[junction:<jct-id>] stanzaEdit online allow-backend-domain-cookiesUse the allow-backend-domain-cookies stanza entry to control whether WebSEAL sends domain cookies from a back-end server to a client.always-send-kerberos-tokensIndicates whether WebSEAL sends a security token for every HTTP request or whether WebSEAL waits for a 401 response before it adds the security token.connect-timeoutdisable-tls-v1Use the disable-tls-v1 entry in the [junction] stanza to control whether WebSEAL supports Transport Layer Security (TLS) version 1 for junction connections.disable-ssl-v2Use the disable-ssl-v2 entry in the [junction] stanza to control whether WebSEAL supports SSL version 2 for junction connections.disable-ssl-v3Use the disable-ssl-v3 entry in the [junction] stanza to control whether WebSEAL supports SSL version 3 for junction connections.disable-tls-v11Use the disable-tls-v11 entry in the [junction] stanza to control whether WebSEAL supports Transport Layer Security (TLS) version 1.1 for junction connections.disable-tls-v12Use the disable-tls-v12 entry in the [junction] stanza to control whether WebSEAL supports Transport Layer Security (TLS) version 1.2 for junction connections.disable-tls-v13Use the disable-tls-v13 entry in the [junction] stanza to control whether support for TLS version 1.3 is enabled in WebSEAL. dynamic-addressesUse the dynamic-addresses stanza entry to control whether the junction server host name is resolved to its IP address immediately before every communication with the junction server. dynamic-addresses-ttlUse the dynamic-addresses-ttl stanza entry to specify the length of time (in seconds) that a resolved IP address will be cached before it is discarded and another name resolution is attempted (time-to-live). http2-header-table-sizeUse the http2-header-table-size stanza entry to define the max header table size for an HTTP/2 network connection.http2-initial-window-sizeUse the http2-initial-window-size stanza entry to define the maximum number of unacknowledged bytes WebSEAL can accept per active multiplexed stream.http2-max-concurrent-streamsUse the http2-max-concurrent-streams stanza entry to set the maximum number of simultaneous multiplexed streams WebSEAL will accept per HTTP/2 network connection.http2-max-frame-sizeUse the http2-max-frame-size stanza entry to define the maximum size of the body of a single HTTP/2 protocol frame sent over the HTTP/2 network connection.http2-max-header-list-sizeUse the http2-max-header-list-size stanza entry to define the maximum size of headers that can be sent in a request on an HTTP/2 stream.http-header-attributesUse the http-header-attributes stanza entry to define the credential attributes which will be added as HTTP headers to the request.http-timeouthttps-timeoutignore-svc-unavailableUse ignore-svc-unavailable to control whether WebSEAL handles a 503 'Service Unavailable' from a back-end server or returns it to the client.kerberos-principal-nameUse the kerberos-principal-name entry to set the service principal name of the impersonating user when creating a Kerberos token. kerberos-service-nameUse the kerberos-service-name entry to set the service principal name of the target.kerberos-sso-enableUse the kerberos-sso-enable entry to enable or disable SSO for junctions.kerberos-user-identityUse the kerberos-user-identity stanza entry to enable and define a custom user principal name (UPN). The custom UPN can be constructed from either plain text or the contents of credential attributes.managed-cookies-listmatch-vhj-firstHelps determine the order in which WebSEAL searches for a request in a standard or a virtual host junction table.max-cached-persistent-connectionsmax-jct-readUse the max-jct-read stanza entry to control the amount of header data WebSEAL will read from responses.persistent-con-timeoutping-methodping-response-code-rulesUse the ping-response-code-rules configuration entry to define the rules that are used to determine whether the HTTP status code of the ping responses indicate a healthy or an unhealthy junctioned Web server.ping-attempt-thresholdUse this entry to define the number of consecutive failed ping requests before the junctioned server will be marked as not running.ping-timeping-timeoutUse this entry to set a different timeout value for the 'ping' operations.ping-urirecovery-ping-timerecovery-ping-attempt-thresholdUse this entry to define the number of consecutive successful recovery ping responses before a stopped junctioned server will be marked as running.reset-cookies-listresponse-code-rulesWhen a response of a client-initiated request is returned from the junctioned server, the optional response-code-rules configuration entry defines the rules that are used to determine from the HTTP status code of the responses whether the junctioned Web server is in a healthy or an unhealthy state.server-hostname-validationUse the server-hostname-validation stanza entry to control whether WebSEAL performs hostname validation on server certificates presented by Junctioned servers.ssl-extension-supported-groupsSpecifies supported groups for TLS key agreements. This entry is used only when ssl-key-agreement is set to custom.ssl-key-agreementSpecifies the TLS key agreement mode.support-virtual-host-domain-cookiesuse-new-stateful-on-errorvalidate-backend-domain-cookiesParent topic: Stanza reference