Use the single sign-on custom properties to suit your deployment
requirements.
- requireSoapActionForSoap
- This parameter controls the single sign-on protocol service behavior
when it receives a request through the browser POST method and it
needs to determine if it is a SOAPRequest or a BrowserRequest. Use
of this parameter enables the service to handle non-compliant SOAP
clients that do not send the required SOAPAction header on SOAP requests.
Default
value: true
- Value type: boolean
- Example value: true
- requireContentTypeForSoap
- This parameter controls whether or not a SOAPRequest must contain
a content-type of either text/xml or application/soap+xml.
This parameter enables the single sign-on protocol service to handle
non-compliant SOAP clients.
Note: When this parameter, and requestSoapActionForSoap
are both false, all posts will be interpreted as SOAPRequests.
Default
value: true
- Value type: boolean
- Example value: True
- POC.allowsCredRefresh
- When set to true, this parameter causes the LocalLogoutAction
to be skipped on the service provider during single sign-on and federation.
Instead, the credentials are refreshed. Set this parameter to true
for the Web Plug-ins. Otherwise, set it to false.
Default value:
true
- Value type: boolean
- Example value: True
- SPS.PageFactory.HtmlEscapedTokens
- A comma-separated list of tokens that must be HTML-escaped
when being rendered in pages sent to the browser. Typically, this
property includes any macros in the SPS.PageFactory.Exception2Macro
runtime custom property (if used). This property is an important security
consideration for preventing cross-site scripting vulnerabilities.
- Value type: string
- Example value: @TOKEN_A@, @TARGET@
- SPS.PageFactory.Exception2Macro
- This runtime custom property is a comma-separated list of classname:macro
pairs. Classname is the full name of an exception class. Macro is
the replacement macro to which the class maps. The macro must start
and end with “@” as shown in the example values.
- Value type: string
- Example values: com.demo.MyException: @MYEXCEPTION@, com.tivoli.am.fim.trustserver.sts.STSException:
@STSEXCEPTION@
- SPS.POC.Default.Header.Names.Enabled
- When specified, this property enables the use of default header
names for the point of contact header values. If false, the only headers
that will be read or written will have to be part of the sps.xml configuration
file.
- Value type: boolean
- Example value: false
- POC.WebSeal.SignOutInfoDelegate.UserSessionIdHeaderName
- This value overrides the default tagvalue_user_session_id.
- Value type: String
- Example value: tagvalue_user_session_id
- SOAP.AuthType
- The authentication type to be used when accessing the SOAP endpoint.
The value can either be ba indicating basic authentication,
or cert indicating client certificate-based authentication.
- Value type: String
- Example value: ba
- TFIM.SOAP.Port
- This parameter is a comma-separated list of port numbers.
- Value type: String
- Example value: 9443, 9445
- SPS.WebSealPoc.ContextPoolSize
- Specifies the number of PDContext objects available in the pool.
This value reflects the number of clients that need to be authorized
when using single sign-on.
- You might need to increase the value based on the logout load
of the system. When a large number of logouts occur at the same time,
the Tivoli® Federated
Identity Manager runtime
might run out of PDContext objects and logouts might start to fail.
Because each PDContext object uses system resources, such as memory
and file descriptors, care should be taken to select a value. The
value must be greater than 0.
Default value: 5
- Value type: integer
- Example value: 5
- SPS.WebSealPoc.DisablePDSignout
- When set to true, this parameter disables the sign-out functionality
of the single sign-on protocol service WebSEAL Point of Contact client.
When the sign-out operation is invoked, it logs that no sign-out occurs
and returns successfully. When this parameter is enabled, the single
sign-on protocol service does not require the Tivoli Access Manager Java™ runtime (PDJRTE) to be configured.
Default
value: false
- Value type: boolean
- Example value: true
- SPS.WebSealPoc.Force.PdAdmin.Task
- When set to true, this value forces the WebSeal Point of Contact
callback to always use pdadmin server tasks to logout the user.
- Value type: boolean
- Example value: false
- SPS.WebSealPoc.ContextPoolInitAttempts
- This value represents the amount times that the PDContext objects
initialization will be tried. The default is 1 and the value needs
to be greater then 0.
- Value type: integer
- Example value: 1
- SPS.WebSealPoc.ContextPoolInitTimeout
- This value represents the maximum amount of time to be used during
PDContext objects initialization. After the time has expired, the
initialization will stop. The default is 10000 and the value needs
to be greater then 0. The amount is on milliseconds.
- Value type: integer
- Example value: 10000