Authentication configuration for outbound connections and SSL configuration for outbound connections. Complex type to contain SSLContext definitions that can subsequently be matched by the ssl context rules. The default SSLContext. SSLContext definition. Configuration to filter the enabled cipher suites. Define a space separated list of SSLContext protocols to be supported. Once the available providers have been identified only the provider with the name defined on this element will be used. Name used for referencing SSLContext from other parts of the configuration. Rules used to determine which SSLContext should be used for individual resources. Matches the protocol within the URI against the name specified in this match element. Matches the host name from within the URI against the name specified in this match element. Matches the path from the URI against the name specified in this match element. Matches the port number specified within the URI against the number in this match element. This only matches against the number specified within the URI and not against any default derived from the protocol. Matches the scheme specific part of the URI against the name specified within this element. Matches where the protocol of the URI is 'domain' and the scheme specific part of the URI is the name specified within this match element. User info can be embedded within a URI, this rule matches when there is no user-info. Matches when the user-info embedded in the URI matches the name specified within this element. Definition of rule for assigning SSLContexts to resources. A name of SSLContext, which should be used if given rule match. Named configurations to be referenced from authentication rules. A configuration that can then be matched from the authentication rules. DEPRECATED. Override the destination host name for the authenticated call. DEPRECATED. Override the destination port number for the authenticated call. DEPRECATED. Override the protocol for the authenticated call. The name of the realm that will be selected by the SASL mechanism if required. A regular expression pattern and replacement to re-write the user name used for authentication. A SASL mechanism selector using the syntax from org.wildfly.security.sasl.SaslMechanismSelector,fromString(). One or more properties to be passed to the authentication mechanisms. The name that should be used for authorization if different from the authentication identity. Name used for referencing the authentication configuration. One or more credentials to be assembled into a protection parameter when initialising the credential store. A pem encoded public key. DEPRECATED. Credential obtained from local kerberos ticket cache. The location of a private ssh key to be used as credentials. The directory containing the SSH key file. Set to "[user.home]/.ssh" by default The name of the private key file. Set to "id_rsa", "id_dsa, and "id_ecdsa" by default. The name of the file containing the known SSH hosts. Set to "known_hosts" by default. A public and private key pair. A pem encoded public key. A pem encoded private key. A PEM encoded private key in OpenSSH format. The public key to be used will be obtained from the encoded private key A PEM encoded private key in OpenSSH format. The public key to be used will be obtained from the encoded private key The PEM encoded private key in OpenSSH format. A pem encoded private key and corresponding certificate. A pem encoded private key. Corresponding certificate. Rules to be applied for outbound connections to match against an appropriate authentication configuration. Authentication client rule definition. A configuration to use for the rule. The user name to use for authentication. Switch to anonymous authentication. Define how java.security.Provider instances are located when required. The providers from java.security.Security.getProviders() Providers loaded using service loader discovery from the module specified, if no module is specified the ClassLoader which loaded the authentication client is used. Define how the Webservices client will authenticate. WS client will use the credentials with this HTTP mechanism. WS client will use the credentials with this WS-Security authentication type. The java.security.Provider instances either inherited or defined in this configuration will be used to locate the available SASL client factories. SASL client factories will be discovered using service loader discovery on the specified module or if not specified using the ClassLoader loading the configuration. The presence of this element enables checking the peer's certificate against multiple certificate revocation lists. The presence of this element enables checking the peer's certificate against a certificate revocation list. URI of certificate revocation list file. Alternative to "path" and "resource". The module resource to use as certificate revocation list. Alternative to "path" and "uri". Path to the certificate revocation list. Alternative to "resource" and "uri". The presence of this element enabled checking the peer's certificate against a certificate revocation list. URI of certificate revocation list file. Alternative to "path" and "resource". The module resource to use as certificate revocation list. Alternative to "path" and "uri". Path to the certificate revocation list. Alternative to "resource" and "uri". The maximum number of non-self-issued intermediate certificates that may exist in a certification path. This attribute is deprecated and maximum-cert-path attribute in trust-manager should be used instead. The presence of this element enabled checking the peer's certificate using online certificate status protocol. OCSP responder URI to override those extracted from certificate. Alias of OCSP Responder certificate. Keystore for OCSP Responder certificate. trust-manager keystore is used by default and responder-certificate has to be defined. Prefer certificate revocation list revocation over OCSP if certificate-revocation-list is defined. Complex type to contain the definitions of the key stores. An individual key store definition. Load from file. Load the file from the URI specified. Load as a resource from the Thread context classloader. Name used for referencing the key store. The key store type. The key store provider. Whether to wrap keystore to allow storing two-way passwords in it. Defines a reference to an entry within a KeyStore for an entry to use. Name of the KeyStore being referenced to load the entry from. The alias of the entry to load from the referenced KeyStore, this can only be omitted for KeyStores that contain only a single entry. Reference to a credential stored in a credential store. Credential store name. When used, attribute "alias" need to be specified. Alias in the credential store. Ignored if "store" is not specified. Credential store password in clear text. Supersedes "store" and "alias" attributes. Key manager definition. Provides credentials to authenticate against the peer. A reference to a KeyStore that will be used to initialise the KeyManager. The alias of the key to filter from the referenced KeyStore. A comma separated list of aliases or one of the following formats can be used: ALL:-alias1:-alias2, NONE:+alias1:+alias2 Key manager provider name. Key manager algorithm. Trust manager definition. Decides whether credentials presented by a peer should be accepted. Trust manager provider name. Trust manager algorithm. The maximum number of non-self-issued intermediate certificates that may exist in a certification path. Check revocation status only of leaf certificates. Accept certificate if revocation status is unknown. Trust store definition. A reference to a KeyStore that will be used to initialise the TrustManager. A bearer token. A bearer token value. An OAuth 2 bearer token. An OAuth 2 bearer token client credentials. The client identifier. The client secret. An OAuth 2 bearer token client credentials. The client identifier. An OAuth 2 bearer token resource owner credentials. Name used for referencing the resource owner. The resource owner password. An OAuth 2 bearer token resource owner credentials. Name used for referencing the resource owner. Complex type to contain the definitions of the credential stores. An individual credential store definition. Name used for referencing the credential store. The credential store type, e.g. KeyStoreCredentialStore. The name of the provider to use to instantiate the CredentialStoreSpi. If the provider is not specified then the first provider found that can create an instance of the specified 'type' will be used. Matches the abstract type and/or authority against the values specified within this match element. Name used for referencing the abstract type. Abstract type authority. Complex type to contain the definitions of the attributes. An individual attribute definition. Name used for referencing the attribute. The value of the attribute. A clear password definition. A password specified in the clear. A masked password definition. The algorithm that was used to encrypt the password. The initial key material that was used to encrypt the password. The iteration count that was used to encrypt the password. The salt that was used to encrypt the password. The base64 encrypted password. (without the "MASK-" prefix) The initialization vector that was used to encrypt the password. Module reference. Module name. Resource reference. Name used for referencing the resource. Module name. Port number. Representation of a key/value property pair. The key for this property. The value for this property. A regular expression substitution type. A regular expression pattern. A regular expression replacement used for re-write. The format of the selector is described in Javadoc of org.wildfly.security.ssl.CipherSuiteSelector.fromString(selector). A Uniform Resource Identifier (URI) reference. A Uniform Resource Identifier (URI). Cipher suite selector type. The format of the selector is described in Javadoc of org.wildfly.security.ssl.CipherSuiteSelector.fromString(selector). The format of the names is described in Javadoc of org.wildfly.security.ssl.CipherSuiteSelector.fromNamesString(names). The mechanism names the credential should be usable with. Names will be converted to OIDs and used together with OIDs from mechanism-oids attribute. The mechanism OIDs the credential should be usable with. Will be used together with OIDs derived from names from mechanism-names attribute. A list of String.