Amster

RadiusClient

Global Operations

Resource path:

/global-config/services/RadiusServerService/radiusClient

Resource version: 1.0

create

Usage

am> create RadiusClient --global --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "handlerClass" : {
      "title" : "Handler Class",
      "description" : "The fully qualified name of a class to handle incoming RADIUS Access-Requests for this client.<br><br>This class must implement the <code>com.sun.identity.authentication.modules.radius.server.spi.AccessRequestHandler</code> interface to handle incoming Access-Request packets and provide a suitable response. An instance of this class is created when configuration is first loaded to validate the class and then once for each new request. The configuration properties will only be passed for the request handling instances and not when validating the class.",
      "propertyOrder" : 700,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "clientSecret" : {
      "title" : "Client Secret",
      "description" : "This secret shared between server and client for encryption of the user password.<br><br>This secret must be conveyed to the RADIUS client and entered into its configuration before the User-Password field of incoming Access-Request packets can be decrypted to validate the password for the represented by that packet.",
      "propertyOrder" : 300,
      "required" : true,
      "type" : "string",
      "format" : "password",
      "exampleValue" : ""
    },
    "clientIpAddress" : {
      "title" : "Client IP Address",
      "description" : "The IP Address of the client.<br><br><a href=\"http://tools.ietf.org/html/rfc2865#section-5.4\" target=\"_blank\">Section 5.4 of the RADIUS Authentication Specification, RFC 2865</a>, indicates that the source IP address of the Access-Request packet <em>MUST</em> be used to identify a configured client and hence determine the shared secret to use for decrypting the User-Password field.<p><p>This property should hold the source IP address of the client. This should match the value obtained from Java's <code>InetSocketAddress.getAddress().toString()</code> function.<p><p>To verify the value, send an Access-Request packet to OpenAM's RADIUS port and watch for a message stating: <code>\"No Defined RADIUS Client matches IP address '/127.0.0.1'. Dropping request.\"</code>. The value used in this property should match the IP address returned in the single quotes.",
      "propertyOrder" : 100,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "handlerConfig" : {
      "title" : "Handler Class Configuration Properties",
      "description" : "Properties needed by the handler class for its configuration.<br><br>These properties are provided to the handler via its <code>init</code> method prior to the call to handle the request packet. If these values are changed the next handler instance created for an incoming request will receive the updated values. Each entry assumes that the first '<code>=</code>' character incurred separates a key from its value. All entries are placed in a properties file handed to each handler instance.",
      "propertyOrder" : 900,
      "required" : true,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    },
    "clientPacketsLogged" : {
      "title" : "Log Packet Contents for this Client",
      "description" : "Indicates if full packet contents should be dumped to the log.<br><br>When troubleshooting issues with RADIUS it is helpful to know what was received in a given packet. Enabling this feature will cause packet contents to be logged in a human consumable format. The only caveat is that the USER_PASSWORD field will be obfiscated by replacing with asterisks. This should only be enabled for troubleshooting as it adds significant content to logs and slows processing.",
      "propertyOrder" : 500,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    }
  }
}

delete

Usage

am> delete RadiusClient --global --id id

Parameters

--id

The unique identifier for the resource.

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action RadiusClient --global --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action RadiusClient --global --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action RadiusClient --global --actionName nextdescendents

query

Get the full list of instances of this collection. This query only supports _queryFilter=true filter.

Usage

am> query RadiusClient --global --filter filter

Parameters

--filter

A CREST formatted query filter, where "true" will query all.

read

Usage

am> read RadiusClient --global --id id

Parameters

--id

The unique identifier for the resource.

update

Usage

am> update RadiusClient --global --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "handlerClass" : {
      "title" : "Handler Class",
      "description" : "The fully qualified name of a class to handle incoming RADIUS Access-Requests for this client.<br><br>This class must implement the <code>com.sun.identity.authentication.modules.radius.server.spi.AccessRequestHandler</code> interface to handle incoming Access-Request packets and provide a suitable response. An instance of this class is created when configuration is first loaded to validate the class and then once for each new request. The configuration properties will only be passed for the request handling instances and not when validating the class.",
      "propertyOrder" : 700,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "clientSecret" : {
      "title" : "Client Secret",
      "description" : "This secret shared between server and client for encryption of the user password.<br><br>This secret must be conveyed to the RADIUS client and entered into its configuration before the User-Password field of incoming Access-Request packets can be decrypted to validate the password for the represented by that packet.",
      "propertyOrder" : 300,
      "required" : true,
      "type" : "string",
      "format" : "password",
      "exampleValue" : ""
    },
    "clientIpAddress" : {
      "title" : "Client IP Address",
      "description" : "The IP Address of the client.<br><br><a href=\"http://tools.ietf.org/html/rfc2865#section-5.4\" target=\"_blank\">Section 5.4 of the RADIUS Authentication Specification, RFC 2865</a>, indicates that the source IP address of the Access-Request packet <em>MUST</em> be used to identify a configured client and hence determine the shared secret to use for decrypting the User-Password field.<p><p>This property should hold the source IP address of the client. This should match the value obtained from Java's <code>InetSocketAddress.getAddress().toString()</code> function.<p><p>To verify the value, send an Access-Request packet to OpenAM's RADIUS port and watch for a message stating: <code>\"No Defined RADIUS Client matches IP address '/127.0.0.1'. Dropping request.\"</code>. The value used in this property should match the IP address returned in the single quotes.",
      "propertyOrder" : 100,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "handlerConfig" : {
      "title" : "Handler Class Configuration Properties",
      "description" : "Properties needed by the handler class for its configuration.<br><br>These properties are provided to the handler via its <code>init</code> method prior to the call to handle the request packet. If these values are changed the next handler instance created for an incoming request will receive the updated values. Each entry assumes that the first '<code>=</code>' character incurred separates a key from its value. All entries are placed in a properties file handed to each handler instance.",
      "propertyOrder" : 900,
      "required" : true,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    },
    "clientPacketsLogged" : {
      "title" : "Log Packet Contents for this Client",
      "description" : "Indicates if full packet contents should be dumped to the log.<br><br>When troubleshooting issues with RADIUS it is helpful to know what was received in a given packet. Enabling this feature will cause packet contents to be logged in a human consumable format. The only caveat is that the USER_PASSWORD field will be obfiscated by replacing with asterisks. This should only be enabled for troubleshooting as it adds significant content to logs and slows processing.",
      "propertyOrder" : 500,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    }
  }
}