AMConfig.properties revision f58c87ece2202b8f85310d8885c7e39a7f435c09
#
# DO NOT REMOVE COPYRIGHT NOTICES OR THIS HEADER.
#
# Copyright (c) 2012 ForgeRock Inc. All rights reserved.
#
# The contents of this file are subject to the terms
# of the Common Development and Distribution License
# (the License). You may not use this file except in
# compliance with the License.
#
# You can obtain a copy of the License at
# See the License for the specific language governing
# permission and limitations under the License.
#
# When distributing Covered Code, include this CDDL
# Header Notice in each file and include the License file
# If applicable, add the following below the CDDL Header,
# with the fields enclosed by brackets [] replaced by
# your own identifying information:
# "Portions Copyrighted [2012] [ForgeRock Inc]"
#
# The following keys are used to configure the Debug service.
# Possible values for the key 'level' are: off | error | warning | message.
# The key 'directory' specifies the output directory where the debug files
# will be created.
# Trailing spaces are significant.
# Windows: Use forward slashes "/" separate directories, not backslash "\".
# Windows: Spaces in the file name are allowed for Windows.
#/
com.iplanet.services.debug.level=message
#
# Server mode should be 'false'
#/
#
# Cache enable / disable properties
#/
#
# Logging status
#/
com.iplanet.am.logstatus=ACTIVE
#
# SDK package name
#/
#
# Configure remote plugin classes for configuration (SMS)
#/
#
# Naming URL
#/
#
# Notification URL
#/
com.sun.identity.client.notification.url=@NOTIFICATION_URL@
#
# Security Credentails to read the configuration data
#/
com.sun.identity.agents.app.username=id=demo,ou=user,dc=openam,dc=forgerock,dc=org
com.iplanet.am.service.password=changeit
# Needed ??? - commented out by warren
#com.iplanet.am.service.secret={SHA-1}6/x5EAd3cMg0D2PNLcoqwfEgRE8=
#
# Encryption key that will be used to encrypt and decypt
# data to communicate with the server.
# This key is needed to decrypt passwords stored
# in the SMS configuration.
#/
#
# Encryption key that will be used to encrypt and decypt
# data used locally within the client.
#/
com.sun.identity.client.encryptionKey=@ENCRYPTION_KEY_LOCAL@
#
# Encryption: The key "com.iplanet.security.encryptor" specifies
# the encrypting class implementation.
# Available classes are:
#/
#
# Property to enable/disable the notifications for am.sdk and IdRepo Caches.
# If set to "true" notifications are enabled and disabled if set to "false".
#/
#
# Cache update time (in minutes) for am.sdk & IdRepo Caches
# if notification URL is not provided or if notifications are disabled.
# Note:
# 1. This property is applicable only if
# is not provided or if 'com.sun.identity.idm.remote.notification.enabled'
# is set to 'false'.
# 2. If the polling time is set as 0, then polling is disabled.
#/
#
# Property to enable/disable the notifications for service management caches.
# If set to "true" notifications are enabled and disabled if set to "false".
#/
#
# Cache update time (in minutes) for service configutation data,
# if notification URL is not provided or if notifications are disabled.
# Note:
# 1. This property is applicable only if
# is not provided or if 'com.sun.identity.sm.notification.enabled' is
# set to 'false'.
# 2. If the cache time is set as 0, then no cache updates will occur.
#/
#
# Server protocol, host and port to be used by Client Services
#/
com.iplanet.am.console.protocol=@CONSOLE_PROTOCOL@
com.iplanet.am.console.host=@CONSOLE_HOST@
com.iplanet.am.console.port=@CONSOLE_PORT@
com.iplanet.am.console.deploymentDescriptor=@CONSOLE_DEPLOY_URI@
com.iplanet.am.console.remote=@CONSOLE_REMOTE@
com.iplanet.am.cookie.name=iPlanetDirectoryPro
# Changed to true by warren - Default is false
#
# Session related properties.
#/
#
# Identify cert db directory path, prefix and password file
# to initialize JSS Socket Factory when Web Container is configured SSL
#/
com.iplanet.am.admin.cli.certdb.dir=@CONTAINER_CERTDB_DIR@
com.iplanet.am.admin.cli.certdb.prefix=@CONTAINER_CERTDB_PREFIX@
com.iplanet.am.admin.cli.certdb.passfile=@BASEDIR@/@PRODUCT_DIR@/config/.wtpass
#
# Identify property value for SSL ApprovalCallback / HostnameVerifier
# If com.iplanet.services.comm is configured as protocol handler
# and the checkSubjectAltName or resolveIPAddress feature is enabled,
# com.iplanet.am.admin.cli.certdb.prefix will have to be created under
# the directory of com.iplanet.am.admin.cli.certdb.dir before server is
# restarted.
#/
#*************************************************************
# Policy Client parameters
#*************************************************************/
# Policy decision log parameters. Possible values for logging.level
# are NONE, ALLOW, DENY, BOTH, and DECISION#/
com.sun.identity.agents.server.log.file.name=amRemotePolicyLog
# Notification URL for updating cache#/
com.sun.identity.agents.notification.url=@NOTIFICATION_URL@
# Cache time in minutes#/
# Information to cache. Possible value are "subtree" or "self"#/
# Policy client clock skew value in seconds#/
#
# Explicitly disable monitoring services in the client applications.
#
#
# Specify if allow to use cached data for HttpURLConnection
#
#
# Property to enable or disable to use the metro implementation
# for ws-trust client.
#/
#*
# Property to use the SOAP version for ws-trust client. The containers
# that do not support JavaEE5 should use the version 1.1 but make sure that
# the STS service is compatible with 1.1 version.
#/
#
# Specify implementation class for
com.sun.identity.plugin.configuration.class=@CONFIGURATION_PROVIDER_CLASS@
#
# Specify implementation class for
# com.sun.identity.plugin.datastore.DataStoreProvider interface.
# This property defines the default datastore provider.
com.sun.identity.plugin.datastore.class.default=@DATASTORE_PROVIDER_CLASS@
#
# Specify implementation class for
# com.sun.identity.plugin.session.SessionProvider interface.
com.sun.identity.plugin.session.class=@SESSION_PROVIDER_CLASS@
#
# Specify XML signature provider class
com.sun.identity.saml.xmlsig.signatureprovider.class=com.sun.identity.saml.xmlsig.AMSignatureProvider
#
# Specify XML key provider implementation class
#
# Identify SAML XML signature keystore file, keystore password file
# and key password file
# Commented by warren. Do we need this?
#com.sun.identity.saml.xmlsig.keystore=C:/proyectos/consultoria/Itecban/seguridad/pruebas/pkcs12/canalKeyStore.jks
#com.sun.identity.saml.xmlsig.storepass=C:/proyectos/consultoria/Itecban/seguridad/pruebas/pkcs12/.canalstorepass
#com.sun.identity.saml.xmlsig.keypass=C:/proyectos/consultoria/Itecban/seguridad/pruebas/pkcs12/.canalstorepass
#
# Specify type of KeyStore used for saml xml signature. Default is JKS.
#
# Flag for checking the Certificate which is embedded in the
# KeyInfo against the certificates in the keystore (specified
# by the "com.sun.identity.saml.xmlsig.keystore" property).
# Possible values for the key are: on|off. If the flag is "on",
# the certification must be presented in the keystore for
# XML signature validation. If the flag is "off", skip
# the presence checking.
#
# XML cannonicalization algorithm. Used for SAML XML signature generation
# and verification. When not specified, or value is empty, default value
# will be used. The following is the list of supported algorithms:
# http://www.w3.org/2001/10/xml-exc-c14n# (default)
# http://www.w3.org/2001/10/xml-exc-c14n#WithComments
# http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
#
# XML signature algorithm. Used for SAML XML Signature generation and
# verification. When not specified, or value is empty, default value will be
# used. The following is the list of supported algorithms:
# http://www.w3.org/2000/09/xmldsig#rsa-sha1 (default)
# http://www.w3.org/2000/09/xmldsig#hmac-sha1
# http://www.w3.org/2000/09/xmldsig#dsa-sha1
# http://www.w3.org/2001/04/xmldsig-more#rsa-md5
# http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160
# http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
# http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
# http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
# http://www.w3.org/2001/04/xmldsig-more#hmac-md5
# http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160
# http://www.w3.org/2001/04/xmldsig-more#hmac-sha256
# http://www.w3.org/2001/04/xmldsig-more#hmac-sha384
# http://www.w3.org/2001/04/xmldsig-more#hmac-sha512
#
# XML transformation algorithm. Used for SAML XML signature generation
# and verification. When not specified, or value is empty, default value
# will be used. The following is the list of supported algorithms:
# http://www.w3.org/2001/10/xml-exc-c14n# (default)
# http://www.w3.org/2001/10/xml-exc-c14n#WithComments
# http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
# http://www.w3.org/2000/09/xmldsig#base64
# http://www.w3.org/2000/09/xmldsig#enveloped-signature
# http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter
#
# SAML2 XML Encryption Provider Implementation class
#
# SAML2 XML Signing Provider Implementation class.
#
# SAML2 XML Signing Certificate Validation.
#
# SAML2 XML Signing Certificate Validation.
#
# Client ceritificate alias that will be used in SSL connection for Liberty
# SOAP Binding
#
# If the message timestamp is before current timestamp by this amount
# (millisec), it is considered a stale message.
#
# All the messageID of a valid message will be stored in a cache with the it
# is received to avoid duplicate messages. If the current time minus the
# received time is greater than the above staleTimeLimit, it should be removed
# from the cache. The is property specify the interval(millisec) that a
# cleanup thread should check the cache and remove those messageID.
#
# Supported SOAP actors. Each actor must be seperated by '|'
#
# Namespace prefix mapping used when marshalling a JAXB content tree to a
# DOM tree. The syntax is
# <prefix>=<namespace>|<prefix>=<namespace>|..........
com.sun.identity.liberty.ws.jaxb.namespacePrefixMappingList=S=http://schemas.xmlsoap.org/soap/envelope/|sb=urn:liberty:sb:2003-08|pp=urn:liberty:id-sis-pp:2003-08|ispp=http://www.sun.com/identity/liberty/pp|is=urn:liberty:is:2003-08
#
# JAXB package list used when constructing JAXBContext. Each package must be
# seperated by ':'.
#
# Liberty ID-WSF security profile,
# com.sun.identity.liberty.ws.wsc.certalias specifies default certificate
# alias for issuing web service security token for this web service client
# com.sun.identity.liberty.ws.ta.certalias specifies certificate
# alias for trusted authority that will be used to sign SAML or SAML
# BEARER token of response message.
# com.sun.identity.liberty.ws.trustedca.certaliases specifies certificate
# aliases for trusted CA. SAML or SAML BEARER token of incoming request
# message needs to be signed by a trusted CA in this list. The syntax is
# <cert alias 1>[:<issuer 1>]|<cert alias 2>[:<issuer 2>]|.....
# For example, 'myalias1:myissuer1|myalias2|myalias3:myissuer3
# 'issuer' is used when the token doesn't have a KeyInfo inside the
# signature. The 'issuer' of the token needs to be in this list and the
# corresponding cert alias will be used to verify signature. If KeyInfo
# exists, the keystore needs to contain a cert alias that matches the
# KeyInfo and the cert alias needs to be in this list.
# implementation for security token provider
com.sun.identity.liberty.ws.security.TokenProviderImpl=com.sun.identity.liberty.ws.security.LibSecurityTokenProvider
#
# URL for WSPRedirectHandlerServlet to handle Liberty WSF WSP-resource owner
# interactions based on user agent redirects. This should be running in
# the same JVM where Liberty SP is running
com.sun.identity.liberty.interaction.wspRedirectHandler=http://local.machine.com:18080/openam/WSPRedirectHandler
#
# indicates whether WSC would participate in interaction
# valid values are interactIfNeeded | doNotInteract | doNotInteractForData
# default value:interactIfNeeded
# value used if an invalid value is specified:interactIfNeeded
com.sun.identity.liberty.interaction.wscSpecifiedInteractionChoice=interactIfNeeded
#
# indicates whether WSC would include userInteractionHeader
# valid values are yes|no (case ignored)
# default value:yes
# value used if no value is specified:yes
#
# indicates whether WSC would redirect user for interaction
# valid values are yes|no
# default value:yes
# value used if no value is specified:yes
#
# WSC's preference on the acceptable duration for interaction(in seconds)
# default value if the value is not specified or a non integer value is
# specified : 60
#
# indicates whether WSC would enforce that redirected to URL is https
# valid values are yes|no (case ignored)
# liberty specification require the value to be yes
# default value:yes
# value used if no value is specified:yes
#
# This property is used to determine the Liberty identity web services framework
# to be used when the framework can not determine from the in-bound message or
# from the resource offering when AM is acting as the WSC.
# The default version is 1.1, but the possible values are 1.0 or 1.1
# Web Services Security Client Properties
# Login URL and Authentication web service URL for WSS Liberty use cases
# STS End User Token Plugin class
# WSS Provider Configuration Plugin class
# WSS Authenticator Plugin Class
com.sun.identity.wss.security.authenticator=com.sun.identity.wss.security.handler.DefaultAuthenticator
com.sun.identity.jsr196.authenticated.user=AUTHENTICATED_USERS
org.forgerock.openam.oauth2.endpoint.authorize=http://local.machine.com:18080/openam/oauth2/authorize
org.forgerock.openam.oauth2.endpoint.access_token=http://local.machine.com:18080/openam/oauth2/access_token
org.forgerock.openam.oauth2.endpoint.tokeninfo=http://local.machine.com:18080/openam/oauth2/tokeninfo
org.forgerock.openam.oauth2.password=changeit