Versions Compared

Old Version 44

changes.mady.by.user Colm O hEigeartaigh

Saved on

compared with

New Version 45

changes.mady.by.user Colm O hEigeartaigh

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

ws-security.ut.validator

The WSS4J Validator instance to use to validate UsernameTokens. The default value is the UsernameTokenValidator.

ws-security.saml1.validator

The WSS4J Validator instance to use to validate SAML 1.1 Tokens. The default value is the SamlAssertionValidator.

ws-security.saml2.validator

The WSS4J Validator instance to use to validate SAML 2.0 Tokens. The default value is the SamlAssertionValidator.

ws-security.timestamp.validator

The WSS4J Validator instance to use to validate Timestamps. The default value is the TimestampValidator.

ws-security.signature.validator

The WSS4J Validator instance to use to validate trust in credentials used in Signature verification. The default value is the SignatureTrustValidator.

ws-security.bst.validator

The WSS4J Validator instance to use to validate BinarySecurityTokens. The default value is the NoOpValidator.

ws-security.sct.validator

The WSS4J Validator instance to use to validate SecurityContextTokens. The default value is the NoOpValidator.

STS Client Configuration tags

ws-security.sts.client

A reference to the STSClient class used to communicate with the STS.

ws-security.sts.applies-to

The "AppliesTo" address to send to the STS. The default is the endpoint address of the service provider.

ws-security.sts.token.usecert

If true, writes out an X509Certificate structure in UseKey/KeyInfo. If false (the default), writes out a KeyValue structure instead.

ws-security.sts.token.do.cancel

Whether to cancel a token when using SecureConversation after successful invocation. The default is "false".

ws-security.issue.after.failed.renew

Whether to fall back to calling "issue" after failing to renew an expired token. The default is "true".

ws-security.cache.issued.token.in.endpoint

Set this to "false" to not cache a SecurityToken per proxy object in the IssuedTokenInterceptorProvider. This should be done if a token is being retrieved from an STS in an intermediary. The default value is "true".

ws-security.sts.disable-wsmex-call-using-epr-address

Whether to avoid STS client trying send WS-MetadataExchange call using STS EPR WSA address when the endpoint contract contains no WS-MetadataExchange info. The default value is "false".

ws-security.sts.token.crypto

A Crypto object to be used for the STS. See here for more information.

ws-security.sts.token.properties

The Crypto property configuration to use for the STS. See here for more information.

ws-security.sts.token.username

The alias name in the keystore to get the user's public key to send to the STS for the PublicKey KeyType case.

ws-security.sts.token.act-as

The token to be sent to the STS in an "ActAs" field. See here for more information.

ws-security.sts.token.on-behalf-of

The token to be sent to the STS in an "OnBehalfOf" field. See here for more information.

ws-security.issue.after.failed.renewWhether to call "Issue" if a token "Renew" fails. Some STSs do not support the renew binding. Defaults to "true".
ws-security.sts.token.imminent-expiry-valueThe value in seconds within which a token is considered to be expired by the client, i.e. it is considered to be expired if it will expire in a time less than the value specified by this tag. The default value is "10" for CXF 3.0.2+, and "0" for CXF 2.7.13+.

Kerberos Configuration tags

...