entitlement.xml revision 4a5f76e173fa7e8164ad9743bcdae43b1b8075ca
0N/A<?xml version="1.0" encoding="UTF-8"?>
4372N/A
0N/A<!--
0N/A DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
0N/A
0N/A Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
0N/A
0N/A The contents of this file are subject to the terms
0N/A of the Common Development and Distribution License
0N/A (the License). You may not use this file except in
0N/A compliance with the License.
0N/A
0N/A You can obtain a copy of the License at
0N/A https://opensso.dev.java.net/public/CDDLv1.0.html or
0N/A opensso/legal/CDDLv1.0.txt
0N/A See the License for the specific language governing
0N/A permission and limitations under the License.
0N/A
1472N/A When distributing Covered Code, include this CDDL
1472N/A Header Notice in each file and include the License file
1472N/A at opensso/legal/CDDLv1.0.txt.
0N/A If applicable, add the following below the CDDL Header,
0N/A with the fields enclosed by brackets [] replaced by
0N/A your own identifying information:
1879N/A "Portions Copyrighted [year] [name of copyright owner]"
1879N/A
1879N/A $Id: entitlement.xml,v 1.9 2010/01/07 00:19:12 veiming Exp $
1879N/A
1879N/A Portions copyright 2011-2014 ForgeRock AS.
1879N/A-->
0N/A
0N/A<!DOCTYPE ServicesConfiguration
0N/A PUBLIC "=//iPlanet//Service Management Services (SMS) 1.0 DTD//EN"
0N/A "jar://com/sun/identity/sm/sms.dtd">
0N/A
0N/A<ServicesConfiguration>
0N/A <Service name="sunEntitlementService" version="1.0">
0N/A <Schema i18nFileName="" revisionNumber="20">
0N/A <Global>
0N/A <AttributeSchema name="usenewconsole"
0N/A type="single"
0N/A syntax="string"
0N/A i18nKey="">
0N/A <DefaultValues>
0N/A <Value></Value>
0N/A </DefaultValues>
0N/A </AttributeSchema>
1703N/A <AttributeSchema name="migratedtoentitlementservice"
1703N/A type="single"
4018N/A syntax="boolean"
0N/A i18nKey="">
0N/A <DefaultValues>
0N/A <Value>true</Value>
0N/A </DefaultValues>
0N/A </AttributeSchema>
0N/A <AttributeSchema name="xacml-privilege-enabled"
1703N/A type="single"
0N/A syntax="boolean"
0N/A i18nKey="">
0N/A <DefaultValues>
0N/A <Value>false</Value>
0N/A </DefaultValues>
0N/A </AttributeSchema>
0N/A <AttributeSchema name="evalThreadSize"
0N/A type="single"
0N/A syntax="number_range"
0N/A rangeStart="0" rangeEnd="200"
0N/A i18nKey="">
0N/A <DefaultValues>
0N/A <Value>10</Value>
0N/A </DefaultValues>
0N/A </AttributeSchema>
0N/A <AttributeSchema name="searchThreadSize"
0N/A type="single"
0N/A syntax="number_range"
0N/A rangeStart="0" rangeEnd="200"
0N/A i18nKey="">
0N/A <DefaultValues>
2771N/A <Value>0</Value>
3767N/A </DefaultValues>
2771N/A </AttributeSchema>
2771N/A <AttributeSchema name="policyCacheSize"
2771N/A type="single"
3767N/A syntax="number_range"
3767N/A rangeStart="0" rangeEnd="2147483647"
0N/A i18nKey="">
0N/A <DefaultValues>
2771N/A <Value>100000</Value>
710N/A </DefaultValues>
0N/A </AttributeSchema>
0N/A <AttributeSchema name="indexCacheSize"
0N/A type="single"
0N/A syntax="number_range"
0N/A rangeStart="0" rangeEnd="2147483647"
0N/A i18nKey="">
0N/A <DefaultValues>
0N/A <Value>100000</Value>
0N/A </DefaultValues>
0N/A </AttributeSchema>
0N/A
0N/A <!-- entitlement notification, Connection timeout in millisec,
0N/A max 5 mins -->
0N/A <AttributeSchema name="entitlement-notifier-conn-timeout"
0N/A type="single"
0N/A syntax="number_range"
0N/A rangeStart="0" rangeEnd="300000"
0N/A i18nKey="">
0N/A <DefaultValues>
0N/A <Value>1000</Value>
0N/A </DefaultValues>
0N/A </AttributeSchema>
0N/A <AttributeSchema name="entitlement-notifier-retries"
0N/A type="single"
0N/A syntax="number_range"
0N/A rangeStart="0" rangeEnd="50"
0N/A i18nKey="">
0N/A <DefaultValues>
0N/A <Value>3</Value>
0N/A </DefaultValues>
0N/A </AttributeSchema>
0N/A <!-- duration between retries in millisec, max 5 mins -->
0N/A <AttributeSchema name="entitlement-notifier-duration-between-retries"
4018N/A type="single"
4018N/A syntax="number_range"
4018N/A rangeStart="0" rangeEnd="300000"
0N/A i18nKey="">
0N/A <DefaultValues>
0N/A <Value>1000</Value>
0N/A </DefaultValues>
0N/A </AttributeSchema>
0N/A
0N/A <!-- Privilege change notification
0N/A Connection timeout in millisec, max 5 mins -->
0N/A <AttributeSchema name="privilege-notifier-conn-timeout"
0N/A type="single"
0N/A syntax="number_range"
0N/A rangeStart="0" rangeEnd="300000"
0N/A i18nKey="">
0N/A <DefaultValues>
0N/A <Value>1000</Value>
0N/A </DefaultValues>
0N/A </AttributeSchema>
0N/A <AttributeSchema name="privilege-notifier-retries"
0N/A type="single"
0N/A syntax="number_range"
0N/A rangeStart="0" rangeEnd="50"
0N/A i18nKey="">
2771N/A <DefaultValues>
3767N/A <Value>3</Value>
3767N/A </DefaultValues>
0N/A </AttributeSchema>
0N/A <!-- duration between retries in millisec, max 5 mins -->
0N/A <AttributeSchema name="privilege-notifier-duration-between-retries"
0N/A type="single"
0N/A syntax="number_range"
0N/A rangeStart="0" rangeEnd="300000"
2771N/A i18nKey="">
2771N/A <DefaultValues>
2771N/A <Value>3000</Value>
2771N/A </DefaultValues>
0N/A </AttributeSchema>
0N/A <AttributeSchema name="privilege-notifier-threadpool-size"
0N/A type="single"
0N/A syntax="number_range"
0N/A rangeStart="0" rangeEnd="20"
0N/A i18nKey="">
0N/A <DefaultValues>
0N/A <Value>5</Value>
0N/A </DefaultValues>
0N/A </AttributeSchema>
0N/A <AttributeSchema name="network-monitor-enabled"
0N/A type="single"
0N/A syntax="boolean"
0N/A i18nKey="">
0N/A <DefaultValues>
0N/A <Value>false</Value>
0N/A </DefaultValues>
0N/A </AttributeSchema>
0N/A
0N/A
0N/A <AttributeSchema name="listeners"
0N/A type="list"
0N/A syntax="string"
0N/A i18nKey="" />
1703N/A <SubSchema name="applicationTypes" inheritance="multiple">
1703N/A <SubSchema name="applicationType" inheritance="multiple">
4018N/A <AttributeSchema name="applicationClassName"
0N/A type="single"
0N/A syntax="string"
0N/A i18nKey="" />
0N/A <AttributeSchema name="actions"
0N/A type="list"
0N/A syntax="string"
0N/A i18nKey="" />
0N/A <AttributeSchema name="searchIndexImpl"
0N/A type="single"
0N/A syntax="string"
0N/A i18nKey="" />
0N/A <AttributeSchema name="saveIndexImpl"
0N/A type="single"
0N/A syntax="string"
0N/A i18nKey="" />
0N/A <AttributeSchema name="resourceComparator"
0N/A type="single"
0N/A syntax="string"
0N/A i18nKey="" />
0N/A <AttributeSchema name="nonBooleanActionValues"
0N/A type="list"
0N/A syntax="string"
0N/A i18nKey="" />
0N/A </SubSchema>
0N/A </SubSchema>
0N/A </Global>
0N/A <Organization>
0N/A <SubSchema name="applications" inheritance="multiple">
0N/A <SubSchema name="application" inheritance="multiple">
0N/A <AttributeSchema name="applicationType"
0N/A type="single"
0N/A syntax="string"
3767N/A i18nKey="" />
3767N/A <AttributeSchema name="description"
3767N/A type="single"
3767N/A syntax="string"
0N/A i18nKey="" />
0N/A <AttributeSchema name="actions"
2771N/A type="list"
2771N/A syntax="string"
0N/A i18nKey="" />
710N/A <AttributeSchema name="resources"
710N/A type="list"
0N/A syntax="string"
4372N/A i18nKey="" />
0N/A <AttributeSchema name="subjects"
710N/A type="list"
710N/A syntax="string"
710N/A i18nKey="" />
710N/A <AttributeSchema name="conditions"
710N/A type="list"
710N/A syntax="string"
1879N/A i18nKey="" />
1879N/A <AttributeSchema name="entitlementCombiner"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="searchIndexImpl"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="saveIndexImpl"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="resourceComparator"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="subjectAttributeNames"
type="list"
syntax="string"
i18nKey="" />
<AttributeSchema name="meta"
type="list"
syntax="string"
i18nKey="" />
</SubSchema>
</SubSchema>
<SubSchema name="subjectAttributesCollectors" inheritance="multiple">
<SubSchema name="OpenSSOSubjectAttributesCollector" inheritance="multiple">
<AttributeSchema name="class"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="groupMembershipSearchIndexEnabled"
type="single"
syntax="boolean"
i18nKey="" />
</SubSchema>
</SubSchema>
</Organization>
</Schema>
<Configuration>
<GlobalConfiguration>
<SubConfiguration name="applicationTypes" id="applicationTypes">
<SubConfiguration name="iPlanetAMWebAgentService"
id="applicationType">
<AttributeValuePair>
<Attribute name="actions" />
<Value>GET=true</Value>
<Value>POST=true</Value>
<Value>PUT=true</Value>
<Value>DELETE=true</Value>
<Value>HEAD=true</Value>
<Value>OPTIONS=true</Value>
<Value>PATCH=true</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="searchIndexImpl" />
<Value>org.forgerock.openam.entitlement.indextree.TreeSearchIndex</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="saveIndexImpl" />
<Value>org.forgerock.openam.entitlement.indextree.TreeSaveIndex</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceComparator" />
<Value>com.sun.identity.entitlement.URLResourceName</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="crestPolicyService" id="applicationType">
<AttributeValuePair>
<Attribute name="actions" />
<Value>CREATE=true</Value>
<Value>READ=true</Value>
<Value>UPDATE=true</Value>
<Value>DELETE=true</Value>
<Value>PATCH=true</Value>
<Value>ACTION=true</Value>
<Value>QUERY=true</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="searchIndexImpl" />
<Value>org.forgerock.openam.entitlement.indextree.TreeSearchIndex</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="saveIndexImpl" />
<Value>org.forgerock.openam.entitlement.indextree.TreeSaveIndex</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceComparator" />
<Value>com.sun.identity.entitlement.URLResourceName</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="sunIdentityServerDiscoveryService"
id="applicationType">
<AttributeValuePair>
<Attribute name="actions" />
<Value>LOOKUP=true</Value>
<Value>UPDATE=true</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="searchIndexImpl" />
<Value>com.sun.identity.entitlement.util.ResourceNameSplitter</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="saveIndexImpl" />
<Value>com.sun.identity.entitlement.util.ResourceNameIndexGenerator</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceComparator" />
<Value>com.sun.identity.entitlement.PrefixResourceName</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="sunIdentityServerLibertyPPService"
id="applicationType">
<AttributeValuePair>
<Attribute name="actions" />
<Value>QUERY_allow=true</Value>
<Value>QUERY_deny=false</Value>
<Value>QUERY_interactForValue=false</Value>
<Value>QUERY_interactForConsent=false</Value>
<Value>MODIFY_allow=true</Value>
<Value>MODIFY_deny=false</Value>
<Value>MODIFY_interactForValue=false</Value>
<Value>MODIFY_interactForConsent=false</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="nonBooleanActionValues" />
<Value>QUERY=deny,allow,interactForValue,interactForConsent</Value>
<Value>MODIFY=deny,allow,interactForValue,interactForConsent</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="searchIndexImpl" />
<Value>com.sun.identity.entitlement.util.ResourceNameSplitter</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="saveIndexImpl" />
<Value>com.sun.identity.entitlement.util.ResourceNameIndexGenerator</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceComparator" />
<Value>com.sun.identity.entitlement.PrefixResourceName</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="sunAMDelegationService"
id="applicationType">
<AttributeValuePair>
<Attribute name="actions" />
<Value>READ=true</Value>
<Value>MODIFY=true</Value>
<Value>DELEGATE=true</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="searchIndexImpl" />
<Value>com.sun.identity.entitlement.opensso.DelegationResourceNameSplitter</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="saveIndexImpl" />
<Value>com.sun.identity.entitlement.opensso.DelegationResourceNameIndexGenerator</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceComparator" />
<Value>com.sun.identity.entitlement.RegExResourceName</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="openProvisioning"
id="applicationType">
<AttributeValuePair>
<Attribute name="actions" />
<Value>CREATE=true</Value>
<Value>READ=true</Value>
<Value>UPDATE=true</Value>
<Value>DELETE=true</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="searchIndexImpl" />
<Value>com.sun.identity.entitlement.util.ResourceNameSplitter</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="saveIndexImpl" />
<Value>com.sun.identity.entitlement.util.ResourceNameIndexGenerator</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceComparator" />
<Value>com.sun.identity.entitlement.PrefixResourceName</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="banking"
id="applicationType">
<AttributeValuePair>
<Attribute name="actions" />
<Value>TRANSFER=true</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="searchIndexImpl" />
<Value>com.sun.identity.entitlement.util.ResourceNameSplitter</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="saveIndexImpl" />
<Value>com.sun.identity.entitlement.util.ResourceNameIndexGenerator</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceComparator" />
<Value>com.sun.identity.entitlement.ExactMatchResourceName</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="webservices"
id="applicationType">
<AttributeValuePair>
<Attribute name="applicationClassName" />
<Value>com.sun.identity.entitlement.WebServiceApplication</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="searchIndexImpl" />
<Value>com.sun.identity.entitlement.util.ResourceNameSplitter</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="saveIndexImpl" />
<Value>com.sun.identity.entitlement.util.ResourceNameIndexGenerator</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceComparator" />
<Value>com.sun.identity.entitlement.URLResourceName</Value>
</AttributeValuePair>
</SubConfiguration>
</SubConfiguration>
</GlobalConfiguration>
<OrganizationConfiguration name="/">
<SubConfiguration name="registeredApplications"
id="applications">
<SubConfiguration name="iPlanetAMWebAgentService"
id="application">
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>iPlanetAMWebAgentService</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resources" />
<Value>http://*</Value>
<Value>https://*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="subjects" />
<Value>com.sun.identity.admin.model.IdRepoGroupViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoRoleViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoUserViewSubject</Value>
<Value>com.sun.identity.admin.model.VirtualViewSubject</Value>
<Value>com.sun.identity.admin.model.AttributeViewSubject</Value>
<Value>com.sun.identity.admin.model.OrViewSubject</Value>
<Value>com.sun.identity.admin.model.AndViewSubject</Value>
<Value>com.sun.identity.admin.model.NotViewSubject</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="conditions" />
<!--<Value>com.sun.identity.admin.model.ActiveSessionTimeCondition</Value>-->
<Value>dateRange</Value>
<Value>daysOfWeek</Value>
<Value>dnsName</Value>
<Value>ipRange</Value>
<Value>timeRange</Value>
<Value>timezone</Value>
<Value>or</Value>
<Value>and</Value>
<Value>not</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>com.sun.identity.entitlement.DenyOverride</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="crestPolicyService" id="application">
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>crestPolicyService</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resources" />
<Value>http://*</Value>
<Value>https://*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="subjects" />
<Value>com.sun.identity.admin.model.IdRepoGroupViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoRoleViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoUserViewSubject</Value>
<Value>com.sun.identity.admin.model.VirtualViewSubject</Value>
<Value>com.sun.identity.admin.model.AttributeViewSubject</Value>
<Value>com.sun.identity.admin.model.OrViewSubject</Value>
<Value>com.sun.identity.admin.model.AndViewSubject</Value>
<Value>com.sun.identity.admin.model.NotViewSubject</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="conditions" />
<Value>dateRange</Value>
<Value>daysOfWeek</Value>
<Value>dnsName</Value>
<Value>ipRange</Value>
<Value>timeRange</Value>
<Value>timezone</Value>
<Value>or</Value>
<Value>and</Value>
<Value>not</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>com.sun.identity.entitlement.DenyOverride</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="sunIdentityServerDiscoveryService"
id="application">
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>sunIdentityServerDiscoveryService</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resources" />
<Value>http://*</Value>
<Value>https://*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="subjects" />
<Value>com.sun.identity.admin.model.IdRepoGroupViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoRoleViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoUserViewSubject</Value>
<Value>com.sun.identity.admin.model.VirtualViewSubject</Value>
<Value>com.sun.identity.admin.model.AttributeViewSubject</Value>
<Value>com.sun.identity.admin.model.OrViewSubject</Value>
<Value>com.sun.identity.admin.model.AndViewSubject</Value>
<Value>com.sun.identity.admin.model.NotViewSubject</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="conditions" />
<!--<Value>com.sun.identity.admin.model.ActiveSessionTimeCondition</Value>-->
<Value>dateRange</Value>
<Value>daysOfWeek</Value>
<Value>dnsName</Value>
<Value>ipRange</Value>
<Value>timeRange</Value>
<Value>timezone</Value>
<Value>or</Value>
<Value>and</Value>
<Value>not</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>com.sun.identity.entitlement.DenyOverride</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="sunIdentityServerLibertyPPService"
id="application">
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>sunIdentityServerLibertyPPService</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resources" />
<Value>*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="subjects" />
<Value>com.sun.identity.admin.model.IdRepoGroupViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoRoleViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoUserViewSubject</Value>
<Value>com.sun.identity.admin.model.VirtualViewSubject</Value>
<Value>com.sun.identity.admin.model.AttributeViewSubject</Value>
<Value>com.sun.identity.admin.model.OrViewSubject</Value>
<Value>com.sun.identity.admin.model.AndViewSubject</Value>
<Value>com.sun.identity.admin.model.NotViewSubject</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="conditions" />
<!--<Value>com.sun.identity.admin.model.ActiveSessionTimeCondition</Value>-->
<Value>dateRange</Value>
<Value>daysOfWeek</Value>
<Value>dnsName</Value>
<Value>ipRange</Value>
<Value>timeRange</Value>
<Value>timezone</Value>
<Value>or</Value>
<Value>and</Value>
<Value>not</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>com.sun.identity.entitlement.DenyOverride</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="sunAMDelegationService"
id="application">
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>sunAMDelegationService</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resources" />
<Value>sms://*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="subjects" />
<Value>com.sun.identity.admin.model.IdRepoUserViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoGroupViewSubject</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>com.sun.identity.entitlement.DenyOverride</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="openProvisioning"
id="application">
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>openProvisioning</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resources" />
<Value>/*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>com.sun.identity.entitlement.DenyOverride</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="paycheck"
id="application">
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>iPlanetAMWebAgentService</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resources" />
<Value>http://paycheck.sun.com:8081/*</Value>
<Value>http://paycheck.sun.com:8081/*/private</Value>
<Value>http://paycheck.sun.com:8081/*/users/*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="subjects" />
<Value>com.sun.identity.admin.model.IdRepoGroupViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoRoleViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoUserViewSubject</Value>
<Value>com.sun.identity.admin.model.VirtualViewSubject</Value>
<Value>com.sun.identity.admin.model.OrViewSubject</Value>
<Value>com.sun.identity.admin.model.AndViewSubject</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="conditions" />
<Value>dnsName</Value>
<Value>ipRange</Value>
<Value>or</Value>
<Value>and</Value>
<Value>not</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>com.sun.identity.entitlement.DenyOverride</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="calendar"
id="application">
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>iPlanetAMWebAgentService</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resources" />
<Value>http://calendar.sun.com/*</Value>
<Value>http://calendar.sun.com/my/*</Value>
<Value>http://calendar.sun.com/admin</Value>
<Value>http://calendar.sun.com/*/calendars?calId=*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="subjects" />
<Value>com.sun.identity.admin.model.IdRepoGroupViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoRoleViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoUserViewSubject</Value>
<Value>com.sun.identity.admin.model.VirtualViewSubject</Value>
<Value>com.sun.identity.admin.model.OrViewSubject</Value>
<Value>com.sun.identity.admin.model.NotViewSubject</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="conditions" />
<Value>dateRange</Value>
<Value>daysOfWeek</Value>
<Value>timeRange</Value>
<Value>timezone</Value>
<Value>or</Value>
<Value>and</Value>
<Value>not</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>com.sun.identity.entitlement.DenyOverride</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="im"
id="application">
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>iPlanetAMWebAgentService</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resources" />
<Value>http://im.sun.com/register</Value>
<Value>http://im.sun.com/im.jnlp</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="subjects" />
<Value>com.sun.identity.admin.model.IdRepoGroupViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoRoleViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoUserViewSubject</Value>
<Value>com.sun.identity.admin.model.VirtualViewSubject</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="conditions" />
<Value>daysOfWeek</Value>
<Value>dnsName</Value>
<Value>ipRange</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>com.sun.identity.entitlement.DenyOverride</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="sunBank"
id="application">
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>banking</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resources" />
<Value>*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="subjects" />
<Value>com.sun.identity.admin.model.BankingViewSubject</Value>
<Value>com.sun.identity.admin.model.VirtualViewSubject</Value>
<Value>com.sun.identity.admin.model.NotViewSubject</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="conditions" />
<Value>upperTransferLimit</Value>
<Value>lowerTransferLimit</Value>
<Value>anyTransferLimit</Value>
<Value>dateRange</Value>
<Value>daysOfWeek</Value>
<Value>timeRange</Value>
<Value>timezone</Value>
<Value>ipRange</Value>
<Value>or</Value>
<Value>and</Value>
<Value>not</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>com.sun.identity.entitlement.DenyOverride</Value>
</AttributeValuePair>
</SubConfiguration>
</SubConfiguration>
<SubConfiguration name="subjectAttributesCollectors"
id="subjectAttributesCollectors">
<SubConfiguration name="OpenSSO"
id="OpenSSOSubjectAttributesCollector">
<AttributeValuePair>
<Attribute name="class" />
<Value>com.sun.identity.entitlement.opensso.OpenSSOSubjectAttributesCollector</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="groupMembershipSearchIndexEnabled" />
<Value>false</Value>
</AttributeValuePair>
</SubConfiguration>
</SubConfiguration>
</OrganizationConfiguration>
</Configuration>
</Service>
</ServicesConfiguration>