OAuth2Provider.xml revision af38905e8a5231702db169603d942d5d2e0c4332
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE ServicesConfiguration
PUBLIC "=//iPlanet//Service Management Services (SMS) 1.0 DTD//EN"
"jar://com/sun/identity/sm/sms.dtd">
<!--
/*
* The contents of this file are subject to the terms of the Common Development and
* Distribution License (the License). You may not use this file except in compliance with the
* License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
* specific language governing permission and limitations under the License.
*
* When distributing Covered Software, include this CDDL Header Notice in each file and include
* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
* Header, with the fields enclosed by brackets [] replaced by your own identifying
* information: "Portions Copyrighted [year] [name of copyright owner]".
*
* Copyright 2012-2015 ForgeRock AS.
*/
-->
<ServicesConfiguration>
<Service name="OAuth2Provider" version="1.0">
<Schema
serviceHierarchy="/DSAMEConfig/ForgerockOAuth2ProviderService"
i18nFileName="OAuth2Provider"
revisionNumber="1"
i18nKey="forgerock-oauth2-provider-description"
resourceName="oauth-oidc">
<Global>
<AttributeSchema name="forgerock-oauth2-provider-oidc-script-server-timeout"
type="single" syntax="number_range" rangeStart="0"
rangeEnd="2147483647" i18nKey="g101" resourceName="scriptServerTimeout">
<DefaultValues>
<Value>0</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-oidc-script-core-threads"
type="single" syntax="number_range" rangeStart="1"
rangeEnd="2147483647" i18nKey="g102" resourceName="scriptCoreThreads">
<DefaultValues>
<Value>10</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-oidc-script-max-threads"
type="single" syntax="number_range" rangeStart="1"
rangeEnd="2147483647" i18nKey="g103" resourceName="scriptMaxThreads">
<DefaultValues>
<Value>50</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-oidc-script-queue-size"
type="single" syntax="number_range" rangeStart="-1"
rangeEnd="2147483647" i18nKey="g104" resourceName="scriptQueueSize">
<DefaultValues>
<Value>10</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-oidc-script-idle-timeout"
type="single" syntax="number_range" rangeStart="0"
rangeEnd="2147483647" i18nKey="g105" resourceName="scriptIdleTimeout">
<DefaultValues>
<Value>60</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-oidc-script-white-list"
type="list" syntax="string" i18nKey="g106" resourceName="scriptWhiteList">
<DefaultValues>
<Value>java.lang.Boolean</Value>
<Value>java.lang.Byte</Value>
<Value>java.lang.Character</Value>
<Value>java.lang.Character$Subset</Value>
<Value>java.lang.Character$UnicodeBlock</Value>
<Value>java.lang.Double</Value>
<Value>java.lang.Float</Value>
<Value>java.lang.Integer</Value>
<Value>java.lang.Long</Value>
<Value>java.lang.Math</Value>
<Value>java.lang.Number</Value>
<Value>java.lang.Object</Value>
<Value>java.lang.Short</Value>
<Value>java.lang.StrictMath</Value>
<Value>java.lang.String</Value>
<Value>java.lang.Void</Value>
<Value>java.util.ArrayList</Value>
<Value>java.util.HashSet</Value>
<Value>java.util.HashMap</Value>
<Value>java.util.HashMap$Entry</Value>
<Value>java.util.HashMap$KeyIterator</Value>
<Value>java.util.LinkedHashMap</Value>
<Value>java.util.LinkedHashSet</Value>
<Value>java.util.LinkedList</Value>
<Value>java.util.TreeMap</Value>
<Value>java.util.TreeSet</Value>
<Value>com.sun.identity.shared.debug.Debug</Value>
<Value>com.iplanet.sso.providers.dpro.SSOTokenImpl</Value>
<Value>org.forgerock.http.client.*</Value>
<Value>groovy.json.JsonSlurper</Value>
<Value>com.sun.identity.idm.AMIdentity</Value>
<Value>java.util.LinkedHashMap$Entry</Value>
<Value>java.util.LinkedHashMap$LinkedEntrySet</Value>
<Value>org.forgerock.openam.oauth2.OpenAMAccessToken</Value>
<Value>java.util.HashMap$Node</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-oidc-script-black-list"
type="list" syntax="string" i18nKey="g107" resourceName="scriptBlackList">
<DefaultValues>
<Value>java.security.AccessController</Value>
<Value>java.lang.Class</Value>
<Value>java.lang.reflect.*</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-oidc-script-use-security-manager"
type="single" syntax="boolean" i18nKey="g108" resourceName="scriptUseSecurityManager">
<BooleanValues>
<BooleanTrueValue i18nKey="i18nTrue">true</BooleanTrueValue>
<BooleanFalseValue i18nKey="i18nFalse">false</BooleanFalseValue>
</BooleanValues>
<DefaultValues>
<Value>true</Value>
</DefaultValues>
</AttributeSchema>
</Global>
<Organization>
<AttributeSchema name="forgerock-oauth2-provider-authorization-code-lifetime"
type="single"
syntax="number_range" rangeStart="0" rangeEnd="2147483647"
validator="RequiredValueValidator"
i18nKey="a100" resourceName="codeLifetime">
<DefaultValues>
<Value>10</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-refresh-token-lifetime"
type="single"
syntax="number_range" rangeStart="0" rangeEnd="2147483647"
validator="RequiredValueValidator"
i18nKey="a101" resourceName="refreshTokenLifetime">
<DefaultValues>
<Value>600</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-access-token-lifetime"
type="single"
syntax="number_range" rangeStart="0" rangeEnd="2147483647"
validator="RequiredValueValidator"
i18nKey="a102" resourceName="accessTokenLifetime">
<DefaultValues>
<Value>60</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-issue-refresh-token"
type="single"
syntax="boolean"
i18nKey="a103" resourceName="issueRefreshToken">
<BooleanValues>
<BooleanTrueValue i18nKey="i18nTrue">true</BooleanTrueValue>
<BooleanFalseValue i18nKey="i18nFalse">false</BooleanFalseValue>
</BooleanValues>
<DefaultValues>
<Value>true</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-issue-refresh-token-on-refreshing-token"
type="single"
syntax="boolean"
i18nKey="a103a" resourceName="issueRefreshTokenOnRefreshedToken">
<BooleanValues>
<BooleanTrueValue i18nKey="i18nTrue">true</BooleanTrueValue>
<BooleanFalseValue i18nKey="i18nFalse">false</BooleanFalseValue>
</BooleanValues>
<DefaultValues>
<Value>true</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-scope-implementation-class"
type="single"
syntax="string"
validator="RequiredValueValidator"
i18nKey="a104" resourceName="scopeImplementationClass">
<DefaultValues>
<Value>org.forgerock.openam.oauth2.OpenAMScopeValidator</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-oidc-claims-extension-script"
type="single"
syntax="script"
validator="ScriptValidator"
i18nKey="a104aa"
resourceName="oidcClaimsScript">
<DefaultValues>
<Value>
${inject.content.oidc-claims-extension-groovy}
</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-oidc-claims-extension-script-type"
type="single_choice"
syntax="string"
i18nKey="a104ab"
resourceName="oidcClaimsScriptType">
<ChoiceValues>
<ChoiceValue i18nKey="scriptGroovyChoice">Groovy</ChoiceValue>
<ChoiceValue i18nKey="scriptJavaScriptChoice">JavaScript</ChoiceValue>
</ChoiceValues>
<DefaultValues>
<Value>Groovy</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-response-type-map-class"
type="list"
syntax="string"
i18nKey="a105"
resourceName="responseTypeClasses">
<DefaultValues>
<Value>token|org.forgerock.restlet.ext.oauth2.flow.responseTypes.TokenResponseType</Value>
<Value>code|org.forgerock.restlet.ext.oauth2.flow.responseTypes.CodeResponseType</Value>
<Value>id_token|org.forgerock.restlet.ext.oauth2.flow.responseTypes.IDTokenResponseType</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema
name="forgerock-oauth2-provider-authentication-attributes"
type="list"
syntax="string"
i18nKey="a106"
resourceName="authenticationAttributes">
<DefaultValues>
<Value>uid</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-saved-consent-attribute"
type="single"
syntax="string"
resourceName="savedConsentAttribute"
i18nKey="a107">
<DefaultValues>
<Value></Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema
name="forgerock-oauth2-provider-supported-scopes"
type="list"
syntax="string"
resourceName="supportedScopes"
i18nKey="a108">
<DefaultValues>
<Value>openid</Value>
<Value>profile</Value>
<Value>email</Value>
<Value>address</Value>
<Value>phone</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema
name="forgerock-oauth2-provider-jkws-uri"
type="single"
syntax="string"
resourceName="jkwsURI"
i18nKey="a109">
<DefaultValues>
<Value></Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema
name="forgerock-oauth2-provider-subject-types-supported"
type="list"
syntax="string"
resourceName="supportedSubjectTypes"
i18nKey="a110">
<DefaultValues>
<Value>public</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema
name="forgerock-oauth2-provider-id-token-signing-algorithms-supported"
type="list"
syntax="string"
resourceName="supportedIDTokenSigningAlgorithms"
i18nKey="a111">
<DefaultValues>
<Value>HS256</Value>
<Value>HS384</Value>
<Value>HS512</Value>
<Value>RS256</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema
name="forgerock-oauth2-provider-supported-claims"
type="list"
syntax="string"
resourceName="supportedClaims"
i18nKey="a112">
<DefaultValues>
<Value>email</Value>
<Value>address</Value>
<Value>phone_number</Value>
<Value>given_name</Value>
<Value>zoneinfo</Value>
<Value>family_name</Value>
<Value>locale</Value>
<Value>name</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema
name="forgerock-oauth2-provider-default-scopes"
type="list"
syntax="string"
resourceName="defaultScopes"
i18nKey="a122">
<DefaultValues>
<Value>openid</Value>
<Value>profile</Value>
<Value>email</Value>
<Value>address</Value>
<Value>phone</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-jwt-token-lifetime"
type="single"
syntax="number_range" rangeStart="0" rangeEnd="2147483647"
validator="RequiredValueValidator"
resourceName="jwtTokenLifetime"
i18nKey="a113">
<DefaultValues>
<Value>600</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-keypair-name"
type="single"
syntax="string"
validator="RequiredValueValidator"
resourceName="keypairName"
i18nKey="a114">
<DefaultValues>
<Value>test</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-claims-parameter-supported"
type="single"
syntax="boolean"
resourceName="claimsParameterSupported"
i18nKey="a123">
<BooleanValues>
<BooleanTrueValue i18nKey="i18nTrue">true</BooleanTrueValue>
<BooleanFalseValue i18nKey="i18nFalse">false</BooleanFalseValue>
</BooleanValues>
<DefaultValues>
<Value>false</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-hash-salt"
type="single"
syntax="string"
resourceName="hashSalt"
i18nKey="a124">
<DefaultValues>
<Value>changeme</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-allow-open-dynamic-registration"
type="single"
syntax="boolean"
resourceName="allowDynamicRegistration"
i18nKey="a115">
<BooleanValues>
<BooleanTrueValue i18nKey="i18nTrue">true</BooleanTrueValue>
<BooleanFalseValue i18nKey="i18nFalse">false</BooleanFalseValue>
</BooleanValues>
<DefaultValues>
<Value>false</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-generate-registration-access-tokens"
type="single"
syntax="boolean"
resourceName="generateRegistrationAccessTokens"
i18nKey="a116">
<BooleanValues>
<BooleanTrueValue i18nKey="i18nTrue">true</BooleanTrueValue>
<BooleanFalseValue i18nKey="i18nFalse">false</BooleanFalseValue>
</BooleanValues>
<DefaultValues>
<Value>true</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="MapValueValidator"
type="validator"
syntax="string">
<DefaultValues>
<Value>com.sun.identity.common.configuration.MapValueValidator</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-loa-mapping"
type="list"
syntax="string"
uitype="maplist"
validator="MapValueValidator"
resourceName="loaMapping"
i18nKey="a117">
<ChoiceValues>
<ChoiceValuesClassName
className="com.sun.identity.authentication.service.ConfiguredAuthServices"/>
</ChoiceValues>
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-default-acr"
type="single"
syntax="string"
resourceName="defaultACR"
i18nKey="a118">
</AttributeSchema>
<AttributeSchema name="forgerock-oauth2-provider-amr-mappings"
type="list"
syntax="string"
uitype="maplist"
validator="MapValueValidator"
resourceName="amrMappings"
i18nKey="a119">
<ChoiceValues>
<ChoiceValuesClassName
className="com.sun.identity.authentication.service.AllConfiguredModuleInstances"/>
</ChoiceValues>
</AttributeSchema>
<AttributeSchema
name="forgerock-oauth2-provider-modified-attribute-name"
type="single"
syntax="string"
resourceName="modifiedTimestampAttribute"
i18nKey="a120">
<DefaultValues>
<Value>modifyTimestamp</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema
name="forgerock-oauth2-provider-created-attribute-name"
type="single"
syntax="string"
resourceName="createdTimestampAttribute"
i18nKey="a121">
<DefaultValues>
<Value>createTimestamp</Value>
</DefaultValues>
</AttributeSchema>
</Organization>
</Schema>
</Service>
</ServicesConfiguration>