Amster

IdentityGatewayAgents

Realm Operations

Agents handler that is responsible for managing agents

Resource path:

/realm-config/agents/IdentityGatewayAgent

Resource version: 2.0

create

Usage

am> create IdentityGatewayAgents --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "secretLabelIdentifier" : {
      "title" : "Secret Label Identifier",
      "description" : "AM uses this identifier to create a specific secret label, using the template <code>am.applications.agents.{{identifier}}.secret</code> where {{identifier}} is the Secret Label Identifier. <br>The Secret Label Identifier can only contain characters {{a-z}} {{A-Z}} {{0-9}} {{.}} and cannot start or end with {{.}}. <br>As a best practice, use a different Secret Label Identifier per agent. <br><br> If you update or delete this value, any corresponding secret mapping for the previous identifier is updated or deleted, provided no other agent shares that secret mapping.",
      "propertyOrder" : 125,
      "type" : "object",
      "exampleValue" : "",
      "properties" : {
        "inherited" : {
          "type" : "boolean",
          "required" : true
        },
        "value" : {
          "type" : "string",
          "required" : false
        }
      }
    },
    "agentgroup" : {
      "title" : "Group",
      "description" : "Add the agent to a group to allow inheritance of property values from the group. <br>Changing the group will update inherited property values. <br>Inherited property values are copied to the agent.",
      "propertyOrder" : 50,
      "required" : false,
      "type" : "string",
      "exampleValue" : ""
    },
    "userpassword" : {
      "title" : "Password",
      "description" : "The agent password. Used to authenticate the agent if you don't store agent passwords in a secret store. This password is ignored if you specify a Secret Label Identifier and the corresponding secret mapping.",
      "propertyOrder" : 100,
      "required" : true,
      "type" : "string",
      "format" : "password",
      "exampleValue" : ""
    },
    "igCdssoLoginUrlTemplate" : {
      "title" : "Login URL Template for CDSSO",
      "description" : "Custom URL for handling login when using CDSSO, to override the default AM login page.<br><br>Supports Freemarker syntax, with the following variables:<p><code>goto</code> The URL to redirect to after login.<br><code>acrValues</code> The Authentication Context Class Reference (acr) values for the authorization request.<br><code>realm</code> The AM realm the authorization request was made on.<br><code>module</code> The name of the AM authentication module requested to perform resource owner authentication.<br><code>service</code> The name of the AM authentication chain requested to perform resource owner authentication.<br><code>locale</code> A space-separated list of locales, ordered by preference.<br><br>The following example template redirects users to a non-AM front end to handle the login, the goto will contain the AM URL of where the user should be returned to on completion of the login process:<p><code>https://mylogin.com/login?goto=${goto}&lt;#if acrValues??&gt;&amp;acr_values=${acrValues}&lt;&#x2F;#if&gt;&lt;#if realm??&gt;&amp;realm=${realm}&lt;&#x2F;#if&gt;&lt;#if module??&gt;&amp;module=${module}&lt;&#x2F;#if&gt;&lt;#if service??&gt;&amp;service=${service}&lt;&#x2F;#if&gt;&lt;#if locale??&gt;&amp;locale=${locale}&lt;&#x2F;#if&gt;</code><br><b>NOTE</b>: The default AM login page is constructed using \"Base URL Source\" service.",
      "propertyOrder" : 155,
      "type" : "object",
      "exampleValue" : "",
      "properties" : {
        "inherited" : {
          "type" : "boolean",
          "required" : true
        },
        "value" : {
          "type" : "string",
          "required" : false
        }
      }
    },
    "status" : {
      "title" : "Status",
      "description" : "Status of the agent configuration.",
      "propertyOrder" : 200,
      "type" : "object",
      "exampleValue" : "",
      "properties" : {
        "inherited" : {
          "type" : "boolean",
          "required" : true
        },
        "value" : {
          "type" : "string",
          "required" : true
        }
      }
    },
    "igTokenIntrospection" : {
      "title" : "Token Introspection",
      "description" : "Allows using this IG agent to introspect OAuth 2.0 tokens issued to any client. <br>Select <code>None</code> to disable. Select <code>Realm Only</code> to allow introspection of tokens in the same realm. Select <code>Realm and Sub Realms</code> to allow introspection of tokens in the same realm and any sub-realms.",
      "propertyOrder" : 160,
      "type" : "object",
      "exampleValue" : "",
      "properties" : {
        "inherited" : {
          "type" : "boolean",
          "required" : true
        },
        "value" : {
          "type" : "string",
          "required" : false
        }
      }
    },
    "igCdssoRedirectUrls" : {
      "title" : "Redirect URLs for CDSSO",
      "description" : "The list of redirect URLs for CDSSO. The valid value is in the following format: <br>protocol://hostname:port/path<br> The protocol represents the protocol used, such as http or https. The hostname represents the host name of the machine on which IG resides. The port represents the port number on which IG is listening. The path represents the remainder of the redirect URL. <br>Example:<br> http://openig.ext.com:8080/home/cdsso/redirect",
      "propertyOrder" : 150,
      "items" : {
        "type" : "string"
      },
      "type" : "object",
      "exampleValue" : "",
      "properties" : {
        "inherited" : {
          "type" : "boolean",
          "required" : true
        },
        "value" : {
          "type" : "array",
          "required" : false
        }
      }
    }
  }
}

delete

Usage

am> delete IdentityGatewayAgents --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action IdentityGatewayAgents --realm Realm --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action IdentityGatewayAgents --realm Realm --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action IdentityGatewayAgents --realm Realm --actionName nextdescendents

query

Querying the agents of a specific type

Usage

am> query IdentityGatewayAgents --realm Realm --filter filter

Parameters

--filter

A CREST formatted query filter, where "true" will query all.

read

Usage

am> read IdentityGatewayAgents --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

update

Usage

am> update IdentityGatewayAgents --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "secretLabelIdentifier" : {
      "title" : "Secret Label Identifier",
      "description" : "AM uses this identifier to create a specific secret label, using the template <code>am.applications.agents.{{identifier}}.secret</code> where {{identifier}} is the Secret Label Identifier. <br>The Secret Label Identifier can only contain characters {{a-z}} {{A-Z}} {{0-9}} {{.}} and cannot start or end with {{.}}. <br>As a best practice, use a different Secret Label Identifier per agent. <br><br> If you update or delete this value, any corresponding secret mapping for the previous identifier is updated or deleted, provided no other agent shares that secret mapping.",
      "propertyOrder" : 125,
      "type" : "object",
      "exampleValue" : "",
      "properties" : {
        "inherited" : {
          "type" : "boolean",
          "required" : true
        },
        "value" : {
          "type" : "string",
          "required" : false
        }
      }
    },
    "agentgroup" : {
      "title" : "Group",
      "description" : "Add the agent to a group to allow inheritance of property values from the group. <br>Changing the group will update inherited property values. <br>Inherited property values are copied to the agent.",
      "propertyOrder" : 50,
      "required" : false,
      "type" : "string",
      "exampleValue" : ""
    },
    "userpassword" : {
      "title" : "Password",
      "description" : "The agent password. Used to authenticate the agent if you don't store agent passwords in a secret store. This password is ignored if you specify a Secret Label Identifier and the corresponding secret mapping.",
      "propertyOrder" : 100,
      "required" : true,
      "type" : "string",
      "format" : "password",
      "exampleValue" : ""
    },
    "igCdssoLoginUrlTemplate" : {
      "title" : "Login URL Template for CDSSO",
      "description" : "Custom URL for handling login when using CDSSO, to override the default AM login page.<br><br>Supports Freemarker syntax, with the following variables:<p><code>goto</code> The URL to redirect to after login.<br><code>acrValues</code> The Authentication Context Class Reference (acr) values for the authorization request.<br><code>realm</code> The AM realm the authorization request was made on.<br><code>module</code> The name of the AM authentication module requested to perform resource owner authentication.<br><code>service</code> The name of the AM authentication chain requested to perform resource owner authentication.<br><code>locale</code> A space-separated list of locales, ordered by preference.<br><br>The following example template redirects users to a non-AM front end to handle the login, the goto will contain the AM URL of where the user should be returned to on completion of the login process:<p><code>https://mylogin.com/login?goto=${goto}&lt;#if acrValues??&gt;&amp;acr_values=${acrValues}&lt;&#x2F;#if&gt;&lt;#if realm??&gt;&amp;realm=${realm}&lt;&#x2F;#if&gt;&lt;#if module??&gt;&amp;module=${module}&lt;&#x2F;#if&gt;&lt;#if service??&gt;&amp;service=${service}&lt;&#x2F;#if&gt;&lt;#if locale??&gt;&amp;locale=${locale}&lt;&#x2F;#if&gt;</code><br><b>NOTE</b>: The default AM login page is constructed using \"Base URL Source\" service.",
      "propertyOrder" : 155,
      "type" : "object",
      "exampleValue" : "",
      "properties" : {
        "inherited" : {
          "type" : "boolean",
          "required" : true
        },
        "value" : {
          "type" : "string",
          "required" : false
        }
      }
    },
    "status" : {
      "title" : "Status",
      "description" : "Status of the agent configuration.",
      "propertyOrder" : 200,
      "type" : "object",
      "exampleValue" : "",
      "properties" : {
        "inherited" : {
          "type" : "boolean",
          "required" : true
        },
        "value" : {
          "type" : "string",
          "required" : true
        }
      }
    },
    "igTokenIntrospection" : {
      "title" : "Token Introspection",
      "description" : "Allows using this IG agent to introspect OAuth 2.0 tokens issued to any client. <br>Select <code>None</code> to disable. Select <code>Realm Only</code> to allow introspection of tokens in the same realm. Select <code>Realm and Sub Realms</code> to allow introspection of tokens in the same realm and any sub-realms.",
      "propertyOrder" : 160,
      "type" : "object",
      "exampleValue" : "",
      "properties" : {
        "inherited" : {
          "type" : "boolean",
          "required" : true
        },
        "value" : {
          "type" : "string",
          "required" : false
        }
      }
    },
    "igCdssoRedirectUrls" : {
      "title" : "Redirect URLs for CDSSO",
      "description" : "The list of redirect URLs for CDSSO. The valid value is in the following format: <br>protocol://hostname:port/path<br> The protocol represents the protocol used, such as http or https. The hostname represents the host name of the machine on which IG resides. The port represents the port number on which IG is listening. The path represents the remainder of the redirect URL. <br>Example:<br> http://openig.ext.com:8080/home/cdsso/redirect",
      "propertyOrder" : 150,
      "items" : {
        "type" : "string"
      },
      "type" : "object",
      "exampleValue" : "",
      "properties" : {
        "inherited" : {
          "type" : "boolean",
          "required" : true
        },
        "value" : {
          "type" : "array",
          "required" : false
        }
      }
    }
  }
}