blob: 55e5f53c390f1d60d5970718200e215efa3ff893 [file] [log] [blame]
<!--
Copyright (c) 2013, 2021 Oracle and/or its affiliates. All rights reserved.
This program and the accompanying materials are made available under the
terms of the Eclipse Public License v. 2.0, which is available at
http://www.eclipse.org/legal/epl-2.0.
This Source Code may also be made available under the following Secondary
Licenses when the conditions for such availability set forth in the
Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
version 2 with the GNU Classpath Exception, which is available at
https://www.gnu.org/software/classpath/license.html.
SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
-->
<domain log-root="${com.sun.aas.instanceRoot}/logs" application-root="${com.sun.aas.instanceRoot}/applications" version="10.0">
<security-configurations>
<authentication-service default="true" name="adminAuth" use-password-credential="true">
<security-provider name="spcrealm" type="LoginModule" provider-name="adminSpc">
<login-module-config name="adminSpecialLM" control-flag="sufficient" module-class="com.sun.enterprise.admin.util.AdminLoginModule">
<property name="config" value="server-config"></property>
<property name="auth-realm" value="admin-realm"></property>
</login-module-config>
</security-provider>
<security-provider name="filerealm" type="LoginModule" provider-name="adminFile">
<login-module-config name="adminFileLM" control-flag="sufficient" module-class="com.sun.enterprise.security.auth.login.FileLoginModule">
<property name="config" value="server-config"></property>
<property name="auth-realm" value="admin-realm"></property>
</login-module-config>
</security-provider>
</authentication-service>
<authorization-service default="true" name="authorizationService">
<security-provider name="simpleAuthorization" type="Simple" provider-name="simpleAuthorizationProvider">
<authorization-provider-config support-policy-deploy="false" name="simpleAuthorizationProviderConfig"></authorization-provider-config>
</security-provider>
</authorization-service>
<role-mapping-service default="true" name="rolemappingService">
<security-provider name="simpleRoleMapping" type="Simple" provider-name="simpleRoleMappingProvider">
<role-mapping-provider-config support-role-deploy="false" name="simpleRoleMappingProviderConfig"></role-mapping-provider-config>
</security-provider>
</role-mapping-service>
</security-configurations>
<system-applications/>
<applications/>
<resources/>
<servers>
<server name="%%%SERVER_ID%%%" config-ref="%%%CONFIG_MODEL_NAME%%%">
<resource-ref ref="jdbc/__TimerPool" />
<resource-ref ref="jdbc/__default" />
</server>
</servers>
<nodes>
<node name="localhost-%%%DOMAIN_NAME%%%" type="CONFIG" node-host="localhost" install-dir="${com.sun.aas.productRoot}"/>
</nodes>
<configs>
<config name="%%%CONFIG_MODEL_NAME%%%">
<!--%%%TOKENS_HERE%%%-->
<!--%%%PORT_BASE%%%-->
<http-service>
<access-log/>
<virtual-server id="server" network-listeners="http-listener-1,http-listener-2"/>
<virtual-server id="__asadmin" network-listeners="admin-listener"/>
</http-service>
<admin-service auth-realm-name="admin-realm" type="das-and-server" system-jmx-connector-name="system">
<jmx-connector auth-realm-name="admin-realm" security-enabled="false" address="0.0.0.0" port="%%%JMX_SYSTEM_CONNECTOR_PORT%%%" name="system" />
<property value="/admin" name="adminConsoleContextRoot" />
<property value="${com.sun.aas.installRoot}/lib/install/applications/admingui.war" name="adminConsoleDownloadLocation" />
<property value="${com.sun.aas.installRoot}/.." name="ipsRoot" />
</admin-service>
<security-service>
<auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="admin-realm">
<property value="${com.sun.aas.instanceRoot}/config/admin-keyfile" name="file" />
<property value="fileRealm" name="jaas-context" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="file">
<property value="${com.sun.aas.instanceRoot}/config/keyfile" name="file" />
<property value="fileRealm" name="jaas-context" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
<jacc-provider policy-configuration-factory-provider="org.glassfish.exousia.modules.locked.SimplePolicyConfigurationFactory" policy-provider="org.glassfish.exousia.modules.locked.SimplePolicyProvider" name="default">
<property value="${com.sun.aas.instanceRoot}/generated/policy" name="repository" />
</jacc-provider>
<jacc-provider policy-configuration-factory-provider="org.glassfish.exousia.modules.locked.SimplePolicyConfigurationFactory" policy-provider="org.glassfish.exousia.modules.locked.SimplePolicyProvider" name="simple" />
<message-security-config auth-layer="SOAP">
<provider-config provider-id="XWS_ClientProvider" class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule" provider-type="client">
<request-policy auth-source="content" />
<response-policy auth-source="content" />
<property value="s1as" name="encryption.key.alias" />
<property value="s1as" name="signature.key.alias" />
<property value="false" name="dynamic.username.password" />
<property value="false" name="debug" />
</provider-config>
<provider-config provider-id="ClientProvider" class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule" provider-type="client">
<request-policy auth-source="content" />
<response-policy auth-source="content" />
<property value="s1as" name="encryption.key.alias" />
<property value="s1as" name="signature.key.alias" />
<property value="false" name="dynamic.username.password" />
<property value="false" name="debug" />
<property value="${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml" name="security.config" />
</provider-config>
<provider-config provider-id="XWS_ServerProvider" class-name="com.sun.xml.wss.provider.ServerSecurityAuthModule" provider-type="server">
<request-policy auth-source="content" />
<response-policy auth-source="content" />
<property value="s1as" name="encryption.key.alias" />
<property value="s1as" name="signature.key.alias" />
<property value="false" name="debug" />
</provider-config>
<provider-config provider-id="ServerProvider" class-name="com.sun.xml.wss.provider.ServerSecurityAuthModule" provider-type="server">
<request-policy auth-source="content" />
<response-policy auth-source="content" />
<property value="s1as" name="encryption.key.alias" />
<property value="s1as" name="signature.key.alias" />
<property value="false" name="debug" />
<property value="${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml" name="security.config" />
</provider-config>
</message-security-config>
<message-security-config auth-layer="HttpServlet">
<provider-config provider-type="server" provider-id="GFConsoleAuthModule" class-name="org.glassfish.admingui.common.security.AdminConsoleAuthModule">
<request-policy auth-source="sender"></request-policy>
<response-policy></response-policy>
<property name="loginPage" value="/login.jsf"></property>
<property name="loginErrorPage" value="/loginError.jsf"></property>
</provider-config>
</message-security-config>
<property value="SHA-256" name="default-digest-algorithm" />
</security-service>
<java-config classpath-suffix="" system-classpath="" debug-options="-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=%%%JAVA_DEBUGGER_PORT%%%">
<jvm-options>-Djdk.tls.rejectClientInitiatedRenegotiation=true</jvm-options>
<jvm-options>-Djava.awt.headless=true</jvm-options>
<jvm-options>-Djavax.management.builder.initial=com.sun.enterprise.v3.admin.AppServerMBeanServerBuilder</jvm-options>
<jvm-options>-XX:+UnlockDiagnosticVMOptions</jvm-options>
<jvm-options>-Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy</jvm-options>
<jvm-options>-Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf</jvm-options>
<jvm-options>-Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as</jvm-options>
<jvm-options>-Xmx512m</jvm-options>
<jvm-options>-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.jks</jvm-options>
<jvm-options>-Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/config/cacerts.jks</jvm-options>
<jvm-options>-DANTLR_USE_DIRECT_CLASS_LOADING=true</jvm-options>
<!-- Configure post startup bundle list here. This is a comma separated list of bundle sybolic names. -->
<!-- Configuration of various third-party OSGi bundles like
Felix Remote Shell, FileInstall, etc. -->
<!-- Port on which remote shell listens for connections.-->
<jvm-options>-Dosgi.shell.telnet.port=%%%OSGI_SHELL_TELNET_PORT%%%</jvm-options>
<!-- How many concurrent users can connect to this remote shell -->
<jvm-options>-Dosgi.shell.telnet.maxconn=1</jvm-options>
<!-- From which hosts users can connect -->
<jvm-options>-Dosgi.shell.telnet.ip=127.0.0.1</jvm-options>
<!-- Gogo shell configuration -->
<jvm-options>-Dgosh.args=--nointeractive</jvm-options>
<!-- Directory being watched by fileinstall. -->
<jvm-options>-Dfelix.fileinstall.dir=${com.sun.aas.installRoot}/modules/autostart/</jvm-options>
<!-- Time period fileinstaller thread in ms. -->
<jvm-options>-Dfelix.fileinstall.poll=5000</jvm-options>
<!-- log level: 1 for error, 2 for warning, 3 for info and 4 for debug. -->
<jvm-options>-Dfelix.fileinstall.log.level=2</jvm-options>
<!-- should new bundles be started or installed only?
true => start, false => only install
-->
<jvm-options>-Dfelix.fileinstall.bundles.new.start=true</jvm-options>
<!-- should watched bundles be started transiently or persistently -->
<jvm-options>-Dfelix.fileinstall.bundles.startTransient=true</jvm-options>
<!-- Should changes to configuration be saved in corresponding cfg file? false: no, true: yes
If we don't set false, everytime server starts from clean osgi cache, the file gets rewritten.
-->
<jvm-options>-Dfelix.fileinstall.disableConfigSave=false</jvm-options>
<!-- End of OSGi bundle configurations -->
<jvm-options>-XX:NewRatio=2</jvm-options>
<jvm-options>-Xbootclasspath/a:${com.sun.aas.installRoot}/lib/grizzly-npn-api.jar</jvm-options>
<jvm-options>--add-opens=java.base/java.io=ALL-UNNAMED</jvm-options>
<jvm-options>--add-opens=java.base/java.lang=ALL-UNNAMED</jvm-options>
<jvm-options>--add-opens=java.base/java.util=ALL-UNNAMED</jvm-options>
<jvm-options>--add-opens=java.base/sun.net.www.protocol.jrt=ALL-UNNAMED</jvm-options>
<jvm-options>--add-opens=java.naming/javax.naming.spi=ALL-UNNAMED</jvm-options>
<jvm-options>--add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED</jvm-options>
<jvm-options>--add-opens=jdk.management/com.sun.management.internal=ALL-UNNAMED</jvm-options>
<jvm-options>--add-exports=java.naming/com.sun.jndi.ldap=ALL-UNNAMED</jvm-options>
</java-config>
<network-config>
<protocols>
<protocol name="http-listener-1">
<http default-virtual-server="server" max-connections="250">
<file-cache enabled="false"></file-cache>
</http>
</protocol>
<protocol security-enabled="true" name="http-listener-2">
<http default-virtual-server="server" max-connections="250">
<file-cache enabled="false"></file-cache>
</http>
<ssl classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" ssl3-enabled="false" cert-nickname="s1as"></ssl>
</protocol>
<protocol name="admin-listener">
<http default-virtual-server="__asadmin" max-connections="250" encoded-slash-enabled="true" >
<file-cache enabled="false"></file-cache>
</http>
</protocol>
</protocols>
<network-listeners>
<network-listener port="%%%HTTP_PORT%%%" protocol="http-listener-1" transport="tcp" name="http-listener-1" thread-pool="http-thread-pool"></network-listener>
<network-listener port="%%%HTTP_SSL_PORT%%%" protocol="http-listener-2" transport="tcp" name="http-listener-2" thread-pool="http-thread-pool"></network-listener>
<network-listener port="%%%ADMIN_PORT%%%" protocol="admin-listener" transport="tcp" name="admin-listener" thread-pool="admin-thread-pool"></network-listener>
</network-listeners>
<transports>
<transport name="tcp"></transport>
</transports>
</network-config>
<thread-pools>
<thread-pool name="admin-thread-pool" max-thread-pool-size="50" max-queue-size="256"></thread-pool>
<thread-pool name="http-thread-pool" max-queue-size="4096"></thread-pool>
<thread-pool name="thread-pool-1" max-thread-pool-size="200"/>
</thread-pools>
</config>
<config name="default-config" dynamic-reconfiguration-enabled="true" >
<http-service>
<access-log/>
<virtual-server id="server" network-listeners="http-listener-1, http-listener-2" >
<property name="default-web-xml" value="${com.sun.aas.instanceRoot}/config/default-web.xml"/>
</virtual-server>
<virtual-server id="__asadmin" network-listeners="admin-listener" />
</http-service>
<admin-service system-jmx-connector-name="system" type="server">
<!-- JSR 160 "system-jmx-connector" -->
<jmx-connector address="0.0.0.0" auth-realm-name="admin-realm" name="system" port="${JMX_SYSTEM_CONNECTOR_PORT}" protocol="rmi_jrmp" security-enabled="false"/>
<!-- JSR 160 "system-jmx-connector" -->
<property value="${com.sun.aas.installRoot}/lib/install/applications/admingui.war" name="adminConsoleDownloadLocation" />
</admin-service>
<log-service log-rotation-limit-in-bytes="2000000" file="${com.sun.aas.instanceRoot}/logs/server.log">
<module-log-levels />
</log-service>
<security-service>
<auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="admin-realm">
<property name="file" value="${com.sun.aas.instanceRoot}/config/admin-keyfile" />
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="file">
<property name="file" value="${com.sun.aas.instanceRoot}/config/keyfile" />
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
<jacc-provider policy-provider="org.glassfish.exousia.modules.locked.SimplePolicyProvider" name="default" policy-configuration-factory-provider="org.glassfish.exousia.modules.locked.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="org.glassfish.exousia.modules.locked.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="org.glassfish.exousia.modules.locked.SimplePolicyConfigurationFactory" />
<message-security-config auth-layer="SOAP">
<provider-config provider-type="client" provider-id="XWS_ClientProvider" class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule">
<request-policy auth-source="content" />
<response-policy auth-source="content" />
<property name="encryption.key.alias" value="s1as" />
<property name="signature.key.alias" value="s1as" />
<property name="dynamic.username.password" value="false" />
<property name="debug" value="false" />
</provider-config>
<provider-config provider-type="client" provider-id="ClientProvider" class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule">
<request-policy auth-source="content" />
<response-policy auth-source="content" />
<property name="encryption.key.alias" value="s1as" />
<property name="signature.key.alias" value="s1as" />
<property name="dynamic.username.password" value="false" />
<property name="debug" value="false" />
<property name="security.config" value="${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml" />
</provider-config>
<provider-config provider-type="server" provider-id="XWS_ServerProvider" class-name="com.sun.xml.wss.provider.ServerSecurityAuthModule">
<request-policy auth-source="content" />
<response-policy auth-source="content" />
<property name="encryption.key.alias" value="s1as" />
<property name="signature.key.alias" value="s1as" />
<property name="debug" value="false" />
</provider-config>
<provider-config provider-type="server" provider-id="ServerProvider" class-name="com.sun.xml.wss.provider.ServerSecurityAuthModule">
<request-policy auth-source="content" />
<response-policy auth-source="content" />
<property name="encryption.key.alias" value="s1as" />
<property name="signature.key.alias" value="s1as" />
<property name="debug" value="false" />
<property name="security.config" value="${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml" />
</provider-config>
</message-security-config>
</security-service>
<diagnostic-service/>
<java-config debug-options="-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=${JAVA_DEBUGGER_PORT}" system-classpath="" classpath-suffix="">
<jvm-options>-server</jvm-options>
<jvm-options>-Djava.awt.headless=true</jvm-options>
<jvm-options>-Djdk.tls.rejectClientInitiatedRenegotiation=true</jvm-options>
<jvm-options>-XX:+UnlockDiagnosticVMOptions</jvm-options>
<jvm-options>-Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy</jvm-options>
<jvm-options>-Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf</jvm-options>
<jvm-options>-Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as</jvm-options>
<jvm-options>-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.jks</jvm-options>
<jvm-options>-Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/config/cacerts.jks</jvm-options>
<jvm-options>-DANTLR_USE_DIRECT_CLASS_LOADING=true</jvm-options>
<jvm-options>-XX:NewRatio=2</jvm-options>
<jvm-options>-Xmx512m</jvm-options>
<!-- Configure post startup bundle list here. This is a comma separated list of bundle sybolic names.
The remote shell bundle has been disabled for cluster and remote instances. -->
<!-- Port on which remote shell listens for connections.-->
<jvm-options>-Dosgi.shell.telnet.port=${OSGI_SHELL_TELNET_PORT}</jvm-options>
<!-- How many concurrent users can connect to this remote shell -->
<jvm-options>-Dosgi.shell.telnet.maxconn=1</jvm-options>
<!-- From which hosts users can connect -->
<jvm-options>-Dosgi.shell.telnet.ip=127.0.0.1</jvm-options>
<!-- Gogo shell configuration -->
<jvm-options>-Dgosh.args=--noshutdown -c noop=true</jvm-options>
<!-- Directory being watched by fileinstall. -->
<jvm-options>-Dfelix.fileinstall.dir=${com.sun.aas.installRoot}/modules/autostart/</jvm-options>
<!-- Time period fileinstaller thread in ms. -->
<jvm-options>-Dfelix.fileinstall.poll=5000</jvm-options>
<!-- log level: 1 for error, 2 for warning, 3 for info and 4 for debug. -->
<jvm-options>-Dfelix.fileinstall.log.level=3</jvm-options>
<!-- should new bundles be started or installed only?
true => start, false => only install
-->
<jvm-options>-Dfelix.fileinstall.bundles.new.start=true</jvm-options>
<!-- should watched bundles be started transiently or persistently -->
<jvm-options>-Dfelix.fileinstall.bundles.startTransient=true</jvm-options>
<!-- Should changes to configuration be saved in corresponding cfg file? false: no, true: yes
If we don't set false, everytime server starts from clean osgi cache, the file gets rewritten.
-->
<jvm-options>-Dfelix.fileinstall.disableConfigSave=false</jvm-options>
<!-- End of OSGi bundle configurations -->
<!-- For ORB compatibility with JDK11+ JDKs see https://github.com/eclipse-ee4j/orb-gmbal/issues/22 -->
<jvm-options>-Dorg.glassfish.gmbal.no.multipleUpperBoundsException=true</jvm-options>
<jvm-options>-Xbootclasspath/a:${com.sun.aas.installRoot}/lib/grizzly-npn-api.jar</jvm-options>
<jvm-options>--add-opens=java.base/java.io=ALL-UNNAMED</jvm-options>
<jvm-options>--add-opens=java.base/java.lang=ALL-UNNAMED</jvm-options>
<jvm-options>--add-opens=java.base/java.util=ALL-UNNAMED</jvm-options>
<jvm-options>--add-opens=java.base/sun.net.www.protocol.jrt=ALL-UNNAMED</jvm-options>
<jvm-options>--add-opens=java.naming/javax.naming.spi=ALL-UNNAMED</jvm-options>
<jvm-options>--add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED</jvm-options>
<jvm-options>--add-opens=jdk.management/com.sun.management.internal=ALL-UNNAMED</jvm-options>
<jvm-options>--add-exports=java.naming/com.sun.jndi.ldap=ALL-UNNAMED</jvm-options>
</java-config>
<availability-service/>
<network-config>
<protocols>
<protocol name="http-listener-1">
<http default-virtual-server="server">
<file-cache />
</http>
</protocol>
<protocol security-enabled="true" name="sec-admin-listener">
<http default-virtual-server="__asadmin" encoded-slash-enabled="true">
<file-cache></file-cache>
</http>
<ssl client-auth="want" ssl3-enabled="false" classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" cert-nickname="glassfish-instance" renegotiate-on-client-auth-want="false"></ssl>
</protocol>
<protocol name="admin-http-redirect">
<http-redirect secure="true"></http-redirect>
</protocol>
<protocol name="pu-protocol">
<port-unification>
<protocol-finder protocol="sec-admin-listener" name="http-finder" classname="org.glassfish.grizzly.config.portunif.HttpProtocolFinder"></protocol-finder>
<protocol-finder protocol="admin-http-redirect" name="admin-http-redirect" classname="org.glassfish.grizzly.config.portunif.HttpProtocolFinder"></protocol-finder>
</port-unification>
</protocol>
<protocol security-enabled="true" name="http-listener-2">
<http default-virtual-server="server">
<file-cache />
</http>
<ssl classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" ssl3-enabled="false" cert-nickname="s1as" />
</protocol>
<protocol name="admin-listener">
<http default-virtual-server="__asadmin" max-connections="250">
<file-cache enabled="false" />
</http>
</protocol>
</protocols>
<network-listeners>
<network-listener address="0.0.0.0" port="${HTTP_LISTENER_PORT}" protocol="http-listener-1" transport="tcp" name="http-listener-1" thread-pool="http-thread-pool" />
<network-listener address="0.0.0.0" port="${HTTP_SSL_LISTENER_PORT}" protocol="http-listener-2" transport="tcp" name="http-listener-2" thread-pool="http-thread-pool" />
<network-listener port="${ASADMIN_LISTENER_PORT}" protocol="pu-protocol" transport="tcp" name="admin-listener" thread-pool="http-thread-pool" />
</network-listeners>
<transports>
<transport name="tcp" />
</transports>
</network-config>
<thread-pools>
<thread-pool name="http-thread-pool" />
<thread-pool max-thread-pool-size="200" idle-thread-timeout-in-seconds="120" name="thread-pool-1" />
</thread-pools>
<group-management-service/>
<!--%%%DEFAULT_TOKENS_HERE%%%-->
<system-property name="ASADMIN_LISTENER_PORT" value="24848"/>
<system-property name="HTTP_LISTENER_PORT" value="28080"/>
<system-property name="HTTP_SSL_LISTENER_PORT" value="28181"/>
<system-property name="JMX_SYSTEM_CONNECTOR_PORT" value="28686"/>
<system-property name="OSGI_SHELL_TELNET_PORT" value="26666"/>
<system-property name="JAVA_DEBUGGER_PORT" value="29009"/>
</config>
</configs>
<property name="administrative.domain.name" value="%%%DOMAIN_NAME%%%"/>
<secure-admin special-admin-indicator="%%%SECURE_ADMIN_IDENTIFIER%%%">
<secure-admin-principal dn="%%%ADMIN_CERT_DN%%%"></secure-admin-principal>
<secure-admin-principal dn="%%%INSTANCE_CERT_DN%%%"></secure-admin-principal>
</secure-admin>
</domain>