Identity Federation

• com.sun.identity.federation.alliance.cache.enabled

  Default value is true. If true, federation metadata will be cached internally.

• com.sun.identity.federation.fedCookieName

  Default value is fedCookie. Specifies the name of the Federation Services cookie.

• com.sun.identity.federation.proxyfinder

  Default value is com.sun.identity.federation.services.FSIDPProxyImpl. Defines the implementation for finding a preferred identity provider to be proxied.

• com.sun.identity.federation.services.signingOn

  Default value is false. Specifies the level of signature verification for Liberty requests and responses.

  true

  Liberty requests and responses will be signed when sent, and Liberty requests and responses that are received will be verified for signature validity.

  false

  Liberty requests and responses that are sent and received will not be verified for signature.

  optional

  Liberty requests and responses will be signed or verified only if required by the Federation profiles.

• com.sun.identity.password.deploymentDescriptor

  Value is set during installation. Example: /ampassword

• com.sun.identity.policy.Policy.policy_evaluation_weights

  Default value is 10:10:10. Indicates the proportional processing cost to evaluate a policy subject, rule, and condition. The values specified influence the order in which the subject, rule, and condition of a policy are evaluated. The value is expressed using three integers which represent a subject, a rule, and a condition. The values are delimited by a colon (:) to indicate the proportional processing cost to evaluate a policy subject, rule, and condition.

• com.sun.identity.session.application.maxCacheTime

  Default value is 3. Specifies the maximum number of minutes for caching time for Application Sessions. By default, the cache does not expire unless this property is enabled.

• com.sun.identity.sm.ldap.enableProxy

  The default is false. The purpose of this flag is to report to Service Management that the Directory Proxy must be used for read, write, and/or modify operations to the Directory Server. This flag also determines if ACIs or delegation privileges are to be used.

  This flag must be set to "true" when the Access Manager SDK (from version 7 or 7.1) is communicating with Access Manger version 6.3. For example, in the co-existence/legacy mode this value should be "true". In the legacy DIT, the delegation policies were not supported. Only ACIs were supported, so o to ensure proper delegation check, this flag must be set to 'true' in legacy mode installation to make use of the ACIs for access control. Otherwise the delegation check will fail.

  In realm mode, this value should be set to false so only the delegation policies are used for access control. In version 7.0 and later, Access Manager supports data-agnostic feature in realm mode installation. So, in addition to Directory Server, other servers may be used to store service configuration data.

  Additionally, this flag will report to the Service Management feature that the Directory Proxy does not need to be used for the read, write, and/or modify operations to the backend storage. This is because some data stores, like Active Directory, may not support proxy.

• com.sun.identity.webcontainer

  Value is set during installation. Example: WEB_CONTAINER

  Specifies the name of the of the web container. Although the servlet or JSPs are not web container dependent, Access Manager uses the servlet 2.3 API request.setCharacterEncoding() to correctly decode incoming non English characters. These APIs will not work if Access Manager is deployed on Sun Java System Web Server 6.1. Access Manager uses the gx_charset mechanism to correctly decode incoming data in Sun Java System Web Server versions 6.1 and S1AS7.0. Possible values BEA6.1, BEA 8.1, IBM5.1 or IAS7.0. If the web container is Sun Java System Web Server, the tag is not replaced.