Amster

OATHRegistration

Realm Operations

Resource path:

/realm-config/authentication/authenticationtrees/nodes/OathRegistrationNode

Resource version: 1.0

create

Usage

am> create OATHRegistration --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "bgColor" : {
      "title" : "Background Color",
      "description" : "The background color in hex notation to display behind the issuer's logo within the ForgeRock Authenticator app.",
      "propertyOrder" : 30,
      "type" : "string",
      "exampleValue" : ""
    },
    "totpHashAlgorithm" : {
      "title" : "TOTP Hash Algorithm",
      "description" : "The Hmac hash algorithm to be used on generating the OTP codes.",
      "propertyOrder" : 100,
      "type" : "string",
      "exampleValue" : ""
    },
    "minSharedSecretLength" : {
      "title" : "Minimum Secret Key Length",
      "description" : "Number of hexadecimal characters allowed for the Secret Key.",
      "propertyOrder" : 70,
      "type" : "integer",
      "exampleValue" : ""
    },
    "issuer" : {
      "title" : "Issuer",
      "description" : "A value that appears as an identifier on the user's device. Common choices are a company name, a web site, or an AM realm.",
      "propertyOrder" : 10,
      "type" : "string",
      "exampleValue" : ""
    },
    "truncationOffset" : {
      "title" : "HOTP Truncation Offset",
      "description" : "This is an option used by the HOTP algorithm that not all devices support. This should be left default unless you know your device uses an offset.",
      "propertyOrder" : 120,
      "type" : "integer",
      "exampleValue" : ""
    },
    "totpTimeInterval" : {
      "title" : "TOTP Time Step Interval",
      "description" : "This is the time interval that one OTP is valid for. For example, if the time step is 30 seconds, then a new OTP will be generated every 30 seconds. This makes a single OTP valid for only 30 seconds.",
      "propertyOrder" : 90,
      "type" : "integer",
      "exampleValue" : ""
    },
    "addChecksum" : {
      "title" : "HOTP Checksum Digit",
      "description" : "This adds a digit to the end of the OTP generated to be used as a checksum to verify the OTP was generated correctly. This is in addition to the actual password length. You should only set this if your device supports it.",
      "propertyOrder" : 110,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "passwordLength" : {
      "title" : "One Time Password Length",
      "description" : "The length of the generated OTP in digits, must be at least 6 and compatible with the hardware/software OTP generators you expect your end-users to use. For example, Google and ForgeRock authenticators support values of 6 and 8.",
      "propertyOrder" : 60,
      "type" : "string",
      "exampleValue" : ""
    },
    "scanQRCodeMessage" : {
      "title" : "QR code message",
      "description" : "The message with instructions to scan the QR code for registering the device.",
      "propertyOrder" : 130,
      "patternProperties" : {
        ".*" : {
          "type" : "string"
        }
      },
      "type" : "object",
      "exampleValue" : ""
    },
    "generateRecoveryCodes" : {
      "title" : "Generate Recovery Codes",
      "description" : "If enabled, the success outcome's transient state will contain a set of recovery codes. If this success outcome is passed into a Recovery Code Display Node, these codes will be presented to the user. A user may use recovery codes to bypass the Push authentication node in the event they have lost their authenticator.",
      "propertyOrder" : 50,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "accountName" : {
      "title" : "Account Name",
      "description" : "This field allows selection of the user attribute to be used as the display name for user's Account. It is used when the user's OATH account is stored in the device. If left blank or the selected attribute is empty on the user's profile, the account name will be set to the user's username.",
      "propertyOrder" : 20,
      "type" : "string",
      "exampleValue" : ""
    },
    "algorithm" : {
      "title" : "OATH Algorithm",
      "description" : "",
      "propertyOrder" : 80,
      "type" : "string",
      "exampleValue" : ""
    },
    "imgUrl" : {
      "title" : "Logo Image URL",
      "description" : "The location of an image to download and display as the issuer's logo within the ForgeRock Authenticator app.",
      "propertyOrder" : 40,
      "type" : "string",
      "exampleValue" : ""
    }
  },
  "required" : [ "algorithm", "passwordLength", "imgUrl", "issuer", "scanQRCodeMessage", "totpTimeInterval", "totpHashAlgorithm", "minSharedSecretLength", "truncationOffset", "accountName", "generateRecoveryCodes", "addChecksum", "bgColor" ]
}

delete

Usage

am> delete OATHRegistration --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action OATHRegistration --realm Realm --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action OATHRegistration --realm Realm --actionName getCreatableTypes

listOutcomes

List the available outcomes for the node type.

Usage

am> action OATHRegistration --realm Realm --body body --actionName listOutcomes

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "title" : "Some configuration of the node. This does not need to be complete against the configuration schema."
}

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action OATHRegistration --realm Realm --actionName nextdescendents

query

Get the full list of instances of this collection. This query only supports _queryFilter=true filter.

Usage

am> query OATHRegistration --realm Realm --filter filter

Parameters

--filter

A CREST formatted query filter, where "true" will query all.

read

Usage

am> read OATHRegistration --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

update

Usage

am> update OATHRegistration --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "bgColor" : {
      "title" : "Background Color",
      "description" : "The background color in hex notation to display behind the issuer's logo within the ForgeRock Authenticator app.",
      "propertyOrder" : 30,
      "type" : "string",
      "exampleValue" : ""
    },
    "totpHashAlgorithm" : {
      "title" : "TOTP Hash Algorithm",
      "description" : "The Hmac hash algorithm to be used on generating the OTP codes.",
      "propertyOrder" : 100,
      "type" : "string",
      "exampleValue" : ""
    },
    "minSharedSecretLength" : {
      "title" : "Minimum Secret Key Length",
      "description" : "Number of hexadecimal characters allowed for the Secret Key.",
      "propertyOrder" : 70,
      "type" : "integer",
      "exampleValue" : ""
    },
    "issuer" : {
      "title" : "Issuer",
      "description" : "A value that appears as an identifier on the user's device. Common choices are a company name, a web site, or an AM realm.",
      "propertyOrder" : 10,
      "type" : "string",
      "exampleValue" : ""
    },
    "truncationOffset" : {
      "title" : "HOTP Truncation Offset",
      "description" : "This is an option used by the HOTP algorithm that not all devices support. This should be left default unless you know your device uses an offset.",
      "propertyOrder" : 120,
      "type" : "integer",
      "exampleValue" : ""
    },
    "totpTimeInterval" : {
      "title" : "TOTP Time Step Interval",
      "description" : "This is the time interval that one OTP is valid for. For example, if the time step is 30 seconds, then a new OTP will be generated every 30 seconds. This makes a single OTP valid for only 30 seconds.",
      "propertyOrder" : 90,
      "type" : "integer",
      "exampleValue" : ""
    },
    "addChecksum" : {
      "title" : "HOTP Checksum Digit",
      "description" : "This adds a digit to the end of the OTP generated to be used as a checksum to verify the OTP was generated correctly. This is in addition to the actual password length. You should only set this if your device supports it.",
      "propertyOrder" : 110,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "passwordLength" : {
      "title" : "One Time Password Length",
      "description" : "The length of the generated OTP in digits, must be at least 6 and compatible with the hardware/software OTP generators you expect your end-users to use. For example, Google and ForgeRock authenticators support values of 6 and 8.",
      "propertyOrder" : 60,
      "type" : "string",
      "exampleValue" : ""
    },
    "scanQRCodeMessage" : {
      "title" : "QR code message",
      "description" : "The message with instructions to scan the QR code for registering the device.",
      "propertyOrder" : 130,
      "patternProperties" : {
        ".*" : {
          "type" : "string"
        }
      },
      "type" : "object",
      "exampleValue" : ""
    },
    "generateRecoveryCodes" : {
      "title" : "Generate Recovery Codes",
      "description" : "If enabled, the success outcome's transient state will contain a set of recovery codes. If this success outcome is passed into a Recovery Code Display Node, these codes will be presented to the user. A user may use recovery codes to bypass the Push authentication node in the event they have lost their authenticator.",
      "propertyOrder" : 50,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "accountName" : {
      "title" : "Account Name",
      "description" : "This field allows selection of the user attribute to be used as the display name for user's Account. It is used when the user's OATH account is stored in the device. If left blank or the selected attribute is empty on the user's profile, the account name will be set to the user's username.",
      "propertyOrder" : 20,
      "type" : "string",
      "exampleValue" : ""
    },
    "algorithm" : {
      "title" : "OATH Algorithm",
      "description" : "",
      "propertyOrder" : 80,
      "type" : "string",
      "exampleValue" : ""
    },
    "imgUrl" : {
      "title" : "Logo Image URL",
      "description" : "The location of an image to download and display as the issuer's logo within the ForgeRock Authenticator app.",
      "propertyOrder" : 40,
      "type" : "string",
      "exampleValue" : ""
    }
  },
  "required" : [ "algorithm", "passwordLength", "imgUrl", "issuer", "scanQRCodeMessage", "totpTimeInterval", "totpHashAlgorithm", "minSharedSecretLength", "truncationOffset", "accountName", "generateRecoveryCodes", "addChecksum", "bgColor" ]
}