A security factory for obtaining a GSSCredential for use during authentication.
| Name | Dynamic | Other provider points |
|---|---|---|
| org.wildfly.security.security-factory.credential | true | /subsystem=elytron/custom-credential-security-factory=* |
| Attribute | Value |
|---|---|
| Default Value | false |
| Type | BOOLEAN |
| Nillable | true |
| Expressions Allowed | true |
| Storage | configuration |
| Access Type | read-write |
| Restart Required | all-services |
| Attribute | Value |
|---|---|
| Type | INT |
| Nillable | true |
| Expressions Allowed | true |
| Storage | configuration |
| Access Type | read-write |
| Restart Required | all-services |
| Attribute | Value |
|---|---|
| Default Value | ["KRB5","SPNEGO"] |
| Type | LIST |
| Nillable | true |
| Expressions Allowed | true |
| Storage | configuration |
| Access Type | read-write |
| Restart Required | all-services |
| Allowed Values | KRB5LEGACY GENERIC KRB5 KRB5V2 SPNEGO |
| Attribute | Value |
|---|---|
| Type | LIST |
| Nillable | true |
| Expressions Allowed | true |
| Storage | configuration |
| Access Type | read-write |
| Restart Required | all-services |
| Attribute | Value |
|---|---|
| Default Value | 0 |
| Type | INT |
| Nillable | true |
| Expressions Allowed | true |
| Storage | configuration |
| Access Type | read-write |
| Restart Required | all-services |
| Attribute | Value |
|---|---|
| Default Value | false |
| Type | BOOLEAN |
| Nillable | true |
| Expressions Allowed | true |
| Storage | configuration |
| Access Type | read-write |
| Restart Required | all-services |
| Attribute | Value |
|---|---|
| Type | OBJECT |
| Nillable | true |
| Expressions Allowed | false |
| Storage | configuration |
| Access Type | read-write |
| Restart Required | all-services |
| Attribute | Value |
|---|---|
| Type | STRING |
| Nillable | false |
| Expressions Allowed | true |
| Storage | configuration |
| Access Type | read-write |
| Restart Required | all-services |
| Attribute | Value |
|---|---|
| Type | STRING |
| Nillable | false |
| Expressions Allowed | true |
| Storage | configuration |
| Access Type | read-write |
| Restart Required | all-services |
| Attribute | Value |
|---|---|
| Type | STRING |
| Nillable | true |
| Expressions Allowed | false |
| Storage | configuration |
| Access Type | read-write |
| Restart Required | all-services |
| Attribute | Value |
|---|---|
| Default Value | 2147483647 |
| Type | INT |
| Nillable | true |
| Expressions Allowed | true |
| Storage | configuration |
| Access Type | read-write |
| Restart Required | all-services |
| Attribute | Value |
|---|---|
| Default Value | false |
| Type | BOOLEAN |
| Nillable | true |
| Expressions Allowed | true |
| Storage | configuration |
| Access Type | read-write |
| Restart Required | all-services |
| Attribute | Value |
|---|---|
| Default Value | true |
| Type | BOOLEAN |
| Nillable | true |
| Expressions Allowed | true |
| Storage | configuration |
| Access Type | read-write |
| Restart Required | all-services |
| Attribute | Value |
|---|---|
| Default Value | false |
| Type | BOOLEAN |
| Nillable | true |
| Expressions Allowed | true |
| Storage | configuration |
| Access Type | read-write |
| Restart Required | all-services |
| Request Parameter | Type | Required | Expressions Allowed | Default value | Description |
|---|---|---|---|---|---|
| debug | BOOLEAN | false | true | false | Should the JAAS step of obtaining the credential have debug logging enabled. |
| fail-cache | INT | false | true | Amount of seconds before new try to obtain server credential should be done if it has failed last time. | |
| mechanism-names | LIST | false | true | ["KRB5","SPNEGO"] | The mechanism names the credential should be usable with. Names will be converted to OIDs and used together with OIDs from mechanism-oids attribute. |
| mechanism-oids | LIST | false | true | The mechanism OIDs the credential should be usable with. Will be used together with OIDs derived from names from mechanism-names attribute. | |
| minimum-remaining-lifetime | INT | false | true | 0 | How much lifetime (in seconds) should a cached credential have remaining before it is recreated. |
| obtain-kerberos-ticket | BOOLEAN | false | true | false | Should the KerberosTicket also be obtained and associated with the credential. This is required to be true where credentials are delegated to the server. |
| options | OBJECT | false | false | The Krb5LoginModule additional options. | |
| principal | STRING | true | true | The principal represented by the KeyTab | |
| request-lifetime | INT | false | true | 2147483647 | How much lifetime (in seconds) should be requested for newly created credentials. |
| required | BOOLEAN | false | true | false | Is the keytab file with adequate principal required to exist at the time the service starts? |
| server | BOOLEAN | false | true | true | If this for use server side or client side? |
| wrap-gss-credential | BOOLEAN | false | true | false | Should generated GSS credentials be wrapped to prevent improper disposal or not? |
| path | STRING | true | true | The path of the KeyTab to load to obtain the credential. | |
| relative-to | STRING | false | false | The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute. |