Versions Compared

Old Version 27

changes.mady.by.user Oliver Wulff

Saved on

compared with

New Version 28

changes.mady.by.user Colm O hEigeartaigh

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

XML element

Name

Use

Description

audienceUris

Audience URI

Required

The values of the list of audience URIs are verified against the element AudienceRestriction in the SAML token

certificateStores

Trusted certificate store

Required

The list of keystores (JKS, PEM) includes at least the certificate of the Certificate Authorities (CA) which signed the certificate which is used to sign the SAML token.
If the file location is not fully qualified it needs to be relative to the Container home directory

trustedIssuers

Trusted Issuers

Required

There are two ways to configure a trusted issuer (IDP). Either you configure the subject name and the CA(s) who signed the certificate of the IDP (certificateValidation=ChainTrust) or you configure the certificate of the IDP and the CA(s) who signed it (certificateValidation=PeerTrust)

maximumClockSkew

Maximum Clock Skew

Optional

Maximum allowable time difference between the system clocks of the IDP and RP.
Default 5 seconds.

tokenReplayCache

Token Replay Cache

Optional

The TokenReplayCache implementation to use to cache tokens. The default is an implementation based on EHCache.

signingKey

Key for Signature

Optional

If configured, the published (WS-Federation) Metadata document is signed by this key. Otherwise, not signed.

tokenDecryptionKey

Decryption Key

Optional

A Keystore used to decrypt an encrypted token.

tokenExpirationValidationToken Expiration ValidationOptional

Decision whether the token validation (e.g. lifetime) shall be performed on every request (true) or only once at initial authentication (false). The default is "false".

WS-Federation protocol configuration reference

...