| # |
| # |
| # This is test set that tests configurable LDAP PIP engine. It uses sample data from Apache DS 2.0: |
| # |
| # https://directory.apache.org/apacheds/basic-ug/resources/apache-ds-tutorial.ldif |
| # |
| # The Policy was created using the PAP Admin Tool. |
| # |
| # |
| |
| # |
| # Properties that the embedded PDP engine uses to configure and load |
| # |
| # Standard API Factories |
| # |
| xacml.dataTypeFactory=org.apache.openaz.xacml.std.StdDataTypeFactory |
| xacml.pdpEngineFactory=org.apache.openaz.xacmlatt.pdp.ATTPDPEngineFactory |
| xacml.pepEngineFactory=org.apache.openaz.xacml.std.pep.StdEngineFactory |
| xacml.pipFinderFactory=org.apache.openaz.xacml.std.pip.StdPIPFinderFactory |
| xacml.traceEngineFactory=org.apache.openaz.xacml.std.trace.LoggingTraceEngineFactory |
| # |
| # OpenAZ PDP Implementation Factories |
| # |
| xacml.openaz.evaluationContextFactory=org.apache.openaz.xacml.pdp.std.StdEvaluationContextFactory |
| xacml.openaz.combiningAlgorithmFactory=org.apache.openaz.xacml.pdp.std.StdCombiningAlgorithmFactory |
| xacml.openaz.functionDefinitionFactory=org.apache.openaz.xacml.pdp.std.StdFunctionDefinitionFactory |
| xacml.openaz.policyFinderFactory=org.apache.openaz.xacml.pdp.std.StdPolicyFinderFactory |
| # |
| # NOTE: If you are testing against a RESTful PDP, then the PDP must be configured with the |
| # policies and PIP configuration as defined below. Otherwise, this is the configuration that |
| # the embedded PDP uses. |
| # |
| |
| # Policies to load |
| # |
| xacml.rootPolicies=ldap |
| ldap.file=testsets/pip/configurable-ldap/LDAP-Seven-Seas-v1.xml |
| |
| # PIP Engine Definition |
| # |
| xacml.pip.engines=ldap1 |
| |
| ldap1.classname=org.apache.openaz.xacml.std.pip.engines.ldap.LDAPEngine |
| ldap1.name=LDAP PIP |
| ldap1.description=The LDAP containing the seven seas sample LDIF data. |
| ldap1.issuer=org.apache.openaz:xacml:test:ldap |
| ldap1.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory |
| # |
| # NOTE: You will have to setup a local LDAP server and load the data\apache-ds-tutorial.ldif before |
| # this example will work. |
| # |
| ldap1.java.naming.provider.url=ldap://localhost:10389 |
| #ldap.java.naming.security.principal= |
| #ldap.java.naming.security.credentials= |
| ldap1.scope=subtree |
| |
| ldap1.resolvers=dn,ship |
| |
| ldap1.resolver.dn.classname=org.apache.openaz.xacml.std.pip.engines.ldap.ConfigurableLDAPResolver |
| ldap1.resolver.dn.name=Domain Names |
| ldap1.resolver.dn.description=Find all the dn's for the subject id |
| ldap1.resolver.dn.base=o=sevenseas |
| ldap1.resolver.dn.base.parameters= |
| ldap1.resolver.dn.filter=(|(uid=${uid})(mail=${uid})) |
| ldap1.resolver.dn.filter.parameters=uid |
| ldap1.resolver.dn.filter.parameters.uid.id=urn:oasis:names:tc:xacml:1.0:subject:subject-id |
| ldap1.resolver.dn.filter.parameters.uid.datatype=http://www.w3.org/2001/XMLSchema#string |
| ldap1.resolver.dn.filter.parameters.uid.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject |
| #ldap1.resolver.dn.filter.parameters.uid.issuer=org.apache.openaz:xacml:test:ldap |
| ldap1.resolver.dn.filter.view=dn |
| ldap1.resolver.dn.filter.view.dn.id=org.apache.openaz:xacml:test:ldap:subject:dn |
| ldap1.resolver.dn.filter.view.dn.datatype=http://www.w3.org/2001/XMLSchema#string |
| ldap1.resolver.dn.filter.view.dn.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource |
| ldap1.resolver.dn.filter.view.dn.issuer=org.apache.openaz:xacml:test:ldap |
| |
| ldap1.resolver.ship.classname=org.apache.openaz.xacml.std.pip.engines.ldap.ConfigurableLDAPResolver |
| ldap1.resolver.ship.name=Ship Resolver |
| ldap1.resolver.ship.description=This resolves a subject's dn to a ship. |
| ldap1.resolver.ship.base=o=sevenseas |
| ldap1.resolver.ship.base.parameters= |
| ldap1.resolver.ship.filter=uniquemember=${dn} |
| ldap1.resolver.ship.filter.parameters=dn |
| ldap1.resolver.ship.filter.parameters.dn.id=org.apache.openaz:xacml:test:ldap:subject:dn |
| ldap1.resolver.ship.filter.parameters.dn.datatype=http://www.w3.org/2001/XMLSchema#string |
| ldap1.resolver.ship.filter.parameters.dn.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource |
| ldap1.resolver.ship.filter.parameters.dn.issuer=org.apache.openaz:xacml:test:ldap |
| ldap1.resolver.ship.filter.view=cn |
| ldap1.resolver.ship.filter.view.cn.id=org.apache.openaz:xacml:test:ldap:subject:ship |
| ldap1.resolver.ship.filter.view.cn.datatype=http://www.w3.org/2001/XMLSchema#string |
| ldap1.resolver.ship.filter.view.cn.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource |
| ldap1.resolver.ship.filter.view.cn.issuer=org.apache.openaz:xacml:test:ldap |
| |
| # |
| # These properties are for an attribute generator to build into requests. |
| # |
| xacml.attribute.generator=generate_subjectid |
| |
| xacml.attribute.generator.generate_subjectid.file=generate.data |
| xacml.attribute.generator.generate_subjectid.attributes=id,qual |
| |
| xacml.attribute.generator.generate_subjectid.attributes.id.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject |
| xacml.attribute.generator.generate_subjectid.attributes.id.datatype=http://www.w3.org/2001/XMLSchema#string |
| xacml.attribute.generator.generate_subjectid.attributes.id.id=urn:oasis:names:tc:xacml:1.0:subject:subject-id-qualifier |
| #xacml.attribute.generator.generate_subjectid.attributes.id.issuer= |
| #xacml.attribute.generator.generate_subjectid.attributes.id.include=true |
| xacml.attribute.generator.generate_subjectid.attributes.id.field=0 |
| |
| xacml.attribute.generator.generate_subjectid.attributes.qual.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject |
| xacml.attribute.generator.generate_subjectid.attributes.qual.datatype=http://www.w3.org/2001/XMLSchema#string |
| xacml.attribute.generator.generate_subjectid.attributes.qual.id=urn:oasis:names:tc:xacml:1.0:subject:subject-id |
| xacml.attribute.generator.generate_subjectid.attributes.qual.field=1 |