AMConfig.properties revision f58c87ece2202b8f85310d8885c7e39a7f435c09
47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# DO NOT REMOVE COPYRIGHT NOTICES OR THIS HEADER.
3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# Copyright (c) 2012 ForgeRock Inc. All rights reserved.
47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# The contents of this file are subject to the terms
47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# of the Common Development and Distribution License
5430f7f2bc7330f3088b894166bf3524a067e3d8Lennart Poettering# (the License). You may not use this file except in
5430f7f2bc7330f3088b894166bf3524a067e3d8Lennart Poettering# compliance with the License.
47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# You can obtain a copy of the License at
47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# http://forgerock.org/license/CDDLv1.0.html
47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# See the License for the specific language governing
47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# permission and limitations under the License.
47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# When distributing Covered Code, include this CDDL
5430f7f2bc7330f3088b894166bf3524a067e3d8Lennart Poettering# Header Notice in each file and include the License file
47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# at http://forgerock.org/license/CDDLv1.0.html
47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# If applicable, add the following below the CDDL Header,
4e949c11a1df4547d5f102e4131e07b026369cd7Javier Jardón# with the fields enclosed by brackets [] replaced by
4e949c11a1df4547d5f102e4131e07b026369cd7Javier Jardón# your own identifying information:
4e949c11a1df4547d5f102e4131e07b026369cd7Javier Jardón# "Portions Copyrighted [2012] [ForgeRock Inc]"
4e949c11a1df4547d5f102e4131e07b026369cd7Javier Jardón# The following keys are used to configure the Debug service.
47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# Possible values for the key 'level' are: off | error | warning | message.
78a825f216d39ee0295b00647b059d45467e1d02Kay Sievers# The key 'directory' specifies the output directory where the debug files
47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# will be created.
47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# Trailing spaces are significant.
a80db8bd5f7f15859e8891aab9fc3694ce4cd0bdJavier Jardón# Windows: Use forward slashes "/" separate directories, not backslash "\".
a80db8bd5f7f15859e8891aab9fc3694ce4cd0bdJavier Jardón# Windows: Spaces in the file name are allowed for Windows.
eb7bbee6cd182d5c4eb1e1180631c35158f59379Kay Sieverscom.iplanet.services.debug.directory=/tmp/openamclient
3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# Server mode should be 'false'
47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# Cache enable / disable properties
4c6abc93c708762ae3f377eab8dbd357262cc432Koen Kooi# Logging status
f15515b5e6a9ebe95c938cc670df6e576fcf9176Filipe Brandenburger# SDK package name
f15515b5e6a9ebe95c938cc670df6e576fcf9176Filipe Brandenburgercom.iplanet.am.sdk.package=com.iplanet.am.sdk.remote
f15515b5e6a9ebe95c938cc670df6e576fcf9176Filipe Brandenburger# Configure remote plugin classes for configuration (SMS)
f15515b5e6a9ebe95c938cc670df6e576fcf9176Filipe Brandenburgercom.sun.identity.sm.sms_object_class_name=com.sun.identity.sm.jaxrpc.SMSJAXRPCObject
2f96919bcdd0978164c801b21e053fb3b31e8bacFilipe Brandenburgercom.iplanet.am.naming.url=http://local.machine.com:18080/openam/namingservice
2f96919bcdd0978164c801b21e053fb3b31e8bacFilipe Brandenburger# Notification URL
2f96919bcdd0978164c801b21e053fb3b31e8bacFilipe Brandenburgercom.sun.identity.client.notification.url=@NOTIFICATION_URL@
1c7dde3e475978c569a982d65fd86d4b4e3caad8Bastien Nocera# Security Credentails to read the configuration data
20f56fddcd58c84fa73597486e905c652667214fDidier Rochecom.sun.identity.agents.app.username=id=demo,ou=user,dc=openam,dc=forgerock,dc=org
e9da3678fcfc774b325dc1eaa054d0e00028a1fcLennart Poettering# Needed ??? - commented out by warren
3ce4fad8f548db9edb19869ea540e3192d2123f4Kay Sievers#com.iplanet.am.service.secret={SHA-1}6/x5EAd3cMg0D2PNLcoqwfEgRE8=
47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# Encryption key that will be used to encrypt and decypt
47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# data to communicate with the server.
3e2147858f21943d5f4a781c60f33ac22c6096edKay Sievers# This key is needed to decrypt passwords stored
fe1fed02c7637a2c18cd575f78be7fda27972148Zbigniew Jędrzejewski-Szmek# in the SMS configuration.
dd5ae4c36c89da5dbe8d1628939b26c00db98753Przemyslaw Kedzierski# Encryption key that will be used to encrypt and decypt
dd5ae4c36c89da5dbe8d1628939b26c00db98753Przemyslaw Kedzierski# data used locally within the client.
96ede2601f27cd5fe52eed96b873bef55cd0ce23Lennart Poetteringcom.sun.identity.client.encryptionKey=@ENCRYPTION_KEY_LOCAL@
2d0efdf1af5ff77441228854343c61d42a89840cSamuli Suominen# Encryption: The key "com.iplanet.security.encryptor" specifies
7801356442578ff6e1c65844eb9e65c819af4660Zbigniew Jędrzejewski-Szmek# the encrypting class implementation.
66b0e0e0e3652227fe107ab9d09fa14fd4bc4dfaCristian Rodríguez# Available classes are:
f00929ad622c978f8ad83590a15a765b4beecac9Dimitri John Ledkov# com.iplanet.services.util.JSSEncryption
f00929ad622c978f8ad83590a15a765b4beecac9Dimitri John Ledkovcom.iplanet.security.encryptor=com.iplanet.services.util.JCEEncryption
4acbce79798347cddf1e1d42e9be571e0a041873Zbigniew Jędrzejewski-Szmek# Property to enable/disable the notifications for am.sdk and IdRepo Caches.
4acbce79798347cddf1e1d42e9be571e0a041873Zbigniew Jędrzejewski-Szmek# If set to "true" notifications are enabled and disabled if set to "false".
ac714a78fdca481488d88f84b6332d28083a4511Martin Jansacom.sun.identity.idm.remote.notification.enabled=true
b62cfcea00862ccbf0e5e297f8a339f70987edefMichael Biebl# Cache update time (in minutes) for am.sdk & IdRepo Caches
b62cfcea00862ccbf0e5e297f8a339f70987edefMichael Biebl# if notification URL is not provided or if notifications are disabled.
732bfe09aeffc3cd78b80ee9e20c9c3babd944d6Zbigniew Jędrzejewski-Szmek# 1. This property is applicable only if
732bfe09aeffc3cd78b80ee9e20c9c3babd944d6Zbigniew Jędrzejewski-Szmek# 'com.sun.identity.client.notification.url'
732bfe09aeffc3cd78b80ee9e20c9c3babd944d6Zbigniew Jędrzejewski-Szmek# is not provided or if 'com.sun.identity.idm.remote.notification.enabled'
732bfe09aeffc3cd78b80ee9e20c9c3babd944d6Zbigniew Jędrzejewski-Szmek# is set to 'false'.
732bfe09aeffc3cd78b80ee9e20c9c3babd944d6Zbigniew Jędrzejewski-Szmek# 2. If the polling time is set as 0, then polling is disabled.
732bfe09aeffc3cd78b80ee9e20c9c3babd944d6Zbigniew Jędrzejewski-Szmekcom.iplanet.am.sdk.remote.pollingTime=1
732bfe09aeffc3cd78b80ee9e20c9c3babd944d6Zbigniew Jędrzejewski-Szmek# Property to enable/disable the notifications for service management caches.
732bfe09aeffc3cd78b80ee9e20c9c3babd944d6Zbigniew Jędrzejewski-Szmek# If set to "true" notifications are enabled and disabled if set to "false".
732bfe09aeffc3cd78b80ee9e20c9c3babd944d6Zbigniew Jędrzejewski-Szmekcom.sun.identity.sm.notification.enabled=true
ae0ceefc2f432bc1068889fcff53d929eca8a3c4Zbigniew Jędrzejewski-Szmek# Cache update time (in minutes) for service configutation data,
ae0ceefc2f432bc1068889fcff53d929eca8a3c4Zbigniew Jędrzejewski-Szmek# if notification URL is not provided or if notifications are disabled.
ae0ceefc2f432bc1068889fcff53d929eca8a3c4Zbigniew Jędrzejewski-Szmek# 1. This property is applicable only if
ae0ceefc2f432bc1068889fcff53d929eca8a3c4Zbigniew Jędrzejewski-Szmek# 'com.sun.identity.client.notification.url'
ae0ceefc2f432bc1068889fcff53d929eca8a3c4Zbigniew Jędrzejewski-Szmek# is not provided or if 'com.sun.identity.sm.notification.enabled' is
ae0ceefc2f432bc1068889fcff53d929eca8a3c4Zbigniew Jędrzejewski-Szmek# set to 'false'.
ae0ceefc2f432bc1068889fcff53d929eca8a3c4Zbigniew Jędrzejewski-Szmek# 2. If the cache time is set as 0, then no cache updates will occur.
ae0ceefc2f432bc1068889fcff53d929eca8a3c4Zbigniew Jędrzejewski-Szmek# Server protocol, host and port to be used by Client Services
ae0ceefc2f432bc1068889fcff53d929eca8a3c4Zbigniew Jędrzejewski-Szmekcom.iplanet.am.server.protocol=http
ae0ceefc2f432bc1068889fcff53d929eca8a3c4Zbigniew Jędrzejewski-Szmekcom.iplanet.am.server.host=local.machine.com
be1a67d9d63bfdd4a5f8ba9cfc804030f10f5833Lennart Poetteringcom.iplanet.am.services.deploymentDescriptor=/openam
d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poetteringcom.iplanet.am.console.protocol=@CONSOLE_PROTOCOL@
d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poetteringcom.iplanet.am.console.host=@CONSOLE_HOST@
d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poetteringcom.iplanet.am.console.port=@CONSOLE_PORT@
780040dc2a4b08a2c1fe5bd8db3a70e966c2acb3Kay Sieverscom.iplanet.am.console.deploymentDescriptor=@CONSOLE_DEPLOY_URI@
d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poetteringcom.iplanet.am.console.remote=@CONSOLE_REMOTE@
d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poetteringcom.iplanet.am.cookie.name=iPlanetDirectoryPro
d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering# Changed to true by warren - Default is false
8dc31a63981267f257583ef82ceb79859ff243f8Daniel Mack# Session related properties.
8dc31a63981267f257583ef82ceb79859ff243f8Daniel Mackcom.iplanet.am.session.client.polling.enable=true
d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering# Identify cert db directory path, prefix and password file
d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering# to initialize JSS Socket Factory when Web Container is configured SSL
d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poetteringcom.iplanet.am.admin.cli.certdb.dir=@CONTAINER_CERTDB_DIR@
d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poetteringcom.iplanet.am.admin.cli.certdb.prefix=@CONTAINER_CERTDB_PREFIX@
d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poetteringcom.iplanet.am.admin.cli.certdb.passfile=@BASEDIR@/@PRODUCT_DIR@/config/.wtpass
0a98d66159e474915afd6597d3aa444a698fdd2dDavid Herrmann# Identify property value for SSL ApprovalCallback / HostnameVerifier
d200735e13c52dcfe36c0e066f9f6c2fbfb85a9cMichal Schmidt# If com.iplanet.services.comm is configured as protocol handler
213298fb822258bb69c6b85b7c8d7f019fd2306aLennart Poettering# and the checkSubjectAltName or resolveIPAddress feature is enabled,
693eb9a2d42d71445dad273a76e2470199d1dc5aLennart Poettering# cert8.db and key3.db with the prefix value of
be1a67d9d63bfdd4a5f8ba9cfc804030f10f5833Lennart Poettering# com.iplanet.am.admin.cli.certdb.prefix will have to be created under
d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering# the directory of com.iplanet.am.admin.cli.certdb.dir before server is
9b85fc6a89386582bfe792dba881800b0a093839Gustavo Sverzut Barbiericom.iplanet.am.jssproxy.trustAllServerCerts=false
c1663b9daf5a43425e54bbe3daf6b10e64578f80Lennart Poetteringcom.iplanet.am.jssproxy.checkSubjectAltName=false
aca33b078cd32c5416a7fa3d5020a5d461c130eeCristian Rodríguezcom.iplanet.am.jssproxy.resolveIPAddress=false
4f47bb8c5e5f234c614dc14532a9483328e61002Zbigniew Jędrzejewski-Szmek#*************************************************************
4f47bb8c5e5f234c614dc14532a9483328e61002Zbigniew Jędrzejewski-Szmek# Policy Client parameters
4f47bb8c5e5f234c614dc14532a9483328e61002Zbigniew Jędrzejewski-Szmek#*************************************************************/
65e3a2cf7c3b399853dd309f702ca5078b7d16eaZbigniew Jędrzejewski-Szmek# Policy decision log parameters. Possible values for logging.level
65e3a2cf7c3b399853dd309f702ca5078b7d16eaZbigniew Jędrzejewski-Szmek# are NONE, ALLOW, DENY, BOTH, and DECISION#/
65e3a2cf7c3b399853dd309f702ca5078b7d16eaZbigniew Jędrzejewski-Szmekcom.sun.identity.agents.server.log.file.name=amRemotePolicyLog
4f47bb8c5e5f234c614dc14532a9483328e61002Zbigniew Jędrzejewski-Szmekcom.sun.identity.agents.logging.level=NONE
b850b06e1efcc7e27cfd785759a3a913ac9ed196Kay Sievers# Notification URL for updating cache#/
b850b06e1efcc7e27cfd785759a3a913ac9ed196Kay Sieverscom.sun.identity.agents.notification.url=@NOTIFICATION_URL@
5a45a93627609451784a04366cfa1150d32611d1Lennart Poettering# Cache time in minutes#/
0289f2fb2a64df53b589b771f69c43126b029590Zbigniew Jędrzejewski-Szmekcom.sun.identity.agents.polling.interval=0
a6c0b31d509f76023d8efbcd5e912863c8fb254cZbigniew Jędrzejewski-Szmek# Information to cache. Possible value are "subtree" or "self"#/
a6c0b31d509f76023d8efbcd5e912863c8fb254cZbigniew Jędrzejewski-Szmekcom.sun.identity.policy.client.cacheMode=subtree
9e7adc3ae1133fa08a468768a490812299fad030Lucas De Marchi# Policy client clock skew value in seconds#/
2b4919a68cf826efbe939291e6dc4f08e824dc41Kay Sievers# Explicitly disable monitoring services in the client applications.
2b4919a68cf826efbe939291e6dc4f08e824dc41Kay Sievers# Specify if allow to use cached data for HttpURLConnection
9b85fc6a89386582bfe792dba881800b0a093839Gustavo Sverzut Barbieri# Property to enable or disable to use the metro implementation
9d2d0fe1e3f28a639c26b62391f79cfd1450d91bEvangelos Foutras# for ws-trust client.
39c4ead2323b45bbe9866e0f97fd8dcfb8a0bedeZbigniew Jędrzejewski-Szmekcom.sun.identity.wss.trustclient.enablemetro=true
ae0ceefc2f432bc1068889fcff53d929eca8a3c4Zbigniew Jędrzejewski-Szmek# Property to use the SOAP version for ws-trust client. The containers
47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# that do not support JavaEE5 should use the version 1.1 but make sure that
ccd06097c79218f7d5ea4c21721bbcbc7c467dcaZbigniew Jędrzejewski-Szmek# the STS service is compatible with 1.1 version.
de0671ee7fe465e108f62dcbbbe9366f81dd9e9aZbigniew Jędrzejewski-Szmek# Specify implementation class for
de0671ee7fe465e108f62dcbbbe9366f81dd9e9aZbigniew Jędrzejewski-Szmek# com.sun.identity.plugin.configuration.ConfigurationInstance interface.
de0671ee7fe465e108f62dcbbbe9366f81dd9e9aZbigniew Jędrzejewski-Szmekcom.sun.identity.plugin.configuration.class=@CONFIGURATION_PROVIDER_CLASS@
c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek# Specify implementation class for
c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek# com.sun.identity.plugin.datastore.DataStoreProvider interface.
c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek# This property defines the default datastore provider.
c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmekcom.sun.identity.plugin.datastore.class.default=@DATASTORE_PROVIDER_CLASS@
32dcef3ab1eb91ee469c3246ef859578dccd8a45Zbigniew Jędrzejewski-Szmek# Specify implementation class for
c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek# com.sun.identity.plugin.session.SessionProvider interface.
c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmekcom.sun.identity.plugin.session.class=@SESSION_PROVIDER_CLASS@
be8737ae386166d2f279767ac87b226204c0de7eFilipe Brandenburger# Specify XML signature provider class
be8737ae386166d2f279767ac87b226204c0de7eFilipe Brandenburgercom.sun.identity.saml.xmlsig.signatureprovider.class=com.sun.identity.saml.xmlsig.AMSignatureProvider
be8737ae386166d2f279767ac87b226204c0de7eFilipe Brandenburger# Specify XML key provider implementation class
c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmekcom.sun.identity.saml.xmlsig.keyprovider.class=com.sun.identity.saml.xmlsig.JKSKeyProvider
747cf8cdf61cdad068c727e42eac699f2505ae77Zbigniew Jędrzejewski-Szmek# Identify SAML XML signature keystore file, keystore password file
747cf8cdf61cdad068c727e42eac699f2505ae77Zbigniew Jędrzejewski-Szmek# and key password file
747cf8cdf61cdad068c727e42eac699f2505ae77Zbigniew Jędrzejewski-Szmek# Commented by warren. Do we need this?
747cf8cdf61cdad068c727e42eac699f2505ae77Zbigniew Jędrzejewski-Szmek#com.sun.identity.saml.xmlsig.keystore=C:/proyectos/consultoria/Itecban/seguridad/pruebas/pkcs12/canalKeyStore.jks
747cf8cdf61cdad068c727e42eac699f2505ae77Zbigniew Jędrzejewski-Szmek#com.sun.identity.saml.xmlsig.storepass=C:/proyectos/consultoria/Itecban/seguridad/pruebas/pkcs12/.canalstorepass
c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek#com.sun.identity.saml.xmlsig.keypass=C:/proyectos/consultoria/Itecban/seguridad/pruebas/pkcs12/.canalstorepass
c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek#com.sun.identity.saml.xmlsig.certalias=canal
c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek# Specify type of KeyStore used for saml xml signature. Default is JKS.
c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek# com.sun.identity.saml.xmlsig.storetype=JKS
1864b0e39505cd44a98eee61c97916b86491c0b4Zbigniew Jędrzejewski-Szmek# Flag for checking the Certificate which is embedded in the
1864b0e39505cd44a98eee61c97916b86491c0b4Zbigniew Jędrzejewski-Szmek# KeyInfo against the certificates in the keystore (specified
a6c0b31d509f76023d8efbcd5e912863c8fb254cZbigniew Jędrzejewski-Szmek# by the "com.sun.identity.saml.xmlsig.keystore" property).
a6c0b31d509f76023d8efbcd5e912863c8fb254cZbigniew Jędrzejewski-Szmek# Possible values for the key are: on|off. If the flag is "on",
1864b0e39505cd44a98eee61c97916b86491c0b4Zbigniew Jędrzejewski-Szmek# the certification must be presented in the keystore for
a6c0b31d509f76023d8efbcd5e912863c8fb254cZbigniew Jędrzejewski-Szmek# XML signature validation. If the flag is "off", skip
a6c0b31d509f76023d8efbcd5e912863c8fb254cZbigniew Jędrzejewski-Szmek# the presence checking.
a6c0b31d509f76023d8efbcd5e912863c8fb254cZbigniew Jędrzejewski-Szmekcom.sun.identity.saml.checkcert=on
a6c0b31d509f76023d8efbcd5e912863c8fb254cZbigniew Jędrzejewski-Szmek# XML cannonicalization algorithm. Used for SAML XML signature generation
a6c0b31d509f76023d8efbcd5e912863c8fb254cZbigniew Jędrzejewski-Szmek# and verification. When not specified, or value is empty, default value
f2ec0646aba7c6703a6c79603957e805b74c3befZbigniew Jędrzejewski-Szmek# will be used. The following is the list of supported algorithms:
c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek# http://www.w3.org/2001/10/xml-exc-c14n# (default)
c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek# http://www.w3.org/2001/10/xml-exc-c14n#WithComments
c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek# http://www.w3.org/TR/2001/REC-xml-c14n-20010315
c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmek# http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
c937e0d5c579863677e0fcb5508517f7714c332dZbigniew Jędrzejewski-Szmekcom.sun.identity.saml.xmlsig.c14nMethod=http://www.w3.org/2001/10/xml-exc-c14n#
4b357e15876b730343db08719c877fdb45b6ad42Michael Marineau# XML signature algorithm. Used for SAML XML Signature generation and
27c64db6dff88ebe9761dfe3b0c073d2a9bf2e41Zbigniew Jędrzejewski-Szmek# verification. When not specified, or value is empty, default value will be
7959ff9914a6f3a59dbff95c199bcc540b70ac94Kay Sievers# used. The following is the list of supported algorithms:
7959ff9914a6f3a59dbff95c199bcc540b70ac94Kay Sievers# http://www.w3.org/2000/09/xmldsig#rsa-sha1 (default)
85f19d825e7504676f3a80c78c1d9a7ec35a3b3fMichael Biebl# http://www.w3.org/2001/04/xmldsig-more#rsa-md5
85f19d825e7504676f3a80c78c1d9a7ec35a3b3fMichael Biebl# http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160
47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering# http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
85f19d825e7504676f3a80c78c1d9a7ec35a3b3fMichael Biebl# http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
7959ff9914a6f3a59dbff95c199bcc540b70ac94Kay Sievers# http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
7959ff9914a6f3a59dbff95c199bcc540b70ac94Kay Sievers# http://www.w3.org/2001/04/xmldsig-more#hmac-md5
7959ff9914a6f3a59dbff95c199bcc540b70ac94Kay Sievers# http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160
fba1ea06bb5b653e9eb0cc1b6004af8da273a4abShawn Landden# http://www.w3.org/2001/04/xmldsig-more#hmac-sha256
fba1ea06bb5b653e9eb0cc1b6004af8da273a4abShawn Landden# http://www.w3.org/2001/04/xmldsig-more#hmac-sha384
fba1ea06bb5b653e9eb0cc1b6004af8da273a4abShawn Landden# http://www.w3.org/2001/04/xmldsig-more#hmac-sha512
4db17f291c627c885de668200ff8cce2e57c933fZbigniew Jędrzejewski-Szmek# XML transformation algorithm. Used for SAML XML signature generation
f7ad54a301e4ae8dceab54d3ab3934e56c1134eaLennart Poettering# and verification. When not specified, or value is empty, default value
81577dc22887debaf9b19bf1034a2887fb9069c7Zbigniew Jędrzejewski-Szmek# will be used. The following is the list of supported algorithms:
81577dc22887debaf9b19bf1034a2887fb9069c7Zbigniew Jędrzejewski-Szmek# http://www.w3.org/2001/10/xml-exc-c14n# (default)
a8348796c0d39435b1c3d85ce6e95dad1ac85fecLennart Poettering# http://www.w3.org/2001/10/xml-exc-c14n#WithComments
9388e99e208a6487b26dcbda86005ee9eba8d93dMichael Olbrich# http://www.w3.org/TR/2001/REC-xml-c14n-20010315
3b794314149e40afaf3c456285e1e529747b6560Holger Schurig# http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
5f381b355a95b953654e46ba3ccdc81bdec165eaLennart Poettering# http://www.w3.org/TR/1999/REC-xslt-19991116
81577dc22887debaf9b19bf1034a2887fb9069c7Zbigniew Jędrzejewski-Szmek# http://www.w3.org/2000/09/xmldsig#base64
539618a0ddc2dc7f0fbe28de2ae0e07b34c81e60Lennart Poettering# http://www.w3.org/TR/1999/REC-xpath-19991116
81577dc22887debaf9b19bf1034a2887fb9069c7Zbigniew Jędrzejewski-Szmek# http://www.w3.org/2000/09/xmldsig#enveloped-signature
81577dc22887debaf9b19bf1034a2887fb9069c7Zbigniew Jędrzejewski-Szmek# http://www.w3.org/TR/2001/WD-xptr-20010108
c4a5ddc9f29cf910fac9d814cd898b4cc2bd79b1Tom Gundersen# http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter
6589d0dba2b1ccf2406db527c2c1b51c7143e117Jean-André Santonicom.sun.identity.saml.xmlsig.transformAlg=http://www.w3.org/2001/10/xml-exc-c14n#
583c14fc04a089e9af70a3fa0b8c0a8c27c06ec0Michael Olbrich# SAML2 XML Encryption Provider Implementation class
81577dc22887debaf9b19bf1034a2887fb9069c7Zbigniew Jędrzejewski-Szmekcom.sun.identity.saml2.xmlenc.EncryptionProvider=com.sun.identity.saml2.xmlenc.FMEncProvider
34f7b9f98facbf3431c6849622104cee992f2b7dLennart Poettering# SAML2 XML Signing Provider Implementation class.
81577dc22887debaf9b19bf1034a2887fb9069c7Zbigniew Jędrzejewski-Szmekcom.sun.identity.saml2.xmlsig.SignatureProvider=com.sun.identity.saml2.xmlsig.FMSigProvider
81577dc22887debaf9b19bf1034a2887fb9069c7Zbigniew Jędrzejewski-Szmek# SAML2 XML Signing Certificate Validation.
81577dc22887debaf9b19bf1034a2887fb9069c7Zbigniew Jędrzejewski-Szmekcom.sun.identity.saml2.crl.check=false
81577dc22887debaf9b19bf1034a2887fb9069c7Zbigniew Jędrzejewski-Szmek# SAML2 XML Signing Certificate Validation.
81577dc22887debaf9b19bf1034a2887fb9069c7Zbigniew Jędrzejewski-Szmekcom.sun.identity.saml2.crl.check.ca=false
cf1755bac0426132c21fdca519a336ce7d920277Michael Olbrich# Client ceritificate alias that will be used in SSL connection for Liberty
a8348796c0d39435b1c3d85ce6e95dad1ac85fecLennart Poetteringcom.sun.identity.liberty.ws.soap.certalias=
d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering# If the message timestamp is before current timestamp by this amount
2270309471213a3c960543e523130627e9cb10e2Kay Sievers# (millisec), it is considered a stale message.
ac6b760ceedd4b21921b6a682cf1479af3d3024fZbigniew Jędrzejewski-Szmekcom.sun.identity.liberty.ws.soap.staleTimeLimit=300000
ac6b760ceedd4b21921b6a682cf1479af3d3024fZbigniew Jędrzejewski-Szmek# All the messageID of a valid message will be stored in a cache with the it
ac6b760ceedd4b21921b6a682cf1479af3d3024fZbigniew Jędrzejewski-Szmek# is received to avoid duplicate messages. If the current time minus the
ac6b760ceedd4b21921b6a682cf1479af3d3024fZbigniew Jędrzejewski-Szmek# received time is greater than the above staleTimeLimit, it should be removed
ac6b760ceedd4b21921b6a682cf1479af3d3024fZbigniew Jędrzejewski-Szmek# from the cache. The is property specify the interval(millisec) that a
ac6b760ceedd4b21921b6a682cf1479af3d3024fZbigniew Jędrzejewski-Szmek# cleanup thread should check the cache and remove those messageID.
2270309471213a3c960543e523130627e9cb10e2Kay Sieverscom.sun.identity.liberty.ws.soap.messageIDCacheCleanupInterval=60000
37161c5148396448921841ae1026b281c7949652Emil Renner Berthing# Supported SOAP actors. Each actor must be seperated by '|'
37161c5148396448921841ae1026b281c7949652Emil Renner Berthingcom.sun.identity.liberty.ws.soap.supportedActors=http://schemas.xmlsoap.org/soap/actor/next
37161c5148396448921841ae1026b281c7949652Emil Renner Berthing# Namespace prefix mapping used when marshalling a JAXB content tree to a
37161c5148396448921841ae1026b281c7949652Emil Renner Berthing# DOM tree. The syntax is
37161c5148396448921841ae1026b281c7949652Emil Renner Berthing# <prefix>=<namespace>|<prefix>=<namespace>|..........
37161c5148396448921841ae1026b281c7949652Emil Renner Berthingcom.sun.identity.liberty.ws.jaxb.namespacePrefixMappingList=S=http://schemas.xmlsoap.org/soap/envelope/|sb=urn:liberty:sb:2003-08|pp=urn:liberty:id-sis-pp:2003-08|ispp=http://www.sun.com/identity/liberty/pp|is=urn:liberty:is:2003-08
53e856e16ac37fe30b8bb59153ff69aad0fa9c27Zbigniew Jędrzejewski-Szmek# JAXB package list used when constructing JAXBContext. Each package must be
53e856e16ac37fe30b8bb59153ff69aad0fa9c27Zbigniew Jędrzejewski-Szmek# seperated by ':'.
53e856e16ac37fe30b8bb59153ff69aad0fa9c27Zbigniew Jędrzejewski-Szmekcom.sun.identity.liberty.ws.jaxb.packageList=
53e856e16ac37fe30b8bb59153ff69aad0fa9c27Zbigniew Jędrzejewski-Szmek# Liberty ID-WSF security profile,
53e856e16ac37fe30b8bb59153ff69aad0fa9c27Zbigniew Jędrzejewski-Szmek# com.sun.identity.liberty.ws.wsc.certalias specifies default certificate
53e856e16ac37fe30b8bb59153ff69aad0fa9c27Zbigniew Jędrzejewski-Szmek# alias for issuing web service security token for this web service client
53e856e16ac37fe30b8bb59153ff69aad0fa9c27Zbigniew Jędrzejewski-Szmek# com.sun.identity.liberty.ws.ta.certalias specifies certificate
53e856e16ac37fe30b8bb59153ff69aad0fa9c27Zbigniew Jędrzejewski-Szmek# alias for trusted authority that will be used to sign SAML or SAML
6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# BEARER token of response message.
6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# com.sun.identity.liberty.ws.trustedca.certaliases specifies certificate
6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# aliases for trusted CA. SAML or SAML BEARER token of incoming request
6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# message needs to be signed by a trusted CA in this list. The syntax is
6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# <cert alias 1>[:<issuer 1>]|<cert alias 2>[:<issuer 2>]|.....
6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# For example, 'myalias1:myissuer1|myalias2|myalias3:myissuer3
6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# 'issuer' is used when the token doesn't have a KeyInfo inside the
6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# signature. The 'issuer' of the token needs to be in this list and the
6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# corresponding cert alias will be used to verify signature. If KeyInfo
6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# exists, the keystore needs to contain a cert alias that matches the
6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# KeyInfo and the cert alias needs to be in this list.
6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# com.sun.identity.liberty.ws.security.TokenProviderImpl specifies
6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# implementation for security token provider
6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersencom.sun.identity.liberty.ws.wsc.certalias=
6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersencom.sun.identity.liberty.ws.ta.certalias=
6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersencom.sun.identity.liberty.ws.trustedca.certaliases=
6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersencom.sun.identity.liberty.ws.security.TokenProviderImpl=com.sun.identity.liberty.ws.security.LibSecurityTokenProvider
6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# URL for WSPRedirectHandlerServlet to handle Liberty WSF WSP-resource owner
6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# interactions based on user agent redirects. This should be running in
6aea6d10f460853111ca8744201ec8dade97de3cThomas H.P. Andersen# the same JVM where Liberty SP is running
e30431623a7d871da123cc37055ac49abf2c20eaTom Gundersencom.sun.identity.liberty.interaction.wspRedirectHandler=http://local.machine.com:18080/openam/WSPRedirectHandler
e2ca86cf78f911a8be51f0224796e24883019139Dave Reisner# indicates whether WSC would participate in interaction
e2ca86cf78f911a8be51f0224796e24883019139Dave Reisner# valid values are interactIfNeeded | doNotInteract | doNotInteractForData
a18535d9e138c525d0443ec9f30a90b3e2184686Tom Gundersen# default value:interactIfNeeded
e2ca86cf78f911a8be51f0224796e24883019139Dave Reisner# value used if an invalid value is specified:interactIfNeeded
70d8320978dcbce022d9acbb953a10a7aca049abDavid Strausscom.sun.identity.liberty.interaction.wscSpecifiedInteractionChoice=interactIfNeeded
e30431623a7d871da123cc37055ac49abf2c20eaTom Gundersen# indicates whether WSC would include userInteractionHeader
e30431623a7d871da123cc37055ac49abf2c20eaTom Gundersen# valid values are yes|no (case ignored)
e30431623a7d871da123cc37055ac49abf2c20eaTom Gundersen# default value:yes
f553b3b1074151200187df916427a1468186435eAnders Olofsson# value used if no value is specified:yes
d4f5a1f47dbd04f26f2ddf951c97c4cb0ebbbe62David Herrmanncom.sun.identity.liberty.interaction.wscWillInlcudeUserInteractionHeader=yes
d4f5a1f47dbd04f26f2ddf951c97c4cb0ebbbe62David Herrmann# indicates whether WSC would redirect user for interaction
d4f5a1f47dbd04f26f2ddf951c97c4cb0ebbbe62David Herrmann# valid values are yes|no
d4f5a1f47dbd04f26f2ddf951c97c4cb0ebbbe62David Herrmann# default value:yes
d4f5a1f47dbd04f26f2ddf951c97c4cb0ebbbe62David Herrmann# value used if no value is specified:yes
d4f5a1f47dbd04f26f2ddf951c97c4cb0ebbbe62David Herrmanncom.sun.identity.liberty.interaction.wscWillRedirect=yes
f553b3b1074151200187df916427a1468186435eAnders Olofsson# WSC's preference on the acceptable duration for interaction(in seconds)
f553b3b1074151200187df916427a1468186435eAnders Olofsson# default value if the value is not specified or a non integer value is
f553b3b1074151200187df916427a1468186435eAnders Olofsson# specified : 60
f553b3b1074151200187df916427a1468186435eAnders Olofssoncom.sun.identity.liberty.interaction.wscSpecifiedMaxInteractionTime=80
f553b3b1074151200187df916427a1468186435eAnders Olofsson# indicates whether WSC would enforce that redirected to URL is https
f553b3b1074151200187df916427a1468186435eAnders Olofsson# valid values are yes|no (case ignored)
f553b3b1074151200187df916427a1468186435eAnders Olofsson# liberty specification require the value to be yes
f553b3b1074151200187df916427a1468186435eAnders Olofsson# default value:yes
728beb28a713709f521d374c9f8f3da781969d26Tom Gundersen# value used if no value is specified:yes
8d3ae2bd4c9bf9fc2e57f7b3776325a1c750ca30Chris Leechcom.sun.identity.liberty.interaction.wscWillEnforceHttpsCheck=no
8d3ae2bd4c9bf9fc2e57f7b3776325a1c750ca30Chris Leech# This property is used to determine the Liberty identity web services framework
8d3ae2bd4c9bf9fc2e57f7b3776325a1c750ca30Chris Leech# to be used when the framework can not determine from the in-bound message or
8d3ae2bd4c9bf9fc2e57f7b3776325a1c750ca30Chris Leech# from the resource offering when AM is acting as the WSC.
8d3ae2bd4c9bf9fc2e57f7b3776325a1c750ca30Chris Leech# The default version is 1.1, but the possible values are 1.0 or 1.1
c0467cf387548dc98c0254f63553d862b35a84e5Ronny Chevalier# Web Services Security Client Properties
c0467cf387548dc98c0254f63553d862b35a84e5Ronny Chevalier# Login URL and Authentication web service URL for WSS Liberty use cases
c0467cf387548dc98c0254f63553d862b35a84e5Ronny Chevaliercom.sun.identity.loginurl=http://local.machine.com:18080/openam/UI/Login
c0467cf387548dc98c0254f63553d862b35a84e5Ronny Chevaliercom.sun.identity.liberty.authnsvc.url=http://local.machine.com:18080/openam/Liberty/authnsvc
17df7223be064b1542dbe868e3b35cca977ee639Lennart Poettering# STS End User Token Plugin class
17df7223be064b1542dbe868e3b35cca977ee639Lennart Poetteringcom.sun.identity.wss.sts.clientusertoken=com.sun.identity.wss.sts.STSClientUserToken
c0467cf387548dc98c0254f63553d862b35a84e5Ronny Chevalier# WSS Provider Configuration Plugin class
c0467cf387548dc98c0254f63553d862b35a84e5Ronny Chevaliercom.sun.identity.wss.provider.config.plugin=com.sun.identity.wss.provider.plugins.AgentProvider
c0467cf387548dc98c0254f63553d862b35a84e5Ronny Chevalier# WSS Authenticator Plugin Class
c0467cf387548dc98c0254f63553d862b35a84e5Ronny Chevaliercom.sun.identity.wss.security.authenticator=com.sun.identity.wss.security.handler.DefaultAuthenticator
3e2147858f21943d5f4a781c60f33ac22c6096edKay Sieverscom.sun.identity.jsr196.authenticated.user=AUTHENTICATED_USERS
816115863962548a9a0d9fbfe429c7f8e685beacRoberto Sassuorg.forgerock.openam.oauth2.endpoint.authorize=http://local.machine.com:18080/openam/oauth2/authorize
816115863962548a9a0d9fbfe429c7f8e685beacRoberto Sassuorg.forgerock.openam.oauth2.endpoint.access_token=http://local.machine.com:18080/openam/oauth2/access_token
816115863962548a9a0d9fbfe429c7f8e685beacRoberto Sassuorg.forgerock.openam.oauth2.endpoint.tokeninfo=http://local.machine.com:18080/openam/oauth2/tokeninfo
816115863962548a9a0d9fbfe429c7f8e685beacRoberto Sassuorg.forgerock.openam.oauth2.endpoint.redirection=http://jason.internal.forgerock.com/test