community/device-mgt-plugins
1
0
Fork 0
mirror of https://repository.entgra.net/community/device-mgt-plugins.git synced 2025-09-16 23:42:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
637eeb9be3
device-mgt-plugins/modules/distribution/src/repository/conf/identity.xml
Geeth Munasinghe 0102c727c4 Adding the config directory
2014-12-03 11:05:29 +05:30

231 lines
11 KiB
XML
Executable File
Raw Blame History

<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
~ Copyright (c) 2005-2011, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~
~ WSO2 Inc. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<Server xmlns="http://wso2.org/projects/carbon/carbon.xml">
<OpenIDServerUrl>https://localhost:9443/openidserver</OpenIDServerUrl>
<OpenIDUserPattern>https://localhost:9443/openid/</OpenIDUserPattern>
<!-- If the users must be prompted for approval -->
<OpenIDSkipUserConsent>false</OpenIDSkipUserConsent>
<!-- Expiry time of the OpenID RememberMe token in minutes -->
<OpenIDRememberMeExpiry>7200</OpenIDRememberMeExpiry>
<JDBCPersistenceManager>
<DataSource>
<!-- Include a data source name (jndiConfigName) from the set of data sources defined in master-datasources.xml -->
<Name>jdbc/WSO2AM_DB</Name>
</DataSource>
<!-- If the identity database is created from another place and if it is required to skip schema initialization during the server start up, set the following
property to "true". -->
<SkipDBSchemaCreation>true</SkipDBSchemaCreation>
</JDBCPersistenceManager>
<!--
Security configurations
-->
<Security>
<UserTrustedRPStore>
<Location>${carbon.home}/repository/resources/security/userRP.jks</Location>
<!-- Keystore type (JKS/PKCS12 etc.)-->
<Type>JKS</Type>
<!-- Keystore password-->
<Password>wso2carbon</Password>
<!-- Private Key password-->
<KeyPassword>wso2carbon</KeyPassword>
</UserTrustedRPStore>
<!--
The directory under which all other KeyStore files will be stored
-->
<KeyStoresDir>${carbon.home}/conf/keystores</KeyStoresDir>
</Security>
<Identity>
<IssuerPolicy>SelfAndManaged</IssuerPolicy>
<TokenValidationPolicy>CertValidate</TokenValidationPolicy>
<BlackList></BlackList>
<WhiteList></WhiteList>
<System>
<KeyStore></KeyStore>
<StorePass></StorePass>
</System>
</Identity>
<OAuth>
<RequestTokenUrl>https://10.100.5.3:9443/oauth/request-token</RequestTokenUrl>
<AccessTokenUrl>https://10.100.5.3:9443/oauth/access-token</AccessTokenUrl>
<AuthorizeUrl>https://10.100.5.3:9443/oauth/authorize-url</AuthorizeUrl>
<!-- Default validity period for Authorization Code in seconds -->
<AuthorizationCodeDefaultValidityPeriod>300</AuthorizationCodeDefaultValidityPeriod>
<!-- Default validity period for Access Token in seconds -->
<AccessTokenDefaultValidityPeriod>3600</AccessTokenDefaultValidityPeriod>
<!-- Default validity period for Application Access Token in seconds-If want to set this as never expired,set the value as <0 -->
<ApplicationAccessTokenDefaultValidityPeriod>3600</ApplicationAccessTokenDefaultValidityPeriod>
<!-- Default validity period for User Access Token in seconds-->
<UserAccessTokenDefaultValidityPeriod>3600</UserAccessTokenDefaultValidityPeriod>
<!-- Timestamp skew in seconds -->
<TimestampSkew>300</TimestampSkew>
<!-- Enable OAuth caching. This cache has the replication support. -->
<EnableOAuthCache>true</EnableOAuthCache>
<!-- Configure the security measures needs to be done prior to store the token in the database,
such as hashing, encrypting, etc.-->
<TokenPersistenceProcessor>
org.wso2.carbon.identity.oauth.tokenprocessor.PlainTextPersistenceProcessor
</TokenPersistenceProcessor>
<ClientAuthHandlers>
<ClientAuthHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.clientauth.BasicAuthClientAuthHandler</ClientAuthHandlerImplClass>
</ClientAuthHandlers>
<!--TokenPersistenceProcessor>
org.wso2.carbon.identity.oauth.tokenprocessor.EncryptionDecryptionPersistenceProcessor
</TokenPersistenceProcessor-->
<!-- Supported Response Types -->
<SupportedResponseTypes>
<SupportedResponseType>
<ResponseTypeName>token</ResponseTypeName>
<ResponseTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.authz.handlers.TokenResponseTypeHandler</ResponseTypeHandlerImplClass>
</SupportedResponseType>
<SupportedResponseType>
<ResponseTypeName>code</ResponseTypeName>
<ResponseTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.authz.handlers.CodeResponseTypeHandler</ResponseTypeHandlerImplClass>
</SupportedResponseType>
</SupportedResponseTypes>
<!-- Supported Grant Types -->
<SupportedGrantTypes>
<SupportedGrantType>
<GrantTypeName>authorization_code</GrantTypeName>
<GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationCodeGrantHandler</GrantTypeHandlerImplClass>
</SupportedGrantType>
<SupportedGrantType>
<GrantTypeName>password</GrantTypeName>
<GrantTypeHandlerImplClass>org.wso2.carbon.apimgt.keymgt.handlers.ExtendedPasswordGrantHandler</GrantTypeHandlerImplClass>
</SupportedGrantType>
<SupportedGrantType>
<GrantTypeName>refresh_token</GrantTypeName>
<GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.RefreshGrantHandler</GrantTypeHandlerImplClass>
</SupportedGrantType>
<SupportedGrantType>
<GrantTypeName>client_credentials</GrantTypeName>
<GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.ClientCredentialsGrantHandler</GrantTypeHandlerImplClass>
</SupportedGrantType>
<SupportedGrantType>
<GrantTypeName>urn:ietf:params:oauth:grant-type:saml2-bearer</GrantTypeName>
<GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.saml.SAML2BearerGrantHandler</GrantTypeHandlerImplClass>
</SupportedGrantType>
</SupportedGrantTypes>
<OAuthCallbackHandlers>
<OAuthCallbackHandler Class="org.wso2.carbon.apimgt.keymgt.util.APIManagerOAuthCallbackHandler"/>
</OAuthCallbackHandlers>
<!-- Add custom user headers to the response-->
<!--<RequiredRespHeaderClaimUris>
<ClaimUri>http://wso2.org/claims/emailaddress</ClaimUri>
<ClaimUri>http://wso2.org/claims/gender</ClaimUri>
</RequiredRespHeaderClaimUris>-->
<!-- Enable/Disable OAuth Caching-->
<!--<EnableCache>true</EnableCache>-->
<!-- Assertions can be used to embedd parameters into access token.-->
<EnableAssertions>
<UserName>false</UserName>
</EnableAssertions>
<!-- This should be set to true when using multiple user stores and keys should saved
into different tables according to the user store. By default all the application keys are saved in to the same table.
UserName Assertion should be 'true' to use this.-->
<EnableAccessTokenPartitioning>false</EnableAccessTokenPartitioning>
<!-- user store domain names and mappings to new table names.
eg: if you provide 'A:foo.com', foo.com should be the user store domain name and 'A' represent the relavant mapping of
token storing table, i.e. tokens relevant to the users comming from foo.com user store will be added to a table called
IDN_OAUTH2_ACCESS_TOKEN_A. -->
<AccessTokenPartitioningDomains><!-- A:foo.com, B:bar.com --></AccessTokenPartitioningDomains>
<AuthorizationContextTokenGeneration>
<Enabled>false</Enabled>
<TokenGeneratorImplClass>org.wso2.carbon.identity.oauth2.authcontext.JWTTokenGenerator</TokenGeneratorImplClass>
<ClaimsRetrieverImplClass>org.wso2.carbon.identity.oauth2.authcontext.DefaultClaimsRetriever</ClaimsRetrieverImplClass>
<ConsumerDialectURI>http://wso2.org/claims</ConsumerDialectURI>
<SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm>
<AuthorizationContextTTL>15</AuthorizationContextTTL>
</AuthorizationContextTokenGeneration>
<SAML2Grant>
<!--SAML2TokenHandler></SAML2TokenHandler-->
</SAML2Grant>
<!-- Primary/secondary login configuration for APIstore. If user likes to keep two login attributes in a distributed setup, to login the APIstore,
he should configure this section. Primary login doesn't have a claimUri associated with it. But secondary login, which is a claim attribute,
is associated with a claimuri.-->
<!-- <LoginConfig>
<UserIdLogin primary="true">
<ClaimUri></ClaimUri>
</UserIdLogin>
<EmailLogin primary="false">
<ClaimUri>http://wso2.org/claims/emailaddress</ClaimUri>
</EmailLogin>
</LoginConfig>-->
</OAuth>
<MultifactorAuthentication>
<XMPPSettings>
<XMPPConfig>
<XMPPProvider>gtalk</XMPPProvider>
<XMPPServer>talk.google.com</XMPPServer>
<XMPPPort>5222</XMPPPort>
<XMPPExt>gmail.com</XMPPExt>
<XMPPUserName>multifactor1@gmail.com</XMPPUserName>
<XMPPPassword>wso2carbon</XMPPPassword>
</XMPPConfig>
</XMPPSettings>
</MultifactorAuthentication>
<SSOService>
<IdentityProviderURL>https://localhost:9443/samlsso</IdentityProviderURL>
</SSOService>
<EntitlementSettings>
<!-- Uncomment this to enable on-demand policy loading -->
<!--OnDemandPolicyLoading>
<Enable>true</Enable>
<MaxInMemoryPolicies>100</MaxInMemoryPolicies>
</OnDemandPolicyLoading-->
<DecisionCaching>
<Enable>true</Enable>
<CachingInterval>36000</CachingInterval>
</DecisionCaching>
<AttributeCaching>
<Enable>true</Enable>
</AttributeCaching>
<ThirftBasedEntitlementConfig>
<EnableThriftService>true</EnableThriftService>
<ReceivePort>${Ports.ThriftEntitlementReceivePort}</ReceivePort>
<ClientTimeout>10000</ClientTimeout>
<KeyStore>
<Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
<Password>wso2carbon</Password>
</KeyStore>
</ThirftBasedEntitlementConfig>
</EntitlementSettings>
<!--To do OSGI invocations to OAuth2Service,when the entire server is in one JVM -->
<SeparateBackEnd>false</SeparateBackEnd>
</Server>
Reference in New Issue View Git Blame Copy Permalink