############################################################################ # MaxKey ############################################################################ # domain name configuration config.server.domain=maxkey.org config.server.domain.sub=sso.${config.server.domain} config.server.name=http://${config.server.domain.sub} config.server.prefix.uri=${config.server.name}/maxkey #default.uri config.server.default.uri=${config.server.prefix.uri}/maxkey/appList config.server.management.uri=${config.server.name}:9521/maxkey-mgt/login #InMemory 0 , jdbc 1, Redis 2 config.server.persistence=0 config.app.issuer=CN=ConSec,CN=COM,CN=SH ############################################################################ # Login configuration #enable captcha config.login.captcha=true #text or arithmetic config.login.captcha.type=text #enable two factor,use one time password config.login.onetimepwd=true #enable social sign on config.login.socialsignon=true #social sign on providers config.login.socialsignon.providers=sinaweibo,google,qq,dingtalk,microsoft,facebook #Enable kerberos/SPNEGO config.login.kerberos=true #wsFederation config.login.wsfederation=false #remeberme config.login.remeberme=true #validity config.login.remeberme.validity=0 #to default application web site config.login.default.uri=appList config.ipaddress.whitelist=false config.otp.keyuri.format.type=totp config.otp.keyuri.format.digits=6 config.otp.keyuri.format.issuer=MaxKey config.otp.keyuri.format.domain=${config.server.domain} config.otp.keyuri.format.period=30 ############################################################################ # Kerberos Login configuration ############################################################################ #short name of user domain must be in upper case,eg:MAXKEY config.support.kerberos.default.userdomain=MAXKEY #short name of user domain must be in upper case,eg:MAXKEY.ORG config.support.kerberos.default.fulluserdomain=MAXKEY.ORG #last 8Bit crypto for Kerberos web Authentication config.support.kerberos.default.crypto=846KZSzYq56M6d5o #Kerberos Authentication server RUL config.support.kerberos.default.redirecturi=http://sso.maxkey.org/kerberos/authn/ ############################################################################ # HTTPHEADER Login configuration ############################################################################ config.support.httpheader.enable=false config.support.httpheader.headername=header-user # iv-user is for IBM Security Access Manager #config.httpheader.headername=iv-user ############################################################################ # BASIC Login support configuration ############################################################################ config.support.basic.enable=false ############################################################################# # WsFederation Login support configuration #identifier: the identifer for the ADFS server #url: the login url for ADFS #principal: the name of the attribute/assertion returned by ADFS that contains the principal's username. #relyingParty: the identifier of the CAS Server as it has been configured in ADFS. #tolerance: (optional) the amount of drift to allow when validating the timestamp on the token. Default: 10000 (ms) #attributeMutator: (optional) a class (defined by you) that can modify the attributes/assertions returned by the ADFS server #signingCertificate: ADFS's signing certificate used to validate the token/assertions issued by ADFS. ############################################################################ config.support.wsfederation.identifier=http://adfs.maxkey.org/adfs/services/trust config.support.wsfederation.url=https://adfs.maxkey.org/adfs/ls/ config.support.wsfederation.principal=upn config.support.wsfederation.relyingParty=urn:federation:connsec config.support.wsfederation.signingCertificate=adfs-signing.crt config.support.wsfederation.tolerance=10000 config.support.wsfederation.upn.suffix=maxkey.org config.support.wsfederation.logoutUrl=https://adfs.maxkey.org/adfs/ls/?wa=wsignout1.0 ############################################################################# ############################################################################# config.oidc.metadata.issuer=${config.server.name}/maxkey config.oidc.metadata.authorizationEndpoint=${config.server.name}/maxkey/oauth/v20/authorize config.oidc.metadata.tokenEndpoint=${config.server.name}/maxkey/oauth/v20/token config.oidc.metadata.userinfoEndpoint=${config.server.name}/maxkey/api/connect/userinfo ############################################################################# ############################################################################ # Social Sign On Configuration # #you config client.id & client.secret only ############################################################################ ############################################################################ #sina weibo config.socialsignon.sinaweibo.provider=sinaweibo config.socialsignon.sinaweibo.provider.name=\u65B0\u6D6A\u5FAE\u535A config.socialsignon.sinaweibo.icon=images/social/sinaweibo.png config.socialsignon.sinaweibo.client.id=3379757634 config.socialsignon.sinaweibo.client.secret=1adfdf9800299037bcab9d1c238664ba config.socialsignon.sinaweibo.account.id=id config.socialsignon.sinaweibo.sortorder=1 #Google config.socialsignon.google.provider=google config.socialsignon.google.provider.name=Google config.socialsignon.google.icon=images/social/google.png config.socialsignon.google.client.id=519914515488.apps.googleusercontent.com config.socialsignon.google.client.secret=3aTW3Iw7e11QqMnHxciCaXTt config.socialsignon.google.account.id=id config.socialsignon.google.sortorder=2 #QQ config.socialsignon.qq.provider=qq config.socialsignon.qq.provider.name=QQ config.socialsignon.qq.icon=images/social/qq.png config.socialsignon.qq.client.id=101225363 config.socialsignon.qq.client.secret=8577d75e0eb4a91ac549cc8be3371bfd config.socialsignon.qq.account.id=openid config.socialsignon.qq.sortorder=4 #dingtalk config.socialsignon.dingtalk.provider=dingtalk config.socialsignon.dingtalk.provider.name=dingtalk config.socialsignon.dingtalk.icon=images/social/dingtalk.png config.socialsignon.dingtalk.client.id=dingoawf2jyiwh2uzqnphg config.socialsignon.dingtalk.client.secret=Crm7YJbMKfRlvG2i1SHpg4GHVpqF_oXiEjhmRQyiSiuzNRWpbFh9i0UjDTfhOoN9 config.socialsignon.dingtalk.account.id=openid config.socialsignon.dingtalk.sortorder=5 #Microsoft config.socialsignon.microsoft.provider=microsoft config.socialsignon.microsoft.provider.name=Microsoft config.socialsignon.microsoft.icon=images/social/live.png config.socialsignon.microsoft.client.id=24aa73b6-7928-4e64-bd64-d8682e650f95 config.socialsignon.microsoft.client.secret=PF[_AthtjVrtWVO2mNy@CJxY1@Z8FNf5 config.socialsignon.microsoft.account.id=id config.socialsignon.microsoft.sortorder=6 #facebook config.socialsignon.facebook.provider=facebook config.socialsignon.facebook.provider.name=facebook config.socialsignon.facebook.icon=images/social/facebook.png config.socialsignon.facebook.client.id=appKey config.socialsignon.facebook.client.secret=appSecret config.socialsignon.facebook.account.id=id config.socialsignon.facebook.sortorder=7 ############################################################################ # SAML V2.0 configuration #saml common config.saml.v20.max.parser.pool.size=2 config.saml.v20.assertion.validity.time.ins.seconds=90 config.saml.v20.replay.cache.life.in.millis=14400000 config.saml.v20.issue.instant.check.clock.skew.in.seconds=90 config.saml.v20.issue.instant.check.validity.time.in.seconds=300 #saml idp keystore config.saml.v20.idp.keystore.password=maxkey config.saml.v20.idp.keystore.private.key.password=maxkey config.saml.v20.idp.keystore=classpath\:config/samlServerKeystore.jks #keystore id for sec config.saml.v20.idp.issuing.entity.id=maxkey.org config.saml.v20.idp.issuer=https://sso.maxkey.org/maxkey/saml config.saml.v20.idp.receiver.endpoint=https\://sso.maxkey.org/ #saml sp keystore config.saml.v20.sp.keystore.password=maxkey config.saml.v20.sp.keystore.private.key.password=maxkey config.saml.v20.sp.keystore=classpath\:config/samlClientKeystore.jks config.saml.v20.sp.issuing.entity.id=client.maxkey.org #Saml v20 Metadata config.saml.v20.metadata.orgName=maxkey config.saml.v20.metadata.orgDisplayName=maxkey config.saml.v20.metadata.orgURL=https://github.com/shimingxy/MaxKey config.saml.v20.metadata.contactType=technical config.saml.v20.metadata.company=maxkey config.saml.v20.metadata.givenName=maxkey config.saml.v20.metadata.surName=maxkey config.saml.v20.metadata.emailAddress=shimingxy@163.com config.saml.v20.metadata.telephoneNumber=4008981111