/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: Constants.java,v 1.47 2009/08/12 23:10:44 ericow Exp $
*
* Portions Copyrighted 2010-2016 ForgeRock AS.
*/
/**
* This interface contains all the property names defined in in
* product configurations and may be expanded with other constant
* values that are used for Access and Federation Manager development.
*/
public interface Constants {
/**
* Property string for debug level.
*/
/**
* Property string for debug file merge.
*/
/**
* property string for debug directory
*/
/**
* Property string for interval of <code>Stats</code> service.
*/
/**
* property string representing set of invalid strings in a goto or target
* query parameter for a CDC Servlet
*/
"com.iplanet.services.cdc.invalidGotoStrings";
/**
* Property string representing set of valid strings in a loginURI query parameter for a CDC Servlet. Values are
* delmited by "," (comma) character.
*/
/**
* Property string for state of <code>Stats</code> service.
*/
/**
* Property string for directory of <code>Stats</code> service.
*/
/**
* Property string for SSL enabled.
*/
/**
* Property string for directory host.
*/
/**
* Property string for directory port.
*/
/**
* Property string for server protocol.
*/
/**
* Property string for server host.
*/
/**
* Property string for server port.
*/
/**
* Property string for Distributed Authentication server protocol.
*/
/**
* Property string for Distributed Authentication server host.
*/
/**
* Property string for Distributed Authentication server port.
*/
/**
* Property string for console protocol.
*/
/**
* Property string for console host.
*/
/**
* Property string for console port.
*/
/**
* Property string for naming URL.
*/
/**
* Property string for client notification URL.
*/
/**
* Property string for load balancer.
*/
/**
* Property string for cookie name.
*/
/**
* property string for time to live of AM cookie, in minutes.
* If authentication was initiated with query parameter,
* <code>PERSIST_AM_COOKIE</code>=true, maxAge of AM session
* cookie is set to this value converted to seconds
*/
= "com.iplanet.am.cookie.timeToLive";
/**
* Property that determines whether to c66 encode session id
* to convert to cookie string. Value would be read as boolean.
* Any value other than "true", case ignored, would be treated
* as <code>false</code>. c66 encoding is opensso specific
* url safe char66 encoding
*
* @see <code>com.iplanet.dpro.session.SessionID#c66EncodeCookie()</code>
* @see <code>com.iplanet.dpro.session.SessionID#c66EncodeSidString(java.lang.String)</code>
* @see <code>com.iplanet.dpro.session.SessionID#c66DecodeCookieString(java.lang.String)</code>
*/
/**
* Property string for load balancer cookie name.
*/
/**
* Property string for load balancer cookie value.
*/
/**
* Property string for secure cookie.
*/
/**
* Property string for cookie httponly flag.
*/
/**
* Property string for cookie encoding.
*/
/**
* Property string for <code>pcookie</code> name.
*/
/**
* Property string for locale.
*/
/**
* Property string for log status.
*/
/**
* Property string for version number.
*/
/**
* Property string for build version number.
*/
/**
* Property string for build revision number.
*/
/**
* Property string for build date.
*/
/**
* Property string for <code>CertDB</code> directory.
*/
/**
* Property string for SAML XML signature key store file.
*/
"com.sun.identity.saml.xmlsig.keystore";
/**
* Property string for SAML XML signature key store password file.
*/
"com.sun.identity.saml.xmlsig.storepass";
/**
* Property string for SAML XML signature key password file.
*/
/**
* Property string for SAML XML signature CERT alias.
*/
/**
* Property string for authentication super user.
*/
"com.sun.identity.authentication.super.user";
/**
* Property string for authentication super user.
*/
"com.sun.identity.authentication.special.users";
/**
* Property string for installation directory
*/
/**
* Property string for new configuraton file in case of single war
* deployment
*/
/**
* Property string for shared secret for application authentication module
*/
/**
* Property string for service deployment descriptor
*/
"com.iplanet.am.services.deploymentDescriptor";
/**
* Property string for console deployment descriptor
*/
"com.iplanet.am.console.deploymentDescriptor";
/**
* property string which contains the name of HTTP session tracking cookie
*/
"com.iplanet.am.session.failover.httpSessionTrackingCookieName";
/**
* property string to choose whether local or remote saving method is used
*/
"com.iplanet.am.session.failover.useRemoteSaveMethod";
/**
* property string to choose whether we rely on app server load balancer to
* do the request routing or use our own
*/
"com.iplanet.am.session.failover.useInternalRequestRouting";
/**
* Property string for failover cluster state check timeout
*/
"com.iplanet.am.session.failover.cluster.stateCheck.timeout";
/**
* Property string for failover cluster state check period
*/
"com.iplanet.am.session.failover.cluster.stateCheck.period";
"iplanet-am-session-enable-session-constraint";
"iplanet-am-session-deny-login-if-db-is-down";
"iplanet-am-session-constraint-handler";
"iplanet-am-session-session-list-retrieval-timeout";
"iplanet-am-session-max-session-list-size";
"iplanet-am-session-constraint-max-wait-time";
/**
* Property string for max number of sessions
*/
/**
* Property string for security provider package.
*/
/**
* Property string for sun security provider package.
*/
/**
* Property string for SMTP host.
*/
/**
* Property string for SMTP port.
*/
/**
* Property string for CDSSO cookie domain.
*/
"com.iplanet.services.cdsso.cookiedomain";
/**
* Property string for maximum content-length accepted in HttpRequest.
*/
"com.iplanet.services.comm.server.pllrequest.maxContentLength";
/**
* Property string for encrypting class implementation.
*/
/**
* Property string for checking if console is remote.
*/
/**
* Property string for federation service cookie.
*/
"com.sun.identity.federation.fedCookieName";
/**
* Property string for session notification thread pool size.
*/
"com.iplanet.am.notification.threadpool.size";
/**
* Property string for name of the webcontainer.
*/
/**
* Property string for session notification thread pool queue size.
*/
"com.iplanet.am.notification.threadpool.threshold";
/**
* Property string for fully qualified host name map.
*/
/**
* Client detection module content type property name.
*/
/**
* Default charset to be used in case the client detection has failed.
*/
/**
* Attribute name of the user preferred locale located in amUser service.
*/
/**
* Property string for checking if <code>HostLookUp</code> is enabled.
*/
/**
* Property string for checking if <code>HostLookUp</code> is enabled.
*/
/**
* Property string for determining if cookie needs to be written in the URL
* as a path info.
*/
"com.sun.identity.cookieRewritingInPath";
/**
* Property string for determining if session cookie needs to be appended
* in the URL
*/
"com.sun.identity.appendSessionCookieInURL";
/**
* Property string for Application session max-caching-time.
*/
"com.sun.identity.session.application.maxCacheTime";
/**
* Manager.
*/
"com.sun.identity.enableUniqueSSOTokenCookie";
/**
* mode.
*/
"com.sun.identity.authentication.uniqueCookieName";
/**
* mode.
*/
"com.sun.identity.authentication.uniqueCookieDomain";
/**
* Property string for checking if remote method
* <code>AddListenerOnAllSessions</code> is enabled.
*/
"com.sun.am.session.enableAddListenerOnAllSessions";
/**
* Property string for list of IP address of remote clients which are
* considered trusted to forward the context used to check <code>restricted
* token usage</code> is enabled.
*/
/**
* Property string to ensure more stringent (security-wise) check If enabled
* the <code>DN is converted to lowercase</code> for comparison.
*/
/**
* Property string to determine if validation is required when parsing XML
* documents using OpenAM XMLUtils class.
*/
/**
* Property string to determine if authentication enforces using seperate
* JAAS thread or not.
*/
"com.sun.identity.authentication.usingJaasThread";
/**
* Property string to list all the Session properties that should be
* protected.
*/
"com.iplanet.am.session.protectedPropertiesList";
/**
* Property string to set max idle timeout for agent sessions
*/
"com.iplanet.am.session.agentSessionIdleTime";
/**
* Property for Login URL.
*/
/**
* Property for checking the cookie support / cookie enabled in the browser
*/
"com.sun.identity.am.cookie.check";
/**
* System property name that is a list of package name prefixes is used to
* resolve protocol names into actual handler class names.
*/
/**
* The package name prefix for JSSE based protocol implementations.
*/
/**
* The package name prefix for JSS based protocol implementations.
*/
/**
* Property for passing the organization name when retrieving attribute
* choice values.
*/
/**
*/
/**
* Property for auth cookie name.
*/
/**
* Unique Id set as a session property which is used for logging.
*/
/**
* Global schema property name in Session Service.
*/
"iplanet-am-session-property-change-notification";
/**
* Global schema property name in Session Service.
*/
"iplanet-am-session-notification-property-list";
"openam-session-timeout-handler-list";
/**
* The session property name of the universal identifier used for IDRepo.
*/
/**
* Property string for session polling thread pool size.
*/
"com.sun.identity.session.polling.threadpool.size";
/**
* Property string for session polling thread pool queue size.
*/
"com.sun.identity.session.polling.threadpool.threshold";
/**
* Property for enabling or disabling encryption for Session Repository.
*/
"com.sun.identity.session.repository.enableEncryption";
/**
* Sessions that are stored in a compressed state will take less storage space and replicate quicker.
*/
"com.sun.identity.session.repository.enableCompression";
/**
* Additional compression option for Session Tokens.
*/
"com.sun.identity.session.repository.enableAttributeCompression";
/**
* Property string for determining whether or not appplication sessions
* should be returned via the getValidSessions() call.
*/
"com.sun.identity.session.returnAppSession";
/**
* HTTP Form Parameter name used by PEP for posting policy advices to
* OpenAM.
*/
/**
* XML tag name used for Advices message.
*/
/**
* Key that is used to identify the advice messages from
* <code>AuthSchemeCondition</code>.
*/
/**
* Key that is used to identify the advice messages from
* <code>AuthLevelCondition</code>.
*/
/**
* Property string for determining whether server mode or client mode.
*/
/**
* Property to determine the login URL.
*/
/**
* Property to determine the cookie domains.
*/
/**
* Key name for platform server list in naming table.
*/
/**
* Key name for site list in naming table.
*/
/**
* Key name for site ID list in naming table.
*/
/**
* Key name for site ID list in naming table.
*/
/**
* This value is used by LDAP connection pool to reap connections
* if they are idle for the number of seconds specified by the
* value of this property. If the value is set at 0, the connection
* will not be reaped.
*/
"com.sun.am.ldap.connnection.idle.seconds";
/**
* Property string for Fallback Monitoring thread polling interval
*/
"com.sun.am.ldap.fallback.sleep.minutes";
/**
* Install Time System property key.
*/
/**
* This is a HTTP parameter to indicate to the authentication component
* to either forward the request or redirect it after authentication
* succeed.
*/
/**
* Value is for <code>FORWARD_PARAM</code> to indicate that the
* authentication component should forward request.
*/
/**
* Attribute name for the load balancer cookie in the
* Naming Response.
*/
/**
* Property string for Site Monitoring thread polling interval
*/
/**
* Property string for URL Checker Target URL
*/
/**
* Configuration property to enable the GET request for ClusterState
* OPENAM-255
*/
/**
* Property string for URL Checker Target URL
*/
"com.sun.identity.urlchecker.invalidate.interval";
/**
* Property string for URL Checker Sleep Interval
*/
"com.sun.identity.urlchecker.sleep.interval";
/**
* Property string for URL Checker Retry Interval
*/
"com.sun.identity.urlchecker.retry.interval";
/**
* Property string for URL Checker Retry Limit
*/
"com.sun.identity.urlchecker.retry.limit";
/**
* Property string for Site Status Check Class name
*/
"com.sun.identity.sitemonitor.SiteStatusCheck.class";
/**
* Property string for Site Status Check timeout
*/
/**
* String identifying the prefix for all AM protected
* properties. Even if a property is not defined in the
* PROCTED_PROPERTIES_LIST but starts with this prefix
* its considered protected.
*/
"am.protected";
/**
* Property string to determine whether to set auth cookies to all
* domains in the domain list.
*/
"com.sun.identity.authentication.setCookieToAllDomains";
/**
* Property Name for cache polling interval.
*/
/**
* Default cache polling interval (1 minute).
*/
/**
* Key for SSOToken Object in envMap passed from SM
*/
/**
* Tag for server protocol.
*/
/**
* Tag for server host.
*/
/**
* Tag for server port.
*/
/**
* Tag for server deployment URI.
*/
/**
* Platform service name.
*/
/**
* LDAP server host name for saml2 crl cache
*/
"com.sun.identity.crl.cache.directory.host";
/**
* LDAP server port number for saml2 crl cache
*/
"com.sun.identity.crl.cache.directory.port";
/**
* LDAP server ssl config for saml2 crl cache
*/
"com.sun.identity.crl.cache.directory.ssl";
/**
* LDAP Server bind user name for saml2 crl cache
*/
"com.sun.identity.crl.cache.directory.user";
/**
* LDAP Server bind password for saml2 crl cache
*/
"com.sun.identity.crl.cache.directory.password";
/**
* LDAP Server search base dn for saml2 crl cache
*/
"com.sun.identity.crl.cache.directory.searchlocs";
/**
* LDAP attribute name for searching crl entry
*/
"com.sun.identity.crl.cache.directory.searchattr";
/**
* Naming service name.
*/
/**
* Certificate Alias name for SSL Client Auth
*/
"com.sun.identity.security.keyStore.clientAlias";
/**
* User service name.
*/
/**
* Authentication Configuration service name.
*/
/**
* SAML service name.
*/
/**
* Certificate Alias name for SSL Client Auth
*/
"com.sun.identity.urlconnection.useCache";
/**
* Property string for distauth deployment descriptor
*/
"com.iplanet.am.distauth.deploymentDescriptor";
/**
* Property string for cdc servlet login url
*/
"com.sun.identity.cdcservlet.loginurl";
/**
* Property name for data encryption key
*/
/**
* Property string for load balancer cookie value.
*/
"com.iplanet.am.lbcookie.value";
/**
* Key name for serverid-cookievalue list in naming table.
*/
"iplanet-am-platform-lb-cookie-value-list";
/**
* Configuration Variable for distauth bootstrap file base directory.
*/
/**
* Configuration Variable for distauth bootstrap file name.
*/
/**
* property string for enabling SMS datastore notification
*/
"com.sun.identity.sm.enableDataStoreNotification";
/**
* property string for controlling SMS, AMSDK & IdRepo cache
*/
"com.iplanet.am.sdk.caching.enabled";
/**
* property string for controlling SMS cache.
* Active only if "com.iplanet.am.sdk.caching.enabled" is "false"
*/
/**
* property string to enable SMS cache expiry time.
*/
/**
* property string for controlling SMS cache expiry time, in minutes.
* The default values is 30 minutes. After the expiry time the next access
* to the object will fetched from the backend datastore.
*/
/**
* property string to manage the persistent connection to directory
*/
"com.sun.am.event.connection.disable.list";
/**
* property string to cache past event changes in minutes
*/
"com.sun.am.event.notification.expire.time";
/**
* Global schema property name in Session Service.
* constant used for session trimming when purge delay > 0
*/
"iplanet-am-session-enable-session-trimming";
/**
* property string to the size of SystemTimerPool
*/
"com.sun.identity.common.systemtimerpool.size";
/**
* property string for Distributed Authentication cluster
*/
"com.sun.identity.distauth.cluster";
/**
* property string for Krb5LoginModule class name
*/
"com.sun.identity.authentication.module.WindowsDesktopSSO.Krb5LoginModule";
"com.sun.security.auth.module.Krb5LoginModule";
"com.sun.identity.authentication.module.WindowsDesktopSSO.credsType";
/**
*/
"openam.remoteauth.include.reqres";
/**
* property to control if the OpenAM session cookie should be made
* persistent
*/
"openam.session.persist_am_cookie";
/**
* property to control if the OpenAM server will persist the OpenAM
* session cookie if the following parameter is in the incoming request
* <code>PersistAMCookie</code>.
*/
"openam.session.allow_persist_am_cookie";
/**
* Server configuration property for the OpenDS admin port
*/
"org.forgerock.embedded.dsadminport";
/**
* OpenDS Replication Port
*/
"com.sun.embedded.replicationport";
/**
* OpenDS Replication Port
*/
"com.sun.embedded.sync.servers";
/**
* Configuration property to enable the site monitor in the naming service
*/
"openam.naming.sitemonitor.disabled";
/**
* EQUALS sign
*/
/**
* semi-colon sign
*/
/**
* colon sign
*/
/**
* colon sign
*/
/**
* amp sign
*/
/**
* at sign
*/
/**
* empty string
*/
/**
* Constant for file separator
*/
/**
* Constant for string "local".
*/
/**
* Property string for sm and um notification thread pool size
*/
"com.sun.identity.sm.notification.threadpool.size";
/**
* Key to indicate if the customer is performing auths via mutiple tabs
* of the same browser.
*/
"com.sun.identity.authentication.multiple.tabs.used";
/**
* empty string
*/
"openam.entitlement.delimiter.precedence.left";
"openam.logging.use.old.log.format";
"openam.auth.session_property_upgrader";
"org.forgerock.openam.authentication.service.DefaultSessionPropertyUpgrader";
/**
* Property for dist auth cookie name.
*/
"openam.auth.distAuthCookieName";
"openam.auth.destroy_session_after_upgrade";
"openam.auth.rate_monitoring_interval";
"openam.session.case.sensitive.uuid";
"openam.retained.http.headers";
"openam.forbidden.to.copy.headers";
"openam.retained.http.request.headers";
"openam.forbidden.to.copy.request.headers";
"openam.authentication.ignore_goto_during_logout";
"openam.auth.distauth.lb_cookie_name";
"openam.auth.distauth.lb_cookie_value";
"openam.auth.distauth.sites";
"openam.auth.version.header.enabled";
/**
* Key name for site ID list in naming table.
*/
"openam-am-platform-site-names-list";
"openam.runtime.shutdown.hook.enabled";
/**
* Property string for client IP address header.
*/
"com.sun.identity.authentication.client.ipAddressHeader";
"yyyy-MMMM-dd HH:mm";
/**
* Switch to allow for a generic Authentication Exception rather than
* the more specific InvalidPassword Exception from the SOAP and REST API
*/
"openam.auth.soap.rest.generic.authentication.exception";
/**
* Switch to allow using local sessions to track session counts when running
* in SessionCount.MULTI_SERVER_MODE.
*/
"openam.session.useLocalSessionsInMultiServerMode";
/**
* Default Domain Attribute
*/
/**
* Default Domain Attribute
*/
/**
* Default Root Context
*/
/**
* Default Token Root Context, this will be used to create a Secondary Suffix during installation.
*/
/**
*/
/**
* Default SAML2 Root Suffix
*/
/**
* Default SAML2 Root Suffix
*/
/**
*/
/**
* Additional Directory Constants
*/
/**
* When a non-admin is logged into the XUI, enabling this will ensure the XUI calls the server periodically to check
* the user still has a valid session. This ensures sensative user information will not remain on-screen and instead
* they will directed to the login screen.
*/
static final String XUI_USER_SESSION_VALIDATION_ENABLED = "org.forgerock.openam.xui.user.session.validation.enabled";
/**
* AMSetupFilter will redirect to this external URL in case the configuration store
* is not available but the bootstrap file exists
*/
"openam.configstore.down.redirect.url";
/**
* System property/service attribute name for CAS/DAS that should tell whether Zero Page Login is enabled or not.
*/
/**
* System property/service attribute name for property giving whitelist of allowed HTTP Referer URLs that
* are allowed. This provides some mitigation against Login CSRF attacks. When used as a system property, this
* should be a space-delimited list of referer urls.
*/
public static final String ZERO_PAGE_LOGIN_WHITELIST = "openam.auth.zero.page.login.referer.whitelist";
/**
* System property/service attribute name for whether to allow Zero Page Login requests if the HTTP Referer
* header is not set.
*/
public static final String ZERO_PAGE_LOGIN_ALLOW_MISSING_REFERER = "openam.auth.zero.page.login.allow.null.referer";
/**
* Heartbeat in seconds of the LDAP Store
*/
/**
* Size of XML shared DocumentBuilder cache.
*/
final String XML_DOCUMENT_BUILDER_CACHE_SIZE = "org.forgerock.openam.utils.xml.documentbuilder.cache.size";
/**
* Size of XML shared SAXParser cache.
*/
/**
* OPENAM-3959
* set true, calculate auth level only with successful login module
*/
= "org.forgerock.openam.authLevel.excludeRequiredOrRequisite";
/**
* Size of XML shared TransformerFactory cache.
*/
"org.forgerock.openam.utils.xml.transformerfactory.cache.size";
/**
*/
"org.forgerock.openam.core.resource.lookup.cache.enabled";
/**
*/
public static final String AUTOCOMPLETE_ENABLED = "org.forgerock.openam.console.autocomplete.enabled";
/**
*/
/**
* Property to define the default time limit for LDAP operations performed by the Netscape LDAP SDK.
*/
public static final String DEFAULT_LDAP_TIME_LIMIT = "org.forgerock.openam.ldap.default.time.limit";
/**
* Property that defines a comma separated list of classes that are valid during deserialisation of Java classes
* in OpenAM, for example, in the JATO framework
*/
public static final String DESERIALISATION_CLASSES_WHITELIST = "openam.deserialisation.classes.whitelist";
/**
* Property used by the XML builder to retrieve a configuration specific name for an attribute schema.
*/
/**
* Heartbeat timeout in seconds of the HeartBeatConnectionFactory
* The heartbeat timeout after which a connection will be marked as failed
*/
/**
* Sets the maximum file upload size - if not set the default will be 750k.
*/
public static final String MAX_FILE_UPLOAD_SIZE = "org.forgerock.openam.console.max.file.upload.size";
/**
* Property that allows the AM_ACCESS_ATTEMPT event name to be audited.
*/
public static final String AUDIT_AM_ACCESS_ATTEMPT_ENABLED = "org.forgerock.openam.audit.access.attempt.enabled";
}