Stanza reference

This guide provides a complete stanza reference for the WebSEAL configuration file, alphabetized by stanza name.

You can use the appliance Local Management Interface (LMI) to edit the WebSEAL configuration file. On the Reverse Proxy management page, select the appropriate WebSEAL instance and click Manage > Configuration > Edit Configuration File to open the Advanced Configuration File Editor. You can use this editor to directly edit the WebSEAL configuration file.

• [acnt-mgt] stanza
  Use the [acnt-mgt] stanza to configure the WebSEAL account management pages.
• [authentication-levels] stanza
  Use the [authentication-levels] stanza to define the step-up authentication levels.
• [aznapi-configuration] stanza
  Use the [aznapi-configuration] stanza to configure the authorization API services.
• [aznapi-decision-app] stanza
  Use the [aznapi-decision-app] stanza to configure and enable the authorization REST API.
• [azn-decision-info] stanza
  Use the [azn-decision-info] stanza to define any extra information for the authorization framework to use when it is making authorization decisions. This extra information is obtained from elements of the HTTP request.
• [aznapi-external-authzn-services] stanza
  Use the [aznapi-external-authzn-services] stanza to configure the OAuth External Authorization Service (EAS).
• [ba] stanza
  Use the [ba] stanza to configure basic authentication.
• [cdsso] stanza
  Use the [cdsso] stanza to configure cross-domain single sign-on (CDSSO) authentication.
• [cdsso-incoming-attributes] stanza
  Use the [cdsso-incoming-attributes] stanza to specify the handling (extract or ignore) of each attribute in the cross-domain single sign-on token.
• [cdsso-peers] stanza
  Use the [cdsso-peers] stanza to specify the peer servers that are participating in cross-domain single sign-on.
• [cdsso-token-attributes] stanza
  Use the [cdsso-token-attributes] stanza to specify extended attributes from a user credential to add to the cross-domain single sign-on token.
• [certificate] stanza
  Use the [certificate] stanza to configure certificate authentication.
• [cert-map-authn] stanza
  Use the [cert-map-authn] stanza to configure the Cross Domain Authentication Service (CDAS).
• [cfg-db-cmd:entries] stanza
  Use the [cfg-db-cmd:entries] stanza to define configuration entry settings when you use the server sync commands.
• [cfg-db-cmd:files] stanza
  Use the [cfg-db-cmd:files] stanza entry to define settings for files that are included in the configuration database.
• [cluster] stanza
  Use the [cluster] stanza to configure a clustered WebSEAL server environment.
• [compress-mime-types] stanza
  Use the [compress-mime-types] stanza to control the HTTP data compression for specific MIME types.
• [compress-user-agents] stanza
  Use the [compress-user-agents] stanza to explicitly enable or disable compression for various browsers. You can configure WebSEAL to use the user-agent header that is sent by the client to determine whether to enable or disable HTTP compression.
• [content] stanza
  Use the [content] stanza to specify the format of macro data strings that are inserted into HTML server response pages. The data is inserted into the WebSEAL HTML files in either UTF-8 format or local code page format.
• [content-cache] stanza
  Use the [content-cache] stanza to configure WebSEAL content caching.
• [content-encodings] stanza
  Use the [content-encodings] stanza to map document extensions to encoding types. WebSEAL uses this mapping to determine the correct MIME type to report in its response content-type header for local junction files.
• [content-mime-types] stanza
  Use the [content-mime-types] stanza to define the MIME type for specific document extensions.
• [cookies-attributes] stanza
  Use the cookie-attributes stanza to define static attributes which are added to matched cookies after WebSEAL has finished processing the request (including HTTP transformation) and just before they are passed back to the client. The configured attributes will replace any corresponding attribute which already exists in the cookie.
• [cors-policy:policy-name] stanza
  Use this stanza to house configuration that is specific to a particular CORS policy. The <policy-name> component of the stanza name must be changed to the name the policy will be given.
• [cred-viewer-app] stanza
  
• [credential-policy-attributes] stanza
  Use the [credential-policy-attributes] stanza to specify the Security Verify Access policy values that are stored in credentials during authentication.
• [credential-refresh-attributes] stanza
  Use the [credential-refresh-attributes] stanza to configure the credential refresh behavior in WebSEAL.
• [dsess] stanza
  Use the [dsess] stanza to configure the distributed session cache.
• [dsess-cluster] stanza
  Use the [dsess-cluster] to configure a distributed session cache cluster.
• [eai] stanza
  Use the [eai] stanza to configure the external authentication interface (EAI).
• [eai-trigger-urls] stanza
  Use the [eai-trigger-urls] stanza to specify trigger URL strings for the external authentication interface (EAI). When WebSEAL detects the trigger URL in a request, it intercepts the corresponding response and examines it for authentication data in special HTTP headers.
• [e-community-domains] stanza
  Use the [e-community-domains] stanza to list the e-community cookie domains that are used by virtual host junctions.
• [e-community-domain-keys] stanza
  Use the [e-community-domain-keys] stanza to list the key files that WebSEAL can use to encrypt and decrypt the tokens that are sent between the servers in the e-community.
• [e-community-domain-keys:domain] stanza
  Use the [e-community-domain-keys:domain] stanza to specify the appropriate keys for each domain that is defined in the [e-community-domains] stanza.
• [e-community-sso] stanza
  Use the [e-community-sso] stanza to configure e-community single sign-on.
• [ecsso-incoming-attributes] stanza
  Use the [ecsso-incoming-attributes] stanza to specify how the token consume module handles extended attributes in the e-community single sign-on token. The attributes can either be extracted or ignored.
• [ecsso-token-attributes] stanza
  Use the [ecsso-token-attributes] stanza to specify extended attributes from a user credential to add to the cross-domain single signon token. Extended attributes consist of information about a user identity that WebSEAL adds to an extended attribute list when it creates a user credential.
• [enable-redirects] stanza
  Use the [enable-redirects] stanza to enable automatic redirection for each of the applicable authentication methods. The authentication methods include forms authentication, basic authentication, certificate authentication, and EAI authentication.
• [failover] stanza
  Use the [failover] stanza to configure the use of failover cookies in WebSEAL.
• [failover-add-attributes] stanza
  Use the [failover-add-attributes] stanza to add attributes to the failover authentication cookie. These attributes can include extended attributes from a user credential and session time stamps.
• [failover-restore-attributes] stanza
  Use the [failover-restore-attributes] stanza to configure WebSEAL to extract certain attributes from the failover authentication cookie and place them into the user credential.
• [filter-advanced-encodings] stanza
  Use the [filter-advanced-encodings] stanza to configure the types of URL encoding that are detected and filtered.
• [filter-content-types] stanza
  Use the [filter-content-types] stanza to specify the content (MIME) types of the documents in which WebSEAL filters tag-based static URLs.
• [filter-events] stanza
  Use the [filter-events] stanza to identify HTML tags that might contain JavaScript. WebSEAL searches these tags to filter any absolute URLs embedded in JavaScript event handlers.
• [filter-request-headers] stanza
  Use the [filter-request-headers] stanza to configure extra HTTP headers for WebSEAL to filter before it sends a request to a junctioned server.
• [filter-schemes] stanza
  Use the [filter-schemes] stanza to list URL schemes that are not to be filtered by WebSEAL in responses from junctioned application servers.
• [filter-url] stanza
  Use the [filter-url] stanza to specify the HTML tags and attributes that WebSEAL filters in responses from junctioned servers.
• [flow-data] stanza
  Use the [flow-data] stanza to configure the recording of flow data statistics in WebSEAL.
• [forms] stanza
  Use the [forms] stanza to configure forms authentication in WebSEAL.
• [gso-cache] stanza
  Use the [gso-cache] stanza to define Global Signon (GSO) settings.
• [header-names] stanza
  Use the [header-names] stanza to define the HTTP header information in the request that WebSEAL sends to junctioned applications.
• [http-method-perms] stanza
  Use this stanza to define the permissions that are required to perform a request with a particular HTTP method.
• [http-transformations] stanza
  Use the [http-transformations] stanza to define the HTTP transformation settings.
• [http-transformations:<resource-name>] stanza
  Use this stanza to house configuration that is specific to a particular HTTP transformation resource. The <resource-name> component of the stanza name must be changed to the actual name of the resource.
• [http-updates] stanza
  Use the [http-updates] stanza to configure WebSEAL so that it can communicate with an HTTP server to retrieve updates to files.
• [ICAP:<resource>] stanza
  Use the [ICAP:<resource>] stanza to define a single ICAP resource.
• [interfaces] stanza
  
• [itim] stanza
  
• [jdb-cmd:replace] stanza
  
• [junction] stanza
  
• [junction:junction_name] stanza
  
• [jwt:<jct-id>]
  The JWT stanza is used to control the generation of JSON Web Tokens for the specified junction. The '{jct-id}' refers to the junction point for a standard junction (include the leading '/'), or the virtual host label for a virtual host junction.
• [ldap] stanza
  
• [local-apps] stanza
  
• [local-response-macros] stanza
  
• [local-response-redirect] stanza
  
• [logging] stanza
  
• [ltpa] stanza
  
• [ltpa-cache] stanza
  
• [mpa] stanza
  
• [oauth] stanza
  Use the [oauth] stanza to configure Open Authentication (OAuth) settings.
• [oauth-eas] stanza
  
• [oauth-introspection] stanza
  The OAuth Introspection capability is configured by using the [oauth-introspection] stanza.
• [oidc] stanza
  This stanza contains the settings for OIDC.
• [oidc:default] stanza
  
• [obligations-levels-mapping] stanza
  
• [obligations-urls-mapping] stanza
  Use this stanza to define a URL to be used to satisfy an obligation.
• [p3p-header] stanza
  
• [PAM] stanza
  
• [pam-resource:<URI>] stanza
  
• [password-strength] stanza
  Use the [password-strength] stanza to define settings for the password strength module.
• password-callouts stanza
  The password-callouts stanza is used to configure the system to make a REST call before and after password update operations (/pkmspasswd) take place. This, for example, allows external services to perform password strength validation.
• [preserve-cookie-names] stanza
  
• [process-root-filter] stanza
  
• [rate-limiting] stanza
  This stanza identifies the rate limiting policies that are applied to this reverse proxy.
• [reauthentication] stanza
  
• [replica-sets] stanza
  
• [rsp-header-names] stanza
  Defines static HTTP headers are added to every HTTP response from the WebSEAL server.
• [rtss-eas] stanza
  
• [rtss-cluster:<cluster>] stanza
  
• [script-filtering] stanza
  
• [server] stanza
  
• [session] stanza
  
• [server:<instance>] stanza
  This stanza defines a back-end LDAP server that can be used for federated registries.
• [session-cookie-domains] stanza
  
• [session-http-headers] stanza
  
• [snippet-filter] stanza
  Use the [snippet-filter] stanza to configure parameters associated with the snippet filter.
• [snippet-filter:<uri>] stanza
  Use the [snippet-filter:<uri>] stanza to configure the snippet filter for a particular resource.
• [spnego] stanza
  Use the [spnego] stanza to configure Kerberos authentication.
• [ssl] stanza
  
• [ssl-qop] stanza
  
• [ssl-qop-mgmt-default] stanza
  
• [ssl-qop-mgmt-hosts] stanza
  
• [ssl-qop-mgmt-networks] stanza
  
• [step-up] stanza
  
• [system-environment-variables] stanza
  
• [tfimsso:<jct-id>] stanza
  
• [tfim-cluster:<cluster>] stanza
  
• [token] stanza
  Use this stanza to define your token settings.
• [user-agent] stanza
  Use the [user-agent] stanza to specify a category name for a particular user-agent string in the HTTP Request header. WebSEAL uses the user-agent string to categorize the incoming requests to make flow data statistics more meaningful.
• [user-agent-groups] stanza
  Use the [user-agent-groups] stanza to map arbitrary user-agent strings to defined groups. These groups can then be referenced elsewhere in the configuration, namely in the '[cookie-attributes]' stanza.
• [user-attribute-definitions] stanza
  Use this stanza to modify the data type, the category, or both of a custom attribute.
• [user-map-authn] stanza
  Use the [user-map-authn] stanza to define authenticated user mapping settings.
• [validate-headers] stanza
  Use the [validate-headers] stanza to list those headers to be validated on each request.
• [websocket] stanza
  Use the [websocket] stanza to define settings for WebsSocket support.
• Appendix: Supported GSKit attributes
  You can configure the these GSKit attributes with Security Verify Access.

Parent topic: Web Reverse Proxy Stanza Reference