WS-Security Provider (wsSecurityProvider)
Web Services Security default configuration for provider.
Attribute name | Data type | Default value | Description |
---|---|---|---|
ws-security.callback-handler | string | Password callback handler implementation class. | |
ws-security.enable.nonce.cache | boolean | true | Whether to cache UsernameToken nonces. |
ws-security.encryption.username | string | Alias used for accessing encryption keystore. | |
ws-security.signature.username | string | Alias used for accessing signature keystore. | |
ws-security.username | string | User information to create Username Token. |
- callerToken
Description: Caller token.Required: falseData type: Attribute name Data type Default value Description allowCustomCacheKey boolean true Allow the generation of a custom cache key to access the authentication cache and get the subject. groupIdentifier string Specifies a SAML attribute that is used as the name of the group that the authenticated principal is a member of. There is no default value. includeTokenInSubject boolean true Specifies whether to include a SAML assertion in the subject. mapToUserRegistry - User
- No
- Group
No Specifies how to map an identity to a registry user. The options are No, User, and Group. The default is No, and the user registry is not used to create the user subject. - User
- Map a SAML identity to a user defined in the registry
- No
- Do not map a SAML identity to a user or group in the registry
- Group
- Map a SAML identity to a group defined in the user registry
name string Specify token name. The options are Usernametoken, X509token, Samltoken. realmIdentifier string Specifies a SAML attribute that is used as the realm name. The default is issuer. realmName string Specifies a realm name when mapToUserRegistry is set to No or Group. userIdentifier string Specifies a SAML attribute that is used as the user principal name in the subject. The default is NameID assertion. userUniqueIdentifier string Specifies a SAML attribute that is used as the unique user name as it applies to the WSCredential in the subject. The default is the same as the userIdentifier attribute value.
- encryptionProperties
Description: Required encryption configuration.Required: falseData type: Attribute name Data type Default value Description org.apache.ws.security.crypto.merlin.cert.provider string The provider used to load certificates. Defaults to keystore provider. org.apache.ws.security.crypto.merlin.file string The location of the keystore org.apache.ws.security.crypto.merlin.keystore.alias string The default keystore alias to use, if none is specified. org.apache.ws.security.crypto.merlin.keystore.password Reversably encoded password (string) Password to access keystore file. org.apache.ws.security.crypto.merlin.keystore.private.password Reversably encoded password (string) The default password used to load the private key. org.apache.ws.security.crypto.merlin.keystore.provider string The provider used to load keystores. Defaults to installed provider. org.apache.ws.security.crypto.merlin.keystore.type string JKS, JCEKS or PKCS11 org.apache.ws.security.crypto.merlin.truststore.file string The location of the truststore org.apache.ws.security.crypto.merlin.truststore.password Reversably encoded password (string) The truststore password. org.apache.ws.security.crypto.merlin.truststore.type string The truststore type. org.apache.ws.security.crypto.merlin.x509crl.file string The location of an (X509) CRL file to use. org.apache.ws.security.crypto.provider string org.apache.ws.security.components.crypto.Merlin Provider used to create Crypto instances. Defaults to "org.apache.ws.security.components.crypto.Merlin".
- samlToken
Description: Specifies the properties that are used to evaluate the trustworthiness and validity of a SAML Assertion.Required: falseData type: Attribute name Data type Default value Description clockSkew A period of time with millisecond precision 5m This is used to specify the allowed clock skew in minutes when validating the SAML token. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. requiredSubjectConfirmationMethod - bearer
bearer Specify whether the Subject Confirmation Method is required in the SAML Assertion. Default is true. - bearer
- bearer
timeToLive A period of time with millisecond precision 30m Specify the default life time of a SAML Assertion in the case it does not define the NoOnOrAfter condition. Default is 30 minutes. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. wantAssertionsSigned boolean true Indicates a requirement for the <saml:Assertion> elements received by this service provider to be signed.
- signatureProperties
Description: Required signature configuration.Required: falseData type: Attribute name Data type Default value Description org.apache.ws.security.crypto.merlin.cert.provider string The provider used to load certificates. Defaults to keystore provider. org.apache.ws.security.crypto.merlin.file string The location of the keystore org.apache.ws.security.crypto.merlin.keystore.alias string The default keystore alias to use, if none is specified. org.apache.ws.security.crypto.merlin.keystore.password Reversably encoded password (string) Password to access keystore file. org.apache.ws.security.crypto.merlin.keystore.private.password Reversably encoded password (string) The default password used to load the private key. org.apache.ws.security.crypto.merlin.keystore.provider string The provider used to load keystores. Defaults to installed provider. org.apache.ws.security.crypto.merlin.keystore.type string JKS, JCEKS or PKCS11 org.apache.ws.security.crypto.merlin.truststore.file string The location of the truststore org.apache.ws.security.crypto.merlin.truststore.password Reversably encoded password (string) The truststore password. org.apache.ws.security.crypto.merlin.truststore.type string The truststore type. org.apache.ws.security.crypto.merlin.x509crl.file string The location of an (X509) CRL file to use. org.apache.ws.security.crypto.provider string org.apache.ws.security.components.crypto.Merlin Provider used to create Crypto instances. Defaults to "org.apache.ws.security.components.crypto.Merlin".