2N/A# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
2N/A# Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
2N/A# The contents of this file are subject to the terms
2N/A# of the Common Development and Distribution License
2N/A# (the License). You may not use this file except in
2N/A# compliance with the License.
2N/A# You can obtain a copy of the License at
2N/A# See the License for the specific language governing
2N/A# permission and limitations under the License.
2N/A# When distributing Covered Code, include this CDDL
2N/A# Header Notice in each file and include the License file
2N/A# If applicable, add the following below the CDDL Header,
814N/A# with the fields enclosed by brackets [] replaced by
2N/A# your own identifying information:
2N/A# "Portions Copyrighted [year] [name of copyright owner]"
23N/A# Portions Copyrighted [2015] [ForgeRock AS]
23N/A# Specify implementation class for
32N/A# Specify implementation class for
32N/A# This property defines the default datastore provider.
225N/A# Specify implementation class for
225N/A# Specify XML signature provider class
225N/A# Specify XML key provider implementation class
38N/A# Identify SAML XML signature keystore file, keystore password file
38N/A# and key password file
2N/A# Specify type of KeyStore used for saml xml signature. Default is JKS.
634N/A# Flag for checking the Certificate which is embedded in the
92N/A# KeyInfo against the certificates in the keystore (specified
2N/A# Possible values for the key are: on|off. If the flag is "on",
313N/A# the certification must be presented in the keystore for
2N/A# XML signature validation. If the flag is "off", skip
34N/A# the presence checking.
313N/A# XML cannonicalization algorithm. Used for SAML XML signature generation
34N/A# and verification. When not specified, or value is empty, default value
2N/A# will be used. The following is the list of supported algorithms:
2N/A# XML signature algorithm. Used for SAML XML Signature generation and
2N/A# verification. When not specified, or value is empty, default value will be
2N/A# used. The following is the list of supported algorithms:
70N/A# XML transformation algorithm. Used for SAML XML signature generation
70N/A# and verification. When not specified, or value is empty, default value
70N/A# will be used. The following is the list of supported algorithms:
92N/A# SAML2 XML Encryption Provider Implementation class
500N/A# SAML2 XML Signing Provider Implementation class.
92N/A# SAML2 XML Signing Certificate Validation.
92N/A# SAML2 XML Signing Certificate Validation.
313N/A# Client ceritificate alias that will be used in SSL connection for Liberty
2N/A# If the message timestamp is before current timestamp by this amount
# (millisec), it is considered a stale message.
# All the messageID of a valid message will be stored in a cache with the it
# is received to avoid duplicate messages. If the current time minus the
# received time is greater than the above staleTimeLimit, it should be removed
# from the cache. The is property specify the interval(millisec) that a
# cleanup thread should check the cache and remove those messageID.
# Supported SOAP actors. Each actor must be seperated by '|'
# Namespace prefix mapping used when marshalling a JAXB content tree to a
# DOM tree. The syntax is
# <prefix>=<namespace>|<prefix>=<namespace>|..........
# JAXB package list used when constructing JAXBContext. Each package must be
# Liberty ID-WSF security profile,
# alias for issuing web service security token for this web service client
# alias for trusted authority that will be used to sign SAML or SAML
# BEARER token of response message.
# aliases for trusted CA. SAML or SAML BEARER token of incoming request
# message needs to be signed by a trusted CA in this list. The syntax is
# <cert alias 1>[:<issuer 1>]|<cert alias 2>[:<issuer 2>]|.....
# For example, 'myalias1:myissuer1|myalias2|myalias3:myissuer3
# 'issuer' is used when the token doesn't have a KeyInfo inside the
# signature. The 'issuer' of the token needs to be in this list and the
# corresponding cert alias will be used to verify signature. If KeyInfo
# exists, the keystore needs to contain a cert alias that matches the
# KeyInfo and the cert alias needs to be in this list.
# implementation for security token provider
# URL for WSPRedirectHandlerServlet to handle Liberty WSF WSP-resource owner
# interactions based on user agent redirects. This should be running in
# the same JVM where Liberty SP is running
# indicates whether WSC would participate in interaction
# valid values are interactIfNeeded | doNotInteract | doNotInteractForData
# default value:interactIfNeeded
# value used if an invalid value is specified:interactIfNeeded
# indicates whether WSC would include userInteractionHeader
# valid values are yes|no (case ignored)
# value used if no value is specified:yes
# indicates whether WSC would redirect user for interaction
# valid values are yes|no
# value used if no value is specified:yes
# WSC's preference on the acceptable duration for interaction(in seconds)
# default value if the value is not specified or a non integer value is
# indicates whether WSC would enforce that redirected to URL is https
# valid values are yes|no (case ignored)
# liberty specification require the value to be yes
# value used if no value is specified:yes
# This property is used to determine the Liberty identity web services framework
# to be used when the framework can not determine from the in-bound message or
# from the resource offering when AM is acting as the WSC.
# The default version is 1.1, but the possible values are 1.0 or 1.1
# Web Services Security Client Properties
# Login URL for WSS end user authentication use cases
# Login URL redirection ("goto") paramter name for WSS end user authentication use cases
# Authentication web service URL for WSS Liberty use cases