...
| Code Block |
|---|
# If there is an entry here for group name, then all web service client users must be in this group (before the actAs)
#ws.client.user.group.name = etc:webServiceClientUsers
# allow these ids even if not in group, e.g. for testing
# subjectIdOrIdentifier or sourceId::::subjectId or ::::subjectId or sourceId::::::subjectIdentifier or ::::::subjectIdentifier
# sourceId::::::::subjectIdOrIdentifier or ::::::::subjectIdOrIdentifier
# {valueType: "subject", multiple: true}
ws.client.user.group.subjects.allow =
# cache the decision to allow a user to user web services, so it doesnt have to be calculated each time
# defaults to 5 minutes:
# {valueType: "integer", required: true}
ws.client.user.group.cache.minutes = 5
# if you have subject namespace overlap (or not), set the default subject
# sources (comma-separated) to lookup the user if none specified in user name
# {valueType: "string"}
ws.logged.in.subject.default.source =
# prepend to the userid this value (e.g. if using local entities, might be: etc:servicePrincipals: )
# {valueType: "string"}
ws.security.prependToUserIdForSubjectLookup =
|
ActAs configuration
To enable web service users to act as another user (proxy), enable the setting in the grouper-ws grouper.properties
...