|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
public interface GridShibConfigParams
| Field Summary | |
|---|---|
static String |
AA_INSTANCE_KEY
This configuration parameter corresponds to an AttributeAuthority object. |
static String[] |
ALL_CONFIG_KEYS
This array of String is used for
config translation to Hashtable in PDP proxies,
which allows us to adapt the code to multiple
authorization framework implementations. |
static String |
ATTR_FILE_KEY
The absolute path to a GridShib policy file. |
static String |
AUTHZ_HOST_KEY
Deprecated. this configuration parameter may be removed in a future version of GS4GT |
static String |
BLACKLIST_IP_ADDRESSES_FILE_KEY
The absolute path to a file of blacklisted IP addresses. |
static String |
BLACKLIST_NAME_IDS_FILE_KEY
The absolute path to a file of blacklisted name identifiers. |
static String |
CACHE_KEY
Note: Caching in SAMLMapPIPImpl is
broken, so the only utilization of caching is
in SAMLQueryPIPImpl and therefore
this parameter need not be exposed in
GS4GT v0.6.0. |
static String |
CONSULT_GRIDMAP_KEY
A boolean parameter that enables gridmap short-circuiting in GT 4.0 deployments. |
static String |
DEFAULT_GRIDMAP
A GridMap object used for Gridmap
short-circuiting, which is set in the
BasePDP abstract class. |
static String |
ENABLE_ATTRIBUTE_AUTHZ_KEY
A boolean parameter that indicates whether or not attribute-based authorization is enabled. |
static String |
ENABLE_ATTRIBUTE_MAPPING_KEY
A boolean parameter that indicates whether or not attribute-based mapping is enabled. |
static String |
ENABLE_ATTRIBUTE_QUERY_KEY
A boolean parameter that determines whether or not an attribute query is enabled. |
static String |
ENABLE_BLACKLISTING_KEY
A boolean parameter that indicates whether or not blacklisting is enabled. |
static String |
IDP_PROVIDER_ID_KEY
The entityID of the IdP to query by default. |
static String |
MAP_FILE_KEY
The absolute path to a GridShib policy file. |
static String |
METADATA_PATH_KEY
The absolute path to a directory of metadata files. |
static String |
RESPECT_KEY
Deprecated. As of v0.6.0, this configuration property, which is exclusive to the ClassicGridShibPDP class, is
deprecated. |
static String |
SAML_MAP_POLICY_KEY
This configuration parameter corresponds to a ShibbolethPDPPolicy instance. |
static String |
SHIB_PDP_POLICY_KEY
This configuration parameter corresponds to a ShibbolethPDPPolicy object. |
static String |
SP_PROVIDER_ID_KEY
The entityID of this attribute requester. |
static String |
USE_VOMS
This configuration parameter is not yet implemented in GS4GT v0.6.0. |
| Field Detail |
|---|
static final String METADATA_PATH_KEY
In class SAMLAssertionPushPIPImpl,
the term metadata file refers to a
directory of one or more name mapping files.
At initialization time, the metadata path is
passed to the GridShibEntityMapper.
In class SAMLQueryPIPImpl, the term
metadata file refers to a SAML metadata
file. At initialization time, all the metadata
files are preprocessed for any
AttributeAuthority entities they
might contain.
This configuration parameter is required. It has no default value.
This configuration parameter is used in the system tests.
SAMLQueryPIPImpl,
SAMLAssertionPushPIPImpl,
AttributeAuthority,
GridShibEntityMapper,
Constant Field Valuesstatic final String RESPECT_KEY
ClassicGridShibPDP class, is
deprecated.ClassicGridShibPDP, it is no longer
exposed to end users.
ClassicGridShibPDPImpl,
Constant Field Valuesstatic final String DEFAULT_GRIDMAP
GridMap object used for Gridmap
short-circuiting, which is set in the
BasePDP abstract class.
In the specific case of GT 4.0 PDPs, the GridShib
authorization framework provides a GridMap
object obtained from the underlying GT 4.0
configuration. This GridMap object is
made available to PDP implementations via an internal
(i.e., not exposed) configuration parameter.
Since this parameter corresponds to a Java object, it can't be set in a configuration file and therefore should not be exposed to end users.
This configuration parameter is used in the system tests.
GS4GT.PrePolicyPDPImpl,
ClassicGridShibPDPImpl,
BasePDP,
GridMap,
Constant Field Valuesstatic final String CONSULT_GRIDMAP_KEY
This parameter has no effect in GT 4.2. If this parameter is configured in a GT 4.2 deployment, a warning is logged. For GT 4.2 deployments, you can configure a gridmap authorization module ahead of the GridShib interceptors to achieve gridmap short-circuiting.
This configuration parameter is used in the system tests.
GS4GT.PrePolicyPDPImpl,
ClassicGridShibPDPImpl,
Constant Field Valuesstatic final String USE_VOMS
GS4GT.PrePolicyPDPImpl,
Constant Field Valuesstatic final String ENABLE_BLACKLISTING_KEY
If this parameter is set in the configuration file, it is ignored. Therefore, this parameter should not be exposed to end users..
SAMLBlacklistPDPImpl,
Constant Field Valuesstatic final String BLACKLIST_IP_ADDRESSES_FILE_KEY
At least one of BLACKLIST_IP_ADDRESSES_FILE_KEY
or BLACKLIST_NAME_IDS_FILE_KEY is required.
This configuration parameter has no default value.
SAMLBlacklistPDPImpl,
Constant Field Valuesstatic final String BLACKLIST_NAME_IDS_FILE_KEY
At least one of BLACKLIST_IP_ADDRESSES_FILE_KEY
or BLACKLIST_NAME_IDS_FILE_KEY is required.
This configuration parameter has no default value.
SAMLBlacklistPDPImpl,
Constant Field Valuesstatic final String ENABLE_ATTRIBUTE_MAPPING_KEY
If this parameter is set in the configuration file, it is ignored. Therefore, this parameter should not be exposed to end users..
SAMLMapPIPImpl,
Constant Field Valuesstatic final String SAML_MAP_POLICY_KEY
ShibbolethPDPPolicy instance.
If this instance is non-null, initialization
of the SAMLMapPIPImpl interceptor
is completely short-circuited.
Since this parameter corresponds to a Java object, it can't be set in a configuration file and therefore should not be exposed to end users. Use of this configuration parameter is optional.
Note: This parameter appears to be unused at this time.
SAMLMapPIPImpl,
ShibbolethPDPPolicy,
Constant Field Valuesstatic final String MAP_FILE_KEY
SAMLMapPIPImpl to map attributes
to usernames.
If a ShibbolethPDPPolicy instance
is provided via SAML_MAP_POLICY_KEY,
the check for a policy file is short-circuited.
Otherwise the policy file itself gives rise to a
ShibbolethPDPPolicy object.
Use of this configuration parameter is optional.
If it is omitted, the implementation falls back
on ATTR_FILE_KEY.
SAMLMapPIPImpl,
ShibbolethPDPPolicy,
Constant Field Valuesstatic final String ENABLE_ATTRIBUTE_AUTHZ_KEY
If this parameter is set in the configuration file, it is ignored. Therefore, this parameter should not be exposed to end users..
SAMLAttributePDPImpl,
Constant Field Valuesstatic final String SHIB_PDP_POLICY_KEY
ShibbolethPDPPolicy object.
If this instance is non-null, further
initialization of the interceptor
is short-circuited. Basically what that
means is that the interceptor does not
attempt to load a GridShib policy file,
regardless of whether or not one is
specified in the configuration file.
Since this parameter corresponds to a Java object, it can't be set in a configuration file and therefore should not be exposed to end users. Use of this configuration parameter is optional.
This configuration parameter is used in the system tests.
SAMLAttributePDPImpl,
SAMLMapPIPImpl,
ClassicGridShibPDPImpl,
Constant Field Valuesstatic final String ATTR_FILE_KEY
SAMLAttributePDPImpl to render
an access control decision. It also used by
SAMLMapPIPImpl in the event
that MAP_FILE_KEY is unspecified.
In both cases (and only these cases), use of
this configuration parameter is required.
It has no default value.
If a ShibbolethPDPPolicy instance
is provided via SHIB_PDP_POLICY_KEY,
the check for a policy file is short-circuited.
Otherwise the policy file itself gives rise to a
ShibbolethPDPPolicy object.
SAMLAttributePDPImpl,
SAMLMapPIPImpl,
ClassicGridShibPDPImpl,
ShibbolethPDPPolicy,
Constant Field Valuesstatic final String ENABLE_ATTRIBUTE_QUERY_KEY
This configuration parameter is used in the system tests.
SAMLQueryPIPImpl,
Constant Field Valuesstatic final String AA_INSTANCE_KEY
AttributeAuthority object.
If this instance is non-null, the
SAMLQueryPIPImpl does not attempt
to load a metadata file, that is, it ignores
the value of METADATA_PATH_KEY
(if any).
If an AttributeAuthority instance
is provided via AA_INSTANCE_KEY,
the check for SAML metadata is short-circuited.
Otherwise the metadata files give rise to an
array of AttributeAuthority objects.
Since this parameter corresponds to a Java object, it can't be set in a configuration file and therefore should not be exposed to end users. Use of this configuration parameter is optional.
This configuration parameter is used in the system tests.
SAMLQueryPIPImpl,
AttributeAuthority,
Constant Field Valuesstatic final String IDP_PROVIDER_ID_KEY
entityID of the IdP to query by default.
The SAMLQueryPIPImpl will attempt to conduct
a default query if there is insufficient information in
the security context on which to base a query.
Use of this configuration parameter is optional.
After the AttributeAuthority objects have
been obtained, either by AA_INSTANCE_KEY
or METADATA_PATH_KEY, a specific
AttributeAuthority object corresponding to
entityID is determined and may be later
used to conduct a default query.
If IDP_PROVIDER_ID_KEY is null or no
AttributeAuthority object corresponding to
the entityID is found, the
SAMLQueryPIPImpl will not be able to
conduct a default query, that is, the
SAMLQueryPIPImpl will only query based on
information found in the security context.
This configuration parameter is used in the system tests.
SAMLQueryPIPImpl,
Constant Field Valuesstatic final String SP_PROVIDER_ID_KEY
entityID of this attribute requester.
If attribute query is enabled at the container level,
this is a globally unique identifier for the container
as well as every service running in the container.
If attribute query is enabled at the service level,
this is a globally unique identifier for the service.
If attribute query is enabled at both the container
level and the service level, the entityID
of the latter takes precedence.
This configuration parameter is required. It has no default value.
This configuration parameter is used in the system tests.
Note: This configuration parameter is incorrectly
focused on the attribute requester component of the
Grid SP. A future version of GS4GT will require an
entityID for each and every instance of
the GridShibPDP. Moreover, every
instance of the GridShibPDP will have
SAML metadata associated with it. Thus the
entityID MUST correspond to an entity
in metadata.
SAMLQueryPIPImpl,
Constant Field Valuesstatic final String AUTHZ_HOST_KEY
This configuration parameter is optional. If omitted, it defaults to false, that is, host-based authorization is not performed.
SAMLQueryPIPImpl,
Constant Field Valuesstatic final String CACHE_KEY
SAMLMapPIPImpl is
broken, so the only utilization of caching is
in SAMLQueryPIPImpl and therefore
this parameter need not be exposed in
GS4GT v0.6.0.
SAMLQueryPIPImpl,
SAMLMapPIPImpl,
ClassicGridShibPDPImpl,
Constant Field Valuesstatic final String[] ALL_CONFIG_KEYS
String is used for
config translation to Hashtable in PDP proxies,
which allows us to adapt the code to multiple
authorization framework implementations.
Anytime you add a configuration key to this
interface, make sure to add it to this array as well.
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||