| Name
|
|
|
|
|
| enableSecurityTokenAttribute
|
N
|
Y
|
N
|
Controls if the security token that was authenticated should be included in the AttributeStatement of the issued SAML assertion.
Default: Checked.
|
| enableSAMLAttributesPurge
|
|
|
|
Controls if AttributeStatements of the authenticated assertion should be included in the AttributeStatements of the issued SAML assertion.
Default: Checked.
|
| enableHolderOfKeyAssertion
|
|
|
|
Controls if Holder-of-Key Subject Confirmation method should be used in the issued SAML assertion.
Select one of the following security token types:
- SAML 1.1 Token 1.1
- SAML 2.0 Token 1.1
-
|
| samlValiditySeconds
|
N
|
Y
|
Y
|
The duration of the validity of the SAML tokens.
Default: 600 s.
|
| tokenSigningService
|
N
|
Y
|
Y
|
The name of an Identity Provider resource that identifies the signer of the SAML tokens.
|
| clockskew
|
Y
|
N
|
Y
|
The maximum allowable amount of clock skew before a Kerberos message is assumed to be invalid.
Default: 600.
|
| dnsLookupKdc
|
Y
|
N
|
N
|
Indicate whether DNS SRV records should be used to locate the KDCs and other servers for a realm, if the KDC is not the default realm.
Default: Checked.
|
| dnsLookupRealm
|
Y
|
N
|
N
|
Indicate whether DNS TXT records should be used to determine the Kerberos realm of a host if it is not the default realm.
Default: Unchecked.
|
| defaultDomain
|
Y
|
Y
|
Y
|
The default DNS domain to which the Kerberos realm belongs.
Default: None.
|
| ticketLifeTime
|
Y
|
N
|
Y
|
The lifetime for initial tickets.
Default: 24.
|
| renewLifeTime
|
Y
|
N
|
Y
|
The renewable lifetime for initial tickets.
Default: None.
|
| noAddresses
|
Y
|
N
|
N
|
Indicate that initial Kerberos ticket will be addressless.
Default: Checked.
|
| forwardable
|
Y
|
N
|
N
|
Indicate that initial Kerberos ticket will be forwardable.
Default: Unchecked.
|
| proxiable
|
Y
|
N
|
N
|
Indicate that initial Kerberos ticket will be proxiable.
Default: Checked.
|
| krb5ConfFileLocationOption
|
N
|
Y
|
N
|
The method for specifying the location of the Kerberos configuration file. One of:
- System Specific Default Location - Use the system-specific default location.
- Custom Configuration File - Use a custom configuration file. Enables the Custom Configuration File Name field.
- Generated - Use a generated configuration file. Enables the Generated Configuration File field and all other fields whose values are used in generating the configuration file.
Default: System Specific Default Location.
|
| Realm
|
N
|
Y
|
N
|
The Kerberos realm.
Default: None.
|
| kdc
|
N
|
Y
|
N
|
The Kerberos key distribution center.
Default: None.
|
| krb5ConfFileLocation
|
Y
|
Y
|
Y
|
The fully-qualified path to the configuration file.
Default: None.
|
| autoGeneratedKrb5ConfFileLocation
|
Y
|
Y
|
Y
|
The fully-qualified path to which the generated
configuration file is saved.
Default: None.
|
| storeKey
|
Y
|
N
|
N
|
Indicate that the principal's key should be stored in the subject's private credentials.
Default: Checked.
|
| doNotPrompt
|
|
|
|
|
| refreshKrb5Config
|
Y
|
N
|
N
|
Indicate that you want the configuration to be refreshed before the login authentication method is invoked.
Default: Unchecked.
|
| renewTGT
|
Y
|
N
|
N
|
Indicate that you want to renew ticket granting tickets. If checked, the Use Ticket Cache checkbox is checked and the Ticket Cache Name field is enabled.
Default: Unchecked.
|
| useTicketCache
|
Y
|
N
|
N
|
Indicate that you want the ticket granting tickets to be obtained from the ticket cache.
Default: Unchecked.
|
| ticketCache
|
Y
|
When useTicketCache is checked.
|
Y
|
The name of the ticket cache that contains ticket granting tickets.
Default: None.
|
| useKeyTab
|
Y
|
N
|
N
|
Indicate that the principal's key should be obtained from the keytab. When checked, the Keytab Filename field is enabled. If Keytab Filename field is not set, the keytab is obtained from the Kerberos configuration file.
Default: Unchecked.
|
| keyTab
|
Y
|
When useKeyTab is checked.
|
Y
|
The file name of the keytab.
Default: None.
|
| principal
|
Y
|
N
|
Y
|
The name of the principal.
Default: None.
|
