Amster

AuthenticatorOath

Realm Operations

Resource path:

/realm-config/services/authenticatorOathService

Resource version: 2.0

create

Usage

am> create AuthenticatorOath --realm Realm --body body

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "authenticatorOATHDeviceSettingsEncryptionKeystorePassword" : {
      "title" : "Key Store Password",
      "description" : "Password to unlock the key store. AM encrypts this password when you save it in the configuration.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatoroath.encryption</code> to a secret in a secret store.",
      "propertyOrder" : 500,
      "required" : true,
      "type" : "string",
      "format" : "password",
      "exampleValue" : ""
    },
    "authenticatorOATHDeviceSettingsEncryptionKeystoreType" : {
      "title" : "Key Store Type",
      "description" : "Type of encryption key store.<br><br><i>Note:</i> PKCS#11 keys tores require hardware support such as a security device or smart card and is not available by default in most JVM installations.<p><p>See the <a href=\"https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html\" target=\"_blank\">JDK 8 PKCS#11 Reference Guide</a> for more details.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatoroath.encryption</code> to a secret in a secret store.",
      "propertyOrder" : 400,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "authenticatorOATHDeviceSettingsEncryptionKeystore" : {
      "title" : "Encryption Key Store",
      "description" : "Path to the key store from which to load encryption keys.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatoroath.encryption</code> to a secret in a secret store.",
      "propertyOrder" : 300,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "authenticatorOATHDeviceSettingsEncryptionKeystorePrivateKeyPassword" : {
      "title" : "Private Key Password",
      "description" : "Password to unlock the private key.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatoroath.encryption</code> to a secret in a secret store.",
      "propertyOrder" : 700,
      "required" : true,
      "type" : "string",
      "format" : "password",
      "exampleValue" : ""
    },
    "authenticatorOATHDeviceSettingsEncryptionScheme" : {
      "title" : "Device Profile Encryption Scheme",
      "description" : "Encryption scheme for securing device profiles stored on the server.<br><br>If enabled, each device profile is encrypted using a unique random secret key using the given strength of AES encryption in CBC mode with PKCS#5 padding. An HMAC-SHA of the given strength (truncated to half-size) is used to ensure integrity protection and authenticated encryption. The unique random key is encrypted with the given RSA key pair and stored with the device profile.<p><p><i>Note:</i> AES-256 may require installation of the JCE Unlimited Strength policy files.",
      "propertyOrder" : 200,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "authenticatorOATHDeviceSettingsEncryptionKeystoreKeyPairAlias" : {
      "title" : "Key-Pair Alias",
      "description" : "Alias of the certificate and private key in the key store. The private key is used to encrypt and decrypt device profiles.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatoroath.encryption</code> to a secret in a secret store.",
      "propertyOrder" : 600,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "oathAttrName" : {
      "title" : "Profile Storage Attribute",
      "description" : "Attribute for storing ForgeRock Authenticator OATH profiles.<br><br>The default attribute is added to the user store during OpenAM installation. If you want to use a different attribute, you must make sure to add it to your user store schema prior to deploying two-step verification with a ForgeRock OATH authenticator app in OpenAM. OpenAM must be able to write to the attribute.",
      "propertyOrder" : 100,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "authenticatorOATHSkippableName" : {
      "title" : "ForgeRock Authenticator (OATH) Device Skippable Attribute Name",
      "description" : "The data store attribute that holds the user's decision to enable or disable obtaining and providing a password obtained from the ForgeRock Authenticator app. This attribute must be writeable.",
      "propertyOrder" : 800,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    }
  }
}

delete

Usage

am> delete AuthenticatorOath --realm Realm

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action AuthenticatorOath --realm Realm --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action AuthenticatorOath --realm Realm --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action AuthenticatorOath --realm Realm --actionName nextdescendents

read

Usage

am> read AuthenticatorOath --realm Realm

update

Usage

am> update AuthenticatorOath --realm Realm --body body

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "authenticatorOATHDeviceSettingsEncryptionKeystorePassword" : {
      "title" : "Key Store Password",
      "description" : "Password to unlock the key store. AM encrypts this password when you save it in the configuration.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatoroath.encryption</code> to a secret in a secret store.",
      "propertyOrder" : 500,
      "required" : true,
      "type" : "string",
      "format" : "password",
      "exampleValue" : ""
    },
    "authenticatorOATHDeviceSettingsEncryptionKeystoreType" : {
      "title" : "Key Store Type",
      "description" : "Type of encryption key store.<br><br><i>Note:</i> PKCS#11 keys tores require hardware support such as a security device or smart card and is not available by default in most JVM installations.<p><p>See the <a href=\"https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html\" target=\"_blank\">JDK 8 PKCS#11 Reference Guide</a> for more details.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatoroath.encryption</code> to a secret in a secret store.",
      "propertyOrder" : 400,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "authenticatorOATHDeviceSettingsEncryptionKeystore" : {
      "title" : "Encryption Key Store",
      "description" : "Path to the key store from which to load encryption keys.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatoroath.encryption</code> to a secret in a secret store.",
      "propertyOrder" : 300,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "authenticatorOATHDeviceSettingsEncryptionKeystorePrivateKeyPassword" : {
      "title" : "Private Key Password",
      "description" : "Password to unlock the private key.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatoroath.encryption</code> to a secret in a secret store.",
      "propertyOrder" : 700,
      "required" : true,
      "type" : "string",
      "format" : "password",
      "exampleValue" : ""
    },
    "authenticatorOATHDeviceSettingsEncryptionScheme" : {
      "title" : "Device Profile Encryption Scheme",
      "description" : "Encryption scheme for securing device profiles stored on the server.<br><br>If enabled, each device profile is encrypted using a unique random secret key using the given strength of AES encryption in CBC mode with PKCS#5 padding. An HMAC-SHA of the given strength (truncated to half-size) is used to ensure integrity protection and authenticated encryption. The unique random key is encrypted with the given RSA key pair and stored with the device profile.<p><p><i>Note:</i> AES-256 may require installation of the JCE Unlimited Strength policy files.",
      "propertyOrder" : 200,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "authenticatorOATHDeviceSettingsEncryptionKeystoreKeyPairAlias" : {
      "title" : "Key-Pair Alias",
      "description" : "Alias of the certificate and private key in the key store. The private key is used to encrypt and decrypt device profiles.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatoroath.encryption</code> to a secret in a secret store.",
      "propertyOrder" : 600,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "oathAttrName" : {
      "title" : "Profile Storage Attribute",
      "description" : "Attribute for storing ForgeRock Authenticator OATH profiles.<br><br>The default attribute is added to the user store during OpenAM installation. If you want to use a different attribute, you must make sure to add it to your user store schema prior to deploying two-step verification with a ForgeRock OATH authenticator app in OpenAM. OpenAM must be able to write to the attribute.",
      "propertyOrder" : 100,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "authenticatorOATHSkippableName" : {
      "title" : "ForgeRock Authenticator (OATH) Device Skippable Attribute Name",
      "description" : "The data store attribute that holds the user's decision to enable or disable obtaining and providing a password obtained from the ForgeRock Authenticator app. This attribute must be writeable.",
      "propertyOrder" : 800,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    }
  }
}

Global Operations

Resource path:

/global-config/services/authenticatorOathService

Resource version: 1.0

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action AuthenticatorOath --global --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action AuthenticatorOath --global --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action AuthenticatorOath --global --actionName nextdescendents

read

Usage

am> read AuthenticatorOath --global

update

Usage

am> update AuthenticatorOath --global --body body

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "defaults" : {
      "properties" : {
        "authenticatorOATHDeviceSettingsEncryptionKeystorePrivateKeyPassword" : {
          "title" : "Private Key Password",
          "description" : "Password to unlock the private key.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatoroath.encryption</code> to a secret in a secret store.",
          "propertyOrder" : 700,
          "required" : true,
          "type" : "string",
          "format" : "password",
          "exampleValue" : ""
        },
        "authenticatorOATHDeviceSettingsEncryptionScheme" : {
          "title" : "Device Profile Encryption Scheme",
          "description" : "Encryption scheme for securing device profiles stored on the server.<br><br>If enabled, each device profile is encrypted using a unique random secret key using the given strength of AES encryption in CBC mode with PKCS#5 padding. An HMAC-SHA of the given strength (truncated to half-size) is used to ensure integrity protection and authenticated encryption. The unique random key is encrypted with the given RSA key pair and stored with the device profile.<p><p><i>Note:</i> AES-256 may require installation of the JCE Unlimited Strength policy files.",
          "propertyOrder" : 200,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "authenticatorOATHDeviceSettingsEncryptionKeystoreType" : {
          "title" : "Key Store Type",
          "description" : "Type of encryption key store.<br><br><i>Note:</i> PKCS#11 keys tores require hardware support such as a security device or smart card and is not available by default in most JVM installations.<p><p>See the <a href=\"https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html\" target=\"_blank\">JDK 8 PKCS#11 Reference Guide</a> for more details.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatoroath.encryption</code> to a secret in a secret store.",
          "propertyOrder" : 400,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "authenticatorOATHDeviceSettingsEncryptionKeystoreKeyPairAlias" : {
          "title" : "Key-Pair Alias",
          "description" : "Alias of the certificate and private key in the key store. The private key is used to encrypt and decrypt device profiles.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatoroath.encryption</code> to a secret in a secret store.",
          "propertyOrder" : 600,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "authenticatorOATHSkippableName" : {
          "title" : "ForgeRock Authenticator (OATH) Device Skippable Attribute Name",
          "description" : "The data store attribute that holds the user's decision to enable or disable obtaining and providing a password obtained from the ForgeRock Authenticator app. This attribute must be writeable.",
          "propertyOrder" : 800,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "oathAttrName" : {
          "title" : "Profile Storage Attribute",
          "description" : "Attribute for storing ForgeRock Authenticator OATH profiles.<br><br>The default attribute is added to the user store during OpenAM installation. If you want to use a different attribute, you must make sure to add it to your user store schema prior to deploying two-step verification with a ForgeRock OATH authenticator app in OpenAM. OpenAM must be able to write to the attribute.",
          "propertyOrder" : 100,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "authenticatorOATHDeviceSettingsEncryptionKeystore" : {
          "title" : "Encryption Key Store",
          "description" : "Path to the key store from which to load encryption keys.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatoroath.encryption</code> to a secret in a secret store.",
          "propertyOrder" : 300,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "authenticatorOATHDeviceSettingsEncryptionKeystorePassword" : {
          "title" : "Key Store Password",
          "description" : "Password to unlock the key store. AM encrypts this password when you save it in the configuration.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatoroath.encryption</code> to a secret in a secret store.",
          "propertyOrder" : 500,
          "required" : true,
          "type" : "string",
          "format" : "password",
          "exampleValue" : ""
        }
      },
      "type" : "object",
      "title" : "Realm Defaults"
    }
  }
}