FederationClient.properties revision a688bcbb4bcff5398fdd29b86f83450257dc0df4
80833bb9a1bf25dcf19e814438a4b311d2e1f4cffuankg# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
1337c7673efc1f80f634139fbad7cbb98a0dc657ylavic# Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
1337c7673efc1f80f634139fbad7cbb98a0dc657ylavic# The contents of this file are subject to the terms
1337c7673efc1f80f634139fbad7cbb98a0dc657ylavic# of the Common Development and Distribution License
4da61833a1cbbca94094f9653fd970582b97a72etrawick# (the License). You may not use this file except in
4da61833a1cbbca94094f9653fd970582b97a72etrawick# compliance with the License.
4da61833a1cbbca94094f9653fd970582b97a72etrawick# You can obtain a copy of the License at
4da61833a1cbbca94094f9653fd970582b97a72etrawick# https://opensso.dev.java.net/public/CDDLv1.0.html or
4789804be088bcd86ae637a29cdb7fda25169521jailletc# See the License for the specific language governing
4789804be088bcd86ae637a29cdb7fda25169521jailletc# permission and limitations under the License.
e50c3026198fd496f183cda4c32a202925476778covener# When distributing Covered Code, include this CDDL
e50c3026198fd496f183cda4c32a202925476778covener# Header Notice in each file and include the License file
5b88c8507d5ef6d0c4cfbc78230294968175b638minfrin# If applicable, add the following below the CDDL Header,
5b88c8507d5ef6d0c4cfbc78230294968175b638minfrin# with the fields enclosed by brackets [] replaced by
6c3b9cebb551140fbb25d58bae08b539b3802133ylavic# your own identifying information:
6c3b9cebb551140fbb25d58bae08b539b3802133ylavic# "Portions Copyrighted [year] [name of copyright owner]"
4f29b65ab4b547ad5dbe506e2d0ff5d12ead9247ylavic# $Id: FederationClient.properties,v 1.7 2009/08/29 07:59:17 mallas Exp $
0a0df13b7f1f4f1a74fe295253d89ca3911b301aylavic# Specify implementation class for
0a0df13b7f1f4f1a74fe295253d89ca3911b301aylavic# com.sun.identity.plugin.configuration.ConfigurationInstance interface.
69301145375a889e7e37caf7cc7321ac0f91801erpluemcom.sun.identity.plugin.configuration.class=@CONFIGURATION_PROVIDER_CLASS@
506bfe33206b2fece40ef25f695af39dd4130facjkaluza# Specify implementation class for
506bfe33206b2fece40ef25f695af39dd4130facjkaluza# com.sun.identity.plugin.datastore.DataStoreProvider interface.
506bfe33206b2fece40ef25f695af39dd4130facjkaluza# This property defines the default datastore provider.
506bfe33206b2fece40ef25f695af39dd4130facjkaluzacom.sun.identity.plugin.datastore.class.default=@DATASTORE_PROVIDER_CLASS@
d58a848a016d401b965111e50ef829e1641f7834minfrin# Specify implementation class for
2e6f4d654c96c98b761fb012fd25c5d5b1558c44sf# com.sun.identity.plugin.session.SessionProvider interface.
2e6f4d654c96c98b761fb012fd25c5d5b1558c44sfcom.sun.identity.plugin.session.class=@SESSION_PROVIDER_CLASS@
17e6c95f3b22d18acdf8380fb26a8d0e10c80767ylavic# Specify XML signature provider class
17e6c95f3b22d18acdf8380fb26a8d0e10c80767ylaviccom.sun.identity.saml.xmlsig.signatureprovider.class=com.sun.identity.saml.xmlsig.AMSignatureProvider
e8bd80a4bb88199d2f9a24a50345688e52d9c116ylavic# Specify XML key provider implementation class
e8bd80a4bb88199d2f9a24a50345688e52d9c116ylaviccom.sun.identity.saml.xmlsig.keyprovider.class=com.sun.identity.saml.xmlsig.JKSKeyProvider
330e16bea8fe9cace4de90c349750c03dfb1fe64ylavic# Identify SAML XML signature keystore file, keystore password file
330e16bea8fe9cace4de90c349750c03dfb1fe64ylavic# and key password file
330e16bea8fe9cace4de90c349750c03dfb1fe64ylaviccom.sun.identity.saml.xmlsig.keystore=@BASE_DIR@/keystore.jks
330e16bea8fe9cace4de90c349750c03dfb1fe64ylaviccom.sun.identity.saml.xmlsig.storepass=@BASE_DIR@/.storepass
330e16bea8fe9cace4de90c349750c03dfb1fe64ylaviccom.sun.identity.saml.xmlsig.keypass=@BASE_DIR@/.keypass
d7205b1a86c51c27b71a2c458dc453fd53a261c1covener# Specify type of KeyStore used for saml xml signature. Default is JKS.
44ff304057225e944e220e981d434a046d14cf06covener# Flag for checking the Certificate which is embedded in the
44ff304057225e944e220e981d434a046d14cf06covener# KeyInfo against the certificates in the keystore (specified
44ff304057225e944e220e981d434a046d14cf06covener# by the "com.sun.identity.saml.xmlsig.keystore" property).
5d1ba75b8794925e67591c209085a49279791de9covener# Possible values for the key are: on|off. If the flag is "on",
5d1ba75b8794925e67591c209085a49279791de9covener# the certification must be presented in the keystore for
5d1ba75b8794925e67591c209085a49279791de9covener# XML signature validation. If the flag is "off", skip
032982212dbcc7c3cce95bf89c503bb56e185ac7kbrand# the presence checking.
caad2986f81ab263f7af41467dd622dc9add17f3ylavic# XML cannonicalization algorithm. Used for SAML XML signature generation
caad2986f81ab263f7af41467dd622dc9add17f3ylavic# and verification. When not specified, or value is empty, default value
caad2986f81ab263f7af41467dd622dc9add17f3ylavic# will be used. The following is the list of supported algorithms:
45a10d38e6051fd7bdf9d742aaae633d97ff02abjailletc# http://www.w3.org/2001/10/xml-exc-c14n#WithComments
f7317ff316c2b141feea31bddb74d5d3fa1584edjorton# http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
2165214331e4afafca4048f66f303d0253d7b001covenercom.sun.identity.saml.xmlsig.c14nMethod=http://www.w3.org/2001/10/xml-exc-c14n#
1e2d421a36999d292042a5539971070d54aa6c63ylavic# XML signature algorithm. Used for SAML XML Signature generation and
1e2d421a36999d292042a5539971070d54aa6c63ylavic# verification. When not specified, or value is empty, default value will be
1e2d421a36999d292042a5539971070d54aa6c63ylavic# used. The following is the list of supported algorithms:
fa7ed98b9dc94c5845cf845aea0a44ecacd290c9humbedooh# http://www.w3.org/2000/09/xmldsig#rsa-sha1 (default)
0b67eb8568cd58bb77082703951679b42cf098actrawick# http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160
09c87c777bed1655621bb20e1c46cb6b1a63279dcovener# http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160
e6b4bd1113567627ab6bb6c6a7105e1e01a7d889jailletc# XML transformation algorithm. Used for SAML XML signature generation
e6b4bd1113567627ab6bb6c6a7105e1e01a7d889jailletc# and verification. When not specified, or value is empty, default value
e466c40e1801982602ee0200c9e8b61cc148742djailletc# will be used. The following is the list of supported algorithms:
457468b82e59d01eba00dd9d0817309c8f5e414ejim# http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
15660979a30d251681463de2e0584853890082accovener# http://www.w3.org/2000/09/xmldsig#enveloped-signature
cfd9415521847b2f9394fad04fb701cfb955f503rjung# http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter
cfd9415521847b2f9394fad04fb701cfb955f503rjungcom.sun.identity.saml.xmlsig.transformAlg=http://www.w3.org/2001/10/xml-exc-c14n#
28c31fb73c1264bd1d0ff932573677030b024c7dwrowe# SAML2 XML Encryption Provider Implementation class
28c31fb73c1264bd1d0ff932573677030b024c7dwrowecom.sun.identity.saml2.xmlenc.EncryptionProvider=com.sun.identity.saml2.xmlenc.FMEncProvider
63b9f1f5880391261705f696d7d65507bbe9ace3covener# SAML2 XML Signing Provider Implementation class.
63b9f1f5880391261705f696d7d65507bbe9ace3covenercom.sun.identity.saml2.xmlsig.SignatureProvider=com.sun.identity.saml2.xmlsig.FMSigProvider
49dacedb6c387b786b7911082ff35121a45f414bcovener# SAML2 XML Signing Certificate Validation.
3c990331fc6702119e4f5b8ba9eae3021aea5265jim# SAML2 XML Signing Certificate Validation.
fc42512879dd0504532f52fe5d0d0383dda96a1eniq# Client ceritificate alias that will be used in SSL connection for Liberty
0451df5dc50fa5d8b3e07d92ee6a92e36a1181a5niq# SOAP Binding
983528026996668ea295be95aedb9c7a346af470ylavic# If the message timestamp is before current timestamp by this amount
da0442c0440caef34706e2c2f3af05cb65921cc0jailletc# (millisec), it is considered a stale message.
da0442c0440caef34706e2c2f3af05cb65921cc0jailletccom.sun.identity.liberty.ws.soap.staleTimeLimit=300000
06b8f183140c8e02e0974e938a05078b511d1603covener# All the messageID of a valid message will be stored in a cache with the it
15890c9306ba98f6fc243e15a3c4778ddc7d773erpluem# is received to avoid duplicate messages. If the current time minus the
259878293a997ff49f5ddfc53d3739cbdc25444ecovener# received time is greater than the above staleTimeLimit, it should be removed
259878293a997ff49f5ddfc53d3739cbdc25444ecovener# from the cache. The is property specify the interval(millisec) that a
259878293a997ff49f5ddfc53d3739cbdc25444ecovener# cleanup thread should check the cache and remove those messageID.
259878293a997ff49f5ddfc53d3739cbdc25444ecovenercom.sun.identity.liberty.ws.soap.messageIDCacheCleanupInterval=60000
b54b024c06a19926832d77d40ba35ad8c41e4d3dminfrin# Supported SOAP actors. Each actor must be seperated by '|'
b54b024c06a19926832d77d40ba35ad8c41e4d3dminfrincom.sun.identity.liberty.ws.soap.supportedActors=http://schemas.xmlsoap.org/soap/actor/next
65967d05f839dbf27cf91d91fa79585eeae19660minfrin# Namespace prefix mapping used when marshalling a JAXB content tree to a
65967d05f839dbf27cf91d91fa79585eeae19660minfrin# DOM tree. The syntax is
8152945ae46857b170cb227e79bb799f4fc7710dminfrin# <prefix>=<namespace>|<prefix>=<namespace>|..........
8152945ae46857b170cb227e79bb799f4fc7710dminfrincom.sun.identity.liberty.ws.jaxb.namespacePrefixMappingList=S=http://schemas.xmlsoap.org/soap/envelope/|sb=urn:liberty:sb:2003-08|pp=urn:liberty:id-sis-pp:2003-08|ispp=http://www.sun.com/identity/liberty/pp|is=urn:liberty:is:2003-08
75f5c2db254c0167a0e396254460de09b775d203trawick# JAXB package list used when constructing JAXBContext. Each package must be
75f5c2db254c0167a0e396254460de09b775d203trawick# seperated by ':'.
4f0358189bfa57b8e75bd6b94db264302a8f336amrumph# Liberty ID-WSF security profile,
5716f9c6daa92dde5f2f9d11ed63f7c9549c223atrawick# com.sun.identity.liberty.ws.wsc.certalias specifies default certificate
5716f9c6daa92dde5f2f9d11ed63f7c9549c223atrawick# alias for issuing web service security token for this web service client
5716f9c6daa92dde5f2f9d11ed63f7c9549c223atrawick# com.sun.identity.liberty.ws.ta.certalias specifies certificate
5716f9c6daa92dde5f2f9d11ed63f7c9549c223atrawick# alias for trusted authority that will be used to sign SAML or SAML
54d750a84a175d8e338880514d440773eb986b50covener# BEARER token of response message.
54d750a84a175d8e338880514d440773eb986b50covener# com.sun.identity.liberty.ws.trustedca.certaliases specifies certificate
54d750a84a175d8e338880514d440773eb986b50covener# aliases for trusted CA. SAML or SAML BEARER token of incoming request
54d750a84a175d8e338880514d440773eb986b50covener# message needs to be signed by a trusted CA in this list. The syntax is
54d750a84a175d8e338880514d440773eb986b50covener# <cert alias 1>[:<issuer 1>]|<cert alias 2>[:<issuer 2>]|.....
54d750a84a175d8e338880514d440773eb986b50covener# For example, 'myalias1:myissuer1|myalias2|myalias3:myissuer3
54d750a84a175d8e338880514d440773eb986b50covener# 'issuer' is used when the token doesn't have a KeyInfo inside the
54d750a84a175d8e338880514d440773eb986b50covener# signature. The 'issuer' of the token needs to be in this list and the
7a3aa12f0eda24793ee26d6a179bd53132e9dae8covener# corresponding cert alias will be used to verify signature. If KeyInfo
54d750a84a175d8e338880514d440773eb986b50covener# exists, the keystore needs to contain a cert alias that matches the
54d750a84a175d8e338880514d440773eb986b50covener# KeyInfo and the cert alias needs to be in this list.
83b50288fa7d306324bba68832011ea08f5c7832covener# com.sun.identity.liberty.ws.security.TokenProviderImpl specifies
4e30ef014533a7e93c92d88306291f5e49c9692ftrawick# implementation for security token provider
5f066f496cd9f20a2a701255bc67d44e7cb46daetrawickcom.sun.identity.liberty.ws.trustedca.certaliases=test:SunSTS|test:@SERVER_HOST@
5f066f496cd9f20a2a701255bc67d44e7cb46daetrawickcom.sun.identity.liberty.ws.security.TokenProviderImpl=com.sun.identity.liberty.ws.security.LibSecurityTokenProvider
2e15620d724fb8e3a5be183b917359a2fd6e9468covener# URL for WSPRedirectHandlerServlet to handle Liberty WSF WSP-resource owner
1b988c41ee505962781d110a3e4c2c90f1ea0aa4covener# interactions based on user agent redirects. This should be running in
1b988c41ee505962781d110a3e4c2c90f1ea0aa4covener# the same JVM where Liberty SP is running
1b988c41ee505962781d110a3e4c2c90f1ea0aa4covenercom.sun.identity.liberty.interaction.wspRedirectHandler=@SERVER_PROTOCOL@://@SERVER_HOST@:@SERVER_PORT@/@DEPLOY_URI@/WSPRedirectHandler
b8efdc95bec9cf089aa1be0bfd07d46aa1137a7acovener# indicates whether WSC would participate in interaction
f06e7c4b1bce6b6491e5de0b7998d3f5696b293dchrisd# valid values are interactIfNeeded | doNotInteract | doNotInteractForData
f06e7c4b1bce6b6491e5de0b7998d3f5696b293dchrisd# default value:interactIfNeeded
f06e7c4b1bce6b6491e5de0b7998d3f5696b293dchrisd# value used if an invalid value is specified:interactIfNeeded
179565be4043d7e5f9161aa75271fa0a001866d9covenercom.sun.identity.liberty.interaction.wscSpecifiedInteractionChoice=interactIfNeeded
fce4949fb0b309a5744afcd503c6ed2d35621ee2covener# indicates whether WSC would include userInteractionHeader
fce4949fb0b309a5744afcd503c6ed2d35621ee2covener# valid values are yes|no (case ignored)
fce4949fb0b309a5744afcd503c6ed2d35621ee2covener# default value:yes
fce4949fb0b309a5744afcd503c6ed2d35621ee2covener# value used if no value is specified:yes
7b7430e701e9a31ce809da7c220bb8dfcf68c86etrawickcom.sun.identity.liberty.interaction.wscWillInlcudeUserInteractionHeader=yes
ccc20788c1e5fc973f36df634399c89acb70deaejerenkrantz# indicates whether WSC would redirect user for interaction
ccc20788c1e5fc973f36df634399c89acb70deaejerenkrantz# valid values are yes|no
273e512f20f262e5e2aa8e0e83371d1929fb76adjkaluza# default value:yes
273e512f20f262e5e2aa8e0e83371d1929fb76adjkaluza# value used if no value is specified:yes
273e512f20f262e5e2aa8e0e83371d1929fb76adjkaluzacom.sun.identity.liberty.interaction.wscWillRedirect=yes
fe83f60b41477b14a37edcfcd1f7f5c5a1ebfe44minfrin# WSC's preference on the acceptable duration for interaction(in seconds)
993d1261a278d7322bccef219101220b7b4fb8c5jkaluza# default value if the value is not specified or a non integer value is
993d1261a278d7322bccef219101220b7b4fb8c5jkaluza# specified : 60
993d1261a278d7322bccef219101220b7b4fb8c5jkaluzacom.sun.identity.liberty.interaction.wscSpecifiedMaxInteractionTime=80
ba050a6f942b9fa0e81ed73437588005c569655ccovener# indicates whether WSC would enforce that redirected to URL is https
135ddda3a989215d2bedbcf1529bfb269c3eda23niq# valid values are yes|no (case ignored)
135ddda3a989215d2bedbcf1529bfb269c3eda23niq# liberty specification require the value to be yes
135ddda3a989215d2bedbcf1529bfb269c3eda23niq# default value:yes
001a44c352f89c9ec332ffd3e0a6927dcd19432chumbedooh# value used if no value is specified:yes
001a44c352f89c9ec332ffd3e0a6927dcd19432chumbedoohcom.sun.identity.liberty.interaction.wscWillEnforceHttpsCheck=no
cc5a4a08dc9783fcbc52ce86f11e01c281a43810minfrin# This property is used to determine the Liberty identity web services framework
9b0076ddd1103e5fa9c1f9bafde4b06ce244fbaecovener# to be used when the framework can not determine from the in-bound message or
9b0076ddd1103e5fa9c1f9bafde4b06ce244fbaecovener# from the resource offering when AM is acting as the WSC.
9b0076ddd1103e5fa9c1f9bafde4b06ce244fbaecovener# The default version is 1.1, but the possible values are 1.0 or 1.1
249d09d51808cb7981af99762c3b3736ca126cd5jkaluza# Web Services Security Client Properties
249d09d51808cb7981af99762c3b3736ca126cd5jkaluza# Login URL for WSS end user authentication use cases
56589be3d7a3e9343370df240010c6928cc78b39jkaluzacom.sun.identity.loginurl=@SERVER_PROTOCOL@://@SERVER_HOST@:@SERVER_PORT@/@DEPLOY_URI@/UI/Login
56589be3d7a3e9343370df240010c6928cc78b39jkaluza# Login URL redirection ("goto") paramter name for WSS end user authentication use cases
77ca16c5676da23155311e13cee61e7eaba9fa3ejailletc# Authentication web service URL for WSS Liberty use cases
77ca16c5676da23155311e13cee61e7eaba9fa3ejailletccom.sun.identity.liberty.authnsvc.url=@SERVER_PROTOCOL@://@SERVER_HOST@:@SERVER_PORT@/@DEPLOY_URI@/Liberty/authnsvc
f87299dab99bc04b51a6b8cad51b6795db862c0atrawick# STS End User Token Plugin class
f87299dab99bc04b51a6b8cad51b6795db862c0atrawickcom.sun.identity.wss.sts.clientusertoken=com.sun.identity.wss.sts.STSClientUserToken
4d12805e6c18253040223ea637acd6b3b3c18f60jorton# WSS Provider Configuration Plugin class
4d12805e6c18253040223ea637acd6b3b3c18f60jortoncom.sun.identity.wss.provider.config.plugin=com.sun.identity.wss.provider.plugins.AgentProvider
85eacfc96a04547ef25aabbc06440039715084c2jorton# WSS Authenticator Plugin Class
e5d909f2b06bd880fb3675cd49363df981caa631trawickcom.sun.identity.wss.security.authenticator=com.sun.identity.wss.security.handler.DefaultAuthenticator