1. OTIS Documentation
    1. Overview
    2. Deploying an OTIS Server
    3. Developer Documentation
      1. OTIS Functionality
      2. Samples
      3. OTIS RESTful Protocol Details
      4. Audit Logging
    4. Configuration Documentation
  2. General OTIS Configuration
  3. Security Administrator's Guide
    1. Java Client Security
    2. Outward Facing Server Security
      1. Inactive Session Cleanup
      2. Preventing URL Injection Attacks
      3. Enhanced Client-to-Server Session Security
      4. Enabling/Disabling Anonymous Reads
      5. LDAP Injection Attacks
      6. White List of Attributes
      7. Cross-Site Scripting Attacks
      8. HTTPS versus HTTP
    3. Inward Facing Server Security
  4. XML File Configuration Format
    1. Setting Handlers
    2. Setting Elements
  5. Configuring OTIS Client in Java
  6. Configuration Settings for OTIS Client
    1. defaultContextId Setting
    2. lenientReauth Setting
    3. AuditRecordClass Setting
    4. Audit Originator Settings
    5. otisEndpoint Setting
    6. Authentication Policy Settings
      1. authMethods Setting
      2. doAllAuthMethods Setting
      3. Example Authentication Policies
    7. authMethodGatherers Setting
    8. ComponentSettings Setting
    9. IdASRegistry Setting
    10. Roles Setting
  7. Configuration Settings for OTIS Server
    1. LocalAuthSession Setting
    2. AllowInsecureChannel Setting
    3. SanitizeStrings Setting
    4. AttributeList Setting
    5. NounHandlers Setting
      1. GET_TemplateFile Setting
      2. GET_PropertiesTemplateFile Setting
      3. GET_ContextTemplateFile Setting
      4. GET_EntityTemplateFile Setting
      5. GET_AttributeTemplateFile Setting
      6. POST_TemplateFile Setting
      7. PUT_TemplateFile Setting
      8. EntityIDPolicy Setting
      9. SessionSecretBitSize Setting
      10. AuthSessionTimeout Setting
      11. AnonymousRead Setting
    6. Miscellaneous Noun Handler Information
      1. Resolving URLs to Noun Handlers
      2. Cookies and Nouns
      3. Session Secret
    7. AcceptMedia Setting
  8. Configuration Settings for Specific Authentication Methods
    1. SAML Policy Authentication Method Settings
      1. UseForOpen
      2. ValidateSAML
      3. JSSharedScope
      4. AuthMaterials
      5. AuthEntityId
      6. InjectEntity
      7. InjectEntityAttrMap
      8. ClearEntity

Configuring OTIS Client in Java

Both the OTIS client SDK and the OTIS server are written in Java. Many of the objects and interfaces have configure methods that take as a parameter a java.util.Map object. The map has a set of entries, each of which is a key/value pair. The key is a string that names the setting, and the value is a java.lang.Object. The value can itself be another Map or a List of Objects. This allows settings to be nested.

For the OTIS client, a configuration Map is passed into the AuthSessionManager object, and from there is passed down to IAuthSession objects. The configuration Map object can be built by the application, or read in from a configuration file. Many different configuration formats can be used. This page assumes that the specific XML file format described here is being used. If the configuration file is an XML file in this format, then the org.eclipse.higgins.configuration.xml.ConfigurationHandler class may be used to read the configuration into a java.util.Map object, as illustrated below: 

   import org.eclipse.higgins.configuration.xml.ConfigurationHandler;
   import org.bandit.otis.impl.AuthSessionManager;

   ConfigurationHandler   configHandler = new ConfigurationHandler();

   // Configuration file is "/ConfigDir/otis-config.xml"

   configHandler.setConfigurationBase( "/ConfigDir");
   configHandler.setFileName( "otis-config.xml");
   if (!configHandler.configure())
   {
      // THROW SOME KIND OF EXCEPTION HERE
   }
   else
   {
      Map settings = configHandler.getSettings();
      AuthSessionManager authSessionMgr = new AuthSessionManager( settings);
   }