entitlement.xml revision 74dca04245920444925c2544c591c3da5dad607e
2N/A<?xml version="1.0" encoding="UTF-8"?>
2N/A
2N/A<!--
2N/A DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
2N/A
2N/A Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
2N/A
2N/A The contents of this file are subject to the terms
2N/A of the Common Development and Distribution License
2N/A (the License). You may not use this file except in
2N/A compliance with the License.
2N/A
2N/A You can obtain a copy of the License at
2N/A https://opensso.dev.java.net/public/CDDLv1.0.html or
2N/A opensso/legal/CDDLv1.0.txt
2N/A See the License for the specific language governing
2N/A permission and limitations under the License.
2N/A
2N/A When distributing Covered Code, include this CDDL
2N/A Header Notice in each file and include the License file
2N/A at opensso/legal/CDDLv1.0.txt.
2N/A If applicable, add the following below the CDDL Header,
2N/A with the fields enclosed by brackets [] replaced by
2N/A your own identifying information:
2N/A "Portions Copyrighted [year] [name of copyright owner]"
2N/A
2N/A $Id: entitlement.xml,v 1.9 2010/01/07 00:19:12 veiming Exp $
2N/A
2N/A Portions copyright 2011-2015 ForgeRock AS.
2N/A-->
2N/A
2N/A<!DOCTYPE ServicesConfiguration
2N/A PUBLIC "=//iPlanet//Service Management Services (SMS) 1.0 DTD//EN"
2N/A "jar://com/sun/identity/sm/sms.dtd">
2N/A
2N/A<ServicesConfiguration>
2N/A <Service name="sunEntitlementService" version="1.0">
2N/A <Schema i18nFileName="" revisionNumber="20">
2N/A <Global>
2N/A <AttributeSchema name="usenewconsole"
2N/A type="single"
2N/A syntax="string"
2N/A i18nKey="">
2N/A <DefaultValues>
2N/A <Value></Value>
2N/A </DefaultValues>
2N/A </AttributeSchema>
2N/A <AttributeSchema name="migratedtoentitlementservice"
2N/A type="single"
2N/A syntax="boolean"
2N/A i18nKey="">
2N/A <DefaultValues>
2N/A <Value>true</Value>
2N/A </DefaultValues>
2N/A </AttributeSchema>
2N/A <AttributeSchema name="xacml-privilege-enabled"
2N/A type="single"
2N/A syntax="boolean"
2N/A i18nKey="">
2N/A <DefaultValues>
2N/A <Value>false</Value>
2N/A </DefaultValues>
2N/A </AttributeSchema>
2N/A <AttributeSchema name="evalThreadSize"
2N/A type="single"
2N/A syntax="number_range"
2N/A rangeStart="0" rangeEnd="200"
2N/A i18nKey="">
2N/A <DefaultValues>
2N/A <Value>10</Value>
2N/A </DefaultValues>
2N/A </AttributeSchema>
2N/A <AttributeSchema name="searchThreadSize"
2N/A type="single"
2N/A syntax="number_range"
2N/A rangeStart="0" rangeEnd="200"
2N/A i18nKey="">
2N/A <DefaultValues>
2N/A <Value>0</Value>
2N/A </DefaultValues>
2N/A </AttributeSchema>
2N/A <AttributeSchema name="policyCacheSize"
2N/A type="single"
2N/A syntax="number_range"
2N/A rangeStart="0" rangeEnd="2147483647"
2N/A i18nKey="">
2N/A <DefaultValues>
2N/A <Value>100000</Value>
2N/A </DefaultValues>
2N/A </AttributeSchema>
2N/A <AttributeSchema name="indexCacheSize"
2N/A type="single"
2N/A syntax="number_range"
2N/A rangeStart="0" rangeEnd="2147483647"
2N/A i18nKey="">
2N/A <DefaultValues>
2N/A <Value>100000</Value>
2N/A </DefaultValues>
2N/A </AttributeSchema>
2N/A
2N/A <!-- entitlement notification, Connection timeout in millisec,
2N/A max 5 mins -->
2N/A <AttributeSchema name="entitlement-notifier-conn-timeout"
2N/A type="single"
2N/A syntax="number_range"
2N/A rangeStart="0" rangeEnd="300000"
2N/A i18nKey="">
2N/A <DefaultValues>
2N/A <Value>1000</Value>
2N/A </DefaultValues>
</AttributeSchema>
<AttributeSchema name="entitlement-notifier-retries"
type="single"
syntax="number_range"
rangeStart="0" rangeEnd="50"
i18nKey="">
<DefaultValues>
<Value>3</Value>
</DefaultValues>
</AttributeSchema>
<!-- duration between retries in millisec, max 5 mins -->
<AttributeSchema name="entitlement-notifier-duration-between-retries"
type="single"
syntax="number_range"
rangeStart="0" rangeEnd="300000"
i18nKey="">
<DefaultValues>
<Value>1000</Value>
</DefaultValues>
</AttributeSchema>
<!-- Privilege change notification
Connection timeout in millisec, max 5 mins -->
<AttributeSchema name="privilege-notifier-conn-timeout"
type="single"
syntax="number_range"
rangeStart="0" rangeEnd="300000"
i18nKey="">
<DefaultValues>
<Value>1000</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="privilege-notifier-retries"
type="single"
syntax="number_range"
rangeStart="0" rangeEnd="50"
i18nKey="">
<DefaultValues>
<Value>3</Value>
</DefaultValues>
</AttributeSchema>
<!-- duration between retries in millisec, max 5 mins -->
<AttributeSchema name="privilege-notifier-duration-between-retries"
type="single"
syntax="number_range"
rangeStart="0" rangeEnd="300000"
i18nKey="">
<DefaultValues>
<Value>3000</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="privilege-notifier-threadpool-size"
type="single"
syntax="number_range"
rangeStart="0" rangeEnd="20"
i18nKey="">
<DefaultValues>
<Value>5</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="network-monitor-enabled"
type="single"
syntax="boolean"
i18nKey="">
<DefaultValues>
<Value>false</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="listeners"
type="list"
syntax="string"
i18nKey="" />
<SubSchema name="applicationTypes" inheritance="multiple">
<SubSchema name="applicationType" inheritance="multiple">
<AttributeSchema name="applicationClassName"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="actions"
type="list"
syntax="string"
i18nKey="" />
<AttributeSchema name="searchIndexImpl"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="saveIndexImpl"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="resourceComparator"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="nonBooleanActionValues"
type="list"
syntax="string"
i18nKey="" />
</SubSchema>
</SubSchema>
</Global>
<Organization>
<SubSchema name="resourceTypes" inheritance="multiple">
<SubSchema name="resourceType" inheritance="multiple">
<AttributeSchema name="name"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="description"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="patterns"
type="list"
syntax="string"
i18nKey="" />
<AttributeSchema name="actions"
type="list"
syntax="string"
i18nKey="" />
<AttributeSchema name="createdBy"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="creationDate"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="lastModifiedBy"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="lastModifiedDate"
type="single"
syntax="string"
i18nKey="" />
</SubSchema>
</SubSchema>
<SubSchema name="applications" inheritance="multiple">
<SubSchema name="application" inheritance="multiple">
<AttributeSchema name="applicationType"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="description"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="resourceTypeUuids"
type="list"
syntax="string"
i18nKey="" />
<AttributeSchema name="subjects"
type="list"
syntax="string"
i18nKey="" />
<AttributeSchema name="conditions"
type="list"
syntax="string"
i18nKey="" />
<AttributeSchema name="entitlementCombiner"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="searchIndexImpl"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="saveIndexImpl"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="resourceComparator"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="subjectAttributeNames"
type="list"
syntax="string"
i18nKey="" />
<AttributeSchema name="meta"
type="list"
syntax="string"
i18nKey="" />
</SubSchema>
</SubSchema>
<SubSchema name="subjectAttributesCollectors" inheritance="multiple">
<SubSchema name="OpenSSOSubjectAttributesCollector" inheritance="multiple">
<AttributeSchema name="class"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="groupMembershipSearchIndexEnabled"
type="single"
syntax="boolean"
i18nKey="" />
</SubSchema>
</SubSchema>
</Organization>
</Schema>
<Configuration>
<GlobalConfiguration>
<SubConfiguration name="applicationTypes" id="applicationTypes">
<SubConfiguration name="iPlanetAMWebAgentService"
id="applicationType">
<AttributeValuePair>
<Attribute name="actions" />
<Value>GET=true</Value>
<Value>POST=true</Value>
<Value>PUT=true</Value>
<Value>DELETE=true</Value>
<Value>HEAD=true</Value>
<Value>OPTIONS=true</Value>
<Value>PATCH=true</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="searchIndexImpl" />
<Value>org.forgerock.openam.entitlement.indextree.TreeSearchIndex</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="saveIndexImpl" />
<Value>org.forgerock.openam.entitlement.indextree.TreeSaveIndex</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceComparator" />
<Value>com.sun.identity.entitlement.URLResourceName</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="crestPolicyService" id="applicationType">
<AttributeValuePair>
<Attribute name="actions" />
<Value>CREATE=true</Value>
<Value>READ=true</Value>
<Value>UPDATE=true</Value>
<Value>DELETE=true</Value>
<Value>PATCH=true</Value>
<Value>ACTION=true</Value>
<Value>QUERY=true</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="searchIndexImpl" />
<Value>org.forgerock.openam.entitlement.indextree.TreeSearchIndex</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="saveIndexImpl" />
<Value>org.forgerock.openam.entitlement.indextree.TreeSaveIndex</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceComparator" />
<Value>com.sun.identity.entitlement.URLResourceName</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="sunIdentityServerDiscoveryService"
id="applicationType">
<AttributeValuePair>
<Attribute name="actions" />
<Value>LOOKUP=true</Value>
<Value>UPDATE=true</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="searchIndexImpl" />
<Value>com.sun.identity.entitlement.util.ResourceNameSplitter</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="saveIndexImpl" />
<Value>com.sun.identity.entitlement.util.ResourceNameIndexGenerator</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceComparator" />
<Value>com.sun.identity.entitlement.PrefixResourceName</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="sunIdentityServerLibertyPPService"
id="applicationType">
<AttributeValuePair>
<Attribute name="actions" />
<Value>QUERY_allow=true</Value>
<Value>QUERY_deny=false</Value>
<Value>QUERY_interactForValue=false</Value>
<Value>QUERY_interactForConsent=false</Value>
<Value>MODIFY_allow=true</Value>
<Value>MODIFY_deny=false</Value>
<Value>MODIFY_interactForValue=false</Value>
<Value>MODIFY_interactForConsent=false</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="nonBooleanActionValues" />
<Value>QUERY=deny,allow,interactForValue,interactForConsent</Value>
<Value>MODIFY=deny,allow,interactForValue,interactForConsent</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="searchIndexImpl" />
<Value>com.sun.identity.entitlement.util.ResourceNameSplitter</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="saveIndexImpl" />
<Value>com.sun.identity.entitlement.util.ResourceNameIndexGenerator</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceComparator" />
<Value>com.sun.identity.entitlement.PrefixResourceName</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="sunAMDelegationService"
id="applicationType">
<AttributeValuePair>
<Attribute name="actions" />
<Value>READ=true</Value>
<Value>MODIFY=true</Value>
<Value>DELEGATE=true</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="searchIndexImpl" />
<Value>com.sun.identity.entitlement.opensso.DelegationResourceNameSplitter</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="saveIndexImpl" />
<Value>com.sun.identity.entitlement.opensso.DelegationResourceNameIndexGenerator</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceComparator" />
<Value>com.sun.identity.entitlement.RegExResourceName</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="openProvisioning"
id="applicationType">
<AttributeValuePair>
<Attribute name="actions" />
<Value>CREATE=true</Value>
<Value>READ=true</Value>
<Value>UPDATE=true</Value>
<Value>DELETE=true</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="searchIndexImpl" />
<Value>com.sun.identity.entitlement.util.ResourceNameSplitter</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="saveIndexImpl" />
<Value>com.sun.identity.entitlement.util.ResourceNameIndexGenerator</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceComparator" />
<Value>com.sun.identity.entitlement.PrefixResourceName</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="banking"
id="applicationType">
<AttributeValuePair>
<Attribute name="actions" />
<Value>TRANSFER=true</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="searchIndexImpl" />
<Value>com.sun.identity.entitlement.util.ResourceNameSplitter</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="saveIndexImpl" />
<Value>com.sun.identity.entitlement.util.ResourceNameIndexGenerator</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceComparator" />
<Value>com.sun.identity.entitlement.ExactMatchResourceName</Value>
</AttributeValuePair>
</SubConfiguration>
</SubConfiguration>
</GlobalConfiguration>
<OrganizationConfiguration name="/">
<SubConfiguration name="registeredResourceTypes" id="resourceTypes">
<SubConfiguration name="76656a38-5f8e-401b-83aa-4ccb74ce88d2" id="resourceType">
<AttributeValuePair>
<Attribute name="name" />
<Value>URL</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="description" />
<Value>The built-in URL Resource Type available to OpenAM Policies.</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="patterns" />
<Value>*://*:*/*</Value>
<Value>*://*:*/*?*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>GET=true</Value>
<Value>POST=true</Value>
<Value>PUT=true</Value>
<Value>DELETE=true</Value>
<Value>HEAD=true</Value>
<Value>OPTIONS=true</Value>
<Value>PATCH=true</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="createdBy" />
<Value>id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="creationDate" />
<Value>1422892465848</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="lastModifiedBy" />
<Value>id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="lastModifiedDate" />
<Value>1422892465848</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="6a90eabe-9638-4333-b688-3223aec7f58a" id="resourceType">
<AttributeValuePair>
<Attribute name="name" />
<Value>CREST</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="description" />
<Value>The built-in CREST Resource Type available to OpenAM Policies.</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="patterns" />
<Value>http://*:*/*</Value>
<Value>http://*:*/*?*</Value>
<Value>https://*:*/*</Value>
<Value>https://*:*/*?*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>CREATE=true</Value>
<Value>READ=true</Value>
<Value>UPDATE=true</Value>
<Value>DELETE=true</Value>
<Value>PATCH=true</Value>
<Value>ACTION=true</Value>
<Value>QUERY=true</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="createdBy" />
<Value>id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="creationDate" />
<Value>1422892465848</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="lastModifiedBy" />
<Value>id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="lastModifiedDate" />
<Value>1422892465848</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="1491322b-5c50-4133-8c40-1646e1170cbb" id="resourceType">
<AttributeValuePair>
<Attribute name="name" />
<Value>Discovery Service</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="description" />
<Value>The built-in discovery Resource Type available to OpenAM Policies.</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="patterns" />
<Value>http://*:*/*</Value>
<Value>http://*:*/*?*</Value>
<Value>https://*:*/*</Value>
<Value>https://*:*/*?*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>LOOKUP=true</Value>
<Value>UPDATE=true</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="createdBy" />
<Value>id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="creationDate" />
<Value>1422892465848</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="lastModifiedBy" />
<Value>id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="lastModifiedDate" />
<Value>1422892465848</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="09496ad8-26e3-4002-b90e-24facc2e78c1" id="resourceType">
<AttributeValuePair>
<Attribute name="name" />
<Value>Liberty Service</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="description" />
<Value>The built-in liberty Resource Type available to OpenAM Policies.</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="patterns" />
<Value>*://*:*/*</Value>
<Value>*://*:*/*?*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>QUERY_allow=true</Value>
<Value>QUERY_deny=false</Value>
<Value>QUERY_interactForValue=false</Value>
<Value>QUERY_interactForConsent=false</Value>
<Value>MODIFY_allow=true</Value>
<Value>MODIFY_deny=false</Value>
<Value>MODIFY_interactForValue=false</Value>
<Value>MODIFY_interactForConsent=false</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="createdBy" />
<Value>id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="creationDate" />
<Value>1422892465848</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="lastModifiedBy" />
<Value>id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="lastModifiedDate" />
<Value>1422892465848</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="20a13582-1f32-4f83-905f-f71ff4e2e00d" id="resourceType">
<AttributeValuePair>
<Attribute name="name" />
<Value>Delegation Service</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="description" />
<Value>The built-in delegation Resource Type available to OpenAM Policies.</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="patterns" />
<Value>sms://*:*/*</Value>
<Value>sms://*:*/*?*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>READ=true</Value>
<Value>MODIFY=true</Value>
<Value>DELEGATE=true</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="createdBy" />
<Value>id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="creationDate" />
<Value>1422892465848</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="lastModifiedBy" />
<Value>id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="lastModifiedDate" />
<Value>1422892465848</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="b5ceba86-4346-4cf5-a5f2-1d2884d1a025" id="resourceType">
<AttributeValuePair>
<Attribute name="name" />
<Value>Provisioning Service</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="description" />
<Value>The built-in provisioning Resource Type available to OpenAM Policies.</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="patterns" />
<Value>/*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>CREATE=true</Value>
<Value>READ=true</Value>
<Value>UPDATE=true</Value>
<Value>DELETE=true</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="createdBy" />
<Value>id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="creationDate" />
<Value>1422892465848</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="lastModifiedBy" />
<Value>id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="lastModifiedDate" />
<Value>1422892465848</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="13b27ffe-0415-4751-821c-b81675c7acc8" id="resourceType">
<AttributeValuePair>
<Attribute name="name" />
<Value>Paycheck</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="description" />
<Value>The built-in paycheck Resource Type available to OpenAM Policies.</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="patterns" />
<Value>http://paycheck.sun.com:8081/*</Value>
<Value>http://paycheck.sun.com:8081/*/private</Value>
<Value>http://paycheck.sun.com:8081/*/users/*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>GET=true</Value>
<Value>POST=true</Value>
<Value>PUT=true</Value>
<Value>DELETE=true</Value>
<Value>HEAD=true</Value>
<Value>OPTIONS=true</Value>
<Value>PATCH=true</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="createdBy" />
<Value>id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="creationDate" />
<Value>1422892465848</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="lastModifiedBy" />
<Value>id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="lastModifiedDate" />
<Value>1422892465848</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="504fe694-f1e3-4fdf-8d69-fcf2a4fce06b" id="resourceType">
<AttributeValuePair>
<Attribute name="name" />
<Value>IM</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="description" />
<Value>The built-in IM Resource Type available to OpenAM Policies.</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="patterns" />
<Value>http://im.sun.com/register</Value>
<Value>http://im.sun.com/im.jnlp</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>GET=true</Value>
<Value>POST=true</Value>
<Value>PUT=true</Value>
<Value>DELETE=true</Value>
<Value>HEAD=true</Value>
<Value>OPTIONS=true</Value>
<Value>PATCH=true</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="createdBy" />
<Value>id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="creationDate" />
<Value>1422892465848</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="lastModifiedBy" />
<Value>id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="lastModifiedDate" />
<Value>1422892465848</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="74e62178-ab00-45cb-94e5-29dedbd617a5" id="resourceType">
<AttributeValuePair>
<Attribute name="name" />
<Value>Calendar</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="description" />
<Value>The built-in calendar Resource Type available to OpenAM Policies.</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="patterns" />
<Value>http://calendar.sun.com/*</Value>
<Value>http://calendar.sun.com/my/*</Value>
<Value>http://calendar.sun.com/admin</Value>
<Value>http://calendar.sun.com/*/calendars?calId=*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>GET=true</Value>
<Value>POST=true</Value>
<Value>PUT=true</Value>
<Value>DELETE=true</Value>
<Value>HEAD=true</Value>
<Value>OPTIONS=true</Value>
<Value>PATCH=true</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="createdBy" />
<Value>id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="creationDate" />
<Value>1422892465848</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="lastModifiedBy" />
<Value>id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="lastModifiedDate" />
<Value>1422892465848</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="398207e2-a643-4f8c-b46b-42da0f7dc63f" id="resourceType">
<AttributeValuePair>
<Attribute name="name" />
<Value>Bank</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="description" />
<Value>The built-in bank Resource Type available to OpenAM Policies.</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="patterns" />
<Value>*://*:*/*</Value>
<Value>*://*:*/*?*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>TRANSFER=true</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="createdBy" />
<Value>id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="creationDate" />
<Value>1422892465848</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="lastModifiedBy" />
<Value>id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="lastModifiedDate" />
<Value>1422892465848</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="93a563eb-1f43-4cca-89f3-9a85e83401b9" id="resourceType">
<AttributeValuePair>
<Attribute name="name" />
<Value>Button</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="description" />
<Value>The built-in Button Resource Type available to OpenAM Policies.</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="patterns" />
<Value>btn://*:*/*</Value>
<Value>btn://*:*/*?*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>VISIBLE=true</Value>
<Value>SELECTED=true</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="createdBy" />
<Value>id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="creationDate" />
<Value>1422892465848</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="lastModifiedBy" />
<Value>id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="lastModifiedDate" />
<Value>1422892465848</Value>
</AttributeValuePair>
</SubConfiguration>
</SubConfiguration>
<SubConfiguration name="registeredApplications"
id="applications">
<SubConfiguration name="iPlanetAMWebAgentService"
id="application">
<AttributeValuePair>
<Attribute name="description" />
<Value>The built-in Application used by OpenAM Policy Agents.</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>iPlanetAMWebAgentService</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceTypeUuids"/>
<Value>76656a38-5f8e-401b-83aa-4ccb74ce88d2</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="subjects" />
<Value>AND</Value>
<Value>OR</Value>
<Value>NOT</Value>
<Value>AuthenticatedUsers</Value>
<Value>Identity</Value>
<Value>JwtClaim</Value>
<Value>NONE</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="conditions" />
<Value>AND</Value>
<Value>OR</Value>
<Value>NOT</Value>
<Value>AMIdentityMembership</Value>
<Value>AuthLevel</Value>
<Value>LEAuthLevel</Value>
<Value>AuthScheme</Value>
<Value>AuthenticateToRealm</Value>
<Value>AuthenticateToService</Value>
<Value>IPv4</Value>
<Value>IPv6</Value>
<Value>LDAPFilter</Value>
<Value>OAuth2Scope</Value>
<Value>ResourceEnvIP</Value>
<Value>Session</Value>
<Value>SessionProperty</Value>
<Value>SimpleTime</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>DenyOverride</Value>
<!-- <Value>com.sun.identity.entitlement.DenyOverride</Value> -->
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="crestPolicyService" id="application">
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>crestPolicyService</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceTypeUuids" />
<Value>6a90eabe-9638-4333-b688-3223aec7f58a</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="subjects" />
<Value>AND</Value>
<Value>OR</Value>
<Value>NOT</Value>
<Value>AuthenticatedUsers</Value>
<Value>Identity</Value>
<Value>JwtClaim</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="conditions" />
<Value>AND</Value>
<Value>OR</Value>
<Value>NOT</Value>
<Value>AMIdentityMembership</Value>
<Value>AuthLevel</Value>
<Value>LEAuthLevel</Value>
<Value>AuthScheme</Value>
<Value>AuthenticateToRealm</Value>
<Value>AuthenticateToService</Value>
<Value>IPv4</Value>
<Value>IPv6</Value>
<Value>LDAPFilter</Value>
<Value>OAuth2Scope</Value>
<Value>ResourceEnvIP</Value>
<Value>Session</Value>
<Value>SessionProperty</Value>
<Value>SimpleTime</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>DenyOverride</Value>
<!-- <Value>com.sun.identity.entitlement.DenyOverride</Value> -->
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="sunIdentityServerDiscoveryService"
id="application">
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>sunIdentityServerDiscoveryService</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceTypeUuids" />
<Value>1491322b-5c50-4133-8c40-1646e1170cbb</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="subjects" />
<Value>AND</Value>
<Value>OR</Value>
<Value>NOT</Value>
<Value>AuthenticatedUsers</Value>
<Value>Identity</Value>
<Value>JwtClaim</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="conditions" />
<Value>AND</Value>
<Value>OR</Value>
<Value>NOT</Value>
<Value>AMIdentityMembership</Value>
<Value>AuthLevel</Value>
<Value>LEAuthLevel</Value>
<Value>AuthScheme</Value>
<Value>AuthenticateToRealm</Value>
<Value>AuthenticateToService</Value>
<Value>IPv4</Value>
<Value>IPv6</Value>
<Value>LDAPFilter</Value>
<Value>OAuth2Scope</Value>
<Value>ResourceEnvIP</Value>
<Value>Session</Value>
<Value>SessionProperty</Value>
<Value>SimpleTime</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>DenyOverride</Value>
<!-- <Value>com.sun.identity.entitlement.DenyOverride</Value> -->
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="sunIdentityServerLibertyPPService"
id="application">
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>sunIdentityServerLibertyPPService</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceTypeUuids" />
<Value>09496ad8-26e3-4002-b90e-24facc2e78c1</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="subjects" />
<Value>AND</Value>
<Value>OR</Value>
<Value>NOT</Value>
<Value>AuthenticatedUsers</Value>
<Value>Identity</Value>
<Value>JwtClaim</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="conditions" />
<Value>AND</Value>
<Value>OR</Value>
<Value>NOT</Value>
<Value>AMIdentityMembership</Value>
<Value>AuthLevel</Value>
<Value>LEAuthLevel</Value>
<Value>AuthScheme</Value>
<Value>AuthenticateToRealm</Value>
<Value>AuthenticateToService</Value>
<Value>IPv4</Value>
<Value>IPv6</Value>
<Value>LDAPFilter</Value>
<Value>OAuth2Scope</Value>
<Value>ResourceEnvIP</Value>
<Value>Session</Value>
<Value>SessionProperty</Value>
<Value>SimpleTime</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>DenyOverride</Value>
<!-- <Value>com.sun.identity.entitlement.DenyOverride</Value> -->
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="sunAMDelegationService"
id="application">
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>sunAMDelegationService</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceTypeUuids" />
<Value>20a13582-1f32-4f83-905f-f71ff4e2e00d</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="subjects" />
<Value>AND</Value>
<Value>OR</Value>
<Value>NOT</Value>
<Value>AuthenticatedUsers</Value>
<Value>Identity</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>DenyOverride</Value>
<!-- <Value>com.sun.identity.entitlement.DenyOverride</Value> -->
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="openProvisioning"
id="application">
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>openProvisioning</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceTypeUuids" />
<Value>b5ceba86-4346-4cf5-a5f2-1d2884d1a025</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>DenyOverride</Value>
<!-- <Value>com.sun.identity.entitlement.DenyOverride</Value> -->
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="paycheck"
id="application">
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>iPlanetAMWebAgentService</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceTypeUuids" />
<Value>13b27ffe-0415-4751-821c-b81675c7acc8</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="subjects" />
<Value>AND</Value>
<Value>OR</Value>
<Value>NOT</Value>
<Value>AuthenticatedUsers</Value>
<Value>Identity</Value>
<Value>JwtClaim</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="conditions" />
<Value>AND</Value>
<Value>OR</Value>
<Value>NOT</Value>
<Value>AMIdentityMembership</Value>
<Value>AuthLevel</Value>
<Value>LEAuthLevel</Value>
<Value>AuthScheme</Value>
<Value>AuthenticateToRealm</Value>
<Value>AuthenticateToService</Value>
<Value>IPv4</Value>
<Value>IPv6</Value>
<Value>LDAPFilter</Value>
<Value>OAuth2Scope</Value>
<Value>ResourceEnvIP</Value>
<Value>Session</Value>
<Value>SessionProperty</Value>
<Value>SimpleTime</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>DenyOverride</Value>
<!-- <Value>com.sun.identity.entitlement.DenyOverride</Value> -->
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="calendar"
id="application">
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>iPlanetAMWebAgentService</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceTypeUuids" />
<Value>74e62178-ab00-45cb-94e5-29dedbd617a5</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="subjects" />
<Value>AND</Value>
<Value>OR</Value>
<Value>NOT</Value>
<Value>AuthenticatedUsers</Value>
<Value>Identity</Value>
<Value>JwtClaim</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="conditions" />
<Value>AND</Value>
<Value>OR</Value>
<Value>NOT</Value>
<Value>AMIdentityMembership</Value>
<Value>AuthLevel</Value>
<Value>LEAuthLevel</Value>
<Value>AuthScheme</Value>
<Value>AuthenticateToRealm</Value>
<Value>AuthenticateToService</Value>
<Value>IPv4</Value>
<Value>IPv6</Value>
<Value>LDAPFilter</Value>
<Value>OAuth2Scope</Value>
<Value>ResourceEnvIP</Value>
<Value>Session</Value>
<Value>SessionProperty</Value>
<Value>SimpleTime</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>DenyOverride</Value>
<!-- <Value>com.sun.identity.entitlement.DenyOverride</Value> -->
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="im"
id="application">
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>iPlanetAMWebAgentService</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceTypeUuids" />
<Value>504fe694-f1e3-4fdf-8d69-fcf2a4fce06b</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="subjects" />
<Value>AND</Value>
<Value>OR</Value>
<Value>NOT</Value>
<Value>AuthenticatedUsers</Value>
<Value>Identity</Value>
<Value>JwtClaim</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="conditions" />
<Value>AND</Value>
<Value>OR</Value>
<Value>NOT</Value>
<Value>AMIdentityMembership</Value>
<Value>AuthLevel</Value>
<Value>LEAuthLevel</Value>
<Value>AuthScheme</Value>
<Value>AuthenticateToRealm</Value>
<Value>AuthenticateToService</Value>
<Value>IPv4</Value>
<Value>IPv6</Value>
<Value>LDAPFilter</Value>
<Value>OAuth2Scope</Value>
<Value>ResourceEnvIP</Value>
<Value>Session</Value>
<Value>SessionProperty</Value>
<Value>SimpleTime</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>DenyOverride</Value>
<!-- <Value>com.sun.identity.entitlement.DenyOverride</Value> -->
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="sunBank"
id="application">
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>banking</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceTypeUuids" />
<Value>398207e2-a643-4f8c-b46b-42da0f7dc63f</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="subjects" />
<Value>AND</Value>
<Value>OR</Value>
<Value>NOT</Value>
<Value>AuthenticatedUsers</Value>
<Value>Identity</Value>
<Value>JwtClaim</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="conditions" />
<Value>NumericAttribute</Value>
<Value>AND</Value>
<Value>OR</Value>
<Value>NOT</Value>
<Value>AMIdentityMembership</Value>
<Value>AuthLevel</Value>
<Value>LEAuthLevel</Value>
<Value>AuthScheme</Value>
<Value>AuthenticateToRealm</Value>
<Value>AuthenticateToService</Value>
<Value>IPv4</Value>
<Value>IPv6</Value>
<Value>LDAPFilter</Value>
<Value>OAuth2Scope</Value>
<Value>ResourceEnvIP</Value>
<Value>Session</Value>
<Value>SessionProperty</Value>
<Value>SimpleTime</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>DenyOverride</Value>
<!-- <Value>com.sun.identity.entitlement.DenyOverride</Value> -->
</AttributeValuePair>
</SubConfiguration>
</SubConfiguration>
<SubConfiguration name="subjectAttributesCollectors"
id="subjectAttributesCollectors">
<SubConfiguration name="OpenSSO"
id="OpenSSOSubjectAttributesCollector">
<AttributeValuePair>
<Attribute name="class" />
<Value>com.sun.identity.entitlement.opensso.OpenSSOSubjectAttributesCollector</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="groupMembershipSearchIndexEnabled" />
<Value>false</Value>
</AttributeValuePair>
</SubConfiguration>
</SubConfiguration>
</OrganizationConfiguration>
</Configuration>
</Service>
</ServicesConfiguration>