FederationClient.properties revision a688bcbb4bcff5398fdd29b86f83450257dc0df4
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# The contents of this file are subject to the terms
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# of the Common Development and Distribution License
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# (the License). You may not use this file except in
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# compliance with the License.
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# You can obtain a copy of the License at
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# https://opensso.dev.java.net/public/CDDLv1.0.html or
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# See the License for the specific language governing
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# permission and limitations under the License.
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# When distributing Covered Code, include this CDDL
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# Header Notice in each file and include the License file
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# If applicable, add the following below the CDDL Header,
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# with the fields enclosed by brackets [] replaced by
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# your own identifying information:
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# "Portions Copyrighted [year] [name of copyright owner]"
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# $Id: FederationClient.properties,v 1.7 2009/08/29 07:59:17 mallas Exp $
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# Specify implementation class for
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# com.sun.identity.plugin.configuration.ConfigurationInstance interface.
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholescom.sun.identity.plugin.configuration.class=@CONFIGURATION_PROVIDER_CLASS@
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# Specify implementation class for
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# com.sun.identity.plugin.datastore.DataStoreProvider interface.
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# This property defines the default datastore provider.
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholescom.sun.identity.plugin.datastore.class.default=@DATASTORE_PROVIDER_CLASS@
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# Specify implementation class for
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# com.sun.identity.plugin.session.SessionProvider interface.
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholescom.sun.identity.plugin.session.class=@SESSION_PROVIDER_CLASS@
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# Specify XML signature provider class
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholescom.sun.identity.saml.xmlsig.signatureprovider.class=com.sun.identity.saml.xmlsig.AMSignatureProvider
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# Specify XML key provider implementation class
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholescom.sun.identity.saml.xmlsig.keyprovider.class=com.sun.identity.saml.xmlsig.JKSKeyProvider
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# Identify SAML XML signature keystore file, keystore password file
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# and key password file
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholescom.sun.identity.saml.xmlsig.keystore=@BASE_DIR@/keystore.jks
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholescom.sun.identity.saml.xmlsig.storepass=@BASE_DIR@/.storepass
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholescom.sun.identity.saml.xmlsig.keypass=@BASE_DIR@/.keypass
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# Specify type of KeyStore used for saml xml signature. Default is JKS.
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# Flag for checking the Certificate which is embedded in the
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# KeyInfo against the certificates in the keystore (specified
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# by the "com.sun.identity.saml.xmlsig.keystore" property).
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# Possible values for the key are: on|off. If the flag is "on",
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# the certification must be presented in the keystore for
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# XML signature validation. If the flag is "off", skip
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# the presence checking.
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# XML cannonicalization algorithm. Used for SAML XML signature generation
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# and verification. When not specified, or value is empty, default value
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# will be used. The following is the list of supported algorithms:
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# http://www.w3.org/2001/10/xml-exc-c14n# (default)
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# http://www.w3.org/2001/10/xml-exc-c14n#WithComments
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholescom.sun.identity.saml.xmlsig.c14nMethod=http://www.w3.org/2001/10/xml-exc-c14n#
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# XML signature algorithm. Used for SAML XML Signature generation and
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# verification. When not specified, or value is empty, default value will be
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# used. The following is the list of supported algorithms:
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# http://www.w3.org/2000/09/xmldsig#rsa-sha1 (default)
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# http://www.w3.org/2001/04/xmldsig-more#hmac-sha256
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# http://www.w3.org/2001/04/xmldsig-more#hmac-sha384
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# http://www.w3.org/2001/04/xmldsig-more#hmac-sha512
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# XML transformation algorithm. Used for SAML XML signature generation
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# and verification. When not specified, or value is empty, default value
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# will be used. The following is the list of supported algorithms:
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# http://www.w3.org/2001/10/xml-exc-c14n# (default)
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# http://www.w3.org/2001/10/xml-exc-c14n#WithComments
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# http://www.w3.org/2000/09/xmldsig#enveloped-signature
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholescom.sun.identity.saml.xmlsig.transformAlg=http://www.w3.org/2001/10/xml-exc-c14n#
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# SAML2 XML Encryption Provider Implementation class
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholescom.sun.identity.saml2.xmlenc.EncryptionProvider=com.sun.identity.saml2.xmlenc.FMEncProvider
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# SAML2 XML Signing Provider Implementation class.
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholescom.sun.identity.saml2.xmlsig.SignatureProvider=com.sun.identity.saml2.xmlsig.FMSigProvider
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# SAML2 XML Signing Certificate Validation.
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# SAML2 XML Signing Certificate Validation.
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# Client ceritificate alias that will be used in SSL connection for Liberty
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# SOAP Binding
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# If the message timestamp is before current timestamp by this amount
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# (millisec), it is considered a stale message.
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholescom.sun.identity.liberty.ws.soap.staleTimeLimit=300000
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# All the messageID of a valid message will be stored in a cache with the it
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# is received to avoid duplicate messages. If the current time minus the
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# received time is greater than the above staleTimeLimit, it should be removed
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# from the cache. The is property specify the interval(millisec) that a
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# cleanup thread should check the cache and remove those messageID.
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholescom.sun.identity.liberty.ws.soap.messageIDCacheCleanupInterval=60000
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# Supported SOAP actors. Each actor must be seperated by '|'
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholescom.sun.identity.liberty.ws.soap.supportedActors=http://schemas.xmlsoap.org/soap/actor/next
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# Namespace prefix mapping used when marshalling a JAXB content tree to a
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# DOM tree. The syntax is
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# <prefix>=<namespace>|<prefix>=<namespace>|..........
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholescom.sun.identity.liberty.ws.jaxb.namespacePrefixMappingList=S=http://schemas.xmlsoap.org/soap/envelope/|sb=urn:liberty:sb:2003-08|pp=urn:liberty:id-sis-pp:2003-08|ispp=http://www.sun.com/identity/liberty/pp|is=urn:liberty:is:2003-08
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# JAXB package list used when constructing JAXBContext. Each package must be
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# seperated by ':'.
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# Liberty ID-WSF security profile,
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# com.sun.identity.liberty.ws.wsc.certalias specifies default certificate
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# alias for issuing web service security token for this web service client
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# com.sun.identity.liberty.ws.ta.certalias specifies certificate
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# alias for trusted authority that will be used to sign SAML or SAML
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# BEARER token of response message.
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# com.sun.identity.liberty.ws.trustedca.certaliases specifies certificate
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# aliases for trusted CA. SAML or SAML BEARER token of incoming request
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# message needs to be signed by a trusted CA in this list. The syntax is
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# <cert alias 1>[:<issuer 1>]|<cert alias 2>[:<issuer 2>]|.....
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# For example, 'myalias1:myissuer1|myalias2|myalias3:myissuer3
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# 'issuer' is used when the token doesn't have a KeyInfo inside the
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# signature. The 'issuer' of the token needs to be in this list and the
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# corresponding cert alias will be used to verify signature. If KeyInfo
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# exists, the keystore needs to contain a cert alias that matches the
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# KeyInfo and the cert alias needs to be in this list.
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# com.sun.identity.liberty.ws.security.TokenProviderImpl specifies
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# implementation for security token provider
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholescom.sun.identity.liberty.ws.trustedca.certaliases=test:SunSTS|test:@SERVER_HOST@
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholescom.sun.identity.liberty.ws.security.TokenProviderImpl=com.sun.identity.liberty.ws.security.LibSecurityTokenProvider
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# URL for WSPRedirectHandlerServlet to handle Liberty WSF WSP-resource owner
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# interactions based on user agent redirects. This should be running in
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# the same JVM where Liberty SP is running
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholescom.sun.identity.liberty.interaction.wspRedirectHandler=@SERVER_PROTOCOL@://@SERVER_HOST@:@SERVER_PORT@/@DEPLOY_URI@/WSPRedirectHandler
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# indicates whether WSC would participate in interaction
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# valid values are interactIfNeeded | doNotInteract | doNotInteractForData
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# default value:interactIfNeeded
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# value used if an invalid value is specified:interactIfNeeded
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholescom.sun.identity.liberty.interaction.wscSpecifiedInteractionChoice=interactIfNeeded
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# indicates whether WSC would include userInteractionHeader
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# valid values are yes|no (case ignored)
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# default value:yes
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# value used if no value is specified:yes
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholescom.sun.identity.liberty.interaction.wscWillInlcudeUserInteractionHeader=yes
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# indicates whether WSC would redirect user for interaction
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# valid values are yes|no
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# default value:yes
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# value used if no value is specified:yes
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholescom.sun.identity.liberty.interaction.wscWillRedirect=yes
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# WSC's preference on the acceptable duration for interaction(in seconds)
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# default value if the value is not specified or a non integer value is
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# specified : 60
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholescom.sun.identity.liberty.interaction.wscSpecifiedMaxInteractionTime=80
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# indicates whether WSC would enforce that redirected to URL is https
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# valid values are yes|no (case ignored)
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# liberty specification require the value to be yes
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# default value:yes
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# value used if no value is specified:yes
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholescom.sun.identity.liberty.interaction.wscWillEnforceHttpsCheck=no
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# This property is used to determine the Liberty identity web services framework
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# to be used when the framework can not determine from the in-bound message or
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# from the resource offering when AM is acting as the WSC.
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# The default version is 1.1, but the possible values are 1.0 or 1.1
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# Web Services Security Client Properties
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# Login URL for WSS end user authentication use cases
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholescom.sun.identity.loginurl=@SERVER_PROTOCOL@://@SERVER_HOST@:@SERVER_PORT@/@DEPLOY_URI@/UI/Login
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# Login URL redirection ("goto") paramter name for WSS end user authentication use cases
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# Authentication web service URL for WSS Liberty use cases
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholescom.sun.identity.liberty.authnsvc.url=@SERVER_PROTOCOL@://@SERVER_HOST@:@SERVER_PORT@/@DEPLOY_URI@/Liberty/authnsvc
d3fc1a9aec53a772142e2909441b213f3ae8102abnicholes# STS End User Token Plugin class
com.sun.identity.wss.security.authenticator=com.sun.identity.wss.security.handler.DefaultAuthenticator
com.sun.identity.jsr196.authenticated.user=AUTHENTICATED_USERS