Amster

OATHRegistration

Realm Operations

Resource path:

/realm-config/authentication/authenticationtrees/nodes/OathRegistrationNode

Resource version: 1.0

create

Usage

am> create OATHRegistration --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "totpTimeInterval" : {
      "title" : "TOTP Time Step Interval",
      "description" : "This is the time interval that one OTP is valid for. For example, if the time step is 30 seconds, then a new OTP will be generated every 30 seconds. This makes a single OTP valid for only 30 seconds.",
      "propertyOrder" : 100,
      "type" : "integer",
      "exampleValue" : ""
    },
    "totpHashAlgorithm" : {
      "title" : "TOTP Hash Algorithm",
      "description" : "The Hmac hash algorithm to be used on generating the OTP codes.",
      "propertyOrder" : 110,
      "type" : "string",
      "exampleValue" : ""
    },
    "algorithm" : {
      "title" : "OATH Algorithm",
      "description" : "",
      "propertyOrder" : 90,
      "type" : "string",
      "exampleValue" : ""
    },
    "scanQRCodeMessage" : {
      "title" : "QR code message",
      "description" : "The message with instructions to scan the QR code for registering the device.",
      "propertyOrder" : 60,
      "patternProperties" : {
        ".*" : {
          "type" : "string"
        }
      },
      "type" : "object",
      "exampleValue" : ""
    },
    "generateRecoveryCodes" : {
      "title" : "Generate Recovery Codes",
      "description" : "If enabled, the success outcome's transient state will contain a set of recovery codes. If this success outcome is passed into a Recovery Code Display Node, these codes will be presented to the user. A user may use recovery codes to bypass the Push authentication node in the event they have lost their authenticator.",
      "propertyOrder" : 50,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "postponeDeviceProfileStorage" : {
      "title" : "Store device data in shared state",
      "description" : "If enabled, the device data isn't stored directly in the user's profile on successful completion of the node. Instead, the node adds the device data, as a base64-encoded string, to the 'oathDeviceProfile' property in the shared node state. This string is decoded as an unescaped plain string representation of a JSON object. Use the 'OATH Device Storage Node' to store the device data in the user's profile.",
      "propertyOrder" : 140,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "imgUrl" : {
      "title" : "Logo Image URL",
      "description" : "The location of an image to download and display as the issuer's logo within the ForgeRock Authenticator app.",
      "propertyOrder" : 40,
      "type" : "string",
      "exampleValue" : ""
    },
    "accountName" : {
      "title" : "Account Name",
      "description" : "This field allows selection of the user attribute to be used as the display name for user's Account. It is used when the user's OATH account is stored in the device. If left blank or the selected attribute is empty on the user's profile, the account name will be set to the user's username.",
      "propertyOrder" : 20,
      "type" : "string",
      "exampleValue" : ""
    },
    "addChecksum" : {
      "title" : "HOTP Checksum Digit",
      "description" : "This adds a digit to the end of the OTP generated to be used as a checksum to verify the OTP was generated correctly. This is in addition to the actual password length. You should only set this if your device supports it.",
      "propertyOrder" : 120,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "passwordLength" : {
      "title" : "One Time Password Length",
      "description" : "The length of the generated OTP in digits, must be at least 6 and compatible with the hardware/software OTP generators you expect your end-users to use. For example, Google and ForgeRock authenticators support values of 6 and 8.",
      "propertyOrder" : 70,
      "type" : "string",
      "exampleValue" : ""
    },
    "issuer" : {
      "title" : "Issuer",
      "description" : "A value that appears as an identifier on the user's device. Common choices are a company name, a web site, or an AM realm.",
      "propertyOrder" : 10,
      "type" : "string",
      "exampleValue" : ""
    },
    "bgColor" : {
      "title" : "Background Color",
      "description" : "The background color in hex notation to display behind the issuer's logo within the ForgeRock Authenticator app.",
      "propertyOrder" : 30,
      "type" : "string",
      "exampleValue" : ""
    },
    "truncationOffset" : {
      "title" : "HOTP Truncation Offset",
      "description" : "This is an option used by the HOTP algorithm that not all devices support. This should be left default unless you know your device uses an offset.",
      "propertyOrder" : 130,
      "type" : "integer",
      "exampleValue" : ""
    },
    "minSharedSecretLength" : {
      "title" : "Minimum Secret Key Length",
      "description" : "Number of hexadecimal characters allowed for the Secret Key.",
      "propertyOrder" : 80,
      "type" : "integer",
      "exampleValue" : ""
    }
  },
  "required" : [ "totpTimeInterval", "totpHashAlgorithm", "algorithm", "scanQRCodeMessage", "generateRecoveryCodes", "postponeDeviceProfileStorage", "imgUrl", "accountName", "addChecksum", "passwordLength", "issuer", "bgColor", "truncationOffset", "minSharedSecretLength" ]
}

delete

Usage

am> delete OATHRegistration --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action OATHRegistration --realm Realm --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action OATHRegistration --realm Realm --actionName getCreatableTypes

listOutcomes

List the available outcomes for the node type.

Usage

am> action OATHRegistration --realm Realm --body body --actionName listOutcomes

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "title" : "Some configuration of the node. This does not need to be complete against the configuration schema."
}

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action OATHRegistration --realm Realm --actionName nextdescendents

query

Get the full list of instances of this collection. This query only supports _queryFilter=true filter.

Usage

am> query OATHRegistration --realm Realm --filter filter

Parameters

--filter

A CREST formatted query filter, where "true" will query all.

read

Usage

am> read OATHRegistration --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

update

Usage

am> update OATHRegistration --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "totpTimeInterval" : {
      "title" : "TOTP Time Step Interval",
      "description" : "This is the time interval that one OTP is valid for. For example, if the time step is 30 seconds, then a new OTP will be generated every 30 seconds. This makes a single OTP valid for only 30 seconds.",
      "propertyOrder" : 100,
      "type" : "integer",
      "exampleValue" : ""
    },
    "totpHashAlgorithm" : {
      "title" : "TOTP Hash Algorithm",
      "description" : "The Hmac hash algorithm to be used on generating the OTP codes.",
      "propertyOrder" : 110,
      "type" : "string",
      "exampleValue" : ""
    },
    "algorithm" : {
      "title" : "OATH Algorithm",
      "description" : "",
      "propertyOrder" : 90,
      "type" : "string",
      "exampleValue" : ""
    },
    "scanQRCodeMessage" : {
      "title" : "QR code message",
      "description" : "The message with instructions to scan the QR code for registering the device.",
      "propertyOrder" : 60,
      "patternProperties" : {
        ".*" : {
          "type" : "string"
        }
      },
      "type" : "object",
      "exampleValue" : ""
    },
    "generateRecoveryCodes" : {
      "title" : "Generate Recovery Codes",
      "description" : "If enabled, the success outcome's transient state will contain a set of recovery codes. If this success outcome is passed into a Recovery Code Display Node, these codes will be presented to the user. A user may use recovery codes to bypass the Push authentication node in the event they have lost their authenticator.",
      "propertyOrder" : 50,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "postponeDeviceProfileStorage" : {
      "title" : "Store device data in shared state",
      "description" : "If enabled, the device data isn't stored directly in the user's profile on successful completion of the node. Instead, the node adds the device data, as a base64-encoded string, to the 'oathDeviceProfile' property in the shared node state. This string is decoded as an unescaped plain string representation of a JSON object. Use the 'OATH Device Storage Node' to store the device data in the user's profile.",
      "propertyOrder" : 140,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "imgUrl" : {
      "title" : "Logo Image URL",
      "description" : "The location of an image to download and display as the issuer's logo within the ForgeRock Authenticator app.",
      "propertyOrder" : 40,
      "type" : "string",
      "exampleValue" : ""
    },
    "accountName" : {
      "title" : "Account Name",
      "description" : "This field allows selection of the user attribute to be used as the display name for user's Account. It is used when the user's OATH account is stored in the device. If left blank or the selected attribute is empty on the user's profile, the account name will be set to the user's username.",
      "propertyOrder" : 20,
      "type" : "string",
      "exampleValue" : ""
    },
    "addChecksum" : {
      "title" : "HOTP Checksum Digit",
      "description" : "This adds a digit to the end of the OTP generated to be used as a checksum to verify the OTP was generated correctly. This is in addition to the actual password length. You should only set this if your device supports it.",
      "propertyOrder" : 120,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "passwordLength" : {
      "title" : "One Time Password Length",
      "description" : "The length of the generated OTP in digits, must be at least 6 and compatible with the hardware/software OTP generators you expect your end-users to use. For example, Google and ForgeRock authenticators support values of 6 and 8.",
      "propertyOrder" : 70,
      "type" : "string",
      "exampleValue" : ""
    },
    "issuer" : {
      "title" : "Issuer",
      "description" : "A value that appears as an identifier on the user's device. Common choices are a company name, a web site, or an AM realm.",
      "propertyOrder" : 10,
      "type" : "string",
      "exampleValue" : ""
    },
    "bgColor" : {
      "title" : "Background Color",
      "description" : "The background color in hex notation to display behind the issuer's logo within the ForgeRock Authenticator app.",
      "propertyOrder" : 30,
      "type" : "string",
      "exampleValue" : ""
    },
    "truncationOffset" : {
      "title" : "HOTP Truncation Offset",
      "description" : "This is an option used by the HOTP algorithm that not all devices support. This should be left default unless you know your device uses an offset.",
      "propertyOrder" : 130,
      "type" : "integer",
      "exampleValue" : ""
    },
    "minSharedSecretLength" : {
      "title" : "Minimum Secret Key Length",
      "description" : "Number of hexadecimal characters allowed for the Secret Key.",
      "propertyOrder" : 80,
      "type" : "integer",
      "exampleValue" : ""
    }
  },
  "required" : [ "totpTimeInterval", "totpHashAlgorithm", "algorithm", "scanQRCodeMessage", "generateRecoveryCodes", "postponeDeviceProfileStorage", "imgUrl", "accountName", "addChecksum", "passwordLength", "issuer", "bgColor", "truncationOffset", "minSharedSecretLength" ]
}