Amster

AuthenticatorWebAuthn

Realm Operations

Resource path:

/realm-config/services/authenticatorWebAuthnService

Resource version: 1.0

create

Usage

am> create AuthenticatorWebAuthn --realm Realm --body body

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "authenticatorWebAuthnDeviceSettingsEncryptionKeystore" : {
      "title" : "Encryption Key Store",
      "description" : "Path to the key store from which to load encryption keys.",
      "propertyOrder" : 300,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "authenticatorWebAuthnDeviceSettingsEncryptionKeystoreType" : {
      "title" : "Key Store Type",
      "description" : "Type of key store to load.<br><br><i>Note:</i> PKCS#11 key stores require hardware support such as a security device or smart card and is not available by default in most JVM installations.<p><p>See the <a href=\"https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html\" target=\"_blank\">JDK 8 PKCS#11 Reference Guide</a> for more details.",
      "propertyOrder" : 400,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "authenticatorWebAuthnDeviceSettingsEncryptionScheme" : {
      "title" : "Device Profile Encryption Scheme",
      "description" : "Encryption scheme to use to secure device profiles stored on the server.<br><br>If enabled, each device profile is encrypted using a unique random secret key using the given strength of AES encryption in CBC mode with PKCS#5 padding. An HMAC-SHA of the given strength (truncated to half-size) is used to ensure integrity protection and authenticated encryption. The unique random key is encrypted with the given RSA key pair and stored with the device profile.<p><p><i>Note:</i> AES-256 may require installation of the JCE Unlimited Strength policy files.",
      "propertyOrder" : 200,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "authenticatorWebAuthnDeviceSettingsEncryptionKeystoreKeyPairAlias" : {
      "title" : "Key-Pair Alias",
      "description" : "Alias of the certificate and private key in the key store. The private key is used to encrypt and decrypt device profiles.",
      "propertyOrder" : 600,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "authenticatorWebAuthnDeviceSettingsEncryptionKeystorePassword" : {
      "title" : "Key Store Password",
      "description" : "Password to unlock the key store. This password is encrypted when it is saved in the OpenAM configuration. You should modify the default value.",
      "propertyOrder" : 500,
      "required" : true,
      "type" : "string",
      "format" : "password",
      "exampleValue" : ""
    },
    "webauthnAttrName" : {
      "title" : "Profile Storage Attribute",
      "description" : "The user's attribute in which to store WebAuthn profiles.<br><br>The default attribute is added to the schema when you prepare a user store for use with AM. If you want to use a different attribute, you must make sure to add it to your user store schema prior to deploying webauthn with AM. AM must be able to write to the attribute.",
      "propertyOrder" : 100,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "authenticatorWebAuthnDeviceSettingsEncryptionKeystorePrivateKeyPassword" : {
      "title" : "Private Key Password",
      "description" : "Password to unlock the private key.",
      "propertyOrder" : 700,
      "required" : true,
      "type" : "string",
      "format" : "password",
      "exampleValue" : ""
    }
  }
}

delete

Usage

am> delete AuthenticatorWebAuthn --realm Realm

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action AuthenticatorWebAuthn --realm Realm --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action AuthenticatorWebAuthn --realm Realm --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action AuthenticatorWebAuthn --realm Realm --actionName nextdescendents

read

Usage

am> read AuthenticatorWebAuthn --realm Realm

update

Usage

am> update AuthenticatorWebAuthn --realm Realm --body body

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "authenticatorWebAuthnDeviceSettingsEncryptionKeystore" : {
      "title" : "Encryption Key Store",
      "description" : "Path to the key store from which to load encryption keys.",
      "propertyOrder" : 300,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "authenticatorWebAuthnDeviceSettingsEncryptionKeystoreType" : {
      "title" : "Key Store Type",
      "description" : "Type of key store to load.<br><br><i>Note:</i> PKCS#11 key stores require hardware support such as a security device or smart card and is not available by default in most JVM installations.<p><p>See the <a href=\"https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html\" target=\"_blank\">JDK 8 PKCS#11 Reference Guide</a> for more details.",
      "propertyOrder" : 400,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "authenticatorWebAuthnDeviceSettingsEncryptionScheme" : {
      "title" : "Device Profile Encryption Scheme",
      "description" : "Encryption scheme to use to secure device profiles stored on the server.<br><br>If enabled, each device profile is encrypted using a unique random secret key using the given strength of AES encryption in CBC mode with PKCS#5 padding. An HMAC-SHA of the given strength (truncated to half-size) is used to ensure integrity protection and authenticated encryption. The unique random key is encrypted with the given RSA key pair and stored with the device profile.<p><p><i>Note:</i> AES-256 may require installation of the JCE Unlimited Strength policy files.",
      "propertyOrder" : 200,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "authenticatorWebAuthnDeviceSettingsEncryptionKeystoreKeyPairAlias" : {
      "title" : "Key-Pair Alias",
      "description" : "Alias of the certificate and private key in the key store. The private key is used to encrypt and decrypt device profiles.",
      "propertyOrder" : 600,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "authenticatorWebAuthnDeviceSettingsEncryptionKeystorePassword" : {
      "title" : "Key Store Password",
      "description" : "Password to unlock the key store. This password is encrypted when it is saved in the OpenAM configuration. You should modify the default value.",
      "propertyOrder" : 500,
      "required" : true,
      "type" : "string",
      "format" : "password",
      "exampleValue" : ""
    },
    "webauthnAttrName" : {
      "title" : "Profile Storage Attribute",
      "description" : "The user's attribute in which to store WebAuthn profiles.<br><br>The default attribute is added to the schema when you prepare a user store for use with AM. If you want to use a different attribute, you must make sure to add it to your user store schema prior to deploying webauthn with AM. AM must be able to write to the attribute.",
      "propertyOrder" : 100,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "authenticatorWebAuthnDeviceSettingsEncryptionKeystorePrivateKeyPassword" : {
      "title" : "Private Key Password",
      "description" : "Password to unlock the private key.",
      "propertyOrder" : 700,
      "required" : true,
      "type" : "string",
      "format" : "password",
      "exampleValue" : ""
    }
  }
}

Global Operations

Resource path:

/global-config/services/authenticatorWebAuthnService

Resource version: 1.0

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action AuthenticatorWebAuthn --global --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action AuthenticatorWebAuthn --global --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action AuthenticatorWebAuthn --global --actionName nextdescendents

read

Usage

am> read AuthenticatorWebAuthn --global

update

Usage

am> update AuthenticatorWebAuthn --global --body body

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "defaults" : {
      "properties" : {
        "webauthnAttrName" : {
          "title" : "Profile Storage Attribute",
          "description" : "The user's attribute in which to store WebAuthn profiles.<br><br>The default attribute is added to the schema when you prepare a user store for use with AM. If you want to use a different attribute, you must make sure to add it to your user store schema prior to deploying webauthn with AM. AM must be able to write to the attribute.",
          "propertyOrder" : 100,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "authenticatorWebAuthnDeviceSettingsEncryptionScheme" : {
          "title" : "Device Profile Encryption Scheme",
          "description" : "Encryption scheme to use to secure device profiles stored on the server.<br><br>If enabled, each device profile is encrypted using a unique random secret key using the given strength of AES encryption in CBC mode with PKCS#5 padding. An HMAC-SHA of the given strength (truncated to half-size) is used to ensure integrity protection and authenticated encryption. The unique random key is encrypted with the given RSA key pair and stored with the device profile.<p><p><i>Note:</i> AES-256 may require installation of the JCE Unlimited Strength policy files.",
          "propertyOrder" : 200,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "authenticatorWebAuthnDeviceSettingsEncryptionKeystoreKeyPairAlias" : {
          "title" : "Key-Pair Alias",
          "description" : "Alias of the certificate and private key in the key store. The private key is used to encrypt and decrypt device profiles.",
          "propertyOrder" : 600,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "authenticatorWebAuthnDeviceSettingsEncryptionKeystorePassword" : {
          "title" : "Key Store Password",
          "description" : "Password to unlock the key store. This password is encrypted when it is saved in the OpenAM configuration. You should modify the default value.",
          "propertyOrder" : 500,
          "required" : true,
          "type" : "string",
          "format" : "password",
          "exampleValue" : ""
        },
        "authenticatorWebAuthnDeviceSettingsEncryptionKeystore" : {
          "title" : "Encryption Key Store",
          "description" : "Path to the key store from which to load encryption keys.",
          "propertyOrder" : 300,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "authenticatorWebAuthnDeviceSettingsEncryptionKeystoreType" : {
          "title" : "Key Store Type",
          "description" : "Type of key store to load.<br><br><i>Note:</i> PKCS#11 key stores require hardware support such as a security device or smart card and is not available by default in most JVM installations.<p><p>See the <a href=\"https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html\" target=\"_blank\">JDK 8 PKCS#11 Reference Guide</a> for more details.",
          "propertyOrder" : 400,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "authenticatorWebAuthnDeviceSettingsEncryptionKeystorePrivateKeyPassword" : {
          "title" : "Private Key Password",
          "description" : "Password to unlock the private key.",
          "propertyOrder" : 700,
          "required" : true,
          "type" : "string",
          "format" : "password",
          "exampleValue" : ""
        }
      },
      "type" : "object",
      "title" : "Realm Defaults"
    }
  }
}