<?xml version="1.0" encoding="UTF-8"?>

<security:Security xmi:version="2.0"
     xmlns:xmi="http://www.omg.org/XMI"
     xmlns:orb.securityprotocol="http://www.ibm.com/websphere/appserver/schemas/5.0/orb.securityprotocol.xmi"
     xmlns:security="http://www.ibm.com/websphere/appserver/schemas/5.0/security.xmi"
     xmi:id="Security_nnn"
     useLocalSecurityServer="true"
     useDomainQualifiedUserNames="false"
     enabled="true"
     cacheTimeout="600"
     issuePermissionWarning="true"
     activeProtocol="BOTH"
     enforceJava2Security="false"
     activeAuthMechanism="LTPA_nnn"
     activeUserRegistry="LDAPUserRegistry_nnn"
     defaultSSLSettings="SSLConfig_nnn">

  <authMechanisms xmi:type="security:LTPA"
       xmi:id="LTPA_nnn"
       OID="oid:1.3.18.0.2.30.2"
       authContextImplClass="com.ibm.ISecurityLocalObjectTokenBaseImpl.WSSecurityContextLTPAImpl"
       authConfig="system.LTPA"
       simpleAuthConfig="system.LTPA"
       authValidationConfig="system.LTPA"
       timeout="120"
       password="{xor}Lz4sLCgwLTs=">

    <trustAssociation xmi:id="TrustAssociation_nnn"
         enabled="false">

      <interceptors xmi:id="TAInterceptor_nnn"
           interceptorClassName="com.ibm.ws.security.web.WebSealTrustAssociationInterceptor"/>

    </trustAssociation>

    <singleSignon xmi:id="SingleSignon_nnn"
                  requiresSSL="false"
                  domainName="" enabled="true"/>

    <private xmi:id="Key_nnn"
             byteArray="LDVQEEC5Uw7RG1jia"/>

    <public xmi:id="Key_nnn" 
            byteArray="AOw42qODy4wjeiRmRewZ"/>

    <shared xmi:id="Key_nnn" 
            byteArray="BO3bJGGScnVeqHICZX7LvSnmphyJO4sPp7ji+BJPSDM="/>

  </authMechanisms>


  <userRegistries xmi:type="security:LocalOSUserRegistry"
                  xmi:id="LocalOSUserRegistry_nnn"
                  serverId=""
                  serverPassword="{xor}"
                  realm=""/>

  <userRegistries xmi:type="security:CustomUserRegistry"
                  xmi:id="CustomUserRegistry_nnn"
                  customRegistryClassName="com.ibm.websphere.security.FileRegistrySample"/>

  <userRegistries xmi:type="security:LDAPUserRegistry"
                  xmi:id="LDAPUserRegistry_nnn"
                  serverId="was"
                  serverPassword="{xor}MTArNikf"
                  realm="host1.domainx.net:389"
                  limit="0"
                  ignoreCase="false"
                  type="ACTIVE_DIRECTORY"
                  sslEnabled="false"
                  sslConfig="hostManager/DefaultSSLSettings"
                  baseDN="OU=Engineering,DC=domainx,DC=net"
                  bindDN="CN=bindadmin,OU=Engineering,DC=domainx,DC=net"
                  bindPassword="{xor}MTArNikf"
                  searchTimeout="120"
                  monitorInterval="0"
                  reuseConnection="true">

    <searchFilter xmi:id="LDAPSearchFilter_nnn"
                  userFilter="(&amp;(sAMAccountName=%v)(objectclass=user))"
                  groupFilter="(&amp;(cn=%v)(objectclass=group))"
                  userIdMap="user:sAMAccountName"
                  groupIdMap="*:cn"
                  groupMemberIdMap="memberof:member"
                  certificateMapMode="EXACT_DN"
                  certificateFilter=""/>

    <hosts xmi:id="EndPoint_nnn" 
           host="host1.domainx.net" port="389"/>

  </userRegistries>

  <applicationLoginConfig xmi:id="JAASConfiguration_nnn">

    <entries xmi:id="JAASConfigurationEntry_nnn"
             alias="ClientContainer">

      <loginModules xmi:id="JAASLoginModule_nnn"
                    moduleClassName="com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy"
                    authenticationStrategy="REQUIRED">

        <options xmi:id="Property_nnn"
                 name="delegate"
                 value="com.ibm.ws.security.common.auth.module.WSClientLoginModuleImpl"/>

      </loginModules>

    </entries>


    <entries xmi:id="JAASConfigurationEntry_nnn"
             alias="WSLogin">


      <loginModules xmi:id="JAASLoginModule_nnn"
                    moduleClassName="com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy"
                    authenticationStrategy="REQUIRED">


        <options xmi:id="Property_nnn"
                 name="delegate"
                 value="com.ibm.ws.security.common.auth.module.WSLoginModuleImpl"/>


      </loginModules>

    </entries>


    <entries xmi:id="JAASConfigurationEntry_nnn"
             alias="DefaultPrincipalMapping">


      <loginModules xmi:id="JAASLoginModule_nnn" 
                    moduleClassName="com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy"
                     authenticationStrategy="REQUIRED">


        <options xmi:id="Property_nnn"
                 name="delegate" 
                 value="com.ibm.ws.security.auth.j2c.WSPrincipalMappingLoginModule"/>


      </loginModules>

    </entries>


  </applicationLoginConfig>


  <CSI xmi:id="IIOPSecurityProtocol_nnn">


    <claims xmi:type="orb.securityprotocol:CommonSecureInterop"
            xmi:id="CommonSecureInterop_nnn"
            stateful="true">


      <layers xmi:type="orb.securityprotocol:IdentityAssertionLayer"
              xmi:id="IdentityAssertionLayer_nnn">


        <supportedQOP xmi:type="orb.securityprotocol:IdentityAssertionQOP"
                      xmi:id="IdentityAssertionQOP_nnn"
                      enable="false"/>

      </layers>


      <layers xmi:type="orb.securityprotocol:MessageLayer"
              xmi:id="MessageLayer_nnn">


        <requiredQOP xmi:type="orb.securityprotocol:MessageQOP"
                     xmi:id="MessageQOP_nnn"
                     establishTrustInClient="false"/>


        <supportedQOP xmi:type="orb.securityprotocol:MessageQOP"
                      xmi:id="MessageQOP_nnn"
                      establishTrustInClient="true"/>

      </layers>


      <layers xmi:type="orb.securityprotocol:TransportLayer" 
              xmi:id="TransportLayer_nnn">

        <requiredQOP xmi:type="orb.securityprotocol:TransportQOP" 
                     xmi:id="TransportQOP_nnn" 
                     establishTrustInClient="false" 
                     enableProtection="false" 
                     confidentiality="false" 
                     integrity="true"/>

        <supportedQOP xmi:type="orb.securityprotocol:TransportQOP" 
                      xmi:id="TransportQOP_nnn" 
                      establishTrustInClient="true" 
                      enableProtection="true" 
                      confidentiality="true" 
                      integrity="true"/>

        <serverAuthentication xmi:id="IIOPTransport_nnn" 
                              sslConfig="hostManager/DefaultSSLSettings"/>

      </layers>

    </claims>


    <performs xmi:type="orb.securityprotocol:CommonSecureInterop" 
              xmi:id="CommonSecureInterop_nnn" 
              stateful="true" 
              sessionGCInterval="300000" 
              sessionGCIdleTime="900000">


      <layers xmi:type="orb.securityprotocol:IdentityAssertionLayer"
              xmi:id="IdentityAssertionLayer_nnn">


        <requiredQOP xmi:type="orb.securityprotocol:IdentityAssertionQOP"
                     xmi:id="IdentityAssertionQOP_nnn"
                     enable="false"/>

        <supportedQOP xmi:type="orb.securityprotocol:IdentityAssertionQOP"
                      xmi:id="IdentityAssertionQOP_nnn"
                      enable="false"/>


      </layers>


      <layers xmi:type="orb.securityprotocol:MessageLayer"
              xmi:id="MessageLayer_nnn"
              authenticationLayerRetryCount="3">

        <requiredQOP xmi:type="orb.securityprotocol:MessageQOP"
                     xmi:id="MessageQOP_nnn"
                     establishTrustInClient="false"/>

        <supportedQOP xmi:type="orb.securityprotocol:MessageQOP"
                      xmi:id="MessageQOP_nnn"
                      establishTrustInClient="true"/>

      </layers>


      <layers xmi:type="orb.securityprotocol:TransportLayer"
              xmi:id="TransportLayer_nnn">


        <requiredQOP xmi:type="orb.securityprotocol:TransportQOP" 
                     xmi:id="TransportQOP_nnn"
                     establishTrustInClient="false"
                     enableProtection="false"
                     confidentiality="false"
                     integrity="true"/>


        <supportedQOP xmi:type="orb.securityprotocol:TransportQOP"
                      xmi:id="TransportQOP_nnn"
                      establishTrustInClient="false"
                      enableProtection="true"
                      confidentiality="true"
                      integrity="true"/>


        <serverAuthentication xmi:id="IIOPTransport_nnn"
                              sslConfig="hostManager/DefaultSSLSettings"/>


      </layers>


    </performs>


  </CSI>


  <IBM xmi:id="IIOPSecurityProtocol_nnn">


    <claims xmi:type="orb.securityprotocol:SecureAssociationService"
            xmi:id="SecureAssociationService_nnn">


      <layers xmi:type="orb.securityprotocol:TransportLayer"
              xmi:id="TransportLayer_nnn">


        <supportedQOP xmi:type="orb.securityprotocol:TransportQOP"
                      xmi:id="TransportQOP_nnn"
                      enableProtection="true"
                      confidentiality="true"
                      integrity="true"/>


        <serverAuthentication xmi:id="IIOPTransport_nnn"
                              sslConfig="hostManager/DefaultSSLSettings"/>


      </layers>


    </claims>


    <performs xmi:type="orb.securityprotocol:SecureAssociationService"
              xmi:id="SecureAssociationService_nnn">

      <layers xmi:type="orb.securityprotocol:TransportLayer"
              xmi:id="TransportLayer_nnn">

        <supportedQOP xmi:type="orb.securityprotocol:TransportQOP"
                      xmi:id="TransportQOP_nnn"
                      enableProtection="true"
                      confidentiality="false"
                      integrity="false"/>

        <serverAuthentication xmi:id="IIOPTransport_nnn"
                              sslConfig="hostManager/DefaultSSLSettings"/>
      </layers>

    </performs>

  </IBM>

  <repertoire xmi:id="SSLConfig_nnn"
              alias="hostManager/DefaultSSLSettings">

    <setting xmi:id="SecureSocketLayer_nnn"
             keyFileName="${USER_INSTALL_ROOT}/etc/DummyServerKeyFile.jks"
             keyFilePassword="{xor}CDo9Hgw="
             keyFileFormat="JKS"
             trustFileName="${USER_INSTALL_ROOT}/etc/DummyServerTrustFile.jks"
             trustFilePassword="{xor}CDo9Hgw="
             trustFileFormat="JKS"
             clientAuthentication="false"
             securityLevel="HIGH"
             enableCryptoHardwareSupport="false">

      <cryptoHardware xmi:id="CryptoHardwareToken_nnn"
                      tokenType=""
                      libraryFile=""
                      password="{xor}"/>

      <properties xmi:id="Property_nnn"
                  name="com.ibm.ssl.protocol"
                  value="SSLv3"/>

      <properties xmi:id="Property_nnn"
                  name="com.ibm.ssl.contextProvider"
                  value="IBMJSSE"/>
    </setting>

  </repertoire>

  <repertoire xmi:id="SSLConfig_nnn"
              alias="host21/DefaultSSLSettings">

    <setting xmi:id="SecureSocketLayer_nnn"
             keyFileName="${USER_INSTALL_ROOT}/etc/DummyServerKeyFile.jks"
             keyFilePassword="{xor}CDo9Hgw="
             keyFileFormat="JKS"
             trustFileName="${USER_INSTALL_ROOT}/etc/DummyServerTrustFile.jks"
             trustFilePassword="{xor}CDo9Hgw="
             trustFileFormat="JKS"
             clientAuthentication="false"
             securityLevel="HIGH"
             enableCryptoHardwareSupport="false">

      <cryptoHardware xmi:id="CryptoHardwareToken_nnn"
                      tokenType=""
                      libraryFile=""
                      password="{xor}"/>

      <properties xmi:id="Property_nnn"
                  name="com.ibm.ssl.protocol"
                  value="SSLv3"/>

      <properties xmi:id="Property_nnn"
                  name="com.ibm.ssl.contextProvider"
                  value="IBMJSSE"/>
    </setting>

  </repertoire>

  <repertoire xmi:id="SSLConfig_nnn"
              alias="host31/DefaultSSLSettings">

    <setting xmi:id="SecureSocketLayer_nnn"
             keyFileName="${USER_INSTALL_ROOT}/etc/DummyServerKeyFile.jks"
             keyFilePassword="{xor}CDo9Hgw="
             keyFileFormat="JKS"
             trustFileName="${USER_INSTALL_ROOT}/etc/DummyServerTrustFile.jks"
             trustFilePassword="{xor}CDo9Hgw="
             trustFileFormat="JKS"
             clientAuthentication="false"
             securityLevel="HIGH"
             enableCryptoHardwareSupport="false">

      <cryptoHardware xmi:id="CryptoHardwareToken_nnn"
                      tokenType=""
                      libraryFile=""
                      password="{xor}"/>

      <properties xmi:id="Property_nnn"
                  name="com.ibm.ssl.protocol"
                  value="SSLv3"/>

      <properties xmi:id="Property_nnn"
                  name="com.ibm.ssl.contextProvider"
                  value="IBMJSSE"/>

    </setting>

  </repertoire>

  <systemLoginConfig xmi:id="JAASConfiguration_nnn">

    <entries xmi:id="JAASConfigurationEntry_nnn" alias="SWAM">

      <loginModules xmi:id="JAASLoginModule_nnn"
                    moduleClassName="com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy"
                    authenticationStrategy="REQUIRED">

        <options xmi:id="Property_nnn"
                 name="delegate"
                 value="com.ibm.ws.security.server.lm.swamLoginModule"/>
      </loginModules>

    </entries>

    <entries xmi:id="JAASConfigurationEntry_nnn" alias="LTPA">

      <loginModules xmi:id="JAASLoginModule_nnn"
                    moduleClassName="com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy"
                    authenticationStrategy="REQUIRED">

        <options xmi:id="Property_nnn"
                 name="delegate"
                 value="com.ibm.ws.security.server.lm.ltpaLoginModule"/>

      </loginModules>

    </entries>

    <entries xmi:id="JAASConfigurationEntry_nnn" alias="wssecurity.IDAssertion">

      <loginModules xmi:id="JAASLoginModule_nnn"
                    moduleClassName="com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy"
                    authenticationStrategy="REQUIRED">

        <options xmi:id="Property_nnn"
                 name="delegate"
                 value="com.ibm.wsspi.wssecurity.auth.module.IDAssertionLoginModule"/>

      </loginModules>

    </entries>

    <entries xmi:id="JAASConfigurationEntry_nnn"
                 alias="wssecurity.Signature">

      <loginModules xmi:id="JAASLoginModule_nnn"
                 moduleClassName="com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy"
                 authenticationStrategy="REQUIRED">

        <options xmi:id="Property_nnn"
                 name="delegate"
                 value="com.ibm.wsspi.wssecurity.auth.module.SignatureLoginModule"/>

      </loginModules>

    </entries>

    <entries xmi:id="JAASConfigurationEntry_nnn" alias="LTPA_WEB">

      <loginModules xmi:id="JAASLoginModule_nnn"
                    moduleClassName="com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy"
                    authenticationStrategy="REQUIRED">

        <options xmi:id="Property_nnn"
                 name="delegate"
                 value="com.ibm.ws.security.web.AuthenLoginModule"/>
      </loginModules>

    </entries>

  </systemLoginConfig>

  <authDataEntries xmi:id="JAASAuthData_nnn"
                   alias="hostManager/installAlias"
                   userId="root"
                   password="{xor}Lz4sLCgwLTs="/>
  <authDataEntries xmi:id="JAASAuthData_nnn"
                   alias="hostManager/domain2-app1ROAlias"
                   userId="b_wstest8_ro"
                   password="{xor}KzosKwA9"/>
  <authDataEntries xmi:id="JAASAuthData_nnn"
                   alias="hostManager/domain2-app1RWAlias"
                   userId="b_wstest8"
                   password="{xor}KzosKwA9"/>
  <authDataEntries xmi:id="JAASAuthData_nnn"
                   alias="hostManager/domain1-app1RWalias"
                   userId="b_domain1"
                   password="{xor}KzosKwA9"/>
  <authDataEntries xmi:id="JAASAuthData_nnn"
                   alias="hostManager/domain1-app1ROalias"
                   userId="b_domain1_ro"
                   password="{xor}KzosKwA9"/>
  <authDataEntries xmi:id="JAASAuthData_nnn"
                   alias="hostManager/domain1-db2prodAlias"
                   userId="db2prod"
                   password="{xor}KzosKwA9"/>
  <authDataEntries xmi:id="JAASAuthData_nnn"
                   alias="hostManager/domain1-company2Alias"
                   userId="company2"
                   password="{xor}KzosKwA9"/>
  <authDataEntries xmi:id="JAASAuthData_nnn"
                   alias="hostManager/domain1-company1Alias"
                   userId="edw"
                   password="{xor}KzosKwA9"/>
  <authDataEntries xmi:id="JAASAuthData_nnn"
                   alias="hostManager/domain2-db2prodAlias"
                   userId="db2prod"
                   password="{xor}KzosKwA9"/>
  <authDataEntries xmi:id="JAASAuthData_nnn"
                   alias="hostManager/domain2-company2Alias"
                   userId="company2"
                   password="{xor}KzosKwA9"/>
  <authDataEntries xmi:id="JAASAuthData_nnn"
                   alias="hostManager/domain2-company1Alias"
                   userId="edw"
                   password="{xor}KzosKwA9"/>
  <authDataEntries xmi:id="JAASAuthData_nnn"
                   alias="hostManager/comp_user_ro"
                   userId="comp_user_ro"
                   password="{xor}KzosKwAs"/>
  <authDataEntries xmi:id="JAASAuthData_nnn"
                   alias="hostManager/comp_user"
                   userId="comp_user"
                   password="{xor}KzosKwAs"/>
  <authDataEntries xmi:id="JAASAuthData_nnn"
                   alias="hostManager/domain1-casAlias"
                   userId="cas"
                   password="{xor}KzosKwA9"/>
  <authDataEntries xmi:id="JAASAuthData_nnn"
                   alias="hostManager/domain2-casAlias"
                   userId="cas"
                   password="{xor}KzosKwA9"/>
  <authDataEntries xmi:id="JAASAuthData_nnn"
                   alias="hostManager/domain1-app2ROAlias"
                   userId="s_domain1_ro"
                   password="{xor}KzosKwAs"/>
  <authDataEntries xmi:id="JAASAuthData_nnn"
                   alias="hostManager/domain1-app2RWAlias"
                   userId="s_domain1"
                   password="{xor}KzosKwAs"/>
  <authDataEntries xmi:id="JAASAuthData_nnn"
                   alias="hostManager/domain1-hubRWAlias"
                   userId="h_domain1"
                   password="{xor}KzosKwA3"/>
  <authDataEntries xmi:id="JAASAuthData_nnn"
                   alias="hostManager/domain2-hubRWAlias"
                   userId="h_domain2"
                   password="{xor}KzosKwA3"/>
  <authDataEntries xmi:id="JAASAuthData_nnn"
                   alias="hostManager/domain2-app2ROAlias"
                   userId="s_domain2_ro"
                   password="{xor}KzosKwAs"/>
  <authDataEntries xmi:id="JAASAuthData_nnn"
                   alias="hostManager/domain2-app2RWAlias"
                   userId="s_domain2"
                   password="{xor}KzosKwAs"/>

  <properties xmi:id="Property_nnn"
              name="security.enablePluggableAuthentication"
              value="true"
              required="false"/>
  <properties xmi:id="Property_nnn"
              name="com.ibm.security.useFIPS"
              value="false"/>

</security:Security>