2362N/A DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 0N/A Copyright (c) 2014 ForgeRock AS. All Rights Reserved 0N/A The contents of this file are subject to the terms of the Common Development and 0N/A Distribution License (the License). You may not use this file except in compliance with the 0N/A specific language governing permission and limitations under the License. 0N/A When distributing Covered Code, include this CDDL Header Notice in each file and include 0N/A Header, with the fields enclosed by brackets [] replaced by your own identifying 0N/A information: "Portions Copyrighted [year] [name of copyright owner]" 0N/A<!
DOCTYPE ServicesConfiguration PUBLIC "=//iPlanet//Service Management Services (SMS) 1.0 DTD//EN" 0N/A <
Service name="RestSecurityTokenService" version="1.0">
0N/A i18nFileName="restSTS" revisionNumber="1" 0N/A i18nKey="rest_security_token_service_description" 0N/ANote that if this AttributeSchema element is un-commented, then adding the service blows up because no value is 0N/Aprovided for required attributes upon service registration. 0N/A <AttributeSchema name="RequiredValueValidator" 0N/A <
AttributeSchema name="issuer-name" 0N/A type="single" syntax="string" i18nKey="issuer_name" 0N/A validator="RequiredValueValidator">
0N/A <
AttributeSchema name="supported-token-transforms" 0N/A validator="RequiredValueValidator" 0N/A i18nKey="supported_token_transforms">
0N/A <
Value>USERNAME|SAML2|true</
Value>
0N/A <
Value>OPENIDCONNECT|SAML2|true</
Value>
0N/A <
Value>OPENAM|SAML2|false</
Value>
0N/A <
Value>X509|SAML2|true</
Value>
0N/A <
AttributeSchema name="deployment-realm" 0N/A type="single" syntax="string" i18nKey="deployment_realm" 0N/A validator="RequiredValueValidator">
0N/A <
AttributeSchema name="deployment-url-element" 0N/A type="single" syntax="string" i18nKey="deployment_url_element" 0N/A validator="RequiredValueValidator">
0N/A <
AttributeSchema name="deployment-auth-target-mappings" 0N/A validator="RequiredValueValidator" 0N/A i18nKey="deployment_auth_target_mappings">
0N/A <
Value>USERNAME|service|ldapService</
Value>
0N/A <
Value>OPENIDCONNECT|module|oidc|oidc_id_token_auth_target_header_key=oidc_id_token</
Value>
0N/A <
Value>X509|module|cert_module|x509_token_token_auth_target_header_key=client_cert</
Value>
0N/A <
AttributeSchema name="deployment-offloaded-two-way-tls-header-key" 0N/A type="single" syntax="string" i18nKey="deployment_offloaded_two_way_tls_header_key">
0N/A <
AttributeSchema name="deployment-tls-offload-engine-hosts" 0N/A type="list" syntax="string" i18nKey="deployment_tls_offload_engine_hosts">
0N/A <
AttributeSchema name="saml2-name-id-format" 0N/A type="single" syntax="string" i18nKey="saml2_name_id_format" 0N/A validator="RequiredValueValidator">
0N/A <
AttributeSchema name="saml2-token-lifetime-seconds" 0N/A type="single" syntax="number" i18nKey="saml2_token_lifetime_seconds">
0N/A <
AttributeSchema name="saml2-custom-conditions-provider-class-name" 0N/A type="single" syntax="string" i18nKey="saml2_custom_conditions_provider_class_name">
0N/A <
AttributeSchema name="saml2-custom-subject-provider-class-name" 0N/A type="single" syntax="string" i18nKey="saml2_custom_subject_provider_class_name">
0N/A <
AttributeSchema name="saml2-custom-authentication-statements-provider-class-name" 0N/A type="single" syntax="string" i18nKey="saml2_custom_authentication_statements_provider_class_name">
0N/A <
AttributeSchema name="saml2-custom-attribute-statements-provider-class-name" 0N/A type="single" syntax="string" i18nKey="saml2_custom_attribute_statements_provider_class_name">
0N/A <
AttributeSchema name="saml2-custom-authz-decision-statements-provider-class-name" type="single" syntax="string" i18nKey="saml2_custom_authz_decision_statements_provider_class_name">
<
AttributeSchema name="saml2-custom-attribute-mapper-class-name" type="single" syntax="string" i18nKey="saml2_custom_attribute_mapper_class_name">
<
AttributeSchema name="saml2-custom-authn-context-mapper-class-name" type="single" syntax="string" i18nKey="saml2_custom_authn_context_mapper_class_name">
<
AttributeSchema name="saml2-sign-assertion" type="single" syntax="boolean" i18nKey="saml2_sign_assertion">
<
AttributeSchema name="saml2-sp-entity-id" type="single" syntax="string" i18nKey="saml2_sp_entity_id" validator="RequiredValueValidator">
<
AttributeSchema name="saml2-sp-acs-url" type="single" syntax="string" i18nKey="saml2_sp_acs_url">
<
AttributeSchema name="saml2-encrypt-attributes" type="single" syntax="boolean" i18nKey="saml2_encrypt_attributes">
<
AttributeSchema name="saml2-encrypt-assertion" type="single" syntax="boolean" i18nKey="saml2_encrypt_assertion">
<
AttributeSchema name="saml2-encrypt-nameid" type="single" syntax="boolean" i18nKey="saml2_encrypt_nameid">
<
AttributeSchema name="saml2-encryption-algorithm" type="single_choice" syntax="string" i18nKey="saml2_encryption_algorithm">
<
AttributeSchema name="saml2-encryption-algorithm-strength" type="single" syntax="number" i18nKey="saml2_encryption_algorithm_strength">
<
AttributeSchema name="saml2-keystore-filename" type="single" syntax="string" i18nKey="saml2_keystore_filename">
<
AttributeSchema name="saml2-keystore-password" type="single" syntax="password" i18nKey="saml2_keystore_password">
<
AttributeSchema name="saml2-encryption-key-alias" type="single" syntax="string" i18nKey="saml2_encryption_key_alias">
<
AttributeSchema name="saml2-signature-key-alias" type="single" syntax="string" i18nKey="saml2_signature_key_alias" validator="RequiredValueValidator">
<
AttributeSchema name="saml2-signature-key-password" type="single" syntax="password" i18nKey="saml2_signature_key_password">
<
AttributeSchema name="saml2-attribute-map" i18nKey="saml2_attribute_map">
Appears to be necessary to have multiple rest STS instances per realm, like authN mdoules. <
SubSchema name="serverconfig" inheritance="multiple">
<
AttributeSchema name="issuer-name" type="single" syntax="string" i18nKey="issuer_name" validator="RequiredValueValidator">
<
AttributeSchema name="supported-token-transforms" validator="RequiredValueValidator" i18nKey="supported_token_transforms">
<
Value>USERNAME|SAML2|true</
Value>
<
Value>OPENIDCONNECT|SAML2|true</
Value>
<
Value>OPENAM|SAML2|false</
Value>
<
Value>X509|SAML2|true</
Value>
<
AttributeSchema name="deployment-realm" type="single" syntax="string" i18nKey="deployment_realm" validator="RequiredValueValidator">
<
AttributeSchema name="deployment-url-element" type="single" syntax="string" i18nKey="deployment_url_element" validator="RequiredValueValidator">
<
AttributeSchema name="deployment-auth-target-mappings" validator="RequiredValueValidator" i18nKey="deployment_auth_target_mappings">
<
Value>USERNAME|service|ldapService</
Value>
<
Value>OPENIDCONNECT|module|oidc|oidc_id_token_auth_target_header_key=oidc_id_token</
Value>
<
Value>X509|module|cert_module|x509_token_token_auth_target_header_key=client_cert</
Value>
<
AttributeSchema name="deployment-offloaded-two-way-tls-header-key" type="single" syntax="string" i18nKey="deployment_offloaded_two_way_tls_header_key">
<
AttributeSchema name="deployment-tls-offload-engine-hosts" type="list" syntax="string" i18nKey="deployment_tls_offload_engine_hosts">
<
AttributeSchema name="saml2-name-id-format" type="single" syntax="string" i18nKey="saml2_name_id_format" validator="RequiredValueValidator">
<
AttributeSchema name="saml2-token-lifetime-seconds" type="single" syntax="number" i18nKey="saml2_token_lifetime_seconds">
<
AttributeSchema name="saml2-custom-conditions-provider-class-name" type="single" syntax="string" i18nKey="saml2_custom_conditions_provider_class_name">
<
AttributeSchema name="saml2-custom-subject-provider-class-name" type="single" syntax="string" i18nKey="saml2_custom_subject_provider_class_name">
<
AttributeSchema name="saml2-custom-authentication-statements-provider-class-name" type="single" syntax="string" i18nKey="saml2_custom_authentication_statements_provider_class_name">
<
AttributeSchema name="saml2-custom-attribute-statements-provider-class-name" type="single" syntax="string" i18nKey="saml2_custom_attribute_statements_provider_class_name">
<
AttributeSchema name="saml2-custom-authz-decision-statements-provider-class-name" type="single" syntax="string" i18nKey="saml2_custom_authz_decision_statements_provider_class_name">
<
AttributeSchema name="saml2-custom-attribute-mapper-class-name" type="single" syntax="string" i18nKey="saml2_custom_attribute_mapper_class_name">
<
AttributeSchema name="saml2-custom-authn-context-mapper-class-name" type="single" syntax="string" i18nKey="saml2_custom_authn_context_mapper_class_name">
<
AttributeSchema name="saml2-sign-assertion" type="single" syntax="boolean" i18nKey="saml2_sign_assertion">
<
AttributeSchema name="saml2-sp-entity-id" type="single" syntax="string" i18nKey="saml2_sp_entity_id" validator="RequiredValueValidator">
<
AttributeSchema name="saml2-sp-acs-url" type="single" syntax="string" i18nKey="saml2_sp_acs_url">
<
AttributeSchema name="saml2-encrypt-attributes" type="single" syntax="boolean" i18nKey="saml2_encrypt_attributes">
<
AttributeSchema name="saml2-encrypt-assertion" type="single" syntax="boolean" i18nKey="saml2_encrypt_assertion">
<
AttributeSchema name="saml2-encrypt-nameid" type="single" syntax="boolean" i18nKey="saml2_encrypt_nameid">
<
AttributeSchema name="saml2-encryption-algorithm" type="single_choice" syntax="string" i18nKey="saml2_encryption_algorithm">
<
AttributeSchema name="saml2-encryption-algorithm-strength" type="single" syntax="number" i18nKey="saml2_encryption_algorithm_strength">
<
AttributeSchema name="saml2-keystore-filename" type="single" syntax="string" i18nKey="saml2_keystore_filename">
<
AttributeSchema name="saml2-keystore-password" type="single" syntax="password" i18nKey="saml2_keystore_password">
<
AttributeSchema name="saml2-encryption-key-alias" type="single" syntax="string" i18nKey="saml2_encryption_key_alias">
<
AttributeSchema name="saml2-signature-key-alias" type="single" syntax="string" i18nKey="saml2_signature_key_alias" validator="RequiredValueValidator">
<
AttributeSchema name="saml2-signature-key-password" type="single" syntax="password" i18nKey="saml2_signature_key_password">
<
AttributeSchema name="saml2-attribute-map" i18nKey="saml2_attribute_map">