
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# cleanup thread should check the cache and remove those messageID.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowecom.sun.identity.liberty.ws.soap.messageIDCacheCleanupInterval=60000
#
# Supported SOAP actors. Each actor must be seperated by '|'
com.sun.identity.liberty.ws.soap.supportedActors=http://schemas.xmlsoap.org/soap/actor/next
#
# Namespace prefix mapping used when marshalling a JAXB content tree to a
# DOM tree. The syntax is
# <prefix>=<namespace>|<prefix>=<namespace>|..........
com.sun.identity.liberty.ws.jaxb.namespacePrefixMappingList=S=http://schemas.xmlsoap.org/soap/envelope/|sb=urn:liberty:sb:2003-08|pp=urn:liberty:id-sis-pp:2003-08|ispp=http://www.sun.com/identity/liberty/pp|is=urn:liberty:is:2003-08
#
# JAXB package list used when constructing JAXBContext. Each package must be
# seperated by ':'.
com.sun.identity.liberty.ws.jaxb.packageList=
#
# Liberty ID-WSF security profile,
# com.sun.identity.liberty.ws.wsc.certalias specifies default certificate
# alias for issuing web service security token for this web service client
# com.sun.identity.liberty.ws.ta.certalias specifies certificate
# alias for trusted authority that will be used to sign SAML or SAML
# BEARER token of response message.
# com.sun.identity.liberty.ws.trustedca.certaliases specifies certificate
# aliases for trusted CA. SAML or SAML BEARER token of incoming request
# message needs to be signed by a trusted CA in this list. The syntax is
# <cert alias 1>[:<issuer 1>]|<cert alias 2>[:<issuer 2>]|.....
# For example, 'myalias1:myissuer1|myalias2|myalias3:myissuer3
# 'issuer' is used when the token doesn't have a KeyInfo inside the
# signature. The 'issuer' of the token needs to be in this list and the
# corresponding cert alias will be used to verify signature. If KeyInfo
# exists, the keystore needs to contain a cert alias that matches the
# KeyInfo and the cert alias needs to be in this list.
# com.sun.identity.liberty.ws.security.TokenProviderImpl specifies
# implementation for security token provider
com.sun.identity.liberty.ws.wsc.certalias=test
com.sun.identity.liberty.ws.ta.certalias=test
com.sun.identity.liberty.ws.trustedca.certaliases=test:SunSTS|test:@SERVER_HOST@
com.sun.identity.liberty.ws.security.TokenProviderImpl=com.sun.identity.liberty.ws.security.LibSecurityTokenProvider
#
# URL for WSPRedirectHandlerServlet to handle Liberty WSF WSP-resource owner
# interactions based on user agent redirects. This should be running in
# the same JVM where Liberty SP is running
com.sun.identity.liberty.interaction.wspRedirectHandler=@SERVER_PROTOCOL@://@SERVER_HOST@:@SERVER_PORT@/@DEPLOY_URI@/WSPRedirectHandler
#
# indicates whether WSC would participate in interaction
# valid values are interactIfNeeded | doNotInteract | doNotInteractForData
# default value:interactIfNeeded
# value used if an invalid value is specified:interactIfNeeded
com.sun.identity.liberty.interaction.wscSpecifiedInteractionChoice=interactIfNeeded
#
# indicates whether WSC would include userInteractionHeader
# valid values are yes|no (case ignored)
# default value:yes
# value used if no value is specified:yes
com.sun.identity.liberty.interaction.wscWillInlcudeUserInteractionHeader=yes
#
# indicates whether WSC would redirect user for interaction
# valid values are yes|no
# default value:yes
# value used if no value is specified:yes
com.sun.identity.liberty.interaction.wscWillRedirect=yes
#
# WSC's preference on the acceptable duration for interaction(in seconds)
# default value if the value is not specified or a non integer value is
# specified : 60
com.sun.identity.liberty.interaction.wscSpecifiedMaxInteractionTime=80
#
# indicates whether WSC would enforce that redirected to URL is https
# valid values are yes|no (case ignored)
# liberty specification require the value to be yes
# default value:yes
# value used if no value is specified:yes
com.sun.identity.liberty.interaction.wscWillEnforceHttpsCheck=no
#
# This property is used to determine the Liberty identity web services framework
# to be used when the framework can not determine from the in-bound message or
# from the resource offering when AM is acting as the WSC.
# The default version is 1.1, but the possible values are 1.0 or 1.1
# com.sun.identity.liberty.wsf.version=1.1
# Web Services Security Client Properties
# Login URL for WSS end user authentication use cases
com.sun.identity.loginurl=@SERVER_PROTOCOL@://@SERVER_HOST@:@SERVER_PORT@/@DEPLOY_URI@/UI/Login
# Login URL redirection ("goto") paramter name for WSS end user authentication use cases
com.sun.identity.loginurl.goto=goto
# Authentication web service URL for WSS Liberty use cases
com.sun.identity.liberty.authnsvc.url=@SERVER_PROTOCOL@://@SERVER_HOST@:@SERVER_PORT@/@DEPLOY_URI@/Liberty/authnsvc
# STS End User Token Plugin class
com.sun.identity.wss.sts.clientusertoken=com.sun.identity.wss.sts.STSClientUserToken
# WSS Provider Configuration Plugin class
com.sun.identity.wss.provider.config.plugin=com.sun.identity.wss.provider.plugins.AgentProvider
# WSS Authenticator Plugin Class
com.sun.identity.wss.security.authenticator=com.sun.identity.wss.security.handler.DefaultAuthenticator
com.sun.identity.jsr196.authenticated.user=AUTHENTICATED_USERS