...
constant | default | definition |
security.enableRevocation | false | Whether to enable Certificate Revocation List (CRL) checking or not when verifying trust in a certificate. |
| security.enable.unsigned-saml-assertion.principal | false | Whether to allow unsigned saml assertions as SecurityContext Principals. The default is false. Note that "unsigned" refers to an internal signature. Even if the token is signed by an external signature (as per the "sender-vouches" requirement), this boolean must still be configured if you want to use the token to set up the security context. |
| security.validate.saml.subject.conf | true | Whether to validate the SubjectConfirmation requirements of a received SAML Token. |
| security.sc.jaas-subject | true | Set this to "false" if security context must not be created from JAAS Subject. |
| security.validate.audience-restriction | (varies) | If this is set to "true", then IF the SAML Token contains Audience Restriction URIs, one of them must match one of the values of the AUDIENCE_RESTRICTIONS property. The default is "true" for SOAP services in CXF 3.0.x, and "false" for 2.7.x. The default is "false" for REST services. |
Non-boolean Security Configuration parameters
...