Hi Bradley,
Here is my esoe.config
#
#
# Enterprise Sign On Engine (ESOE) global configuration file
#
# Changing values in this file WILL effect the way the ESOE operates
in production, please change with
# care and in consultation with configuration documentation.
#
# VALUES IN THIS FILE WERE AUTOMATICALLY POPULATED BY ESOESTARTUP.
#
# Author: Bradley Beddoes
# Date: 22/11/2006
#
########################################################################### ################################
#
# Deployment specific configuration
####
## Database Server 1 Connection
databaseDriver-1=com.mysql.jdbc.Driver
databaseURL-1=jdbc:mysql://blr20357/esoedb2?useUnicode=true
databaseUsername-1=root
databasePassword-1=admin
databaseRemoveAbandoned-1=true
databaseRemoveAbandonedTimeout-1=300
databaseLogAbandoned-1=true
databaseMaxIdle-1=5
databaseMaxActive-1=25
## LDAP Server 1 Connection
ldapURL-1=ldap://blr20357:10389
ldapServer-1=blr20357:10389
ldapServerPort-1=10389
baseDN-1=o=sevenSeas
identifier-1=uid
recursive-1=true
disableSSL-1=true
adminUser-1=uid=admin,ou=system
adminPassword-1=secret
## Keystore 1
keystorePath-1=${esoe.data}/config/esoeKeystore.ks
keystorePassword-1=e2c235cfdc4c37b03494
keyAlias-1=1283ce0b58199ee9
keyPassword-1=b6c9c510fcd3b1ac22c3
keyAlias-2=40ea6353c1c792cf
## Active Directory SSO
# Identifier name for browsers integrated into Active Directory
#activeDirectoryBrowserId=
# Identifier for server principal in Active Directory
#serverPrincipal=
# Keytab for communication with Active Directory
#keyTab=
## ESOE trusted identifier for this deployment
esoeIdentifier=http://blr20357:8080
## Trusted URL to recieve metadata files from
metadataURL=http://blr20357:8080/esoemanager/metadata/retrieve.htm
# Domain in which esoe cookie should be available - should NEVER be
set institution wide
sessionDomain=blr20357
# Domain in which discovery cookie should be available - MUST be set
institution wide
commonDomain=colt.net
## URL to redirect unauthenticated principal to
authenticationURL=http://blr20357:8080/signin
## URL for SAML SSO endpoint supported by this instance
ssoURL=http://blr20357:8080/sso
## Authentication Identifiers
# URL to redirect authenticated principal to logout
logoutURL=http://blr20357:8080/web/logout.htm
# URL to redirect principal to for manual authentication processes
usernamePasswordURL=http://blr20357:8080/web/login.htm
# Value to append to usernamePasswordURL when authentication fails
authenticationFailedNameValue=rc=authnfail
# URLS to redirect client to when authn has completed successfully and
there is no dynamic URL
successURL=http://blr20357:8080/web/loginsuccess.htm
# URLS to redirect client to when logout has completed successfully
and there is no dynamic URL
logoutSuccessURL=http://blr20357:8080/web/logoutsuccess.htm
# URL to redirect client to for a critical failure
criticalfailureURL=http://blr20357:8080/web/failure.htm
##
# Identifier Attribute Mappings
identifier.unspecified.value=unmapped
identifier.emailAddress.value=mail
identifier.X509SubjectName.value=unmapped
identifier.windowsDomainQualName.value=umapped
identifier.kerberos.value=unmapped
identifier.persistent.value=unmapped
########################################################################### ################################
#
# You should not need to edit anything below this line, advanced
changes only
####
# Should ESOE try to process non signed AuthnRequests
acceptUnsignedAuthnRequests=false
# Identifier name for esoe session identifier
sessionTokenName=esoeSession
# Identifier name for site wide identifier indicating ESOE knows about
this users session
commonDomainTokenName=_saml_idp
## Authorization Identifiers
# Seconds between attempting to send cache updates to SPEPs
cacheupdatefailuremonitor.retryInterval=20
# Seconds that an authz cache update failure can remain in the
repository before being removed
cacheupdatefailuremonitor.maxFailureAge=3600
# Time in seconds to attempt to refresh updated policies from data
repository
authorizationPollInterval=120
# Time between retrying to send logout failures in seconds
sso.failedlogoutmonitor.retryInterval=60
# Seconds that a Logout failure can remain in repository in seconds
sso.failedlogoutmonitor.maxFailureAge=600
## SAML Identifiers
# Time in seconds to update the authentication network
networkUpdateInterval=120
# Time in seconds that is acceptable for networked SPEP instances
being out of time sync for
allowedSPEPSkew=60
# Time in seconds that a user authentication interaction is considered
active
allowedActiveAuthSkew=120
# Time in seconds that a session is to remain active on SPEP
sessionLength=86400
# Time that must be remaining in seconds for a principal to be granted
a new session on a remote SPEP
sessionRemainingLength=1800
# Time in seconds between session cache cleanup
sessionCacheClean=3600
# Time in seconds between identifier cache cleanup
identifierCacheClean=3600
# Time in seconds that we cache identifiers for to prevent replay
attacks
identifierExpiryInterval=36000
# Name of parameter which will hold Base64 encoded value which the
authentication system MUST respond to on successful authn
authenticationDynamicParameter=redirectURL
# Identifier name for disabling automated single sign on
disableAutomatedAuthnTokenName=esoeNoAuto
# Default authorization action
authorizationDefaultMode=DENY
##
# Identifier Keys
identifier.unspecified=urn:oasis:names:tc:SAML:1.1:nameid-
format:unspecified
identifier.emailAddress=urn:oasis:names:tc:SAML:1.1:nameid-
format:emailAddress
identifier.X509SubjectName=urn:oasis:names:tc:SAML:1.1:nameid-
format:X509SubjectName
identifier.windowsDomainQualName=urn:oasis:names:tc:SAML:1.1:nameid-
format:WindowsDomainQualifiedName
identifier.kerberos=urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos
identifier.persistent=urn:oasis:names:tc:SAML:2.0:nameid-
format:persistent
## Security Level
# Security Level Identifier
securityLevelIdentifer=SecurityLevel
# Security Level 1 Identifier
securityLevel1=Level 1
# Security Level 2 Identifier
securityLevel2=Level 2
# Security Level 3 Identifier
securityLevel3=Level 3
# Security Level 4 Identifier
securityLevel4=Level 4
### Supported Schemas
saml.protocol=saml-schema-protocol-2.0.xsd
saml.assertion=saml-schema-assertion-2.0.xsd
saml.metadata=saml-schema-metadata-2.0.xsd
lxacml=lxacmlSchema.xsd
lxacml.protocol=lxacmlSAMLProtocolSchema.xsd
lxacml.assertion=lxacmlSAMLAssertionSchema.xsd
lxacml.context=lxacmlContextSchema.xsd
lxacml.pdp=lxacmlPDPSchema.xsd
esoe.protocol=ESOEProtocolSchema.xsd
cache.clear=cacheClearServiceSchema.xsd
sessiondata=SessionDataSchema.xsd
########################################################################### ################################
#
# Spring configuration integration, you REALLY shouldn't need to edit
anything below this line.
####
### Datasources
## iBatis Data Source
ibatisdatasource.driver=${databaseDriver-1}
ibatisdatasource.url=${databaseURL-1}
ibatisdatasource.username=${databaseUsername-1}
ibatisdatasource.password=${databasePassword-1}
ibatisdatasource.removeAbandoned=${databaseRemoveAbandoned-1}
ibatisdatasource.removeAbandonedTimeout=$
{databaseRemoveAbandonedTimeout-1}
ibatisdatasource.logAbandoned=${databaseLogAbandoned-1}
ibatisdatasource.maxIdle=${databaseMaxIdle-1}
ibatisdatasource.maxActive=${databaseMaxActive-1}
## LDAP Context Source
ldapcontextsource.ldapURL=${ldapURL-1}
ldapcontextsource.base=${baseDN-1}
ldapcontextsource.username=${adminUser-1}
ldapcontextsource.password=${adminPassword-1}
## ESOE Key Store Resolver
esoekeystoreresolver.keystorePath=${keystorePath-1}
esoekeystoreresolver.keystorePassword=${keystorePassword-1}
esoekeystoreresolver.keyAlias=${keyAlias-1}
esoekeystoreresolver.keyPassword=${keyPassword-1}
## Metadata Key Store Resolver
metadatakeystoreresolver.keystorePath=${keystorePath-1}
metadatakeystoreresolver.keystorePassword=${keystorePassword-1}
metadatakeystoreresolver.keyAlias=${keyAlias-2}
metadatakeystoreresolver.keyPassword=
## SQL Maps
sqlmapclient.config=WEB-INF/sqlMapConfig.xml
### SAML2 Components
## Validator
samlValidator.allowedSPEPSkew=${allowedSPEPSkew}
## Identifier Cache
identifierCache.identifierCacheClean=${identifierCacheClean}
identifierCache.identifierExpiryInterval=${identifierExpiryInterval}
### Authentication
## Processors
authnprocessorimpl.sessionTokenName=${sessionTokenName}
authnprocessorimpl.sessionDomain=${sessionDomain}
## Handlers
usernamepasswordhandler.requireCredentialsURL=${usernamePasswordURL}
usernamepasswordhandler.authenticationFailedNameValue=$
{authenticationFailedNameValue}
usernamepasswordhandler.failURL=${criticalfailureURL}
usernamepasswordhandler.successURL=${successURL}
usernamepasswordhandler.securityLevelIdentifier=$
{securityLevelIdentifer}
usernamepasswordhandler.securityLevel=${securityLevel1}
#spnegohandler.successURL=${successURL}
#spnegohandler.spnegoUserAgentID=${activeDirectoryBrowserId}
#spnegohandler.securityLevelIdentifier=${securityLevelIdentifer}
#spnegohandler.securityLevel=${securityLevel1}
## Delegated Authentication
delegauthn.deniedIdentifiers1=${securityLevelIdentifer}
delegauthn.identifier=${esoeIdentifier}
## Authenticators
# LdapBasicAuthenticator
ldapbasicauthenticator.ldapServer=${ldapServer-1}
ldapbasicauthenticator.ldapServerPort=${ldapServerPort-1}
ldapbasicauthenticator.baseDN=${baseDN-1}
ldapbasicauthenticator.identifier=${identifier-1}
ldapbasicauthenticator.recursive=${recursive-1}
ldapbasicauthenticator.disableSSL=${disableSSL-1}
ldapbasicauthenticator.adminUser=${adminUser-1}
ldapbasicauthenticator.adminPassword=${adminPassword-1}
# Kerberos V5
...
|
