...
ws-security.ut.validator | The WSS4J Validator instance to use to validate UsernameTokens. The default value is the UsernameTokenValidator. |
ws-security.saml1.validator | The WSS4J Validator instance to use to validate SAML 1.1 Tokens. The default value is the SamlAssertionValidator. |
ws-security.saml2.validator | The WSS4J Validator instance to use to validate SAML 2.0 Tokens. The default value is the SamlAssertionValidator. |
ws-security.timestamp.validator | The WSS4J Validator instance to use to validate Timestamps. The default value is the TimestampValidator. |
ws-security.signature.validator | The WSS4J Validator instance to use to validate trust in credentials used in Signature verification. The default value is the SignatureTrustValidator. |
ws-security.bst.validator | The WSS4J Validator instance to use to validate BinarySecurityTokens. The default value is the NoOpValidator. |
ws-security.sct.validator | The WSS4J Validator instance to use to validate SecurityContextTokens. The default value is the NoOpValidator. |
STS Client Configuration tags
ws-security.sts.client | A reference to the STSClient class used to communicate with the STS. |
ws-security.sts.applies-to | The "AppliesTo" address to send to the STS. The default is the endpoint address of the service provider. |
ws-security.sts.token.usecert | Whether to write out an X509Certificate structure in UseKey/KeyInfo, or whether to write out a KeyValue structure. The default value is "false". |
ws-security.sts.token.do.cancel | Whether to cancel a token when using SecureConversation after successful invocation. The default is "false". |
ws-security.cache.issued.token.in.endpoint | Set this to "false" to not cache a SecurityToken per proxy object in the IssuedTokenInterceptorProvider. This should be done if a token is being retrieved from an STS in an intermediary. The default value is "true". |
ws-security.sts.disable-wsmex-call-using-epr-address | Whether to avoid STS client trying send WS-MetadataExchange call using STS EPR WSA address when the endpoint contract contains no WS-MetadataExchange info. The default value is "false". |
ws-security.sts.token.crypto | A Crypto object to be used for the STS. See here for more information. |
ws-security.sts.token.properties | The Crypto property configuration to use for the STS. See here for more information. |
ws-security.sts.token.username | The alias name in the keystore to get the user's public key to send to the STS for the PublicKey KeyType case. |
ws-security.sts.token.act-as | The token to be sent to the STS in an "ActAs" field. See here for more information. |
ws-security.sts.token.on-behalf-of | The token to be sent to the STS in an "OnBehalfOf" field. See here for more information. |
Configuring via Spring
The properties are easily configured as client or endpoint properties--use the former for the SOAP client, the latter for the web service provider.
...