OAuth2Provider.xml revision 3d8ee1629200b24b539b887a7feaec640fe610a8
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE ServicesConfiguration
PUBLIC "=//iPlanet//Service Management Services (SMS) 1.0 DTD//EN"
<!--
/*
* The contents of this file are subject to the terms of the Common Development and
* Distribution License (the License). You may not use this file except in compliance with the
* License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
* specific language governing permission and limitations under the License.
*
* When distributing Covered Software, include this CDDL Header Notice in each file and include
* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
* Header, with the fields enclosed by brackets [] replaced by your own identifying
* information: "Portions Copyrighted [year] [name of copyright owner]".
*
* Copyright 2012-2016 ForgeRock AS.
*/
-->
<ServicesConfiguration>
<Service name="OAuth2Provider" version="1.0">
<Schema
serviceHierarchy="/DSAMEConfig/ForgerockOAuth2ProviderService"
i18nFileName="OAuth2Provider"
revisionNumber="1"
i18nKey="forgerock-oauth2-provider-description"
resourceName="oauth-oidc">
<Global>
<AttributeSchema name="blacklistingEnabled"
type="single"
syntax="boolean">
<BooleanValues>
<BooleanTrueValue i18nKey="i18nTrue">true</BooleanTrueValue>
<BooleanFalseValue i18nKey="i18nFalse">false</BooleanFalseValue>
</BooleanValues>
<DefaultValues>
<Value>true</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="blacklistCacheSize"
type="single"
syntax="number_range"
rangeStart="0"
rangeEnd="2147483647"
i18nKey="a134"
order="0">
<DefaultValues>
<Value>10000</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="blacklistPollInterval"
type="single"
syntax="number_range"
rangeStart="0"
rangeEnd="2147483647"
i18nKey="a135"
order="1">
<DefaultValues>
<Value>60</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="blacklistPurgeDelay"
type="single"
syntax="number_range"
rangeStart="0" rangeEnd="2147483647"
i18nKey="a136"
order="2">
<DefaultValues>
<Value>1</Value>
</DefaultValues>
</AttributeSchema>
</Global>
<Organization>
<AttributeSchema name="statelessTokensEnabled"
type="single"
syntax="boolean"
i18nKey="a099"
order="3">
<BooleanValues>
<BooleanTrueValue i18nKey="i18nTrue">true</BooleanTrueValue>
<BooleanFalseValue i18nKey="i18nFalse">false</BooleanFalseValue>
</BooleanValues>
<DefaultValues>
<Value>false</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-authorization-code-lifetime"
type="single"
syntax="number_range" rangeStart="0" rangeEnd="2147483647"
validator="RequiredValueValidator"
i18nKey="a100" resourceName="codeLifetime"
order="10">
<DefaultValues>
<Value>120</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-refresh-token-lifetime"
type="single"
syntax="number_range" rangeStart="-1" rangeEnd="2147483647"
validator="RequiredValueValidator"
i18nKey="a101" resourceName="refreshTokenLifetime"
order="20">
<DefaultValues>
<Value>604800</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-access-token-lifetime"
type="single"
syntax="number_range" rangeStart="0" rangeEnd="2147483647"
validator="RequiredValueValidator"
i18nKey="a102" resourceName="accessTokenLifetime"
order="30">
<DefaultValues>
<Value>3600</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-issue-refresh-token"
type="single"
syntax="boolean"
i18nKey="a103" resourceName="issueRefreshToken"
order="40">
<BooleanValues>
<BooleanTrueValue i18nKey="i18nTrue">true</BooleanTrueValue>
<BooleanFalseValue i18nKey="i18nFalse">false</BooleanFalseValue>
</BooleanValues>
<DefaultValues>
<Value>true</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-issue-refresh-token-on-refreshing-token"
type="single"
syntax="boolean"
i18nKey="a103a" resourceName="issueRefreshTokenOnRefreshedToken"
order="50">
<BooleanValues>
<BooleanTrueValue i18nKey="i18nTrue">true</BooleanTrueValue>
<BooleanFalseValue i18nKey="i18nFalse">false</BooleanFalseValue>
</BooleanValues>
<DefaultValues>
<Value>true</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="customLoginUrlTemplate"
type="single"
syntax="string"
i18nKey="a103b"
order="60">
<IsOptional/>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-scope-implementation-class"
type="single"
syntax="string"
validator="RequiredValueValidator"
i18nKey="a104" resourceName="scopeImplementationClass"
order="70">
<DefaultValues>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-oidc-claims-extension-script"
type="single_choice"
uitype="scriptSelect"
syntax="string"
i18nKey="a104aa"
resourceName="oidcClaimsScript"
order="80">
<ChoiceValues>
<AttributeValuePair>
<Attribute name="ContextId"/>
<Value>OIDC_CLAIMS</Value>
</AttributeValuePair>
</ChoiceValuesClassName>
</ChoiceValues>
<DefaultValues>
<Value>@GlobalOidcClaimsScriptId@</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-response-type-map-class"
type="list"
syntax="string"
i18nKey="a105"
resourceName="responseTypeClasses"
order="90">
<DefaultValues>
</DefaultValues>
</AttributeSchema>
<AttributeSchema
name="forgerock-oauth2-provider-authentication-attributes"
type="list"
syntax="string"
i18nKey="a106"
resourceName="authenticationAttributes"
order="100">
<DefaultValues>
<Value>uid</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-saved-consent-attribute"
type="single"
syntax="string"
resourceName="savedConsentAttribute"
i18nKey="a107"
order="110">
<IsOptional/>
<DefaultValues>
<Value></Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="displayNameAttribute"
type="single"
syntax="string"
i18nKey="a1075"
order="120">
<DefaultValues>
<Value>cn</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema
name="forgerock-oauth2-provider-supported-scopes"
type="list"
syntax="string"
resourceName="supportedScopes"
i18nKey="a108"
order="130">
</AttributeSchema>
<AttributeSchema
name="forgerock-oauth2-provider-jkws-uri"
type="single"
syntax="string"
resourceName="jkwsURI"
i18nKey="a109"
order="140">
<IsOptional/>
</AttributeSchema>
<AttributeSchema
name="forgerock-oauth2-provider-subject-types-supported"
type="list"
syntax="string"
resourceName="supportedSubjectTypes"
i18nKey="a110"
order="150">
<DefaultValues>
<Value>public</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema
name="forgerock-oauth2-provider-id-token-signing-algorithms-supported"
type="list"
syntax="string"
resourceName="supportedIDTokenSigningAlgorithms"
i18nKey="a111"
order="160">
<DefaultValues>
<Value>HS256</Value>
<Value>HS384</Value>
<Value>HS512</Value>
<Value>RS256</Value>
<Value>ES256</Value>
<Value>ES384</Value>
<Value>ES512</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema
name="supportedIDTokenEncryptionAlgorithms"
type="list"
syntax="string"
i18nKey="a111a"
order="170">
<DefaultValues>
<Value>RSA1_5</Value>
<Value>RSA-OAEP</Value>
<Value>RSA-OAEP-256</Value>
<Value>dir</Value>
<Value>A128KW</Value>
<Value>A192KW</Value>
<Value>A256KW</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema
name="supportedIDTokenEncryptionMethods"
type="list"
syntax="string"
i18nKey="a111b"
order="180">
<DefaultValues>
<Value>A128CBC-HS256</Value>
<Value>A192CBC-HS384</Value>
<Value>A256CBC-HS512</Value>
<Value>A128GCM</Value>
<Value>A192GCM</Value>
<Value>A256GCM</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema
name="forgerock-oauth2-provider-supported-claims"
type="list"
syntax="string"
resourceName="supportedClaims"
i18nKey="a112"
order="190">
<IsOptional/>
</AttributeSchema>
<AttributeSchema
name="forgerock-oauth2-provider-default-scopes"
type="list"
syntax="string"
resourceName="defaultScopes"
i18nKey="a122"
order="200">
<IsOptional/>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-jwt-token-lifetime"
type="single"
syntax="number_range" rangeStart="0" rangeEnd="2147483647"
validator="RequiredValueValidator"
resourceName="jwtTokenLifetime"
i18nKey="a113"
order="210">
<IsOptional/>
<DefaultValues>
<Value>3600</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="tokenSigningAlgorithm"
type="single_choice"
listOrder="insertion"
syntax="string"
i18nKey="a113a"
order="220">
<ChoiceValues>
<ChoiceValue i18nKey="choiceHS256">HS256</ChoiceValue>
<ChoiceValue i18nKey="choiceHS384">HS384</ChoiceValue>
<ChoiceValue i18nKey="choiceHS512">HS512</ChoiceValue>
<ChoiceValue i18nKey="choiceRS256">RS256</ChoiceValue>
<ChoiceValue i18nKey="choiceES256">ES256</ChoiceValue>
<ChoiceValue i18nKey="choiceES384">ES384</ChoiceValue>
<ChoiceValue i18nKey="choiceES512">ES512</ChoiceValue>
</ChoiceValues>
<DefaultValues>
<Value>HS256</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="tokenCompressionEnabled"
type="single"
syntax="boolean"
i18nKey="a138"
order="223">
<BooleanValues>
<BooleanTrueValue i18nKey="i18nTrue">true</BooleanTrueValue>
<BooleanFalseValue i18nKey="i18nFalse">false</BooleanFalseValue>
</BooleanValues>
</AttributeSchema>
<AttributeSchema name="idTokenInfoClientAuthenticationEnabled"
type="single"
syntax="boolean"
i18nKey="a137"
order="225">
<BooleanValues>
<BooleanTrueValue i18nKey="i18nTrue">true</BooleanTrueValue>
<BooleanFalseValue i18nKey="i18nFalse">false</BooleanFalseValue>
</BooleanValues>
<DefaultValues>
<Value>true</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="tokenSigningHmacSharedSecret"
type="single"
syntax="string"
i18nKey="a113b"
order="230">
<DefaultValues>
<Value>@256_BIT_RANDOM_SECURE@</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-keypair-name"
type="single"
syntax="string"
validator="RequiredValueValidator"
resourceName="keypairName"
i18nKey="a114"
order="240">
<IsOptional/>
<DefaultValues>
<Value>test</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="tokenSigningECDSAKeyAlias"
type="list"
syntax="string"
validator="RequiredValueValidator"
i18nKey="a114a"
order="241">
<IsOptional/>
<DefaultValues>
<Value>ES256|test</Value>
<Value>ES384|test</Value>
<Value>ES512|test</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-claims-parameter-supported"
type="single"
syntax="boolean"
resourceName="claimsParameterSupported"
i18nKey="a123"
order="250">
<BooleanValues>
<BooleanTrueValue i18nKey="i18nTrue">true</BooleanTrueValue>
<BooleanFalseValue i18nKey="i18nFalse">false</BooleanFalseValue>
</BooleanValues>
<DefaultValues>
<Value>false</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-hash-salt"
type="single"
syntax="string"
resourceName="hashSalt"
i18nKey="a124"
order="260">
<IsOptional/>
<ExampleValue>
<Value>changeme</Value>
</ExampleValue>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-code-verifier-enforced"
type="single"
syntax="boolean"
resourceName="codeVerifierEnforced"
i18nKey="a126"
order="270">
<BooleanValues>
<BooleanTrueValue i18nKey="i18nTrue">true</BooleanTrueValue>
<BooleanFalseValue i18nKey="i18nFalse">false</BooleanFalseValue>
</BooleanValues>
<DefaultValues>
<Value>false</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-allow-open-dynamic-registration"
type="single"
syntax="boolean"
resourceName="allowDynamicRegistration"
i18nKey="a115"
order="280">
<BooleanValues>
<BooleanTrueValue i18nKey="i18nTrue">true</BooleanTrueValue>
<BooleanFalseValue i18nKey="i18nFalse">false</BooleanFalseValue>
</BooleanValues>
<DefaultValues>
<Value>false</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-generate-registration-access-tokens"
type="single"
syntax="boolean"
resourceName="generateRegistrationAccessTokens"
i18nKey="a116"
order="290">
<BooleanValues>
<BooleanTrueValue i18nKey="i18nTrue">true</BooleanTrueValue>
<BooleanFalseValue i18nKey="i18nFalse">false</BooleanFalseValue>
</BooleanValues>
<DefaultValues>
<Value>true</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="MapValueValidator"
type="validator"
syntax="string"
order="300">
<DefaultValues>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-loa-mapping"
type="list"
syntax="string"
uitype="maplist"
validator="MapValueValidator"
resourceName="loaMapping"
i18nKey="a117"
order="310">
<IsOptional/>
<ChoiceValues>
<ChoiceValuesClassName
className="com.sun.identity.authentication.service.ConfiguredAuthServices"/>
</ChoiceValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-default-acr"
type="single"
syntax="string"
resourceName="defaultACR"
i18nKey="a118"
order="320">
<IsOptional/>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-amr-mappings"
type="list"
syntax="string"
uitype="maplist"
validator="MapValueValidator"
resourceName="amrMappings"
i18nKey="a119"
order="330">
<IsOptional/>
<ChoiceValues>
<ChoiceValuesClassName
className="com.sun.identity.authentication.service.AllConfiguredModuleInstances"/>
</ChoiceValues>
</AttributeSchema>
<AttributeSchema
name="forgerock-oauth2-provider-modified-attribute-name"
type="single"
syntax="string"
resourceName="modifiedTimestampAttribute"
i18nKey="a120"
order="340">
<IsOptional/>
</AttributeSchema>
<AttributeSchema
name="forgerock-oauth2-provider-created-attribute-name"
type="single"
syntax="string"
resourceName="createdTimestampAttribute"
i18nKey="a121"
order="350">
<IsOptional/>
</AttributeSchema>
<AttributeSchema name="alwaysAddClaimsToToken"
type="single"
syntax="boolean"
i18nKey="a125"
order="360">
<BooleanValues>
<BooleanTrueValue i18nKey="i18nTrue">true</BooleanTrueValue>
<BooleanFalseValue i18nKey="i18nFalse">false</BooleanFalseValue>
</BooleanValues>
<DefaultValues>
<Value>false</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="verificationUrl" type="single" syntax="string" i18nKey="a127"
order="370">
<IsOptional/>
</AttributeSchema>
<AttributeSchema name="completionUrl" type="single" syntax="string" i18nKey="a128"
order="380">
<IsOptional/>
</AttributeSchema>
<AttributeSchema name="deviceCodeLifetime" type="single" i18nKey="a129"
syntax="number_range" rangeStart="0" rangeEnd="2147483647"
order="390">
<DefaultValues>
<Value>300</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="devicePollInterval" type="single" i18nKey="a130"
syntax="number_range" rangeStart="0" rangeEnd="2147483647"
order="400">
<DefaultValues>
<Value>5</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="storeOpsTokens" type="single" i18nKey="a131" syntax="boolean"
order="410">
<BooleanValues>
<BooleanTrueValue i18nKey="i18nTrue">true</BooleanTrueValue>
<BooleanFalseValue i18nKey="i18nFalse">false</BooleanFalseValue>
</BooleanValues>
<DefaultValues>
<Value>true</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="clientsCanSkipConsent" type="single" syntax="boolean" i18nKey="a132"
order="420">
<BooleanValues>
<BooleanTrueValue i18nKey="i18nTrue">true</BooleanTrueValue>
<BooleanFalseValue i18nKey="i18nFalse">false</BooleanFalseValue>
</BooleanValues>
<DefaultValues>
<Value>false</Value>
</DefaultValues>
</AttributeSchema>
</Organization>
</Schema>
</Service>
</ServicesConfiguration>