rcurlette/gist:004090c2d6b9731e9f5def57bb3ee8fd Secret

## gistfile1.txt
<?xml version="1.0" encoding="UTF-8" standalone="no" ?>
<Configuration Version="8.1"
               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xsi:noNamespaceSchemaLocation="../schemas/cd_ambient_conf.xsd">
    <Security OAuthEnabled="false">
        <RequestValidator>com.sdl.web.oauth.validator.OAuth2RequestValidator</RequestValidator>
        <!-- Ambient data framework claims forwarding is enabled for the requests coming from white listed IP addresses. -->
        <WhiteList>
            <IPAddresses>
                <!-- WARNING: this range should be changed as in this state accepts claims from any IP -->
                <Ip>0.0.0.0-255.255.255.255</Ip>
            </IPAddresses>
        </WhiteList>
        <!-- Ambient data framework claims forwarding is allowed only for claims listed in this section. -->
        <GloballyAcceptedClaims>
            <Claim Uri="taf:claim:ambientdata:sessioncartridge:useragent:browser"/>
            <Claim Uri="taf:claim:ambientdata:footprintcartridge:acceptlanguage"/>
            <Claim Uri="taf:claim:ambientdata:footprintcartridge:recurringvisitor"/>
            <Claim Uri="taf:claim:ambientdata:sessioncartridge:useragent:os"/>
            <Claim Uri="taf:claim:ambientdata:footprintcartridge:searchquery"/>
            <Claim Uri="taf:claim:ambientdata:sessioncartridge:session:lifetime"/>
            <Claim Uri="taf:claim:ambientdata:sessioncartridge:refererdomain"/>
        </GloballyAcceptedClaims>
        <!-- Header and cookie validation options -->
        <!--
        <HeaderValidation>
            <DigestKey>sample_passphrase</DigestKey>
            <GracePeriodEndDate>2016-01-01T12:00:00</GracePeriodEndDate>
        </HeaderValidation>
        -->
        <!--
        Built-in authentication server's configuration.
        -->
        <AuthenticationServer ForceSecure="false">
            <TokenExpireTime TimeInSeconds="300"/>
            <SharedSecret>sample_passphrase</SharedSecret>
        </AuthenticationServer>

        <!--
        Built-in authentication server's users.

        First example is 'sdlweb' user with an 'sdlwebpass' encrypted password.
        The second and third examples are users with password, which is not encrypted.
        -->
        <Accounts>
            <Account Id="Domain\mts_svc" Password="XXXXX">
                <Metadata>
                    <Param Name="FirstName" Value="IT"/>
                    <Param Name="LastName" Value="Admin"/>
                    <Param Name="Role" Value="provider"/>
                </Metadata>
            </Account>
            <Account Id="Domain\mts_svc" Password="XXXXX">
                <Metadata>
                    <Param Name="FirstName" Value="Registration"/>
                    <Param Name="LastName" Value="Tool"/>
                    <Param Name="Role" Value="provider"/>
                </Metadata>
            </Account>
            <Account Id="Domain\mts_svc" Password="XXXXX">
                <Metadata>
                    <Param Name="FirstName" Value="Registration"/>
                    <Param Name="LastName" Value="Tool"/>
                    <Param Name="Role" Value="implementer"/>
                </Metadata>
            </Account>
            <Account Id="Domain\mts_svc" Password="XXXXX">
                <Metadata>
                    <Param Name="FirstName" Value="CM"/>
                    <Param Name="LastName" Value="User"/>
                    <Param Name="Role" Value="cm"/>
                </Metadata>
            </Account>
            <Account Id="Domain\mts_svc" Password="XXXXX">
                <Metadata>
                    <Param Name="FirstName" Value="CD"/>
                    <Param Name="LastName" Value="User"/>
                    <Param Name="Role" Value="cd"/>
                    <Param Name="AllowedCookieForwarding" Value="true" />
                </Metadata>
            </Account>

        </Accounts>

        <!-- Rules definition for read/write shielding of services. -->
        <Rules Enabled="false"/>
    </Security>

    <!-- Excluded Paths -->
    <!-- You can add paths relative to the context path for which the Ambient Framework Filter shouldn't execute.
    This is very probable to happen when you map the Ambient Framework Filter to /* path.
    You may want to exclude, for example, the path with which the upload servlet is mapped to. -->

    <ExcludedPaths>
        <!--
           <Path>/token.svc</Path>
        -->
    </ExcludedPaths>
    <Cartridges>
        <!-- Example cartridge definition -->
        <!-- You can hook into and use the Ambient Data Framework by implementing cartridges.
        This is how a cartridge XML configuration files can be specified. -->
        <!--
            <Cartridge File="cd_ambient_cartridge_conf.xml"/>
            -->
    </Cartridges>

    <!-- Cookies settings -->
    <!--
      <Cookies>
          <CookieClaim DefaultValue="true" Name="CookieClaim"/>
          <Cookie Type="Tracking" Name="myTrackingCookie" Path="/"/>
          <Cookie Type="Session" Name="mySessionCookie" Path="/"/>
          <Cookie Type="ADF" Name="TAFContext" />
      </Cookies>
      -->
</Configuration>
	<?xml version="1.0" encoding="UTF-8" standalone="no" ?>
	<Configuration Version="8.1"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:noNamespaceSchemaLocation="../schemas/cd_ambient_conf.xsd">
	<Security OAuthEnabled="false">
	<RequestValidator>com.sdl.web.oauth.validator.OAuth2RequestValidator</RequestValidator>
	<!-- Ambient data framework claims forwarding is enabled for the requests coming from white listed IP addresses. -->
	<WhiteList>
	<IPAddresses>
	<!-- WARNING: this range should be changed as in this state accepts claims from any IP -->
	<Ip>0.0.0.0-255.255.255.255</Ip>
	</IPAddresses>
	</WhiteList>
	<!-- Ambient data framework claims forwarding is allowed only for claims listed in this section. -->
	<GloballyAcceptedClaims>
	<Claim Uri="taf:claim:ambientdata:sessioncartridge:useragent:browser"/>
	<Claim Uri="taf:claim:ambientdata:footprintcartridge:acceptlanguage"/>
	<Claim Uri="taf:claim:ambientdata:footprintcartridge:recurringvisitor"/>
	<Claim Uri="taf:claim:ambientdata:sessioncartridge:useragent:os"/>
	<Claim Uri="taf:claim:ambientdata:footprintcartridge:searchquery"/>
	<Claim Uri="taf:claim:ambientdata:sessioncartridge:session:lifetime"/>
	<Claim Uri="taf:claim:ambientdata:sessioncartridge:refererdomain"/>
	</GloballyAcceptedClaims>
	<!-- Header and cookie validation options -->
	<!--
	<HeaderValidation>
	<DigestKey>sample_passphrase</DigestKey>
	<GracePeriodEndDate>2016-01-01T12:00:00</GracePeriodEndDate>
	</HeaderValidation>
	-->
	<!--
	Built-in authentication server's configuration.
	-->
	<AuthenticationServer ForceSecure="false">
	<TokenExpireTime TimeInSeconds="300"/>
	<SharedSecret>sample_passphrase</SharedSecret>
	</AuthenticationServer>

	<!--
	Built-in authentication server's users.

	First example is 'sdlweb' user with an 'sdlwebpass' encrypted password.
	The second and third examples are users with password, which is not encrypted.
	-->
	<Accounts>
	<Account Id="Domain\mts_svc" Password="XXXXX">
	<Metadata>
	<Param Name="FirstName" Value="IT"/>
	<Param Name="LastName" Value="Admin"/>
	<Param Name="Role" Value="provider"/>
	</Metadata>
	</Account>
	<Account Id="Domain\mts_svc" Password="XXXXX">
	<Metadata>
	<Param Name="FirstName" Value="Registration"/>
	<Param Name="LastName" Value="Tool"/>
	<Param Name="Role" Value="provider"/>
	</Metadata>
	</Account>
	<Account Id="Domain\mts_svc" Password="XXXXX">
	<Metadata>
	<Param Name="FirstName" Value="Registration"/>
	<Param Name="LastName" Value="Tool"/>
	<Param Name="Role" Value="implementer"/>
	</Metadata>
	</Account>
	<Account Id="Domain\mts_svc" Password="XXXXX">
	<Metadata>
	<Param Name="FirstName" Value="CM"/>
	<Param Name="LastName" Value="User"/>
	<Param Name="Role" Value="cm"/>
	</Metadata>
	</Account>
	<Account Id="Domain\mts_svc" Password="XXXXX">
	<Metadata>
	<Param Name="FirstName" Value="CD"/>
	<Param Name="LastName" Value="User"/>
	<Param Name="Role" Value="cd"/>
	<Param Name="AllowedCookieForwarding" Value="true" />
	</Metadata>
	</Account>

	</Accounts>

	<!-- Rules definition for read/write shielding of services. -->
	<Rules Enabled="false"/>
	</Security>

	<!-- Excluded Paths -->
	<!-- You can add paths relative to the context path for which the Ambient Framework Filter shouldn't execute.
	This is very probable to happen when you map the Ambient Framework Filter to /* path.
	You may want to exclude, for example, the path with which the upload servlet is mapped to. -->

	<ExcludedPaths>
	<!--
	<Path>/token.svc</Path>
	-->
	</ExcludedPaths>
	<Cartridges>
	<!-- Example cartridge definition -->
	<!-- You can hook into and use the Ambient Data Framework by implementing cartridges.
	This is how a cartridge XML configuration files can be specified. -->
	<!--
	<Cartridge File="cd_ambient_cartridge_conf.xml"/>
	-->
	</Cartridges>

	<!-- Cookies settings -->
	<!--
	<Cookies>
	<CookieClaim DefaultValue="true" Name="CookieClaim"/>
	<Cookie Type="Tracking" Name="myTrackingCookie" Path="/"/>
	<Cookie Type="Session" Name="mySessionCookie" Path="/"/>
	<Cookie Type="ADF" Name="TAFContext" />
	</Cookies>
	-->
	</Configuration>