...
security.saml-role-attributename | The attribute URI of the SAML AttributeStatement where the role information is stored. The default is "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role". |
security.subject.cert.constraints | A comma separated String of regular expressions (separated by the value specified for "security.cert.constraints.separator") which will be applied to the subject DN of the certificate used for signature validation, after trust verification of the certificate chain associated with the certificate. These constraints are not used when the certificate is contained in the keystore (direct trust). |
| security.cert.constraints.separator CXF 3.3.3 / 3.2.10 | The separator that is used to parse certificate constraints configured via "security.subject.cert.constraints". By default it is a comma. |
| security.audience-restrictions CXF 3.1.13 | A comma separated String corresponding to a list of audience restriction URIs. The default value for this property contains the request URL and the Service QName. If the AUDIENCE_RESTRICTION_VALIDATION property is "true", and if a received SAML Token contains audience restriction URIs, then one of them must match one of the values specified in this property. |
...