openaz-xacml-test/src/test/resources/testsets/pip/configurable-ldap/xacml.properties - incubator-retired-openaz - Git at Google

 #
 #
 # This is test set that tests configurable LDAP PIP engine. It uses sample data from Apache DS 2.0:
 #
 # https://directory.apache.org/apacheds/basic-ug/resources/apache-ds-tutorial.ldif
 #
 # The Policy was created using the PAP Admin Tool.
 #
 #

 #
 # Properties that the embedded PDP engine uses to configure and load
 #
 # Standard API Factories
 #
 xacml.dataTypeFactory=org.apache.openaz.xacml.std.StdDataTypeFactory
 xacml.pdpEngineFactory=org.apache.openaz.xacmlatt.pdp.ATTPDPEngineFactory
 xacml.pepEngineFactory=org.apache.openaz.xacml.std.pep.StdEngineFactory
 xacml.pipFinderFactory=org.apache.openaz.xacml.std.pip.StdPIPFinderFactory
 xacml.traceEngineFactory=org.apache.openaz.xacml.std.trace.LoggingTraceEngineFactory
 #
 # OpenAZ PDP Implementation Factories
 #
 xacml.openaz.evaluationContextFactory=org.apache.openaz.xacml.pdp.std.StdEvaluationContextFactory
 xacml.openaz.combiningAlgorithmFactory=org.apache.openaz.xacml.pdp.std.StdCombiningAlgorithmFactory
 xacml.openaz.functionDefinitionFactory=org.apache.openaz.xacml.pdp.std.StdFunctionDefinitionFactory
 xacml.openaz.policyFinderFactory=org.apache.openaz.xacml.pdp.std.StdPolicyFinderFactory
 #
 # NOTE: If you are testing against a RESTful PDP, then the PDP must be configured with the
 # policies and PIP configuration as defined below. Otherwise, this is the configuration that
 # the embedded PDP uses.
 #

 # Policies to load
 #
 xacml.rootPolicies=ldap
 ldap.file=testsets/pip/configurable-ldap/LDAP-Seven-Seas-v1.xml

 # PIP Engine Definition
 #
 xacml.pip.engines=ldap1

 ldap1.classname=org.apache.openaz.xacml.std.pip.engines.ldap.LDAPEngine
 ldap1.name=LDAP PIP
 ldap1.description=The LDAP containing the seven seas sample LDIF data.
 ldap1.issuer=org.apache.openaz:xacml:test:ldap
 ldap1.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
 #
 # NOTE: You will have to setup a local LDAP server and load the data\apache-ds-tutorial.ldif before
 # this example will work.
 #
 ldap1.java.naming.provider.url=ldap://localhost:10389
 #ldap.java.naming.security.principal=
 #ldap.java.naming.security.credentials=
 ldap1.scope=subtree

 ldap1.resolvers=dn,ship

 ldap1.resolver.dn.classname=org.apache.openaz.xacml.std.pip.engines.ldap.ConfigurableLDAPResolver
 ldap1.resolver.dn.name=Domain Names
 ldap1.resolver.dn.description=Find all the dn's for the subject id
 ldap1.resolver.dn.base=o=sevenseas
 ldap1.resolver.dn.base.parameters=
 ldap1.resolver.dn.filter=(|(uid=${uid})(mail=${uid}))
 ldap1.resolver.dn.filter.parameters=uid
 ldap1.resolver.dn.filter.parameters.uid.id=urn:oasis:names:tc:xacml:1.0:subject:subject-id
 ldap1.resolver.dn.filter.parameters.uid.datatype=http://www.w3.org/2001/XMLSchema#string
 ldap1.resolver.dn.filter.parameters.uid.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject
 #ldap1.resolver.dn.filter.parameters.uid.issuer=org.apache.openaz:xacml:test:ldap
 ldap1.resolver.dn.filter.view=dn
 ldap1.resolver.dn.filter.view.dn.id=org.apache.openaz:xacml:test:ldap:subject:dn
 ldap1.resolver.dn.filter.view.dn.datatype=http://www.w3.org/2001/XMLSchema#string
 ldap1.resolver.dn.filter.view.dn.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource
 ldap1.resolver.dn.filter.view.dn.issuer=org.apache.openaz:xacml:test:ldap

 ldap1.resolver.ship.classname=org.apache.openaz.xacml.std.pip.engines.ldap.ConfigurableLDAPResolver
 ldap1.resolver.ship.name=Ship Resolver
 ldap1.resolver.ship.description=This resolves a subject's dn to a ship.
 ldap1.resolver.ship.base=o=sevenseas
 ldap1.resolver.ship.base.parameters=
 ldap1.resolver.ship.filter=uniquemember=${dn}
 ldap1.resolver.ship.filter.parameters=dn
 ldap1.resolver.ship.filter.parameters.dn.id=org.apache.openaz:xacml:test:ldap:subject:dn
 ldap1.resolver.ship.filter.parameters.dn.datatype=http://www.w3.org/2001/XMLSchema#string
 ldap1.resolver.ship.filter.parameters.dn.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource
 ldap1.resolver.ship.filter.parameters.dn.issuer=org.apache.openaz:xacml:test:ldap
 ldap1.resolver.ship.filter.view=cn
 ldap1.resolver.ship.filter.view.cn.id=org.apache.openaz:xacml:test:ldap:subject:ship
 ldap1.resolver.ship.filter.view.cn.datatype=http://www.w3.org/2001/XMLSchema#string
 ldap1.resolver.ship.filter.view.cn.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource
 ldap1.resolver.ship.filter.view.cn.issuer=org.apache.openaz:xacml:test:ldap

 #
 # These properties are for an attribute generator to build into requests.
 #
 xacml.attribute.generator=generate_subjectid

 xacml.attribute.generator.generate_subjectid.file=generate.data
 xacml.attribute.generator.generate_subjectid.attributes=id,qual

 xacml.attribute.generator.generate_subjectid.attributes.id.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject
 xacml.attribute.generator.generate_subjectid.attributes.id.datatype=http://www.w3.org/2001/XMLSchema#string
 xacml.attribute.generator.generate_subjectid.attributes.id.id=urn:oasis:names:tc:xacml:1.0:subject:subject-id-qualifier
 #xacml.attribute.generator.generate_subjectid.attributes.id.issuer=
 #xacml.attribute.generator.generate_subjectid.attributes.id.include=true
 xacml.attribute.generator.generate_subjectid.attributes.id.field=0

 xacml.attribute.generator.generate_subjectid.attributes.qual.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject
 xacml.attribute.generator.generate_subjectid.attributes.qual.datatype=http://www.w3.org/2001/XMLSchema#string
 xacml.attribute.generator.generate_subjectid.attributes.qual.id=urn:oasis:names:tc:xacml:1.0:subject:subject-id
 xacml.attribute.generator.generate_subjectid.attributes.qual.field=1
	#
	#
	# This is test set that tests configurable LDAP PIP engine. It uses sample data from Apache DS 2.0:
	#
	# https://directory.apache.org/apacheds/basic-ug/resources/apache-ds-tutorial.ldif
	#
	# The Policy was created using the PAP Admin Tool.
	#
	#

	#
	# Properties that the embedded PDP engine uses to configure and load
	#
	# Standard API Factories
	#
	xacml.dataTypeFactory=org.apache.openaz.xacml.std.StdDataTypeFactory
	xacml.pdpEngineFactory=org.apache.openaz.xacmlatt.pdp.ATTPDPEngineFactory
	xacml.pepEngineFactory=org.apache.openaz.xacml.std.pep.StdEngineFactory
	xacml.pipFinderFactory=org.apache.openaz.xacml.std.pip.StdPIPFinderFactory
	xacml.traceEngineFactory=org.apache.openaz.xacml.std.trace.LoggingTraceEngineFactory
	#
	# OpenAZ PDP Implementation Factories
	#
	xacml.openaz.evaluationContextFactory=org.apache.openaz.xacml.pdp.std.StdEvaluationContextFactory
	xacml.openaz.combiningAlgorithmFactory=org.apache.openaz.xacml.pdp.std.StdCombiningAlgorithmFactory
	xacml.openaz.functionDefinitionFactory=org.apache.openaz.xacml.pdp.std.StdFunctionDefinitionFactory
	xacml.openaz.policyFinderFactory=org.apache.openaz.xacml.pdp.std.StdPolicyFinderFactory
	#
	# NOTE: If you are testing against a RESTful PDP, then the PDP must be configured with the
	# policies and PIP configuration as defined below. Otherwise, this is the configuration that
	# the embedded PDP uses.
	#

	# Policies to load
	#
	xacml.rootPolicies=ldap
	ldap.file=testsets/pip/configurable-ldap/LDAP-Seven-Seas-v1.xml

	# PIP Engine Definition
	#
	xacml.pip.engines=ldap1

	ldap1.classname=org.apache.openaz.xacml.std.pip.engines.ldap.LDAPEngine
	ldap1.name=LDAP PIP
	ldap1.description=The LDAP containing the seven seas sample LDIF data.
	ldap1.issuer=org.apache.openaz:xacml:test:ldap
	ldap1.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
	#
	# NOTE: You will have to setup a local LDAP server and load the data\apache-ds-tutorial.ldif before
	# this example will work.
	#
	ldap1.java.naming.provider.url=ldap://localhost:10389
	#ldap.java.naming.security.principal=
	#ldap.java.naming.security.credentials=
	ldap1.scope=subtree

	ldap1.resolvers=dn,ship

	ldap1.resolver.dn.classname=org.apache.openaz.xacml.std.pip.engines.ldap.ConfigurableLDAPResolver
	ldap1.resolver.dn.name=Domain Names
	ldap1.resolver.dn.description=Find all the dn's for the subject id
	ldap1.resolver.dn.base=o=sevenseas
	ldap1.resolver.dn.base.parameters=
	ldap1.resolver.dn.filter=(\|(uid=${uid})(mail=${uid}))
	ldap1.resolver.dn.filter.parameters=uid
	ldap1.resolver.dn.filter.parameters.uid.id=urn:oasis:names:tc:xacml:1.0:subject:subject-id
	ldap1.resolver.dn.filter.parameters.uid.datatype=http://www.w3.org/2001/XMLSchema#string
	ldap1.resolver.dn.filter.parameters.uid.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject
	#ldap1.resolver.dn.filter.parameters.uid.issuer=org.apache.openaz:xacml:test:ldap
	ldap1.resolver.dn.filter.view=dn
	ldap1.resolver.dn.filter.view.dn.id=org.apache.openaz:xacml:test:ldap:subject:dn
	ldap1.resolver.dn.filter.view.dn.datatype=http://www.w3.org/2001/XMLSchema#string
	ldap1.resolver.dn.filter.view.dn.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource
	ldap1.resolver.dn.filter.view.dn.issuer=org.apache.openaz:xacml:test:ldap

	ldap1.resolver.ship.classname=org.apache.openaz.xacml.std.pip.engines.ldap.ConfigurableLDAPResolver
	ldap1.resolver.ship.name=Ship Resolver
	ldap1.resolver.ship.description=This resolves a subject's dn to a ship.
	ldap1.resolver.ship.base=o=sevenseas
	ldap1.resolver.ship.base.parameters=
	ldap1.resolver.ship.filter=uniquemember=${dn}
	ldap1.resolver.ship.filter.parameters=dn
	ldap1.resolver.ship.filter.parameters.dn.id=org.apache.openaz:xacml:test:ldap:subject:dn
	ldap1.resolver.ship.filter.parameters.dn.datatype=http://www.w3.org/2001/XMLSchema#string
	ldap1.resolver.ship.filter.parameters.dn.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource
	ldap1.resolver.ship.filter.parameters.dn.issuer=org.apache.openaz:xacml:test:ldap
	ldap1.resolver.ship.filter.view=cn
	ldap1.resolver.ship.filter.view.cn.id=org.apache.openaz:xacml:test:ldap:subject:ship
	ldap1.resolver.ship.filter.view.cn.datatype=http://www.w3.org/2001/XMLSchema#string
	ldap1.resolver.ship.filter.view.cn.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource
	ldap1.resolver.ship.filter.view.cn.issuer=org.apache.openaz:xacml:test:ldap

	#
	# These properties are for an attribute generator to build into requests.
	#
	xacml.attribute.generator=generate_subjectid

	xacml.attribute.generator.generate_subjectid.file=generate.data
	xacml.attribute.generator.generate_subjectid.attributes=id,qual

	xacml.attribute.generator.generate_subjectid.attributes.id.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject
	xacml.attribute.generator.generate_subjectid.attributes.id.datatype=http://www.w3.org/2001/XMLSchema#string
	xacml.attribute.generator.generate_subjectid.attributes.id.id=urn:oasis:names:tc:xacml:1.0:subject:subject-id-qualifier
	#xacml.attribute.generator.generate_subjectid.attributes.id.issuer=
	#xacml.attribute.generator.generate_subjectid.attributes.id.include=true
	xacml.attribute.generator.generate_subjectid.attributes.id.field=0

	xacml.attribute.generator.generate_subjectid.attributes.qual.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject
	xacml.attribute.generator.generate_subjectid.attributes.qual.datatype=http://www.w3.org/2001/XMLSchema#string
	xacml.attribute.generator.generate_subjectid.attributes.qual.id=urn:oasis:names:tc:xacml:1.0:subject:subject-id
	xacml.attribute.generator.generate_subjectid.attributes.qual.field=1