SSO Simulator Configuration DTD

Config File DTD

The configuration file for running the simulator follows the general structure in the DTD below. The effect of each declaration is discussed in SSO Simulator Configuration Files.

 Document type definition for the SSO environment simulator's configuration file.
 Required element to indicate what ports the proxy and console should be located.
 An option attribute allow-non-sso-traffic indicates whether the proxy port should
 support forward proxying of any URLs that do not match any of the configured
 sso-traffic values. This attribute defaults to false meaning that forward 
 proxying is not supported.
 <!ELEMENT config ( console-recording?, sso-cookie, sso-sign-in-url, sso-header*, sso-traffic, users ) >
 <!ATTLIST config allow-non-sso-traffic CDATA #IMPLIED >
 <!ATTLIST config console-port CDATA #REQUIRED >
 <!ATTLIST config proxy-port CDATA #REQUIRED >
 <!ATTLIST config rest-version ( CD-OESv1 | openSSO ) "CD-OESv1" >
 console-recording element is used to turn on/off recording of sso and rest api
 traffic that shows in the the SSO Traffic tab and Rest Traffic tabs respectively
 in the simulator's console. Should be 'true' or 'false'. If not included then
 the default is false for both values.
 <!ELEMENT console-recording EMPTY >
 <!ATTLIST console-recording sso CDATA #REQUIRED > 
 <!ATTLIST console-recording rest CDATA #REQUIRED >
 <!-- max-entries default 1000 -->
 <!ATTLIST console-recording max-entries CDATA #IMPLIED >
 <!-- enable-debug-logging defaults to false -->
 <!ATTLIST console-recording enable-debug-logging CDATA #IMPLIED >
 sso-cookie element is required and indicates the namd and domain of the cookie 
 that will be set by the simulator's sign-in pages if used and will be looked for
 by its agent when enforcing access to URLs.
 <!ELEMENT sso-cookie EMPTY >
 <!ATTLIST sso-cookie domain CDATA #REQUIRED >
 <!ATTLIST sso-cookie name CDATA #REQUIRED >
 The sso-sign-in-url is required and its value attribute must be the full URL to 
 a sign-in page that will allow a user of the simulator to sign in and have a 
 proper cookie set that will be honored by the simulator's agent implementation 
 when enforcing access to URLs. Two pages are available from the simulator:
 <!ELEMENT sso-sign-in-url EMPTY >
 <!ATTLIST sso-sign-in-url value CDATA #REQUIRED > 
 Options elements used to inject custom headers for all SSO traffic. One such 
 typical value is 'policy-service-url' which tells the SSO client library and
 other applications where the policy server's REST api resides. The simulator
 implements that api at:
 <!ELEMENT sso-header EMPTY >
 <!ATTLIST sso-header name CDATA #REQUIRED >
 <!ATTLIST sso-header value CDATA #REQUIRED >
 Required element whose nested elements define what traffic hitting the proxy-port
 should be considered SSO traffic and subject to header injection and URL 
 enforcement. Supports non http URLs used for fine grained permissions.
 <!ELEMENT sso-traffic (( by-site|rewrite-redirect|rewrite-cookie)*) >
 <!ELEMENT by-site ( allow | cctx-mapping | unenforced )* >
 <!ATTLIST by-site host CDATA #REQUIRED >
 <!ATTLIST by-site port CDATA #REQUIRED >
 <!ATTLIST by-site scheme CDATA #IMPLIED >
 <!ELEMENT allow EMPTY >
 <!ATTLIST allow action CDATA #REQUIRED >
 <!-- conditions are optional. If not specified then the only requirement for
 accessing the cpath is that the user be signed-in -->
 <!ATTLIST allow condition CDATA #IMPLIED >
 <!ATTLIST allow cpath CDATA #REQUIRED >
 <!ELEMENT cctx-mapping EMPTY >
 <!ATTLIST cctx-mapping cctx CDATA #REQUIRED >
 <!ATTLIST cctx-mapping thost CDATA #REQUIRED >
 <!ATTLIST cctx-mapping tpath CDATA #REQUIRED >
 <!ATTLIST cctx-mapping tport CDATA #REQUIRED >
 <!ATTLIST cctx-mapping preserve-host ( true | false ) "true" >
 <!ELEMENT unenforced EMPTY >
 <!ATTLIST unenforced cpath CDATA #REQUIRED > 
 Directive that tells the simulator to rewrite the location header on any response
 where the location header's value starts with the value of the from attribute and
 that prefix will be replaced by the value of the to attribute.  
 WARNING: ensure that your application will have a similar functionality in its
 ultimate deployment environment. For example, java applications are fronted with
 IHS a variant of apache web server and hence can mimic this with proxyPassReverse.
 Mark Logic apps have no such reverse proxy fronting them. Alternatively, if 
 designed correctly applications should be congnizant of the canonical context at
 which they are deployed by virtue of the cctx header and redirect appropriately.
 <!ELEMENT rewrite-redirect EMPTY >
 <!ATTLIST rewrite-redirect from CDATA #REQUIRED >
 <!ATTLIST rewrite-redirect to CDATA #REQUIRED >
 <!ELEMENT users ( user+ ) >
 <!-- session-timeout-seconds defaults to 300 seconds (five minutes) -->
 <!ATTLIST users session-timeout-seconds CDATA #IMPLIED >
 Defines a user for use in applications running behind the simulator.
 <!ELEMENT user ( sso-header+, ldsApplications+ ) >

Use one ldsApplications element per declared value. If a use is to have more than one ldsApplications
value then use a single element to inject each value.
 <!ELEMENT ldsApplications EMPTY >
 <!ATTLIST ldsApplications value CDATA #REQUIRED >
This page was last modified on 8 July 2010, at 17:16.

Note: Content found in this wiki may not always reflect official Church information.