property enables users to configure Identity (RFC 4474) authentication module in Sailfin, the property has name value pairs seperated by a comma as configuration parameters.This property can be configured under security element in domain.xml, use the Administration UI as shown here.
eg: maxClockSkew=30000, timestampFreshnessLimit=360000
This sets the maximum difference allowed between the system clocks of the sender and recipient. The value is specified in milliseconds.
Sets the maximum duration of time after which the timestamp becomes stale, the value MUST be specified in milliseconds and the default value is 600 seconds.
if this flag is set to true, the default revocation checking mechanism of the underlying PKIX service provider will be used, by default value is false.
specifies the class name of custom certificate validator implemented by the user, this class must implement org.glassfish.comms.api.security.auth.CertificateValidator interface.
is used by Identity and P-Asserted authentication modules of sailfin. PrincipalMapper is used convert user names to format understood by the Sailfin container, This property is optional and a default implementation is provided by Sailfin. This property points to a class name which implements com.sun.enterprise.security.auth.PrincipalMapper interface. This property can be configured under security element in domain.xml, use the Administration UI as shown here. Each application using P-Asserted / Identity authentication creates its own instance of PrincipalMapper implementation class.
Properties in sun-sip.xml
property is used by Identity and P-Asserted authentication modules and should point to any security realm with “assertedRealm” as jaas-context value.
property is used only by P-Asserted authentication module and should point to identity-assertion-trust configuration element in domain.xml. Trust-id-ref will have id value of “ identity-assertion-trust” element.