Configuration elements for Identity authentication(RFC 4474)

IdentityValidatorConfiguration :

property enables users to configure Identity (RFC 4474) authentication module in Sailfin, the property has name value pairs seperated by a comma as configuration parameters.This property can be configured under security element in domain.xml, use the Administration UI as shown here.


eg: maxClockSkew=30000, timestampFreshnessLimit=360000

  • maxClockSkew

This sets the maximum difference allowed between the system clocks of the sender and recipient. The value is specified in milliseconds.

  • timestampFreshnessLimit

Sets the maximum duration of time after which the timestamp becomes stale, the value MUST be specified in milliseconds and the default value is 600 seconds.

  • enableRevocationCheck

if this flag is set to true, the default revocation checking mechanism of the underlying PKIX service provider will be used, by default value is false.


  • certificateValidator

specifies the class name of custom certificate validator implemented by the user, this class must implement org.glassfish.comms.api.security.auth.CertificateValidator interface.

PrincipalMapper

is used by Identity and P-Asserted authentication modules of sailfin. PrincipalMapper is used convert user names to format understood by the Sailfin container, This property is optional and a default implementation is provided by Sailfin. This property points to a class name which implements com.sun.enterprise.security.auth.PrincipalMapper interface. This property can be configured under security element in domain.xml, use the Administration UI as shown here. Each application using P-Asserted / Identity authentication creates its own instance of PrincipalMapper implementation class.

Properties in sun-sip.xml

  • trust-auth-realm-ref

property is used by Identity and P-Asserted authentication modules and should point to any security realm with “assertedRealm” as jaas-context value.

  • trust-id-ref

property is used only by P-Asserted authentication module and should point to identity-assertion-trust configuration element in domain.xml. Trust-id-ref will have id value of “ identity-assertion-trust” element.


Posted on: Nov 27, 2008

Posted by: venu

Category: Java

Permanent link to this entry

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed

This blog copyright 2009 by venu