Copyright © Cloud Software Group, Inc. All Rights Reserved
Copyright © Cloud Software Group, Inc. All Rights Reserved


Chapter 11 Security Policies : Shared Resources Properties Sample Files
Shared Resources Properties Sample Files
This section lists the sample files for different types of security shared resources.
LdapAsp.properties
 
com.tibco.trinity.runtime.core.provider.lookup=com.tibco.trinity.runtime.core.provider.authn.ldap
com.tibco.governance.sharedresource.name=LdapAsp
com.tibco.governance.sharedresource.type=LdapConfiguration
 
#Example configuration where incoming message must contain a valid username token.
com.tibco.asg.intent.usernameToken=true
 
#WSS Authn Namespace
com.tibco.trinity.runtime.core.provider.authn.wss.usernameTokenValidationService=class:com.tibco.trinity.runtime.core.provider.authn.ldap
com.tibco.trinity.runtime.core.provider.authn.wss.samlValiditySeconds=60
com.tibco.trinity.runtime.core.provider.authn.wss.enableSAML11Assertion=false
 
#LDAP namespace. Used to verify user name token. This configuration is for search mode.
com.tibco.trinity.runtime.core.provider.authn.ldap.serverURL=ldap://10.97.107.23:389
com.tibco.trinity.runtime.core.provider.authn.ldap.securityAuthentication=simple
com.tibco.trinity.runtime.core.provider.authn.ldap.initialCtxFactory=com.sun.jndi.ldap.LdapCtxFactory
com.tibco.trinity.runtime.core.provider.authn.ldap.userDNTemplate=uid={0},ou=people,dc=policy,dc=tibco,dc=com
com.tibco.trinity.runtime.core.provider.authn.ldap.userAttributeUsersName=uid
com.tibco.trinity.runtime.core.provider.authn.ldap.userAttributesExtra=mail,givenname
com.tibco.trinity.runtime.core.provider.authn.ldap.userSearchScopeSubtree=true
com.tibco.trinity.runtime.core.provider.authn.ldap.keyPassword=#!fGqMyESTOe58y1QEt7sykDYhfWq9mjKMVsJwsSHnAC4=
com.tibco.trinity.runtime.core.provider.authn.ldap.keyAlias=uid=Manager,ou=people,dc=example,dc=org
# Group configuration
# For LDAP that uses group to find list of users that belong to the group.
com.tibco.trinity.runtime.core.provider.authn.ldap.groupIndication=groupHasUsers
# For LDAP that uses user to find list of groups to which the user belongs.
#com.tibco.trinity.runtime.core.provider.authn.ldap.groupIndication=userHasGroups
# For LDAP user's DN as group, use
#com.tibco.trinity.runtime.core.provider.authn.ldap.groupIndication=userDNHasGroups
 
com.tibco.trinity.runtime.core.provider.authn.ldap.groupSearchExpression=uniquemember={0}
com.tibco.trinity.runtime.core.provider.authn.ldap.groupSearchBaseDN=ou=groups,dc=policy,dc=tibco,dc=com
com.tibco.trinity.runtime.core.provider.authn.ldap.groupSearchScopeSubtree=true
com.tibco.trinity.runtime.core.provider.authn.ldap.groupAttributeGroupsName=cn
com.tibco.trinity.runtime.core.provider.authn.ldap.groupAttributeUsersName=cn
com.tibco.trinity.runtime.core.provider.authn.ldap.groupIndication=groupHasUsers
com.tibco.trinity.runtime.core.provider.authn.ldap.enableNestedGroupSearch=true
 
# Credential provider configuration to provide details for ldap admin user/admin password.
com.tibco.trinity.runtime.core.provider.authn.ldap.credentialProvider=class:com.tibco.trinity.runtime.core.provider.credential.password
com.tibco.trinity.runtime.core.provider.credential.password.usernameToken=uid=Manager\,ou=people\,dc=example\,dc=org,#!fGqMyESTOe58y1QEt7sykDYhfWq9mjKMVsJwsSHnAC4=
com.tibco.trinity.runtime.core.provider.credential.password.protectionParameter=password
 
SiteMinderAsp.properties
 
com.tibco.trinity.runtime.core.provider.lookup=com.tibco.trinity.runtime.core.provider.authn.siteminder
com.tibco.trinity.runtime.core.provider.authn.siteminder.agentName=sm-agent
com.tibco.trinity.runtime.core.provider.authn.siteminder.resource=/
com.tibco.trinity.runtime.core.provider.authn.siteminder.smHostConfFileLocationOption=specifyCustomLocation
com.tibco.trinity.runtime.core.provider.authn.siteminder.smHostConfFileLocation=/security/resource/SmHost.conf
com.tibco.trinity.runtime.core.provider.authn.siteminder.clientIPAddress=10.97.107.22
com.tibco.trinity.runtime.core.provider.authn.siteminder.enableSAML11Assertion=false
com.tibco.trinity.runtime.core.provider.authn.siteminder.enableSecurityTokenAttribute=true
 
SubjectIsp.properties
 
com.tibco.trinity.runtime.core.provider.lookup=com.tibco.trinity.runtime.core.provider.identity.subject
com.tibco.governance.sharedresource.name=SubjectIsp
com.tibco.governance.sharedresource.type=SubjectConfiguration
 
#SIP For Decryption
com.tibco.trinity.runtime.core.provider.identity.subject.identityStoreServiceProvider=class:com.tibco.trinity.runtime.core.provider.credential.keystore
com.tibco.trinity.runtime.core.provider.identity.subject.trustStoreServiceProvider=class:com.tibco.trinity.runtime.core.provider.credential.keystore
com.tibco.trinity.runtime.core.provider.identity.subject.keyAlias=john_key
com.tibco.trinity.runtime.core.provider.identity.subject.keyPassword=password
com.tibco.trinity.runtime.core.provider.identity.subject.enableCredentialStoreAccess=true
com.tibco.trinity.runtime.core.provider.identity.subject.enableTrustStoreAccess=true
 
#KCP for SIP
com.tibco.trinity.runtime.core.provider.credential.keystore.keyStoreLocation=keystore/default_keystore.jks
com.tibco.trinity.runtime.core.provider.credential.keystore.keyStorePassword=password
com.tibco.trinity.runtime.core.provider.credential.keystore.keyStoreType=JKS
com.tibco.trinity.runtime.core.provider.credential.keystore.keyStoreRefreshInterval=60000
 
 
TrustIsp.properties
 
com.tibco.trinity.runtime.core.provider.lookup=com.tibco.trinity.runtime.core.provider.identity.trust
com.tibco.governance.sharedresource.name=TrustIsp
com.tibco.governance.sharedresource.type=TrustConfiguration
#TIP for Signature verification
com.tibco.trinity.runtime.core.provider.identity.trust.trustStoreServiceProvider=class:com.tibco.trinity.runtime.core.provider.credential.keystore
com.tibco.trinity.runtime.core.provider.identity.trust.enableTrustStoreAccess=true
#KCP for TIP Namespace. Used for verifying the signature.
com.tibco.trinity.runtime.core.provider.credential.keystore.truststore.keyStoreType=JKS
com.tibco.trinity.runtime.core.provider.credential.keystore.truststore.keyStoreRefreshInterval=60000
com.tibco.trinity.runtime.core.provider.credential.keystore.truststore.keyStoreLocation=keystore/john_keystore.jks
com.tibco.trinity.runtime.core.provider.credential.keystore.truststore.keyStorePassword=password
 
IdentityIsp.properties
 
com.tibco.trinity.runtime.core.provider.lookup=com.tibco.trinity.runtime.core.provider.identity.subject
com.tibco.governance.sharedresource.name=IdentityIsp
com.tibco.governance.sharedresource.type=SubjectConfiguration
com.tibco.trinity.runtime.core.provider.identity.subject.identityStoreServiceProvider=class:com.tibco.trinity.runtime.core.provider.credential.keystore
com.tibco.trinity.runtime.core.provider.identity.subject.trustStoreServiceProvider=class:com.tibco.trinity.runtime.core.provider.credential.keystore
com.tibco.trinity.runtime.core.provider.identity.subject.keyAlias=john_key
com.tibco.trinity.runtime.core.provider.identity.subject.keyPassword=password
com.tibco.trinity.runtime.core.provider.identity.subject.enableCredentialStoreAccess=true
com.tibco.trinity.runtime.core.provider.identity.subject.enableTrustStoreAccess=true
com.tibco.trinity.runtime.core.provider.credential.keystore.keyStoreLocation=keystore/PAJohnIdentity.jceks
com.tibco.trinity.runtime.core.provider.credential.keystore.keyStorePassword=password
com.tibco.trinity.runtime.core.provider.credential.keystore.keyStoreType=jceks
com.tibco.trinity.runtime.core.provider.credential.keystore.keyStoreRefreshInterval=60000
 
WssAsp.properties
 
com.tibco.trinity.runtime.core.provider.lookup=com.tibco.trinity.runtime.core.provider.authn.wss
com.tibco.governance.sharedresource.name=WssAsp
com.tibco.governance.sharedresource.type=WSSConfiguration
com.tibco.trinity.runtime.core.provider.authn.wss.enableSAML11Assertion=true
com.tibco.trinity.runtime.core.provider.authn.wss.signatureValidationService=class:com.tibco.trinity.runtime.core.provider.identity.subject
com.tibco.trinity.runtime.core.provider.authn.wss.usernameTokenValidationService=class:com.tibco.trinity.runtime.core.provider.authn.ldap
com.tibco.trinity.runtime.core.provider.authn.ldap.enableSAML11Assertion=true
com.tibco.trinity.runtime.core.provider.authn.saml.enableSAML11Assertion=true
com.tibco.trinity.runtime.core.provider.authn.signature.enableSAML11Assertion=true
#SIP For Decryption
com.tibco.trinity.runtime.core.provider.identity.subject.identityStoreServiceProvider=class:com.tibco.trinity.runtime.core.provider.credential.keystore
com.tibco.trinity.runtime.core.provider.identity.subject.trustStoreServiceProvider=class:com.tibco.trinity.runtime.core.provider.credential.keystore
com.tibco.trinity.runtime.core.provider.identity.subject.keyAlias=john_key
com.tibco.trinity.runtime.core.provider.identity.subject.keyPassword=password
com.tibco.trinity.runtime.core.provider.identity.subject.enableCredentialStoreAccess=true
com.tibco.trinity.runtime.core.provider.identity.subject.enableTrustStoreAccess=true
#KCP for SIP
com.tibco.trinity.runtime.core.provider.credential.keystore.keyStoreLocation=keystore/default_keystore.jks
com.tibco.trinity.runtime.core.provider.credential.keystore.keyStorePassword=password
com.tibco.trinity.runtime.core.provider.credential.keystore.keyStoreType=JKS
com.tibco.trinity.runtime.core.provider.credential.keystore.keyStoreRefreshInterval=60000
#TIP for Signature verification
com.tibco.trinity.runtime.core.provider.identity.trust.trustStoreServiceProvider=class:com.tibco.trinity.runtime.core.provider.credential.keystore
com.tibco.trinity.runtime.core.provider.identity.trust.enableTrustStoreAccess=true
#KCP for TIP Namespace. Used for verifying the signature.
com.tibco.trinity.runtime.core.provider.credential.keystore.truststore.keyStoreType=JKS
com.tibco.trinity.runtime.core.provider.credential.keystore.truststore.keyStoreRefreshInterval=60000
com.tibco.trinity.runtime.core.provider.credential.keystore.truststore.keyStoreLocation=keystore/john_keystore.jks
com.tibco.trinity.runtime.core.provider.credential.keystore.truststore.keyStorePassword=password
#com.tibco.trinity.runtime.core.provider.credential.keystore.truststore.keyStoreProvider=
#LDAP namespace. Used to verify user name token.
com.tibco.trinity.runtime.core.provider.authn.ldap.serverURL=ldap://10.97.107.23:389
com.tibco.trinity.runtime.core.provider.authn.ldap.securityAuthentication=simple
com.tibco.trinity.runtime.core.provider.authn.ldap.initialCtxFactory=com.sun.jndi.ldap.LdapCtxFactory
com.tibco.trinity.runtime.core.provider.authn.ldap.userDNTemplate=uid={0},ou=people,dc=policy,dc=tibco,dc=com
com.tibco.trinity.runtime.core.provider.authn.ldap.userAttributeUsersName=uid
com.tibco.trinity.runtime.core.provider.authn.ldap.userAttributesExtra=mail,givenname
com.tibco.trinity.runtime.core.provider.authn.ldap.userSearchScopeSubtree=true
com.tibco.trinity.runtime.core.provider.authn.ldap.groupSearchExpression=uniquemember={0}
com.tibco.trinity.runtime.core.provider.authn.ldap.groupSearchBaseDN=ou=groups,dc=policy,dc=tibco,dc=com
com.tibco.trinity.runtime.core.provider.authn.ldap.groupSearchScopeSubtree=true
com.tibco.trinity.runtime.core.provider.authn.ldap.groupAttributeGroupsName=cn
com.tibco.trinity.runtime.core.provider.authn.ldap.groupAttributeUsersName=cn
com.tibco.trinity.runtime.core.provider.authn.ldap.groupIndication=groupHasUsers
com.tibco.trinity.runtime.core.provider.authn.ldap.followReferrals=true
com.tibco.trinity.runtime.core.provider.authn.ldap.connectionPools=5
com.tibco.trinity.runtime.core.provider.authn.ldap.searchTimeOut=-1
com.tibco.trinity.runtime.core.provider.authn.ldap.enableSAML20Assertion=true
com.tibco.trinity.runtime.core.provider.authn.ldap.enableSAML11Assertion=false
com.tibco.trinity.runtime.core.provider.authn.ldap.samlValiditySeconds=300
 
Copyright © Cloud Software Group, Inc. All Rights Reserved
Copyright © Cloud Software Group, Inc. All Rights Reserved