|
|
@ -33,6 +33,12 @@
|
|
|
|
<Enable>true</Enable>
|
|
|
|
<Enable>true</Enable>
|
|
|
|
<CleanUpTimeout>20160</CleanUpTimeout>
|
|
|
|
<CleanUpTimeout>20160</CleanUpTimeout>
|
|
|
|
<CleanUpPeriod>1140</CleanUpPeriod>
|
|
|
|
<CleanUpPeriod>1140</CleanUpPeriod>
|
|
|
|
|
|
|
|
<!--Instead of deleting all the records at once, we are deleting the records in chunks to prevent the -->
|
|
|
|
|
|
|
|
<!--possible deadlock and lock scenarios. The following property defines the chunk size.-->
|
|
|
|
|
|
|
|
<DeleteChunkSize>50000</DeleteChunkSize>
|
|
|
|
|
|
|
|
<!--Instead of deleting all the records at once, we are deleting the records in chunks to prevent the -->
|
|
|
|
|
|
|
|
<!--possible deadlock and lock scenarios. The following property defines the chunk size.-->
|
|
|
|
|
|
|
|
<DeleteChunkSize>50000</DeleteChunkSize>
|
|
|
|
</SessionDataCleanUp>
|
|
|
|
</SessionDataCleanUp>
|
|
|
|
<OperationDataCleanUp>
|
|
|
|
<OperationDataCleanUp>
|
|
|
|
<Enable>true</Enable>
|
|
|
|
<Enable>true</Enable>
|
|
|
@ -217,13 +223,44 @@
|
|
|
|
<GrantTypeValidatorImplClass>org.wso2.carbon.device.mgt.oauth.extensions.validators.AccessTokenGrantValidator</GrantTypeValidatorImplClass>
|
|
|
|
<GrantTypeValidatorImplClass>org.wso2.carbon.device.mgt.oauth.extensions.validators.AccessTokenGrantValidator</GrantTypeValidatorImplClass>
|
|
|
|
</SupportedGrantType>
|
|
|
|
</SupportedGrantType>
|
|
|
|
</SupportedGrantTypes>
|
|
|
|
</SupportedGrantTypes>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<!--
|
|
|
|
|
|
|
|
Defines the grant types that will filter user claims based on user consent in their responses such as
|
|
|
|
|
|
|
|
id_token or user info response.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Default grant types that filter user claims based on user consent are 'authorization_code' and 'implicit'.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Supported versions: IS 5.5.0 onwards.
|
|
|
|
|
|
|
|
-->
|
|
|
|
|
|
|
|
<UserConsentEnabledGrantTypes>
|
|
|
|
|
|
|
|
<UserConsentEnabledGrantType>
|
|
|
|
|
|
|
|
<GrantTypeName>authorization_code</GrantTypeName>
|
|
|
|
|
|
|
|
</UserConsentEnabledGrantType>
|
|
|
|
|
|
|
|
<UserConsentEnabledGrantType>
|
|
|
|
|
|
|
|
<GrantTypeName>implicit</GrantTypeName>
|
|
|
|
|
|
|
|
</UserConsentEnabledGrantType>
|
|
|
|
|
|
|
|
</UserConsentEnabledGrantTypes>
|
|
|
|
|
|
|
|
|
|
|
|
<OAuthCallbackHandlers>
|
|
|
|
<OAuthCallbackHandlers>
|
|
|
|
<OAuthCallbackHandler Class="org.wso2.carbon.apimgt.keymgt.util.APIManagerOAuthCallbackHandler"/>
|
|
|
|
<OAuthCallbackHandler Class="org.wso2.carbon.apimgt.keymgt.util.APIManagerOAuthCallbackHandler"/>
|
|
|
|
</OAuthCallbackHandlers>
|
|
|
|
</OAuthCallbackHandlers>
|
|
|
|
<OAuthScopeValidator class="org.wso2.carbon.device.mgt.oauth.extensions.handlers.ScopeValidationHandler"/>
|
|
|
|
|
|
|
|
<!--TokenValidators>
|
|
|
|
<TokenValidators>
|
|
|
|
<TokenValidator type="bearer" class="org.wso2.carbon.identity.oauth2.validators.DefaultOAuth2TokenValidator"/>
|
|
|
|
<TokenValidator type="bearer" class="org.wso2.carbon.identity.oauth2.validators.DefaultOAuth2TokenValidator"/>
|
|
|
|
</TokenValidators-->
|
|
|
|
<TokenValidator type="jwt" class="org.wso2.carbon.identity.oauth2.validators.OAuth2JWTTokenValidator"/>
|
|
|
|
|
|
|
|
</TokenValidators>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<!-- Scope validators list. The validators registered here wil be executed during token validation. -->
|
|
|
|
|
|
|
|
<ScopeValidators>
|
|
|
|
|
|
|
|
<ScopeValidator class="org.wso2.carbon.device.mgt.oauth.extensions.handlers.ScopeValidationHandler"/>
|
|
|
|
|
|
|
|
</ScopeValidators>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<!-- Scope handlers list. The handlers registered here will be executed at the scope validation phase while
|
|
|
|
|
|
|
|
issuing access tokens. -->
|
|
|
|
|
|
|
|
<ScopeHandlers>
|
|
|
|
|
|
|
|
<ScopeHandler class="org.wso2.carbon.identity.oauth2.validators.OIDCScopeHandler" />
|
|
|
|
|
|
|
|
</ScopeHandlers>
|
|
|
|
|
|
|
|
|
|
|
|
<!-- Assertions can be used to embedd parameters into access token. -->
|
|
|
|
<!-- Assertions can be used to embedd parameters into access token. -->
|
|
|
|
<EnableAssertions>
|
|
|
|
<EnableAssertions>
|
|
|
|
<UserName>false</UserName>
|
|
|
|
<UserName>false</UserName>
|
|
|
@ -254,6 +291,26 @@
|
|
|
|
<OpenIDConnect>
|
|
|
|
<OpenIDConnect>
|
|
|
|
<IDTokenBuilder>org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder</IDTokenBuilder>
|
|
|
|
<IDTokenBuilder>org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder</IDTokenBuilder>
|
|
|
|
<SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm>
|
|
|
|
<SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<!-- Default asymmetric encryption algorithm that used to encrypt CEK. -->
|
|
|
|
|
|
|
|
<IDTokenEncryptionAlgorithm>RSA-OAEP</IDTokenEncryptionAlgorithm>
|
|
|
|
|
|
|
|
<!-- Default symmetric encryption algorithm that used to encrypt JWT claims set. -->
|
|
|
|
|
|
|
|
<IDTokenEncryptionMethod>A128GCM</IDTokenEncryptionMethod>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<!-- Supported versions: IS 5.5.0 onwards. -->
|
|
|
|
|
|
|
|
<SupportedIDTokenEncryptionAlgorithms>
|
|
|
|
|
|
|
|
<SupportedIDTokenEncryptionAlgorithm>RSA1_5</SupportedIDTokenEncryptionAlgorithm>
|
|
|
|
|
|
|
|
<SupportedIDTokenEncryptionAlgorithm>RSA-OAEP</SupportedIDTokenEncryptionAlgorithm>
|
|
|
|
|
|
|
|
</SupportedIDTokenEncryptionAlgorithms>
|
|
|
|
|
|
|
|
<SupportedIDTokenEncryptionMethods>
|
|
|
|
|
|
|
|
<SupportedIDTokenEncryptionMethod>A128GCM</SupportedIDTokenEncryptionMethod>
|
|
|
|
|
|
|
|
<SupportedIDTokenEncryptionMethod>A192GCM</SupportedIDTokenEncryptionMethod>
|
|
|
|
|
|
|
|
<SupportedIDTokenEncryptionMethod>A256GCM</SupportedIDTokenEncryptionMethod>
|
|
|
|
|
|
|
|
<SupportedIDTokenEncryptionMethod>A128CBC-HS256</SupportedIDTokenEncryptionMethod>
|
|
|
|
|
|
|
|
<SupportedIDTokenEncryptionMethod>A128CBC+HS256</SupportedIDTokenEncryptionMethod>
|
|
|
|
|
|
|
|
</SupportedIDTokenEncryptionMethods>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<EnableAudiences>true</EnableAudiences>
|
|
|
|
<!-- Comment out to add Audience values to the JWT token (id_token) -->
|
|
|
|
<!-- Comment out to add Audience values to the JWT token (id_token) -->
|
|
|
|
<!--Audiences>
|
|
|
|
<!--Audiences>
|
|
|
|
<Audience>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/token</Audience>
|
|
|
|
<Audience>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/token</Audience>
|
|
|
@ -264,13 +321,44 @@
|
|
|
|
-->
|
|
|
|
-->
|
|
|
|
<IDTokenIssuerID>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/token</IDTokenIssuerID>
|
|
|
|
<IDTokenIssuerID>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/token</IDTokenIssuerID>
|
|
|
|
<IDTokenCustomClaimsCallBackHandler>org.wso2.carbon.identity.openidconnect.SAMLAssertionClaimsCallback</IDTokenCustomClaimsCallBackHandler>
|
|
|
|
<IDTokenCustomClaimsCallBackHandler>org.wso2.carbon.identity.openidconnect.SAMLAssertionClaimsCallback</IDTokenCustomClaimsCallBackHandler>
|
|
|
|
|
|
|
|
<UserInfoJWTSignatureAlgorithm>SHA256withRSA</UserInfoJWTSignatureAlgorithm>
|
|
|
|
<IDTokenExpiration>3600</IDTokenExpiration>
|
|
|
|
<IDTokenExpiration>3600</IDTokenExpiration>
|
|
|
|
<UserInfoEndpointClaimRetriever>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoUserStoreClaimRetriever</UserInfoEndpointClaimRetriever>
|
|
|
|
<UserInfoEndpointClaimRetriever>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoUserStoreClaimRetriever</UserInfoEndpointClaimRetriever>
|
|
|
|
<UserInfoEndpointRequestValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInforRequestDefaultValidator</UserInfoEndpointRequestValidator>
|
|
|
|
<UserInfoEndpointRequestValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInforRequestDefaultValidator</UserInfoEndpointRequestValidator>
|
|
|
|
<UserInfoEndpointAccessTokenValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoISAccessTokenValidator</UserInfoEndpointAccessTokenValidator>
|
|
|
|
<UserInfoEndpointAccessTokenValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoISAccessTokenValidator</UserInfoEndpointAccessTokenValidator>
|
|
|
|
<UserInfoEndpointResponseBuilder>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoJSONResponseBuilder</UserInfoEndpointResponseBuilder>
|
|
|
|
<UserInfoEndpointResponseBuilder>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoJSONResponseBuilder</UserInfoEndpointResponseBuilder>
|
|
|
|
<SkipUserConsent>false</SkipUserConsent>
|
|
|
|
<SkipUserConsent>false</SkipUserConsent>
|
|
|
|
|
|
|
|
<!-- Sign the ID Token with Service Provider Tenant Private Key-->
|
|
|
|
|
|
|
|
<SignJWTWithSPKey>false</SignJWTWithSPKey>
|
|
|
|
|
|
|
|
<!--
|
|
|
|
|
|
|
|
Expiry period of the logout token used in OIDC Back Channel Logout in seconds.
|
|
|
|
|
|
|
|
Supported versions: IS 5.5.0 onwards
|
|
|
|
|
|
|
|
-->
|
|
|
|
|
|
|
|
<LogoutTokenExpiration>120</LogoutTokenExpiration>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<!--
|
|
|
|
|
|
|
|
OIDC Request Object builder implementation.
|
|
|
|
|
|
|
|
Supported versions: IS 5.4.0 onwards
|
|
|
|
|
|
|
|
-->
|
|
|
|
|
|
|
|
<RequestObjectBuilders>
|
|
|
|
|
|
|
|
<RequestObjectBuilder>
|
|
|
|
|
|
|
|
<BuilderName>request_param_value_builder</BuilderName>
|
|
|
|
|
|
|
|
<RequestObjectBuilderImplClass>org.wso2.carbon.identity.openidconnect.RequestParamRequestObjectBuilder</RequestObjectBuilderImplClass>
|
|
|
|
|
|
|
|
</RequestObjectBuilder>
|
|
|
|
|
|
|
|
</RequestObjectBuilders>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<!--
|
|
|
|
|
|
|
|
OIDC Request Object validator implementation.
|
|
|
|
|
|
|
|
Supported versions: IS 5.4.0 onwards
|
|
|
|
|
|
|
|
-->
|
|
|
|
|
|
|
|
<RequestObjectValidator>org.wso2.carbon.identity.openidconnect.RequestObjectValidatorImpl</RequestObjectValidator>
|
|
|
|
</OpenIDConnect>
|
|
|
|
</OpenIDConnect>
|
|
|
|
|
|
|
|
<!-- Configs related to OAuth2 token persistence -->
|
|
|
|
|
|
|
|
<TokenPersistence>
|
|
|
|
|
|
|
|
<Enable>true</Enable>
|
|
|
|
|
|
|
|
<PoolSize>0</PoolSize>
|
|
|
|
|
|
|
|
<RetryCount>5</RetryCount>
|
|
|
|
|
|
|
|
</TokenPersistence>
|
|
|
|
</OAuth>
|
|
|
|
</OAuth>
|
|
|
|
<MultifactorAuthentication>
|
|
|
|
<MultifactorAuthentication>
|
|
|
|
<!--Enable>false</Enable-->
|
|
|
|
<!--Enable>false</Enable-->
|
|
|
@ -315,6 +403,12 @@
|
|
|
|
<SAMLDefaultDigestAlgorithmURI>http://www.w3.org/2000/09/xmldsig#sha1</SAMLDefaultDigestAlgorithmURI>
|
|
|
|
<SAMLDefaultDigestAlgorithmURI>http://www.w3.org/2000/09/xmldsig#sha1</SAMLDefaultDigestAlgorithmURI>
|
|
|
|
<SLOHostNameVerificationEnabled>true</SLOHostNameVerificationEnabled>
|
|
|
|
<SLOHostNameVerificationEnabled>true</SLOHostNameVerificationEnabled>
|
|
|
|
</SSOService>
|
|
|
|
</SSOService>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<Consent>
|
|
|
|
|
|
|
|
<!--Specify whether consent management should be enable during SSO.-->
|
|
|
|
|
|
|
|
<EnableSSOConsentManagement>true</EnableSSOConsentManagement>
|
|
|
|
|
|
|
|
</Consent>
|
|
|
|
|
|
|
|
|
|
|
|
<SecurityTokenService>
|
|
|
|
<SecurityTokenService>
|
|
|
|
<!--
|
|
|
|
<!--
|
|
|
|
Default value for IdentityProviderURL is built in following format
|
|
|
|
Default value for IdentityProviderURL is built in following format
|
|
|
@ -368,6 +462,17 @@
|
|
|
|
</Authenticator>
|
|
|
|
</Authenticator>
|
|
|
|
</SCIMAuthenticators>
|
|
|
|
</SCIMAuthenticators>
|
|
|
|
</SCIM>
|
|
|
|
</SCIM>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<SCIM2>
|
|
|
|
|
|
|
|
<!--
|
|
|
|
|
|
|
|
Default value for UserEPUrl and GroupEPUrl are built in following format
|
|
|
|
|
|
|
|
https://<HostName>:<MgtTrpProxyPort except 443>/<ProxyContextPath>/<context>/<path>
|
|
|
|
|
|
|
|
If that doesn't satisfy uncomment the following config and explicitly configure the value
|
|
|
|
|
|
|
|
-->
|
|
|
|
|
|
|
|
<!--UserEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/scim2/Users</UserEPUrl-->
|
|
|
|
|
|
|
|
<!--GroupEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/scim2/Groups</GroupEPUrl-->
|
|
|
|
|
|
|
|
</SCIM2>
|
|
|
|
|
|
|
|
|
|
|
|
<!--Recovery>
|
|
|
|
<!--Recovery>
|
|
|
|
<Notification>
|
|
|
|
<Notification>
|
|
|
|
<Password>
|
|
|
|
<Password>
|
|
|
@ -401,10 +506,15 @@
|
|
|
|
|
|
|
|
|
|
|
|
<EmailVerification>
|
|
|
|
<EmailVerification>
|
|
|
|
<Enable>false</Enable>
|
|
|
|
<Enable>false</Enable>
|
|
|
|
|
|
|
|
<ExpiryTime>1440</ExpiryTime>
|
|
|
|
<LockOnCreation>true</LockOnCreation>
|
|
|
|
<LockOnCreation>true</LockOnCreation>
|
|
|
|
<Notification>
|
|
|
|
<Notification>
|
|
|
|
<InternallyManage>true</InternallyManage>
|
|
|
|
<InternallyManage>true</InternallyManage>
|
|
|
|
</Notification>
|
|
|
|
</Notification>
|
|
|
|
|
|
|
|
<AskPassword>
|
|
|
|
|
|
|
|
<ExpiryTime>1440</ExpiryTime>
|
|
|
|
|
|
|
|
<PasswordGenerator>org.wso2.carbon.user.mgt.common.DefaultPasswordGenerator</PasswordGenerator>
|
|
|
|
|
|
|
|
</AskPassword>
|
|
|
|
</EmailVerification>
|
|
|
|
</EmailVerification>
|
|
|
|
|
|
|
|
|
|
|
|
<SelfRegistration>
|
|
|
|
<SelfRegistration>
|
|
|
@ -415,74 +525,251 @@
|
|
|
|
</Notification>
|
|
|
|
</Notification>
|
|
|
|
<ReCaptcha>false</ReCaptcha>
|
|
|
|
<ReCaptcha>false</ReCaptcha>
|
|
|
|
</SelfRegistration-->
|
|
|
|
</SelfRegistration-->
|
|
|
|
|
|
|
|
<EnableAskPasswordAdminUI>true</EnableAskPasswordAdminUI>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<EnableRecoveryEndpoint>true</EnableRecoveryEndpoint>
|
|
|
|
|
|
|
|
<EnableSelfSignUpEndpoint>true</EnableSelfSignUpEndpoint>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<AuthenticationPolicy>
|
|
|
|
|
|
|
|
<CheckAccountExist>true</CheckAccountExist>
|
|
|
|
|
|
|
|
</AuthenticationPolicy>
|
|
|
|
|
|
|
|
|
|
|
|
<EventListeners>
|
|
|
|
<EventListeners>
|
|
|
|
<EventListener enable="true" name="org.wso2.carbon.user.mgt.workflow.userstore.UserStoreActionListener" orderId="10" type="org.wso2.carbon.user.core.listener.UserOperationEventListener"/>
|
|
|
|
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
|
|
|
|
<EventListener enable="false" name="org.wso2.carbon.identity.mgt.IdentityMgtEventListener" orderId="50" type="org.wso2.carbon.user.core.listener.UserOperationEventListener"/>
|
|
|
|
name="org.wso2.carbon.user.mgt.workflow.userstore.UserStoreActionListener"
|
|
|
|
<EventListener enable="true" name="org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener" orderId="95" type="org.wso2.carbon.user.core.listener.UserOperationEventListener"/>
|
|
|
|
orderId="10" enable="true"/>
|
|
|
|
<EventListener enable="true" name="org.wso2.carbon.identity.scim.common.listener.SCIMUserOperationListener" orderId="90" type="org.wso2.carbon.user.core.listener.UserOperationEventListener"/>
|
|
|
|
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
|
|
|
|
<EventListener enable="true" name="org.wso2.carbon.identity.governance.listener.IdentityStoreEventListener" orderId="97" type="org.wso2.carbon.user.core.listener.UserOperationEventListener">
|
|
|
|
name="org.wso2.carbon.identity.mgt.IdentityMgtEventListener"
|
|
|
|
|
|
|
|
orderId="50" enable="false"/>
|
|
|
|
|
|
|
|
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
|
|
|
|
|
|
|
|
name="org.wso2.carbon.identity.scim.common.listener.SCIMUserOperationListener"
|
|
|
|
|
|
|
|
orderId="90" enable="true"/>
|
|
|
|
|
|
|
|
<!-- Enable the following SCIM2 event listener and disable the above SCIM event listener if SCIM2 is used. -->
|
|
|
|
|
|
|
|
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
|
|
|
|
|
|
|
|
name="org.wso2.carbon.identity.scim2.common.listener.SCIMUserOperationListener"
|
|
|
|
|
|
|
|
orderId="93" enable="false"/>
|
|
|
|
|
|
|
|
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
|
|
|
|
|
|
|
|
name="org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener"
|
|
|
|
|
|
|
|
orderId="95" enable="true"/>
|
|
|
|
|
|
|
|
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.governance.listener.IdentityStoreEventListener"
|
|
|
|
|
|
|
|
orderId="97" enable="true">
|
|
|
|
<Property name="Data.Store">org.wso2.carbon.identity.governance.store.JDBCIdentityDataStore</Property>
|
|
|
|
<Property name="Data.Store">org.wso2.carbon.identity.governance.store.JDBCIdentityDataStore</Property>
|
|
|
|
</EventListener>
|
|
|
|
</EventListener>
|
|
|
|
<EventListener enable="false" name="org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASLoginDataPublisherImpl" orderId="10" type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"/>
|
|
|
|
<EventListener type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"
|
|
|
|
<EventListener enable="false" name="org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASSessionDataPublisherImpl" orderId="11" type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"/>
|
|
|
|
name="org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASLoginDataPublisherImpl"
|
|
|
|
<EventListener enable="true" name="org.wso2.carbon.identity.data.publisher.application.authentication.AuthnDataPublisherProxy" orderId="11" type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"/>
|
|
|
|
orderId="10" enable="false"/>
|
|
|
|
|
|
|
|
<EventListener type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"
|
|
|
|
|
|
|
|
name="org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASSessionDataPublisherImpl"
|
|
|
|
|
|
|
|
orderId="11" enable="false"/>
|
|
|
|
|
|
|
|
<EventListener type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"
|
|
|
|
|
|
|
|
name="org.wso2.carbon.identity.data.publisher.application.authentication.AuthnDataPublisherProxy"
|
|
|
|
|
|
|
|
orderId="11" enable="true"/>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<!-- Enable this listener to call DeleteEventRecorders. -->
|
|
|
|
|
|
|
|
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
|
|
|
|
|
|
|
|
name="org.wso2.carbon.user.mgt.listeners.UserDeletionEventListener"
|
|
|
|
|
|
|
|
orderId="98" enable="false"/>
|
|
|
|
|
|
|
|
<EventListener type="org.wso2.carbon.identity.core.handler.AbstractIdentityHandler"
|
|
|
|
|
|
|
|
name="org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ConsentMgtPostAuthnHandler"
|
|
|
|
|
|
|
|
orderId="110" enable="true"/>
|
|
|
|
</EventListeners>
|
|
|
|
</EventListeners>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<!-- These recorders are used to write user delete information to specific sources. Default event recorder is CSV
|
|
|
|
|
|
|
|
file recorder. This recorder is disabled by default. Enable it by setting enable="true". To run these recorders,
|
|
|
|
|
|
|
|
EventListener "rg.wso2.carbon.user.mgt.listeners.UserDeletionEventListener" also should be enabled. Which is
|
|
|
|
|
|
|
|
also disabled by default. -->
|
|
|
|
|
|
|
|
<UserDeleteEventRecorders>
|
|
|
|
|
|
|
|
<UserDeleteEventRecorder name="org.wso2.carbon.user.mgt.recorder.DefaultUserDeletionEventRecorder" enable="false">
|
|
|
|
|
|
|
|
<!-- Un comment below line if you need to write entries to a separate .csv file. Otherwise this will be
|
|
|
|
|
|
|
|
written in to a log file using a separate appender. -->
|
|
|
|
|
|
|
|
<!--<Property name="path">${carbon.home}/repository/logs/delete-records.csv</Property>-->
|
|
|
|
|
|
|
|
</UserDeleteEventRecorder>
|
|
|
|
|
|
|
|
</UserDeleteEventRecorders>
|
|
|
|
|
|
|
|
|
|
|
|
<CacheConfig>
|
|
|
|
<CacheConfig>
|
|
|
|
|
|
|
|
<!-- Identity cache configuration.
|
|
|
|
|
|
|
|
Timeouts are in seconds.
|
|
|
|
|
|
|
|
Capacity is the maximum cache size.
|
|
|
|
|
|
|
|
Unless specifically mentioned, you do not need to set the isDistributed flag.
|
|
|
|
|
|
|
|
-->
|
|
|
|
<CacheManager name="IdentityApplicationManagementCacheManager">
|
|
|
|
<CacheManager name="IdentityApplicationManagementCacheManager">
|
|
|
|
<Cache capacity="5000" enable="false" isDistributed="false" name="AppAuthFrameworkSessionContextCache" timeout="1"/>
|
|
|
|
<Cache name="AppAuthFrameworkSessionContextCache"
|
|
|
|
<Cache capacity="5000" enable="false" isDistributed="false" name="AuthenticationContextCache" timeout="1"/>
|
|
|
|
enable="true" timeout="300" capacity="5000" isDistributed="false"/>
|
|
|
|
<Cache capacity="5000" enable="false" isDistributed="false" name="AuthenticationRequestCache" timeout="1"/>
|
|
|
|
<Cache name="AuthenticationContextCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
|
|
|
|
<Cache capacity="5000" enable="false" isDistributed="false" name="AuthenticationResultCache" timeout="1"/>
|
|
|
|
<Cache name="AuthenticationRequestCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
|
|
|
|
<Cache capacity="5000" enable="true" isDistributed="false" name="AppInfoCache" timeout="1"/>
|
|
|
|
<Cache name="AuthenticationResultCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
|
|
|
|
<Cache capacity="5000" enable="false" isDistributed="false" name="AuthorizationGrantCache" timeout="1"/>
|
|
|
|
<Cache name="AppInfoCache" enable="true" timeout="900" capacity="5000" isDistributed="false"/>
|
|
|
|
<Cache capacity="5000" enable="false" isDistributed="false" name="OAuthCache" timeout="1"/>
|
|
|
|
<Cache name="AuthorizationGrantCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
|
|
|
|
<Cache capacity="5000" enable="false" isDistributed="false" name="OAuthSessionDataCache" timeout="1"/>
|
|
|
|
<Cache name="OAuthCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
|
|
|
|
<Cache capacity="5000" enable="false" isDistributed="false" name="SAMLSSOParticipantCache" timeout="1"/>
|
|
|
|
<Cache name="OAuthScopeCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
|
|
|
|
<Cache capacity="5000" enable="false" isDistributed="false" name="SAMLSSOSessionIndexCache" timeout="1"/>
|
|
|
|
<Cache name="OAuthSessionDataCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
|
|
|
|
<Cache capacity="5000" enable="false" isDistributed="false" name="SAMLSSOSessionDataCache" timeout="1"/>
|
|
|
|
<Cache name="SAMLSSOParticipantCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
|
|
|
|
<Cache capacity="5000" enable="true" isDistributed="false" name="ServiceProviderCache" timeout="1"/>
|
|
|
|
<Cache name="SAMLSSOSessionIndexCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
|
|
|
|
<Cache capacity="5000" enable="true" isDistributed="false" name="ProvisioningConnectorCache" timeout="1"/>
|
|
|
|
<Cache name="SAMLSSOSessionDataCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
|
|
|
|
<Cache capacity="5000" enable="false" isDistributed="false" name="ProvisioningEntityCache" timeout="1"/>
|
|
|
|
<Cache name="ServiceProviderCache" enable="true" timeout="900" capacity="5000" isDistributed="false"/>
|
|
|
|
<Cache capacity="5000" enable="true" isDistributed="false" name="ServiceProviderProvisioningConnectorCache" timeout="1"/>
|
|
|
|
<Cache name="ProvisioningConnectorCache" enable="true" timeout="900" capacity="5000" isDistributed="false"/>
|
|
|
|
<Cache capacity="5000" enable="true" isDistributed="false" name="IdPCacheByAuthProperty" timeout="1"/>
|
|
|
|
<Cache name="ProvisioningEntityCache" enable="true" timeout="900" capacity="5000" isDistributed="false"/>
|
|
|
|
<Cache capacity="5000" enable="true" isDistributed="false" name="IdPCacheByHRI" timeout="1"/>
|
|
|
|
<Cache name="ServiceProviderProvisioningConnectorCache" enable="true" timeout="900" capacity="5000" isDistributed="false"/>
|
|
|
|
<Cache capacity="5000" enable="true" isDistributed="false" name="IdPCacheByName" timeout="1"/>
|
|
|
|
<Cache name="IdPCacheByAuthProperty" enable="true" timeout="900" capacity="5000" isDistributed="false"/>
|
|
|
|
|
|
|
|
<Cache name="IdPCacheByHRI" enable="true" timeout="900" capacity="5000" isDistributed="false"/>
|
|
|
|
|
|
|
|
<Cache name="IdPCacheByName" enable="true" timeout="900" capacity="5000" isDistributed="false"/>
|
|
|
|
</CacheManager>
|
|
|
|
</CacheManager>
|
|
|
|
</CacheConfig>
|
|
|
|
</CacheConfig>
|
|
|
|
|
|
|
|
|
|
|
|
<!--Cookies>
|
|
|
|
<!--Cookies>
|
|
|
|
<Cookie name="commonAuthId" domain="localhost" httpOnly="true" secure="true" />
|
|
|
|
<Cookie name="commonAuthId" domain="localhost" httpOnly="true" secure="true" />
|
|
|
|
</Cookies-->
|
|
|
|
</Cookies-->
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<ResourceAccessControl>
|
|
|
|
<ResourceAccessControl>
|
|
|
|
<Resource context="(.*)/api/identity/user/(.*)" http-method="all" secured="true"/>
|
|
|
|
<Resource context="(.*)/api/identity/user/v1.0/validate-code" secured="true" http-method="all"/>
|
|
|
|
<Resource context="(.*)/api/identity/recovery/(.*)" http-method="all" secured="true"/>
|
|
|
|
<Resource context="(.*)/api/identity/user/v1.0/resend-code" secured="true" http-method="all"/>
|
|
|
|
<Resource context="(.*)/.well-known(.*)" http-method="all" secured="true"/>
|
|
|
|
<Resource context="(.*)/api/identity/user/v1.0/me" secured="true" http-method="POST"/>
|
|
|
|
<Resource context="(.*)/identity/register(.*)" http-method="all" secured="true">
|
|
|
|
<Resource context="(.*)/api/identity/user/v1.0/me" secured="true" http-method="GET"/>
|
|
|
|
|
|
|
|
<Resource context="(.*)/api/identity/user/v1.0/pi-info" secured="true" http-method="all">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/manage/identity/usermgt/view</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
<Resource context="(.*)/api/identity/user/v1.0/pi-info/(.*)" secured="true" http-method="all">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/manage/identity/usermgt/view</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents" secured="true" http-method="all"/>
|
|
|
|
|
|
|
|
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/receipts/(.*)" secured="true" http-method="all"/>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purposes" secured="true" http-method="POST">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/manage/identity/consentmgt/add</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purposes(.*)" secured="true" http-method="GET"/>
|
|
|
|
|
|
|
|
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purposes(.+)" secured="true" http-method="DELETE">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/manage/identity/consentmgt/delete</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/pii-categories" secured="true" http-method="POST">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/manage/identity/consentmgt/add</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/pii-categories(.*)" secured="true" http-method="GET"/>
|
|
|
|
|
|
|
|
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/pii-categories(.+)" secured="true" http-method="DELETE">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/manage/identity/consentmgt/delete</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purpose-categories" secured="true" http-method="POST">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/manage/identity/consentmgt/add</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purpose-categories(.*)" secured="true" http-method="GET"/>
|
|
|
|
|
|
|
|
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purpose-categories(.+)" secured="true" http-method="DELETE">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/manage/identity/consentmgt/delete</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<Resource context="(.*)/api/identity/recovery/(.*)" secured="true" http-method="all"/>
|
|
|
|
|
|
|
|
<Resource context="(.*)/.well-known(.*)" secured="true" http-method="all"/>
|
|
|
|
|
|
|
|
<Resource context="(.*)/api/identity/oauth2/dcr/v1.0/register(.*)" secured="true" http-method="POST">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/manage/identity/applicationmgt/create</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
<Resource context="(.*)/api/identity/oauth2/dcr/v1.0/register(.*)" secured="true" http-method="DELETE">
|
|
|
|
<Permissions>/permission/admin/manage/identity/applicationmgt/delete</Permissions>
|
|
|
|
<Permissions>/permission/admin/manage/identity/applicationmgt/delete</Permissions>
|
|
|
|
</Resource>
|
|
|
|
</Resource>
|
|
|
|
<Resource context="(.*)/identity/connect/register(.*)" http-method="all" secured="true">
|
|
|
|
<Resource context="(.*)/api/identity/oauth2/dcr/v1.0/register(.*)" secured="true" http-method="PUT">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/manage/identity/applicationmgt/update</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
<Resource context="(.*)/api/identity/oauth2/dcr/v1.0/register(.*)" secured="true" http-method="GET">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/manage/identity/applicationmgt/view</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
<Resource context="(.*)/identity/register(.*)" secured="true" http-method="all">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/manage/identity/applicationmgt/delete</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
<Resource context="(.*)/identity/connect/register(.*)" secured="true" http-method="all">
|
|
|
|
<Permissions>/permission/admin/manage/identity/applicationmgt/create</Permissions>
|
|
|
|
<Permissions>/permission/admin/manage/identity/applicationmgt/create</Permissions>
|
|
|
|
</Resource>
|
|
|
|
</Resource>
|
|
|
|
<Resource context="(.*)/oauth2/introspect(.*)" http-method="all" secured="true">
|
|
|
|
<Resource context="(.*)/oauth2/introspect(.*)" secured="true" http-method="all">
|
|
|
|
<Permissions>/permission/admin/manage/identity/applicationmgt/view</Permissions>
|
|
|
|
<Permissions>/permission/admin/manage/identity/applicationmgt/view</Permissions>
|
|
|
|
</Resource>
|
|
|
|
</Resource>
|
|
|
|
<Resource context="(.*)/api/identity/entitlement/(.*)" http-method="all" secured="true">
|
|
|
|
<Resource context="(.*)/api/identity/entitlement/(.*)" secured="true" http-method="all">
|
|
|
|
<Permissions>/permission/admin/manage/identity/pep</Permissions>
|
|
|
|
<Permissions>/permission/admin/manage/identity/pep</Permissions>
|
|
|
|
</Resource>
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
<Resource context="(.*)/scim2/Users" secured="true" http-method="POST">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/manage/identity/usermgt/create</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
<Resource context="(.*)/scim2/Users" secured="true" http-method="GET">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/manage/identity/usermgt/list</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
<Resource context="(.*)/scim2/Groups" secured="true" http-method="POST">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/manage/identity/rolemgt/create</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
<Resource context="(.*)/scim2/Groups" secured="true" http-method="GET">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/manage/identity/rolemgt/view</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
<Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="GET">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/manage/identity/usermgt/view</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
<Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="PUT">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/manage/identity/usermgt/update</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
<Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="PATCH">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/manage/identity/usermgt/update</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
<Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="DELETE">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/manage/identity/usermgt/delete</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
<Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="GET">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/manage/identity/rolemgt/view</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
<Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="PUT">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/manage/identity/rolemgt/update</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
<Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="PATCH">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/manage/identity/rolemgt/update</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
<Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="DELETE">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/manage/identity/rolemgt/delete</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
<Resource context="(.*)/scim2/Me" secured="true" http-method="GET">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/login</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
<Resource context="(.*)/scim2/Me" secured="true" http-method="DELETE">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/manage/identity/usermgt/delete</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
<Resource context="(.*)/scim2/Me" secured="true" http-method="PUT">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/login</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
<Resource context="(.*)/scim2/Me" secured="true" http-method="PATCH">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/login</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
<Resource context="(.*)/scim2/Me" secured="true" http-method="POST">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/manage/identity/usermgt/create</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
<Resource context="/scim2/ServiceProviderConfig" secured="false" http-method="all">
|
|
|
|
|
|
|
|
<Permissions></Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
<Resource context="/scim2/ResourceType" secured="false" http-method="all">
|
|
|
|
|
|
|
|
<Permissions></Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
<Resource context="/scim2/Bulk" secured="true" http-method="all">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/manage/identity/usermgt</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
|
|
|
|
<Resource context="(.*)/api/identity/oauth2/dcr/(.*)" secured="true" http-method="all">
|
|
|
|
|
|
|
|
<Permissions>/permission/admin/manage/identity/applicationmgt</Permissions>
|
|
|
|
|
|
|
|
</Resource>
|
|
|
|
</ResourceAccessControl>
|
|
|
|
</ResourceAccessControl>
|
|
|
|
|
|
|
|
|
|
|
|
<ClientAppAuthentication>
|
|
|
|
<ClientAppAuthentication>
|
|
|
|
<Application hash="66cd9688a2ae068244ea01e70f0e230f5623b7fa4cdecb65070a09ec06452262" name="dashboard"/>
|
|
|
|
<Application name="dashboard" hash="66cd9688a2ae068244ea01e70f0e230f5623b7fa4cdecb65070a09ec06452262"/>
|
|
|
|
</ClientAppAuthentication>
|
|
|
|
</ClientAppAuthentication>
|
|
|
|
|
|
|
|
|
|
|
|
<TenantContextsToRewrite>
|
|
|
|
<TenantContextsToRewrite>
|
|
|
|
<WebApp>
|
|
|
|
<WebApp>
|
|
|
|
<Context>/api/identity/user/v0.9</Context>
|
|
|
|
<Context>/api/identity/user/v1.0/</Context>
|
|
|
|
<Context>/api/identity/recovery/v0.9</Context>
|
|
|
|
<Context>/api/identity/consent-mgt/v1.0/</Context>
|
|
|
|
<Context>/oauth2</Context>
|
|
|
|
<Context>/api/identity/recovery/v0.9/</Context>
|
|
|
|
<Context>/api/identity/entitlement</Context>
|
|
|
|
<Context>/oauth2/</Context>
|
|
|
|
|
|
|
|
<Context>/scim2/</Context>
|
|
|
|
|
|
|
|
<Context>/api/identity/entitlement/</Context>
|
|
|
|
|
|
|
|
<Context>/api/identity/oauth2/dcr/v1.0/</Context>
|
|
|
|
</WebApp>
|
|
|
|
</WebApp>
|
|
|
|
<Servlet>
|
|
|
|
<Servlet>
|
|
|
|
<Context>/identity/(.*)</Context>
|
|
|
|
<Context>/identity/(.*)</Context>
|
|
|
|
</Servlet>
|
|
|
|
</Servlet>
|
|
|
|
</TenantContextsToRewrite>
|
|
|
|
</TenantContextsToRewrite>
|
|
|
|
|
|
|
|
|
|
|
|
<!-- Server Synchronization Tolerance Configuration in seconds -->
|
|
|
|
<!-- Server Synchronization Tolerance Configuration in seconds -->
|
|
|
|
<ClockSkew>300</ClockSkew>
|
|
|
|
<ClockSkew>300</ClockSkew>
|
|
|
|
</Server>
|
|
|
|
</Server>
|
|
|
|