Amster

DeviceBindingService

Realm Operations

Resource path:

/realm-config/services/deviceBindingService

Resource version: 1.0

create

Usage

am> create DeviceBindingService --realm Realm --body body

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "deviceBindingSettingsEncryptionKeystoreKeyPairAlias" : {
      "title" : "Key-Pair Alias",
      "description" : "Alias of the certificate and private key in the key store. The private key is used to encrypt and decrypt device binding.",
      "propertyOrder" : 600,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "deviceBindingAttrName" : {
      "title" : "Device Binding Attribute",
      "description" : "The user's attribute in which to store Device binding.<br><br>The default attribute is added to the schema when you prepare a user store for use with OpenAM. If you want to use a different attribute, you must make sure to add it to your user store schema prior to enabling the Device binding authentication module. OpenAM must be able to write to the attribute.",
      "propertyOrder" : 100,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "deviceBindingSettingsEncryptionKeystoreType" : {
      "title" : "Key Store Type",
      "description" : "Type of key store to load.<br><br><i>Note:</i> PKCS#11 key stores require hardware support such as a security device or smart card and is not available by default in most JVM installations.<p><p>See the <a href=\"https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html\" target=\"_blank\">JDK 8 PKCS#11 Reference Guide</a> for more details.",
      "propertyOrder" : 400,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "deviceBindingSettingsEncryptionScheme" : {
      "title" : "Device Binding Encryption Scheme",
      "description" : "Encryption scheme to use to secure device binding stored on the server.<br><br>If enabled, each device binding is encrypted using a unique random secret key using the given strength of AES encryption in CBC mode with PKCS#5 padding. An HMAC-SHA of the given strength (truncated to half-size) is used to ensure integrity protection and authenticated encryption. The unique random key is encrypted with the given RSA key pair and stored with the device binding.<p><p><i>Note:</i> AES-256 may require installation of the JCE Unlimited Strength policy files.",
      "propertyOrder" : 200,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "deviceBindingSettingsEncryptionKeystore" : {
      "title" : "openam-auth-device-binding-device-settings-encryption-keystore",
      "description" : "",
      "propertyOrder" : 300,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "deviceBindingSettingsEncryptionKeystorePassword" : {
      "title" : "Key Store Password",
      "description" : "Password to unlock the key store. This password is encrypted when it is saved in the OpenAM configuration. You should modify the default value.",
      "propertyOrder" : 500,
      "required" : true,
      "type" : "string",
      "format" : "password",
      "exampleValue" : ""
    },
    "deviceBindingSettingsEncryptionKeystorePrivateKeyPassword" : {
      "title" : "Private Key Password",
      "description" : "Password to unlock the private key.",
      "propertyOrder" : 700,
      "required" : true,
      "type" : "string",
      "format" : "password",
      "exampleValue" : ""
    }
  }
}

delete

Usage

am> delete DeviceBindingService --realm Realm

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action DeviceBindingService --realm Realm --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action DeviceBindingService --realm Realm --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action DeviceBindingService --realm Realm --actionName nextdescendents

read

Usage

am> read DeviceBindingService --realm Realm

update

Usage

am> update DeviceBindingService --realm Realm --body body

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "deviceBindingSettingsEncryptionKeystoreKeyPairAlias" : {
      "title" : "Key-Pair Alias",
      "description" : "Alias of the certificate and private key in the key store. The private key is used to encrypt and decrypt device binding.",
      "propertyOrder" : 600,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "deviceBindingAttrName" : {
      "title" : "Device Binding Attribute",
      "description" : "The user's attribute in which to store Device binding.<br><br>The default attribute is added to the schema when you prepare a user store for use with OpenAM. If you want to use a different attribute, you must make sure to add it to your user store schema prior to enabling the Device binding authentication module. OpenAM must be able to write to the attribute.",
      "propertyOrder" : 100,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "deviceBindingSettingsEncryptionKeystoreType" : {
      "title" : "Key Store Type",
      "description" : "Type of key store to load.<br><br><i>Note:</i> PKCS#11 key stores require hardware support such as a security device or smart card and is not available by default in most JVM installations.<p><p>See the <a href=\"https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html\" target=\"_blank\">JDK 8 PKCS#11 Reference Guide</a> for more details.",
      "propertyOrder" : 400,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "deviceBindingSettingsEncryptionScheme" : {
      "title" : "Device Binding Encryption Scheme",
      "description" : "Encryption scheme to use to secure device binding stored on the server.<br><br>If enabled, each device binding is encrypted using a unique random secret key using the given strength of AES encryption in CBC mode with PKCS#5 padding. An HMAC-SHA of the given strength (truncated to half-size) is used to ensure integrity protection and authenticated encryption. The unique random key is encrypted with the given RSA key pair and stored with the device binding.<p><p><i>Note:</i> AES-256 may require installation of the JCE Unlimited Strength policy files.",
      "propertyOrder" : 200,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "deviceBindingSettingsEncryptionKeystore" : {
      "title" : "openam-auth-device-binding-device-settings-encryption-keystore",
      "description" : "",
      "propertyOrder" : 300,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "deviceBindingSettingsEncryptionKeystorePassword" : {
      "title" : "Key Store Password",
      "description" : "Password to unlock the key store. This password is encrypted when it is saved in the OpenAM configuration. You should modify the default value.",
      "propertyOrder" : 500,
      "required" : true,
      "type" : "string",
      "format" : "password",
      "exampleValue" : ""
    },
    "deviceBindingSettingsEncryptionKeystorePrivateKeyPassword" : {
      "title" : "Private Key Password",
      "description" : "Password to unlock the private key.",
      "propertyOrder" : 700,
      "required" : true,
      "type" : "string",
      "format" : "password",
      "exampleValue" : ""
    }
  }
}

Global Operations

Resource path:

/global-config/services/deviceBindingService

Resource version: 1.0

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action DeviceBindingService --global --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action DeviceBindingService --global --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action DeviceBindingService --global --actionName nextdescendents

read

Usage

am> read DeviceBindingService --global

update

Usage

am> update DeviceBindingService --global --body body

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "defaults" : {
      "properties" : {
        "deviceBindingSettingsEncryptionKeystorePrivateKeyPassword" : {
          "title" : "Private Key Password",
          "description" : "Password to unlock the private key.",
          "propertyOrder" : 700,
          "required" : true,
          "type" : "string",
          "format" : "password",
          "exampleValue" : ""
        },
        "deviceBindingSettingsEncryptionKeystore" : {
          "title" : "openam-auth-device-binding-device-settings-encryption-keystore",
          "description" : "",
          "propertyOrder" : 300,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "deviceBindingSettingsEncryptionKeystoreKeyPairAlias" : {
          "title" : "Key-Pair Alias",
          "description" : "Alias of the certificate and private key in the key store. The private key is used to encrypt and decrypt device binding.",
          "propertyOrder" : 600,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "deviceBindingSettingsEncryptionScheme" : {
          "title" : "Device Binding Encryption Scheme",
          "description" : "Encryption scheme to use to secure device binding stored on the server.<br><br>If enabled, each device binding is encrypted using a unique random secret key using the given strength of AES encryption in CBC mode with PKCS#5 padding. An HMAC-SHA of the given strength (truncated to half-size) is used to ensure integrity protection and authenticated encryption. The unique random key is encrypted with the given RSA key pair and stored with the device binding.<p><p><i>Note:</i> AES-256 may require installation of the JCE Unlimited Strength policy files.",
          "propertyOrder" : 200,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "deviceBindingSettingsEncryptionKeystorePassword" : {
          "title" : "Key Store Password",
          "description" : "Password to unlock the key store. This password is encrypted when it is saved in the OpenAM configuration. You should modify the default value.",
          "propertyOrder" : 500,
          "required" : true,
          "type" : "string",
          "format" : "password",
          "exampleValue" : ""
        },
        "deviceBindingSettingsEncryptionKeystoreType" : {
          "title" : "Key Store Type",
          "description" : "Type of key store to load.<br><br><i>Note:</i> PKCS#11 key stores require hardware support such as a security device or smart card and is not available by default in most JVM installations.<p><p>See the <a href=\"https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html\" target=\"_blank\">JDK 8 PKCS#11 Reference Guide</a> for more details.",
          "propertyOrder" : 400,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "deviceBindingAttrName" : {
          "title" : "Device Binding Attribute",
          "description" : "The user's attribute in which to store Device binding.<br><br>The default attribute is added to the schema when you prepare a user store for use with OpenAM. If you want to use a different attribute, you must make sure to add it to your user store schema prior to enabling the Device binding authentication module. OpenAM must be able to write to the attribute.",
          "propertyOrder" : 100,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        }
      },
      "type" : "object",
      "title" : "Realm Defaults"
    }
  }
}