|
@@ -1,98 +0,0 @@
|
|
|
-############################################################################
|
|
|
|
|
-# MaxKey
|
|
|
|
|
-############################################################################
|
|
|
|
|
-# domain name configuration
|
|
|
|
|
-config.domain.name=sso.maxkey.org
|
|
|
|
|
-config.server.name=http://${config.domain.name}
|
|
|
|
|
-config.server.maxkey.uri=${config.server.name}/maxkey
|
|
|
|
|
-
|
|
|
|
|
-############################################################################
|
|
|
|
|
-# Login configuration
|
|
|
|
|
-#enable captcha
|
|
|
|
|
-config.login.captcha=true
|
|
|
|
|
-#enable two factor,use one time password
|
|
|
|
|
-config.login.onetimepwd=true
|
|
|
|
|
-#enable social sign on
|
|
|
|
|
-config.login.socialsignon=true
|
|
|
|
|
-#Enable kerberos/SPNEGO
|
|
|
|
|
-config.login.kerberos=true
|
|
|
|
|
-#wsFederation
|
|
|
|
|
-config.login.wsfederation=false
|
|
|
|
|
-#remeberme
|
|
|
|
|
-config.login.remeberme=true
|
|
|
|
|
-#validity
|
|
|
|
|
-config.login.remeberme.validity=
|
|
|
|
|
-#default.uri
|
|
|
|
|
-#to appList page
|
|
|
|
|
-config.login.default.uri=appList
|
|
|
|
|
-#to default application web site
|
|
|
|
|
-#config.login.default.uri=http://www.connsec.com
|
|
|
|
|
-
|
|
|
|
|
-config.manage.uri=http://login.connsec.com:9500/manage/login
|
|
|
|
|
-
|
|
|
|
|
-config.ipaddress.whitelist=false
|
|
|
|
|
-############################################################################
|
|
|
|
|
-# Kerberos Login configuration
|
|
|
|
|
-############################################################################
|
|
|
|
|
-#short name of user domain must be in upper case,eg:CONNSEC
|
|
|
|
|
-config.support.kerberos.default.userdomain=CONNSEC
|
|
|
|
|
-#short name of user domain must be in upper case,eg:CONNSEC.COM
|
|
|
|
|
-config.support.kerberos.default.fulluserdomain=CONNSEC.COM
|
|
|
|
|
-#last 8Bit crypto for Kerberos web Authentication
|
|
|
|
|
-config.support.kerberos.default.crypto=846KZSzYq56M6d5o
|
|
|
|
|
-#Kerberos Authentication server RUL
|
|
|
|
|
-config.support.kerberos.default.redirecturi=http://sso.maxkey.org/kerberos/authn/
|
|
|
|
|
-############################################################################
|
|
|
|
|
-# CAS Login configuration
|
|
|
|
|
-############################################################################
|
|
|
|
|
-
|
|
|
|
|
-config.support.cas.login.url=http://sso.maxkey.org/cas/login
|
|
|
|
|
-#
|
|
|
|
|
-config.support.cas.login.service=http://sso.maxkey.org/maxkey/cas
|
|
|
|
|
-#
|
|
|
|
|
-config.support.cas.login.validation.url=http://sso.maxkey.org/cas
|
|
|
|
|
-
|
|
|
|
|
-############################################################################
|
|
|
|
|
-# HTTPHEADER Login configuration
|
|
|
|
|
-############################################################################
|
|
|
|
|
-
|
|
|
|
|
-config.support.httpheader.enable=false
|
|
|
|
|
-
|
|
|
|
|
-config.support.httpheader.headername=header-user
|
|
|
|
|
-
|
|
|
|
|
-# iv-user is for IBM Security Access Manager
|
|
|
|
|
-#config.httpheader.headername=iv-user
|
|
|
|
|
-
|
|
|
|
|
-############################################################################
|
|
|
|
|
-# BASIC Login support configuration
|
|
|
|
|
-############################################################################
|
|
|
|
|
-
|
|
|
|
|
-config.support.basic.enable=false
|
|
|
|
|
-
|
|
|
|
|
-#############################################################################
|
|
|
|
|
-# WsFederation Login support configuration
|
|
|
|
|
-#identifier: the identifer for the ADFS server
|
|
|
|
|
-#url: the login url for ADFS
|
|
|
|
|
-#principal: the name of the attribute/assertion returned by ADFS that contains the principal's username.
|
|
|
|
|
-#relyingParty: the identifier of the CAS Server as it has been configured in ADFS.
|
|
|
|
|
-#tolerance: (optional) the amount of drift to allow when validating the timestamp on the token. Default: 10000 (ms)
|
|
|
|
|
-#attributeMutator: (optional) a class (defined by you) that can modify the attributes/assertions returned by the ADFS server
|
|
|
|
|
-#signingCertificate: ADFS's signing certificate used to validate the token/assertions issued by ADFS.
|
|
|
|
|
-############################################################################
|
|
|
|
|
-
|
|
|
|
|
-config.support.wsfederation.identifier=http://adfs.connsec.com/adfs/services/trust
|
|
|
|
|
-config.support.wsfederation.url=https://adfs.connsec.com/adfs/ls/
|
|
|
|
|
-config.support.wsfederation.principal=upn
|
|
|
|
|
-config.support.wsfederation.relyingParty=urn:federation:connsec
|
|
|
|
|
-config.support.wsfederation.signingCertificate=adfs-signing.crt
|
|
|
|
|
-config.support.wsfederation.tolerance=10000
|
|
|
|
|
-config.support.wsfederation.upn.suffix=connsec.com
|
|
|
|
|
-config.support.wsfederation.logoutUrl=https://adfs.connsec.com/adfs/ls/?wa=wsignout1.0
|
|
|
|
|
-#############################################################################
|
|
|
|
|
-
|
|
|
|
|
-#############################################################################
|
|
|
|
|
-config.oidc.metadata.issuer=${config.server.maxkey.uri}
|
|
|
|
|
-config.oidc.metadata.authorizationEndpoint=${config.server.maxkey.uri}/oauth/v20/authorize
|
|
|
|
|
-config.oidc.metadata.tokenEndpoint=${config.server.maxkey.uri}/oauth/v20/token
|
|
|
|
|
-config.oidc.metadata.userinfoEndpoint=${config.server.maxkey.uri}/api/connect/userinfo
|
|
|
|
|
-#############################################################################
|
|
|
shimingxy