Amster

CombinedMFARegistration

Realm Operations

Resource path:

/realm-config/authentication/authenticationtrees/nodes/CombinedMultiFactorRegistrationNode

Resource version: 1.0

create

Usage

am> create CombinedMFARegistration --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "truncationOffset" : {
      "title" : "HOTP Truncation Offset",
      "description" : "This is an option used by the HOTP algorithm that not all devices support. This should be left default unless you know your device uses an offset.",
      "propertyOrder" : 140,
      "type" : "integer",
      "exampleValue" : ""
    },
    "imgUrl" : {
      "title" : "Logo Image URL",
      "description" : "The location of an image to download and display as the issuer's logo within the ForgeRock Authenticator app.",
      "propertyOrder" : 40,
      "type" : "string",
      "exampleValue" : ""
    },
    "addChecksum" : {
      "title" : "HOTP Checksum Digit",
      "description" : "This adds a digit to the end of the OTP generated to be used as a checksum to verify the OTP was generated correctly. This is in addition to the actual password length. You should only set this if your device supports it.",
      "propertyOrder" : 130,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "bgColor" : {
      "title" : "Background Color",
      "description" : "The background color in hex notation to display behind the issuer's logo within the ForgeRock Authenticator app.",
      "propertyOrder" : 30,
      "type" : "string",
      "exampleValue" : ""
    },
    "algorithm" : {
      "title" : "OATH Algorithm",
      "description" : "",
      "propertyOrder" : 100,
      "type" : "string",
      "exampleValue" : ""
    },
    "totpTimeInterval" : {
      "title" : "TOTP Time Step Interval",
      "description" : "This is the time interval that one OTP is valid for. For example, if the time step is 30 seconds, then a new OTP will be generated every 30 seconds. This makes a single OTP valid for only 30 seconds.",
      "propertyOrder" : 110,
      "type" : "integer",
      "exampleValue" : ""
    },
    "generateRecoveryCodes" : {
      "title" : "Generate Recovery Codes",
      "description" : "If enabled, the success outcome's transient state will contain a set of recovery codes. If this success outcome is passed into a Recovery Code Display Node, these codes will be presented to the user. A user may use recovery codes to bypass the Push authentication node in the event they have lost their authenticator.",
      "propertyOrder" : 50,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "scanQRCodeMessage" : {
      "title" : "QR code message",
      "description" : "The message with instructions to scan the QR code for registering the device.",
      "propertyOrder" : 60,
      "patternProperties" : {
        ".*" : {
          "type" : "string"
        }
      },
      "type" : "object",
      "exampleValue" : ""
    },
    "issuer" : {
      "title" : "Issuer",
      "description" : "A value that appears as an identifier on the user's device. Common choices are a company name, a website, or an AM realm.",
      "propertyOrder" : 10,
      "type" : "string",
      "exampleValue" : ""
    },
    "timeout" : {
      "title" : "Registration Response Timeout",
      "description" : "The period of time (in seconds) to wait for a response to the registration QR code. If no response is received during this time the QR code times out and the registration process fails.",
      "propertyOrder" : 70,
      "type" : "integer",
      "exampleValue" : ""
    },
    "totpHashAlgorithm" : {
      "title" : "TOTP Hash Algorithm",
      "description" : "The Hmac hash algorithm to be used on generating the OTP codes.",
      "propertyOrder" : 120,
      "type" : "string",
      "exampleValue" : ""
    },
    "policiesJson" : {
      "title" : "JSON Authenticator Policies",
      "description" : "The Authenticator Policies in a JSON format containing the rules to be applied to Authenticator app. For more details consult the SDK documentation. Example: {\"biometricAvailable\": { },\"deviceTampering\": {\"score\": 0.8}}",
      "propertyOrder" : 150,
      "type" : "string",
      "exampleValue" : ""
    },
    "minSharedSecretLength" : {
      "title" : "Minimum Secret Key Length",
      "description" : "Minimum number of hexadecimal characters allowed for the Secret Key.",
      "propertyOrder" : 90,
      "type" : "integer",
      "exampleValue" : ""
    },
    "passwordLength" : {
      "title" : "One Time Password Length",
      "description" : "The length of the generated OTP in digits, must be at least 6 and compatible with the hardware/software OTP generators you expect your end-users to use. For example, Google and ForgeRock authenticators support values of 6 and 8.",
      "propertyOrder" : 80,
      "type" : "string",
      "exampleValue" : ""
    },
    "accountName" : {
      "title" : "Account Name",
      "description" : "This field allows selection of the user attribute to be used as the user's Account Name. It is used when the user's Push account is stored in the device. If left blank or the selected attribute is empty on user's profile, the account name will be set to the user's username.",
      "propertyOrder" : 20,
      "type" : "string",
      "exampleValue" : ""
    }
  },
  "required" : [ "accountName", "algorithm", "totpTimeInterval", "issuer", "imgUrl", "scanQRCodeMessage", "timeout", "totpHashAlgorithm", "policiesJson", "bgColor", "passwordLength", "minSharedSecretLength", "addChecksum", "generateRecoveryCodes", "truncationOffset" ]
}

delete

Usage

am> delete CombinedMFARegistration --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action CombinedMFARegistration --realm Realm --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action CombinedMFARegistration --realm Realm --actionName getCreatableTypes

listOutcomes

List the available outcomes for the node type.

Usage

am> action CombinedMFARegistration --realm Realm --body body --actionName listOutcomes

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "title" : "Some configuration of the node. This does not need to be complete against the configuration schema."
}

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action CombinedMFARegistration --realm Realm --actionName nextdescendents

query

Get the full list of instances of this collection. This query only supports _queryFilter=true filter.

Usage

am> query CombinedMFARegistration --realm Realm --filter filter

Parameters

--filter

A CREST formatted query filter, where "true" will query all.

read

Usage

am> read CombinedMFARegistration --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

update

Usage

am> update CombinedMFARegistration --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "truncationOffset" : {
      "title" : "HOTP Truncation Offset",
      "description" : "This is an option used by the HOTP algorithm that not all devices support. This should be left default unless you know your device uses an offset.",
      "propertyOrder" : 140,
      "type" : "integer",
      "exampleValue" : ""
    },
    "imgUrl" : {
      "title" : "Logo Image URL",
      "description" : "The location of an image to download and display as the issuer's logo within the ForgeRock Authenticator app.",
      "propertyOrder" : 40,
      "type" : "string",
      "exampleValue" : ""
    },
    "addChecksum" : {
      "title" : "HOTP Checksum Digit",
      "description" : "This adds a digit to the end of the OTP generated to be used as a checksum to verify the OTP was generated correctly. This is in addition to the actual password length. You should only set this if your device supports it.",
      "propertyOrder" : 130,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "bgColor" : {
      "title" : "Background Color",
      "description" : "The background color in hex notation to display behind the issuer's logo within the ForgeRock Authenticator app.",
      "propertyOrder" : 30,
      "type" : "string",
      "exampleValue" : ""
    },
    "algorithm" : {
      "title" : "OATH Algorithm",
      "description" : "",
      "propertyOrder" : 100,
      "type" : "string",
      "exampleValue" : ""
    },
    "totpTimeInterval" : {
      "title" : "TOTP Time Step Interval",
      "description" : "This is the time interval that one OTP is valid for. For example, if the time step is 30 seconds, then a new OTP will be generated every 30 seconds. This makes a single OTP valid for only 30 seconds.",
      "propertyOrder" : 110,
      "type" : "integer",
      "exampleValue" : ""
    },
    "generateRecoveryCodes" : {
      "title" : "Generate Recovery Codes",
      "description" : "If enabled, the success outcome's transient state will contain a set of recovery codes. If this success outcome is passed into a Recovery Code Display Node, these codes will be presented to the user. A user may use recovery codes to bypass the Push authentication node in the event they have lost their authenticator.",
      "propertyOrder" : 50,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "scanQRCodeMessage" : {
      "title" : "QR code message",
      "description" : "The message with instructions to scan the QR code for registering the device.",
      "propertyOrder" : 60,
      "patternProperties" : {
        ".*" : {
          "type" : "string"
        }
      },
      "type" : "object",
      "exampleValue" : ""
    },
    "issuer" : {
      "title" : "Issuer",
      "description" : "A value that appears as an identifier on the user's device. Common choices are a company name, a website, or an AM realm.",
      "propertyOrder" : 10,
      "type" : "string",
      "exampleValue" : ""
    },
    "timeout" : {
      "title" : "Registration Response Timeout",
      "description" : "The period of time (in seconds) to wait for a response to the registration QR code. If no response is received during this time the QR code times out and the registration process fails.",
      "propertyOrder" : 70,
      "type" : "integer",
      "exampleValue" : ""
    },
    "totpHashAlgorithm" : {
      "title" : "TOTP Hash Algorithm",
      "description" : "The Hmac hash algorithm to be used on generating the OTP codes.",
      "propertyOrder" : 120,
      "type" : "string",
      "exampleValue" : ""
    },
    "policiesJson" : {
      "title" : "JSON Authenticator Policies",
      "description" : "The Authenticator Policies in a JSON format containing the rules to be applied to Authenticator app. For more details consult the SDK documentation. Example: {\"biometricAvailable\": { },\"deviceTampering\": {\"score\": 0.8}}",
      "propertyOrder" : 150,
      "type" : "string",
      "exampleValue" : ""
    },
    "minSharedSecretLength" : {
      "title" : "Minimum Secret Key Length",
      "description" : "Minimum number of hexadecimal characters allowed for the Secret Key.",
      "propertyOrder" : 90,
      "type" : "integer",
      "exampleValue" : ""
    },
    "passwordLength" : {
      "title" : "One Time Password Length",
      "description" : "The length of the generated OTP in digits, must be at least 6 and compatible with the hardware/software OTP generators you expect your end-users to use. For example, Google and ForgeRock authenticators support values of 6 and 8.",
      "propertyOrder" : 80,
      "type" : "string",
      "exampleValue" : ""
    },
    "accountName" : {
      "title" : "Account Name",
      "description" : "This field allows selection of the user attribute to be used as the user's Account Name. It is used when the user's Push account is stored in the device. If left blank or the selected attribute is empty on user's profile, the account name will be set to the user's username.",
      "propertyOrder" : 20,
      "type" : "string",
      "exampleValue" : ""
    }
  },
  "required" : [ "accountName", "algorithm", "totpTimeInterval", "issuer", "imgUrl", "scanQRCodeMessage", "timeout", "totpHashAlgorithm", "policiesJson", "bgColor", "passwordLength", "minSharedSecretLength", "addChecksum", "generateRecoveryCodes", "truncationOffset" ]
}