community
/
product-iots
10
0
Fork 4
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fixing the API creating issue in the core.

Browse Source
merge-requests/1/head
sinthuja 8 years ago
parent b5af4176d2
commit f5378f61e9
2 changed files with 529 additions and 0 deletions
Show Stats Download Patch File Download Diff File

16
modules/distribution/src/assembly/bin.xml
Unescape View File

@ -493,6 +493,14 @@
</outputDirectory> </outputDirectory>
</fileSet> </fileSet>
<fileSet>
<directory>
../p2-profile/iot-core-profile/target/wso2carbon-core-${carbon.kernel.version}/wso2/rxts
</directory>
<outputDirectory>${pom.artifactId}-${pom.version}/repository/resources/rxts
</outputDirectory>
</fileSet>
<fileSet> <fileSet>
<directory>src/core/conf/identity/service-providers</directory> <directory>src/core/conf/identity/service-providers</directory>
<outputDirectory>${pom.artifactId}-${pom.version}/conf/identity/service-providers</outputDirectory> <outputDirectory>${pom.artifactId}-${pom.version}/conf/identity/service-providers</outputDirectory>
@ -1161,6 +1169,14 @@
<filtered>true</filtered> <filtered>true</filtered>
<fileMode>644</fileMode> <fileMode>644</fileMode>
</file> </file>
<file>
<source>
src/core/conf/identity/identity.xml
</source>
<outputDirectory>${pom.artifactId}-${pom.version}/conf/identity</outputDirectory>
<filtered>true</filtered>
<fileMode>644</fileMode>
</file>
<!-- Copying sso-idp-config.xml file --> <!-- Copying sso-idp-config.xml file -->
<file> <file>
<source>src/core/conf/identity/sso-idp-config.xml</source> <source>src/core/conf/identity/sso-idp-config.xml</source>

513
modules/distribution/src/core/conf/identity/identity.xml
Unescape View File

@ -0,0 +1,513 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright (c) 2011, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<Server xmlns="http://wso2.org/projects/carbon/carbon.xml">
<JDBCPersistenceManager>
<DataSource>
<!-- Include a data source name (jndiConfigName) from the set of data
sources defined in master-datasources.xml -->
<Name>jdbc/WSO2AM_DB</Name>
</DataSource>
<!-- If the identity database is created from another place and if it is
required to skip schema initialization during the server start up, set the
following property to "true". -->
<!-- <SkipDBSchemaCreation>false</SkipDBSchemaCreation> -->
<SessionDataPersist>
<Enable>true</Enable>
<Temporary>true</Temporary>
<PoolSize>0</PoolSize>
<SessionDataCleanUp>
<Enable>true</Enable>
<CleanUpTimeout>20160</CleanUpTimeout>
<CleanUpPeriod>1140</CleanUpPeriod>
</SessionDataCleanUp>
<OperationDataCleanUp>
<Enable>true</Enable>
<CleanUpPeriod>720</CleanUpPeriod>
</OperationDataCleanUp>
</SessionDataPersist>
</JDBCPersistenceManager>
<!-- Time configurations are in minutes -->
<TimeConfig>
<SessionIdleTimeout>15</SessionIdleTimeout>
<RememberMeTimeout>20160</RememberMeTimeout>
</TimeConfig>
<!-- Security configurations -->
<Security>
<!-- The directory under which all other KeyStore files will be stored -->
<KeyStoresDir>${carbon.home}/conf/keystores</KeyStoresDir>
<KeyManagerType>SunX509</KeyManagerType>
<TrustManagerType>SunX509</TrustManagerType>
</Security>
<Identity>
<IssuerPolicy>SelfAndManaged</IssuerPolicy>
<TokenValidationPolicy>CertValidate</TokenValidationPolicy>
<BlackList/>
<WhiteList/>
<System>
<KeyStore/>
<StorePass/>
</System>
</Identity>
<OpenID>
<!--
Default values for OpenIDServerUrl and OpenIDUSerPattern are built in following format
https://<HostName>:<MgtTrpProxyPort except 443>/<ProxyContextPath>/<context>
If above format doesn't satisfy uncomment the following configs and explicitly configure the values
-->
<OpenIDServerUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/openidserver</OpenIDServerUrl>
<OpenIDUserPattern>${carbon.protocol}://${carbon.host}:${carbon.management.port}/openid</OpenIDUserPattern>
<OpenIDLoginUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/authenticationendpoint/openid_login.do</OpenIDLoginUrl>
<!-- If the users must be prompted for approval -->
<OpenIDSkipUserConsent>false</OpenIDSkipUserConsent>
<!-- Expiry time of the OpenID RememberMe token in minutes -->
<OpenIDRememberMeExpiry>7200</OpenIDRememberMeExpiry>
<!-- To enable or disable openid dumb mode -->
<DisableOpenIDDumbMode>false</DisableOpenIDDumbMode>
<!--
OpenID private association store is configurable from following configs.
It includes two new replication stores,
i. OpenIDServerAssociationStore (Default association store)
ii. PrivateAssociationCryptoStore
iii. PrivateAssociationReplicationStore
-->
<!-- Specify full qualified class name of the class which going to use as private association store -->
<!--
<OpenIDPrivateAssociationStoreClass>org.wso2.carbon.identity.provider.openid.PrivateAssociationCryptoStore</OpenIDPrivateAssociationStoreClass>
-->
<!-- The expiration time (in minutes) for the OpenID association -->
<!--
<OpenIDAssociationExpiryTime>15</OpenIDAssociationExpiryTime>
-->
<!-- Configs specific to PrivateAssociationCryptoStore -->
<!-- Server secret. This value should be the same in all nodes in the cluster -->
<!--
<OpenIDPrivateAssociationServerKey>qewlj324lmasc</OpenIDPrivateAssociationServerKey>
-->
<!-- Configs specific to PrivateAssociationCryptoStore -->
<!-- This enable private association cleanup task which cleans expired private associations -->
<!--
<EnableOpenIDAssociationCleanupTask>true</EnableOpenIDAssociationCleanupTask>
-->
<!-- Time Period (in minutes) that cleanup task would run -->
<!--
<OpenIDAssociationCleanupPeriod>15</OpenIDAssociationCleanupPeriod>
-->
</OpenID>
<OAuth>
<AppInfoCacheTimeout>-1</AppInfoCacheTimeout>
<AuthorizationGrantCacheTimeout>-1</AuthorizationGrantCacheTimeout>
<SessionDataCacheTimeout>-1</SessionDataCacheTimeout>
<ClaimCacheTimeout>-1</ClaimCacheTimeout>
<!--
Default values for OAuth1RequestTokenUrl, OAuth1AccessTokenUrl, OAuth1AuthorizeUrl
OAuth2AuthzEPUrl, OAuth2TokenEPUrl and OAuth2UserInfoEPUrl are built in following format
https://<HostName>:<MgtTrpProxyPort except 443>/<ProxyContextPath>/<context>/<path>
If above format doesn't satisfy uncomment the following configs and explicitly configure the values
-->
<OAuth1RequestTokenUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth/request-token</OAuth1RequestTokenUrl>
<OAuth1AuthorizeUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth/authorize-url</OAuth1AuthorizeUrl>
<OAuth1AccessTokenUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth/access-token</OAuth1AccessTokenUrl>
<OAuth2AuthzEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/authorize</OAuth2AuthzEPUrl>
<OAuth2TokenEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/token</OAuth2TokenEPUrl>
<OAuth2RevokeEPUrll>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/revoke</OAuth2RevokeEPUrll>
<OAuth2IntrospectEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/introspect</OAuth2IntrospectEPUrl>
<OAuth2UserInfoEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/userinfo</OAuth2UserInfoEPUrl>
<OIDCCheckSessionEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oidc/checksession</OIDCCheckSessionEPUrl>
<OIDCLogoutEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oidc/logout</OIDCLogoutEPUrl>
<OAuth2ConsentPage>${carbon.protocol}://${carbon.host}:${carbon.management.port}/authenticationendpoint/oauth2_authz.do</OAuth2ConsentPage>
<OAuth2ErrorPage>${carbon.protocol}://${carbon.host}:${carbon.management.port}/authenticationendpoint/oauth2_error.do</OAuth2ErrorPage>
<OIDCConsentPage>${carbon.protocol}://${carbon.host}:${carbon.management.port}/authenticationendpoint/oauth2_consent.do</OIDCConsentPage>
<OIDCLogoutConsentPage>${carbon.protocol}://${carbon.host}:${carbon.management.port}/authenticationendpoint/oauth2_logout_consent.do</OIDCLogoutConsentPage>
<OIDCLogoutPage>${carbon.protocol}://${carbon.host}:${carbon.management.port}/authenticationendpoint/oauth2_logout.do</OIDCLogoutPage>
<OIDCWebFingerEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/.well-known/webfinger</OIDCWebFingerEPUrl>
<!-- For tenants below urls will be modified as https://<hostname>:<port>/t/<tenant domain>/<path>-->
<OAuth2DCREPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/identity/connect/register</OAuth2DCREPUrl>
<OAuth2JWKSPage>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/jwks</OAuth2JWKSPage>
<OIDCDiscoveryEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/oidcdiscovery</OIDCDiscoveryEPUrl>
<!-- Default validity period for Authorization Code in seconds -->
<AuthorizationCodeDefaultValidityPeriod>300</AuthorizationCodeDefaultValidityPeriod>
<!-- Default validity period for application access tokens in seconds -->
<AccessTokenDefaultValidityPeriod>3600</AccessTokenDefaultValidityPeriod>
<!-- Default validity period for user access tokens in seconds -->
<UserAccessTokenDefaultValidityPeriod>3600</UserAccessTokenDefaultValidityPeriod>
<!-- Validity period for refresh token -->
<RefreshTokenValidityPeriod>84600</RefreshTokenValidityPeriod>
<!-- Timestamp skew in seconds -->
<TimestampSkew>300</TimestampSkew>
<!-- Enable OAuth caching -->
<EnableOAuthCache>false</EnableOAuthCache>
<!-- Enable renewal of refresh token for refresh_token grant -->
<RenewRefreshTokenForRefreshGrant>true</RenewRefreshTokenForRefreshGrant>
<!-- Process the token before storing it in database, e.g. encrypting -->
<TokenPersistenceProcessor>org.wso2.carbon.identity.oauth.tokenprocessor.PlainTextPersistenceProcessor</TokenPersistenceProcessor>
<!-- Supported Client Authentication Methods -->
<ClientAuthHandlers>
<ClientAuthHandler Class="org.wso2.carbon.identity.oauth2.token.handlers.clientauth.BasicAuthClientAuthHandler">
<Property Name="StrictClientCredentialValidation">false</Property>
</ClientAuthHandler>
</ClientAuthHandlers>
<!-- Supported Response Types -->
<SupportedResponseTypes>
<SupportedResponseType>
<ResponseTypeName>token</ResponseTypeName>
<ResponseTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.authz.handlers.TokenResponseTypeHandler</ResponseTypeHandlerImplClass>
</SupportedResponseType>
<SupportedResponseType>
<ResponseTypeName>code</ResponseTypeName>
<ResponseTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.authz.handlers.CodeResponseTypeHandler</ResponseTypeHandlerImplClass>
</SupportedResponseType>
<SupportedResponseType>
<ResponseTypeName>id_token</ResponseTypeName>
<ResponseTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.authz.handlers.TokenResponseTypeHandler</ResponseTypeHandlerImplClass>
</SupportedResponseType>
<SupportedResponseType>
<ResponseTypeName>id_token token</ResponseTypeName>
<ResponseTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.authz.handlers.TokenResponseTypeHandler</ResponseTypeHandlerImplClass>
</SupportedResponseType>
</SupportedResponseTypes>
<!-- Supported Grant Types -->
<SupportedGrantTypes>
<SupportedGrantType>
<GrantTypeName>authorization_code</GrantTypeName>
<GrantTypeHandlerImplClass>org.wso2.carbon.apimgt.keymgt.handlers.ExtendedAuthorizationCodeGrantHandler</GrantTypeHandlerImplClass>
</SupportedGrantType>
<SupportedGrantType>
<GrantTypeName>password</GrantTypeName>
<GrantTypeHandlerImplClass>org.wso2.carbon.apimgt.keymgt.handlers.ExtendedPasswordGrantHandler</GrantTypeHandlerImplClass>
</SupportedGrantType>
<SupportedGrantType>
<GrantTypeName>refresh_token</GrantTypeName>
<GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.RefreshGrantHandler</GrantTypeHandlerImplClass>
</SupportedGrantType>
<SupportedGrantType>
<GrantTypeName>client_credentials</GrantTypeName>
<GrantTypeHandlerImplClass>org.wso2.carbon.apimgt.keymgt.handlers.ExtendedClientCredentialsGrantHandler</GrantTypeHandlerImplClass>
</SupportedGrantType>
<SupportedGrantType>
<GrantTypeName>urn:ietf:params:oauth:grant-type:saml2-bearer</GrantTypeName>
<GrantTypeHandlerImplClass>org.wso2.carbon.apimgt.keymgt.handlers.ExtendedSAML2BearerGrantHandler</GrantTypeHandlerImplClass>
</SupportedGrantType>
<SupportedGrantType>
<GrantTypeName>iwa:ntlm</GrantTypeName>
<GrantTypeValidatorImplClass>org.wso2.carbon.identity.oauth.common.NTLMAuthenticationValidator</GrantTypeValidatorImplClass>
<GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.iwa.ntlm.NTLMAuthenticationGrantHandlerWithHandshake</GrantTypeHandlerImplClass>
</SupportedGrantType>
<SupportedGrantType>
<GrantTypeName>urn:ietf:params:oauth:grant-type:jwt-bearer</GrantTypeName>
<GrantTypeHandlerImplClass>org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant.ExtendedJWTGrantHandler</GrantTypeHandlerImplClass>
<GrantTypeValidatorImplClass>org.wso2.carbon.identity.oauth2.grant.jwt.JWTGrantValidator</GrantTypeValidatorImplClass>
</SupportedGrantType>
<SupportedGrantType>
<GrantTypeName>urn:ietf:params:oauth:grant-type:jwt-bearer</GrantTypeName>
<GrantTypeHandlerImplClass>org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant.ExtendedJWTGrantHandler</GrantTypeHandlerImplClass>
<GrantTypeValidatorImplClass>org.wso2.carbon.identity.oauth2.grant.jwt.JWTGrantValidator</GrantTypeValidatorImplClass>
</SupportedGrantType>
<SupportedGrantType>
<GrantTypeName>urn:ietf:params:oauth:grant-type:jwt-bearer</GrantTypeName>
<GrantTypeHandlerImplClass>org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant.ExtendedJWTGrantHandler</GrantTypeHandlerImplClass>
<GrantTypeValidatorImplClass>org.wso2.carbon.identity.oauth2.grant.jwt.JWTGrantValidator</GrantTypeValidatorImplClass>
</SupportedGrantType>
<SupportedGrantType>
<GrantTypeName>urn:ietf:params:oauth:grant-type:jwt-bearer</GrantTypeName>
<GrantTypeHandlerImplClass>org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant.ExtendedJWTGrantHandler</GrantTypeHandlerImplClass>
<GrantTypeValidatorImplClass>org.wso2.carbon.identity.oauth2.grant.jwt.JWTGrantValidator</GrantTypeValidatorImplClass>
</SupportedGrantType>
<SupportedGrantType>
<GrantTypeName>urn:ietf:params:oauth:grant-type:jwt-bearer</GrantTypeName>
<GrantTypeHandlerImplClass>org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant.ExtendedJWTGrantHandler</GrantTypeHandlerImplClass>
<GrantTypeValidatorImplClass>org.wso2.carbon.identity.oauth2.grant.jwt.JWTGrantValidator</GrantTypeValidatorImplClass>
</SupportedGrantType>
<SupportedGrantType>
<GrantTypeName>urn:ietf:params:oauth:grant-type:jwt-bearer</GrantTypeName>
<GrantTypeHandlerImplClass>org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant.ExtendedJWTGrantHandler</GrantTypeHandlerImplClass>
<GrantTypeValidatorImplClass>org.wso2.carbon.identity.oauth2.grant.jwt.JWTGrantValidator</GrantTypeValidatorImplClass>
</SupportedGrantType>
<SupportedGrantType>
<GrantTypeName>urn:ietf:params:oauth:grant-type:jwt-bearer</GrantTypeName>
<GrantTypeHandlerImplClass>org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant.ExtendedJWTGrantHandler</GrantTypeHandlerImplClass>
<GrantTypeValidatorImplClass>org.wso2.carbon.identity.oauth2.grant.jwt.JWTGrantValidator</GrantTypeValidatorImplClass>
</SupportedGrantType>
</SupportedGrantTypes>
<OAuthCallbackHandlers>
<OAuthCallbackHandler Class="org.wso2.carbon.apimgt.keymgt.util.APIManagerOAuthCallbackHandler"/>
</OAuthCallbackHandlers>
<OAuthScopeValidator class="org.wso2.carbon.device.mgt.oauth.extensions.handlers.ScopeValidationHandler"/>
<!--TokenValidators>
<TokenValidator type="bearer" class="org.wso2.carbon.identity.oauth2.validators.DefaultOAuth2TokenValidator"/>
</TokenValidators-->
<!-- Assertions can be used to embedd parameters into access token. -->
<EnableAssertions>
<UserName>false</UserName>
</EnableAssertions>
<!-- This should be set to true when using multiple user stores and keys
should saved into different tables according to the user store. By default
all the application keys are saved in to the same table. UserName Assertion
should be 'true' to use this. -->
<EnableAccessTokenPartitioning>false</EnableAccessTokenPartitioning>
<!-- user store domain names and mapping to new table name. eg: if you
provide 'A:foo.com', foo.com should be the user store domain name and 'A'
represent the relavant mapping of token store table, i.e. tokens will be
added to a table called IDN_OAUTH2_ACCESS_TOKEN_A. -->
<AccessTokenPartitioningDomains>
<!-- A:foo.com, B:bar.com -->
</AccessTokenPartitioningDomains>
<AuthorizationContextTokenGeneration>
<Enabled>false</Enabled>
<TokenGeneratorImplClass>org.wso2.carbon.identity.oauth2.authcontext.JWTTokenGenerator</TokenGeneratorImplClass>
<ClaimsRetrieverImplClass>org.wso2.carbon.identity.oauth2.authcontext.DefaultClaimsRetriever</ClaimsRetrieverImplClass>
<ConsumerDialectURI>http://wso2.org/claims</ConsumerDialectURI>
<SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm>
<AuthorizationContextTTL>15</AuthorizationContextTTL>
</AuthorizationContextTokenGeneration>
<SAML2Grant>
<!--SAML2TokenHandler></SAML2TokenHandler-->
</SAML2Grant>
<OpenIDConnect>
<IDTokenBuilder>org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder</IDTokenBuilder>
<SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm>
<!-- Comment out to add Audience values to the JWT token (id_token) -->
<!--Audiences>
<Audience>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/token</Audience>
</Audiences -->
<!--
Default value for IDTokenIssuerID, is OAuth2TokenEPUrl.
If that doesn't satisfy uncomment the following config and explicitly configure the value
-->
<IDTokenIssuerID>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/token</IDTokenIssuerID>
<IDTokenCustomClaimsCallBackHandler>org.wso2.carbon.identity.openidconnect.SAMLAssertionClaimsCallback</IDTokenCustomClaimsCallBackHandler>
<IDTokenExpiration>3600</IDTokenExpiration>
<UserInfoEndpointClaimRetriever>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoUserStoreClaimRetriever</UserInfoEndpointClaimRetriever>
<UserInfoEndpointRequestValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInforRequestDefaultValidator</UserInfoEndpointRequestValidator>
<UserInfoEndpointAccessTokenValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoISAccessTokenValidator</UserInfoEndpointAccessTokenValidator>
<UserInfoEndpointResponseBuilder>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoJSONResponseBuilder</UserInfoEndpointResponseBuilder>
<SkipUserConsent>false</SkipUserConsent>
</OpenIDConnect>
</OAuth>
<MultifactorAuthentication>
<!--Enable>false</Enable-->
<XMPPSettings>
<XMPPConfig>
<XMPPProvider>gtalk</XMPPProvider>
<XMPPServer>talk.google.com</XMPPServer>
<XMPPPort>5222</XMPPPort>
<XMPPExt>gmail.com</XMPPExt>
<XMPPUserName>multifactor1@gmail.com</XMPPUserName>
<XMPPPassword>wso2carbon</XMPPPassword>
</XMPPConfig>
</XMPPSettings>
</MultifactorAuthentication>
<SSOService>
<PersistanceCacheTimeout>157680000</PersistanceCacheTimeout>
<SessionIndexCacheTimeout>157680000</SessionIndexCacheTimeout>
<EntityId>${carbon.host}</EntityId>
<!--
Default value for IdentityProviderURL is built in following format
https://<HostName>:<MgtTrpProxyPort except 443>/<ProxyContextPath>/samlsso
If that doesn't satisfy uncomment the following config and explicitly configure the value
-->
<IdentityProviderURL>${carbon.protocol}://${carbon.host}:${carbon.management.port}/samlsso</IdentityProviderURL>
<DefaultLogoutEndpoint>${carbon.protocol}://${carbon.host}:${carbon.management.port}/authenticationendpoint/samlsso_logout.do</DefaultLogoutEndpoint>
<NotificationEndpoint>${carbon.protocol}://${carbon.host}:${carbon.management.port}/authenticationendpoint/samlsso_notification.do</NotificationEndpoint>
<SingleLogoutRetryCount>5</SingleLogoutRetryCount>
<SingleLogoutRetryInterval>60000</SingleLogoutRetryInterval>
<!-- in milli seconds -->
<TenantPartitioningEnabled>false</TenantPartitioningEnabled>
<AttributesClaimDialect>http://wso2.org/claims</AttributesClaimDialect>
<!--<SAMLSSOAssertionBuilder>org.wso2.carbon.identity.sso.saml.builders.assertion.ExtendedDefaultAssertionBuilder</SAMLSSOAssertionBuilder>-->
<SAMLSSOAssertionBuilder>org.wso2.carbon.identity.sso.saml.builders.assertion.DefaultSAMLAssertionBuilder</SAMLSSOAssertionBuilder>
<SAMLSSOEncrypter>org.wso2.carbon.identity.sso.saml.builders.encryption.DefaultSSOEncrypter</SAMLSSOEncrypter>
<SAMLSSOSigner>org.wso2.carbon.identity.sso.saml.builders.signature.DefaultSSOSigner</SAMLSSOSigner>
<SAML2HTTPRedirectSignatureValidator>org.wso2.carbon.identity.sso.saml.validators.SAML2HTTPRedirectDeflateSignatureValidator</SAML2HTTPRedirectSignatureValidator>
<!--SAMLSSOResponseBuilder>org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBuilder</SAMLSSOResponseBuilder-->
<!-- SAML Token validity period in minutes -->
<SAMLResponseValidityPeriod>5</SAMLResponseValidityPeriod>
<UseAuthenticatedUserDomainCrypto>true</UseAuthenticatedUserDomainCrypto>
<SAMLDefaultSigningAlgorithmURI>http://www.w3.org/2000/09/xmldsig#rsa-sha1</SAMLDefaultSigningAlgorithmURI>
<SAMLDefaultDigestAlgorithmURI>http://www.w3.org/2000/09/xmldsig#sha1</SAMLDefaultDigestAlgorithmURI>
<SLOHostNameVerificationEnabled>true</SLOHostNameVerificationEnabled>
</SSOService>
<SecurityTokenService>
<!--
Default value for IdentityProviderURL is built in following format
https://<HostName>:<MgtTrpProxyPort except 443>/<ProxyContextPath>/services/wso2carbon-sts
If that doesn't satisfy uncomment the following config and explicitly configure the value
-->
<IdentityProviderURL>${carbon.protocol}://${carbon.host}:${carbon.management.port}/services/wso2carbon-sts</IdentityProviderURL>
</SecurityTokenService>
<PassiveSTS>
<!--
Default value for IdentityProviderURL is built in following format
https://<HostName>:<MgtTrpProxyPort except 443>/<ProxyContextPath>/passivests
If that doesn't satisfy uncomment the following config and explicitly configure the value
-->
<IdentityProviderURL>${carbon.protocol}://${carbon.host}:${carbon.management.port}/passivests</IdentityProviderURL>
<RetryURL>${carbon.protocol}://${carbon.host}:${carbon.management.port}/authenticationendpoint/retry.do</RetryURL>
<TokenStoreClassName>org.wso2.carbon.identity.sts.passive.utils.NoPersistenceTokenStore</TokenStoreClassName>
<SLOHostNameVerificationEnabled>true</SLOHostNameVerificationEnabled>
</PassiveSTS>
<EntitlementSettings>
<ThirftBasedEntitlementConfig>
<EnableThriftService>false</EnableThriftService>
<ReceivePort>${Ports.ThriftEntitlementReceivePort}</ReceivePort>
<ClientTimeout>10000</ClientTimeout>
<KeyStore>
<Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
<Password>wso2carbon</Password>
</KeyStore>
<!-- Enable this element to mention the host-name of your IS machine -->
<ThriftHostName>${carbon.host}</ThriftHostName>
</ThirftBasedEntitlementConfig>
</EntitlementSettings>
<SCIM>
<!--
Default value for UserEPUrl and GroupEPUrl are built in following format
https://<HostName>:<MgtTrpProxyPort except 443>/<ProxyContextPath>/<context>/<path>
If that doesn't satisfy uncomment the following config and explicitly configure the value
-->
<UserEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/wso2/scim/Users</UserEPUrl>
<GroupEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/wso2/scim/Groups</GroupEPUrl>
<SCIMAuthenticators>
<Authenticator class="org.wso2.carbon.identity.scim.provider.auth.BasicAuthHandler">
<Property name="Priority">5</Property>
</Authenticator>
<Authenticator class="org.wso2.carbon.identity.scim.provider.auth.OAuthHandler">
<Property name="Priority">10</Property>
<Property name="AuthorizationServer">local://services</Property>
<!--Property name="AuthorizationServer">${carbon.protocol}://${carbon.host}:${carbon.management.port}/services</Property>
<Property name="UserName">admin</Property>
<Property name="Password">admin</Property-->
</Authenticator>
</SCIMAuthenticators>
</SCIM>
<!--Recovery>
<Notification>
<Password>
<Enable>false</Enable>
</Password>
<Username>
<Enable>false</Enable>
</Username>
<InternallyManage>true</InternallyManage>
</Notification>
<Question>
<Password>
<Enable>false</Enable>
<NotifyStart>false</NotifyStart>
<Separator>!</Separator>
<MinAnswers>2</MinAnswers>
<ReCaptcha>
<Enable>true</Enable>
<MaxFailedAttempts>2</MaxFailedAttempts>
</ReCaptcha>
</Password>
</Question>
<ExpiryTime>3</ExpiryTime>
<NotifySuccess>false</NotifySuccess>
<AdminPasswordReset>
<Offline>false</Offline>
<OTP>false</OTP>
<RecoveryLink>false</RecoveryLink>
</AdminPasswordReset>
</Recovery>
<EmailVerification>
<Enable>false</Enable>
<LockOnCreation>true</LockOnCreation>
<Notification>
<InternallyManage>true</InternallyManage>
</Notification>
</EmailVerification>
<SelfRegistration>
<Enable>false</Enable>
<LockOnCreation>false</LockOnCreation>
<Notification>
<InternallyManage>true</InternallyManage>
</Notification>
<ReCaptcha>false</ReCaptcha>
</SelfRegistration-->
<EventListeners>
<EventListener enable="true" name="org.wso2.carbon.user.mgt.workflow.userstore.UserStoreActionListener" orderId="10" type="org.wso2.carbon.user.core.listener.UserOperationEventListener"/>
<EventListener enable="false" name="org.wso2.carbon.identity.mgt.IdentityMgtEventListener" orderId="50" type="org.wso2.carbon.user.core.listener.UserOperationEventListener"/>
<EventListener enable="true" name="org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener" orderId="95" type="org.wso2.carbon.user.core.listener.UserOperationEventListener"/>
<EventListener enable="true" name="org.wso2.carbon.identity.scim.common.listener.SCIMUserOperationListener" orderId="90" type="org.wso2.carbon.user.core.listener.UserOperationEventListener"/>
<EventListener enable="true" name="org.wso2.carbon.identity.governance.listener.IdentityStoreEventListener" orderId="97" type="org.wso2.carbon.user.core.listener.UserOperationEventListener">
<Property name="Data.Store">org.wso2.carbon.identity.governance.store.JDBCIdentityDataStore</Property>
</EventListener>
<EventListener enable="false" name="org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASLoginDataPublisherImpl" orderId="10" type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"/>
<EventListener enable="false" name="org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASSessionDataPublisherImpl" orderId="11" type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"/>
<EventListener enable="true" name="org.wso2.carbon.identity.data.publisher.application.authentication.AuthnDataPublisherProxy" orderId="11" type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"/>
</EventListeners>
<CacheConfig>
<CacheManager name="IdentityApplicationManagementCacheManager">
<Cache capacity="5000" enable="false" isDistributed="false" name="AppAuthFrameworkSessionContextCache" timeout="1"/>
<Cache capacity="5000" enable="false" isDistributed="false" name="AuthenticationContextCache" timeout="1"/>
<Cache capacity="5000" enable="false" isDistributed="false" name="AuthenticationRequestCache" timeout="1"/>
<Cache capacity="5000" enable="false" isDistributed="false" name="AuthenticationResultCache" timeout="1"/>
<Cache capacity="5000" enable="true" isDistributed="false" name="AppInfoCache" timeout="1"/>
<Cache capacity="5000" enable="false" isDistributed="false" name="AuthorizationGrantCache" timeout="1"/>
<Cache capacity="5000" enable="false" isDistributed="false" name="OAuthCache" timeout="1"/>
<Cache capacity="5000" enable="false" isDistributed="false" name="OAuthSessionDataCache" timeout="1"/>
<Cache capacity="5000" enable="false" isDistributed="false" name="SAMLSSOParticipantCache" timeout="1"/>
<Cache capacity="5000" enable="false" isDistributed="false" name="SAMLSSOSessionIndexCache" timeout="1"/>
<Cache capacity="5000" enable="false" isDistributed="false" name="SAMLSSOSessionDataCache" timeout="1"/>
<Cache capacity="5000" enable="true" isDistributed="false" name="ServiceProviderCache" timeout="1"/>
<Cache capacity="5000" enable="true" isDistributed="false" name="ProvisioningConnectorCache" timeout="1"/>
<Cache capacity="5000" enable="false" isDistributed="false" name="ProvisioningEntityCache" timeout="1"/>
<Cache capacity="5000" enable="true" isDistributed="false" name="ServiceProviderProvisioningConnectorCache" timeout="1"/>
<Cache capacity="5000" enable="true" isDistributed="false" name="IdPCacheByAuthProperty" timeout="1"/>
<Cache capacity="5000" enable="true" isDistributed="false" name="IdPCacheByHRI" timeout="1"/>
<Cache capacity="5000" enable="true" isDistributed="false" name="IdPCacheByName" timeout="1"/>
</CacheManager>
</CacheConfig>
<!--Cookies>
<Cookie name="commonAuthId" domain="localhost" httpOnly="true" secure="true" />
</Cookies-->
<ResourceAccessControl>
<Resource context="(.*)/api/identity/user/(.*)" http-method="all" secured="true"/>
<Resource context="(.*)/api/identity/recovery/(.*)" http-method="all" secured="true"/>
<Resource context="(.*)/.well-known(.*)" http-method="all" secured="true"/>
<Resource context="(.*)/identity/register(.*)" http-method="all" secured="true">
<Permissions>/permission/admin/manage/identity/applicationmgt/delete</Permissions>
</Resource>
<Resource context="(.*)/identity/connect/register(.*)" http-method="all" secured="true">
<Permissions>/permission/admin/manage/identity/applicationmgt/create</Permissions>
</Resource>
<Resource context="(.*)/oauth2/introspect(.*)" http-method="all" secured="true">
<Permissions>/permission/admin/manage/identity/applicationmgt/view</Permissions>
</Resource>
<Resource context="(.*)/api/identity/entitlement/(.*)" http-method="all" secured="true">
<Permissions>/permission/admin/manage/identity/pep</Permissions>
</Resource>
</ResourceAccessControl>
<ClientAppAuthentication>
<Application hash="66cd9688a2ae068244ea01e70f0e230f5623b7fa4cdecb65070a09ec06452262" name="dashboard"/>
</ClientAppAuthentication>
<TenantContextsToRewrite>
<WebApp>
<Context>/api/identity/user/v0.9</Context>
<Context>/api/identity/recovery/v0.9</Context>
<Context>/oauth2</Context>
<Context>/api/identity/entitlement</Context>
</WebApp>
<Servlet>
<Context>/identity/(.*)</Context>
</Servlet>
</TenantContextsToRewrite>
<!-- Server Synchronization Tolerance Configuration in seconds -->
<ClockSkew>300</ClockSkew>
</Server>
Write Preview
Loading…
Cancel
Save