Amster

DefaultSecurityProperties

Global Operations

An object of property key-value pairs

Resource path:

/global-config/servers/server-default/properties/security

Resource version: 1.0

read

Usage

am> read DefaultSecurityProperties --global

update

Usage

am> update DefaultSecurityProperties --global --body body

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "amconfig.header.encryption" : {
      "title" : "Encryption",
      "type" : "object",
      "propertyOrder" : 0,
      "properties" : {
        "am.encryption.pwd" : {
          "type" : "string",
          "title" : "Password Encryption Key",
          "propertyOrder" : 0,
          "required" : true,
          "description" : "The encryption key value for decrypting passwords stored in the Service Management System configuration. (property name: am.encryption.pwd)"
        },
        "com.iplanet.security.encryptor" : {
          "type" : "string",
          "title" : "Encryption class",
          "propertyOrder" : 1,
          "required" : true,
          "description" : "The default encryption class. (property name: com.iplanet.security.encryptor)"
        },
        "com.iplanet.security.SecureRandomFactoryImpl" : {
          "type" : "string",
          "title" : "Secure Random Factory Class",
          "propertyOrder" : 2,
          "required" : true,
          "description" : "This property is used for specifying SecureRandomFactory class. Available values for this property are com.iplanet.am.util.JSSSecureRandomFactoryImpl that is using JSS and com.iplanet.am.util.SecureRandomFactoryImpl that is using pure Java only. (property name: com.iplanet.security.SecureRandomFactoryImpl)"
        }
      }
    },
    "amconfig.header.validation" : {
      "title" : "Validation",
      "type" : "object",
      "propertyOrder" : 1,
      "properties" : {
        "com.iplanet.services.comm.server.pllrequest.maxContentLength" : {
          "type" : "integer",
          "title" : "Platform Low Level Comm. Max. Content Length",
          "propertyOrder" : 0,
          "required" : true,
          "description" : "Maximum content-length for an HttpRequest. (property name: com.iplanet.services.comm.server.pllrequest.maxContentLength)"
        },
        "com.iplanet.am.clientIPCheckEnabled" : {
          "type" : "boolean",
          "title" : "Client IP Address Check",
          "propertyOrder" : 1,
          "required" : true,
          "description" : "Specifies whether or not the IP address of the client is checked in all single sign on token creations or validations. (property name: com.iplanet.am.clientIPCheckEnabled)"
        }
      }
    },
    "amconfig.header.cookie" : {
      "title" : "Cookie",
      "type" : "object",
      "propertyOrder" : 2,
      "properties" : {
        "com.iplanet.am.cookie.name" : {
          "type" : "string",
          "title" : "Cookie Name",
          "propertyOrder" : 0,
          "required" : true,
          "description" : "The cookie name used by Authentication Service to set the valid session handler ID. This name is used to retrieve the valid session information. (property name: com.iplanet.am.cookie.name)"
        },
        "com.iplanet.am.cookie.secure" : {
          "type" : "boolean",
          "title" : "Secure Cookie",
          "propertyOrder" : 1,
          "required" : true,
          "description" : "Specifies whether to set cookie in a secure mode in which the browser will only return the cookie when a secure protocol such as HTTP(s) is used. (property name: com.iplanet.am.cookie.secure)"
        },
        "com.iplanet.am.cookie.encode" : {
          "type" : "boolean",
          "title" : "Encode Cookie Value",
          "propertyOrder" : 2,
          "required" : true,
          "description" : "Specifies whether to URL encode the cookie value. (property name: com.iplanet.am.cookie.encode)"
        }
      }
    },
    "amconfig.header.securitykey" : {
      "title" : "Key Store",
      "type" : "object",
      "propertyOrder" : 3,
      "properties" : {
        "com.sun.identity.saml.xmlsig.keystore" : {
          "type" : "string",
          "title" : "Keystore File",
          "propertyOrder" : 0,
          "required" : true,
          "description" : "Specifies the location of the keystore file. (property name: com.sun.identity.saml.xmlsig.keystore)"
        },
        "com.sun.identity.saml.xmlsig.storetype" : {
          "type" : "string",
          "title" : "Keystore Type",
          "propertyOrder" : 1,
          "required" : true,
          "description" : "Specifies the keystore type. (property name: com.sun.identity.saml.xmlsig.storetype)"
        },
        "com.sun.identity.saml.xmlsig.storepass" : {
          "type" : "string",
          "title" : "Keystore Password File",
          "propertyOrder" : 2,
          "required" : true,
          "description" : "Specifies the location of the file that contains the password used to access the keystore file. (property name: com.sun.identity.saml.xmlsig.storepass)"
        },
        "com.sun.identity.saml.xmlsig.keypass" : {
          "type" : "string",
          "title" : "Private Key Password File",
          "propertyOrder" : 3,
          "required" : true,
          "description" : "Specifies the location of the file that contains the password used to protect the private key of a generated key pair. (property name: com.sun.identity.saml.xmlsig.keypass)"
        },
        "com.sun.identity.saml.xmlsig.certalias" : {
          "type" : "string",
          "title" : "Certificate Alias",
          "propertyOrder" : 4,
          "required" : true,
          "description" : "(property name: com.sun.identity.saml.xmlsig.certalias)"
        }
      }
    },
    "amconfig.header.crlcache" : {
      "title" : "Certificate Revocation List Caching",
      "type" : "object",
      "propertyOrder" : 4,
      "properties" : {
        "com.sun.identity.crl.cache.directory.host" : {
          "type" : "string",
          "title" : "LDAP server host name",
          "propertyOrder" : 0,
          "required" : true,
          "description" : ""
        },
        "com.sun.identity.crl.cache.directory.port" : {
          "type" : "integer",
          "title" : "LDAP server port number",
          "propertyOrder" : 1,
          "required" : true,
          "description" : ""
        },
        "com.sun.identity.crl.cache.directory.ssl" : {
          "type" : "boolean",
          "title" : "SSL/TLS Enabled",
          "propertyOrder" : 2,
          "required" : true,
          "description" : ""
        },
        "com.sun.identity.crl.cache.directory.user" : {
          "type" : "string",
          "title" : "LDAP server bind user name",
          "propertyOrder" : 3,
          "required" : true,
          "description" : ""
        },
        "com.sun.identity.crl.cache.directory.password" : {
          "type" : "string",
          "title" : "LDAP server bind password",
          "propertyOrder" : 4,
          "required" : true,
          "description" : "",
          "format" : "password"
        },
        "com.sun.identity.crl.cache.directory.searchlocs" : {
          "type" : "string",
          "title" : "LDAP search base DN",
          "propertyOrder" : 5,
          "required" : true,
          "description" : ""
        },
        "com.sun.identity.crl.cache.directory.searchattr" : {
          "type" : "string",
          "title" : "Search Attributes",
          "propertyOrder" : 6,
          "required" : true,
          "description" : "Any DN component of issuer's subjectDN can be used to retrieve CRL from local LDAP server. It is single value string, like, \"cn\". All Root CA need to use the same search attribute."
        }
      }
    },
    "amconfig.header.ocsp.check" : {
      "title" : "Online Certificate Status Protocol Check",
      "type" : "object",
      "propertyOrder" : 5,
      "properties" : {
        "com.sun.identity.authentication.ocspCheck" : {
          "type" : "boolean",
          "title" : "Check Enabled",
          "propertyOrder" : 0,
          "required" : true,
          "description" : ""
        },
        "com.sun.identity.authentication.ocsp.responder.url" : {
          "type" : "string",
          "title" : "Responder URL",
          "propertyOrder" : 1,
          "required" : true,
          "description" : ""
        },
        "com.sun.identity.authentication.ocsp.responder.nickname" : {
          "type" : "string",
          "title" : "Certificate Nickname",
          "propertyOrder" : 2,
          "required" : true,
          "description" : ""
        }
      }
    },
    "amconfig.header.deserialisationwhitelist" : {
      "title" : "Object Deserialisation Class Whitelist",
      "type" : "object",
      "propertyOrder" : 6,
      "properties" : {
        "openam.deserialisation.classes.whitelist" : {
          "type" : "string",
          "title" : "Whitelist",
          "propertyOrder" : 0,
          "required" : true,
          "description" : "The list of classes that are considered valid when OpenAM performs Object deserialisation operations. The defaults should work for most installations. (property name: openam.deserialisation.classes.whitelist)"
        }
      }
    }
  }
}