Federation Properties (Sun OpenSSO Enterprise 8.0 Developer's Guide)

Sun OpenSSO Enterprise 8.0 Developer's Guide

Federation Properties

These federation properties are not included in AMConfig.properties by default but can be added as needed.

com.sun.identity.liberty.ws.soap.supportedActor

Defines the SOAP supported actors. Each actor must be separated by a pipe (|).

Note –

A SOAP message can travel from a sender to a receiver by passing different endpoints along the way but not all parts of the SOAP message may be intended for the destination; some may be intended for one or more endpoints along the message path. The SOAP actor attribute is used to address the Header element to a specific endpoint URL.

com.sun.identity.liberty.interaction.wspRedirectHandler

Defines the URL for WSPRedirectHandlerServlet to handle Liberty the WSF web service provider-resource owner. Interactions are based on user agent redirects. The servlet should be running in the same JVM where the Liberty service provider is running.

com.sun.identity.liberty.interaction.wscSpecifiedInteractionChoice

Indicates whether the web service client should participate in an interaction. Valid values are interactIfNeeded, doNotInteract, and doNotInteractForData. Default value is interactIfNeeded which is used if an invalid value is specified.

com.sun.identity.liberty.interaction.wscWillInlcudeUserInteractionHeader

Indicates whether the web service client should include userInteractionHeader. Valid values are yes and no (case ignored). Default value is yes. Default value is used if no value is specified.

com.sun.identity.liberty.interaction.wscWillRedirect

Indicates whether the web service client will redirect user for an interaction. Valid values are yes and no. Default value is yes. Default value is used if no value is specified.

com.sun.identity.liberty.interaction.wscSpecifiedMaxInteractionTime

Indicates the web service client preference for acceptable duration (in seconds) for an interaction. If the value is not specified or if a non-integer value is specified, the default value is 60.

com.sun.identity.liberty.interaction.wscWillEnforceHttpsCheck

Indicates whether the web service client enforces that redirected to URL is HTTPS. Valid values are yes and no (case ignored). The Liberty specification requires the value to be yes. Default value is yes. Default value is used if no value is specified.

com.sun.identity.liberty.interaction.wspWillRedirect

Indicates whether the web service provider redirects the user for an interaction. Valid values are yes and no (case ignored). Default value is yes. Default value is if no value is specified.

com.sun.identity.liberty.interaction.wspWillRedirectForData

Indicates whether the web service provider redirects the user for an interaction for data. Valid values are yes and no. Default value is yes. If no value is specified, the value is yes.

com.sun.identity.liberty.interaction.wspRedirectTime

Web service provider expected duration (in seconds) for an interaction. Default value if the value is not specified or is a non-integer value is 30.

com.sun.identity.liberty.interaction.wspWillEnforceHttpsCheck

Indicates whether the web service client enforces that returnToURL is HTTP. Valid values are yes and no (case ignored). Liberty specification requires the value to be yes. Default value is yes. If no value is specified, then the value used is yes.

com.sun.identity.liberty.interaction.wspWillEnforceReturnToHostEqualsRequestHost

Indicates whether the web services client enforces that returnToHost and requestHost are the same. Valid values are yes and no. Liberty specification requires the value to be yes.

com.sun.identity.liberty.interaction.htmlStyleSheetLocation

Indicates the path to the style sheet used to render the interaction page in HTML.

com.sun.identity.liberty.interaction.wmlStyleSheetLocation

Indicates the path to the style sheet used to render the interaction page in WML.

com.sun.identity.liberty.ws.interaction.enable

Default value is false.

com.sun.identity.wss.provider.config.plugin= com.sun.identity.wss.provider.plugins.AgentProvider

Used by the web services provider to determine the plug-in that will be used to store the configuration.

For example: com.sun.identity.wss.provider.config.plugin= com.sun.identity.wss.provider.plugins.AgentProvider

com.sun.identity.loginurl

Used by the web services clients in Client SDK mode. For example:

com.sun.identity.loginurl=https://host:port/opensso-uri/UI/Login

com.sun.identity.liberty.authnsvc.url

Indicates the Liberty authentication service URL.

com.sun.identity.liberty.wsf.version

Used to determine which version of the Liberty identity web services framework is to be used when the framework can not determine from the inbound message or from the resource offering. This property is used when OpenSSO Enterprise is acting as the web service client. The default version is 1.1. The possible values are 1.0 or 1.1.

com.sun.identity.liberty.ws.soap.certalias

Value is set during installation. Client certificate alias that will be used in SSL connection for Liberty SOAP Binding.

com.sun.identity.liberty.ws.soap.messageIDCacheCleanupInterval

Default value is 60000. Specifies the number of milliseconds to elapse before cache cleanup events begin. Each message is stored in a cache with its ownmessageID to avoid duplicate messages. When a message's current time less the received time exceeds thestaleTimeLimit value, the message is removed from the cache.

com.sun.identity.liberty.ws.soap.staleTimeLimit

Default value is 300000. Determines if a message is stale and thus no longer trustworthy. If the message timestamp is earlier than the current timestamp by the specified number of milliseconds, the message the considered to be stale.

com.sun.identity.liberty.ws.wsc.certalias

Value is set during installation. Specifies default certificate alias for issuing web service security token for this web service client.

com.sun.identity.liberty.ws.trustedca.certaliases

Value is set during installation. Specifies certificate aliases for trusted CA. SAML or SAML BEARER token of incoming request. Message must be signed by a trusted CA in this list. The syntax is:

cert alias 1[:issuer 1]|cert alias 2[:issuer 2]|.....

For example: myalias1:myissuer1|myalias2|myalias3:myissuer3. The value issuer is used when the token doesn't have a KeyInfo inside the signature. The issuer of the token must be in this list, and the corresponding certificate alias will be used to verify the signature. If KeyInfo exists, the keystore must contain a certificate alias that matches the KeyInfo and the certificate alias must be in this list.