Amster

UserSelfService

Realm Operations

Resource path:

/realm-config/services/selfService

Resource version: 2.0

create

Usage

am> create UserSelfService --realm Realm --body body

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "generalConfig" : {
      "type" : "object",
      "title" : "General Configuration",
      "propertyOrder" : 0,
      "properties" : {
        "minimumAnswersToVerify" : {
          "title" : "Minimum Answers to Verify",
          "description" : "Specifies the minimum number of KBA questions that users need to answer to be granted the privilege to carry out an action, such as registering for an account, resetting a password, or retrieving a username. Specify a value from <code>0</code> to <code>50</code>.",
          "propertyOrder" : 70,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "kbaQuestions" : {
          "title" : "Security Questions",
          "description" : "Specifies the default set of knowledge-based authentication (KBA) security questions. The security questions can be set for the User Self-Registration, forgotten password reset, and forgotten username services, respectively.<p><p>Format is <code>unique key|locale|question</code>.",
          "propertyOrder" : 50,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "signingSecretKeyAlias" : {
          "title" : "Signing Secret Key Alias",
          "description" : "A signing secret key alias in the OpenAM server's JCEKS keystore. Used to sign the JWT token that OpenAM uses to track end users during User Self-Service operations.",
          "propertyOrder" : 10,
          "required" : true,
          "type" : "string",
          "exampleValue" : "selfservicesigntest"
        },
        "captchaSiteKey" : {
          "title" : "Google reCAPTCHA Site Key",
          "description" : "Google reCAPTCHA plugin site key.",
          "propertyOrder" : 20,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "captchaSecretKey" : {
          "title" : "Google reCAPTCHA Secret Key",
          "description" : "Google reCAPTCHA plugin secret key.",
          "propertyOrder" : 30,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "encryptionKeyPairAlias" : {
          "title" : "Encryption Key Pair Alias",
          "description" : "An encryption key alias in the OpenAM server's JCEKS keystore. Used to encrypt the JWT token that OpenAM uses to track end users during User Self-Service operations.",
          "propertyOrder" : 0,
          "required" : true,
          "type" : "string",
          "exampleValue" : "selfserviceenctest"
        },
        "validQueryAttributes" : {
          "title" : "Valid Query Attributes",
          "description" : "Specifies the valid query attributes used to search for the user. This is a list of attributes used to identify your account for forgotten password and forgotten username.",
          "propertyOrder" : 80,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "captchaVerificationUrl" : {
          "title" : "Google Re-captcha Verification URL",
          "description" : "Google reCAPTCHA plugin verification URL.",
          "propertyOrder" : 40,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "minimumAnswersToDefine" : {
          "title" : "Minimum Answers to Define",
          "description" : "Specifies the minimum number of KBA answers that users must define.",
          "propertyOrder" : 60,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    },
    "profileManagement" : {
      "type" : "object",
      "title" : "Profile Management",
      "propertyOrder" : 4,
      "properties" : {
        "profileProtectedUserAttributes" : {
          "title" : "Protected Update Attributes",
          "description" : "Specifies a profile's protected user attributes, which causes re-authentication when the user attempts to modify these attributes.",
          "propertyOrder" : 320,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "profileAttributeWhitelist" : {
          "title" : "Self readable attributes",
          "description" : "Specifies the list of attributes that users can view when accessing their user profile.",
          "propertyOrder" : 325,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        }
      }
    },
    "userRegistration" : {
      "type" : "object",
      "title" : "User Registration",
      "propertyOrder" : 1,
      "properties" : {
        "userRegistrationTokenTTL" : {
          "title" : "Token Lifetime (seconds)",
          "description" : "Maximum lifetime of the token allowing User Self-Registration, in seconds.",
          "propertyOrder" : 130,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "userRegistrationEmailVerificationFirstEnabled" : {
          "title" : "Verify Email before User Detail",
          "description" : "If enabled, email address verification will be performed first before user details screen is displayed. This will take effect only if Verify Email is enabled.",
          "propertyOrder" : 105,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "userRegistrationEmailBody" : {
          "title" : "Outgoing Email Body",
          "description" : "Customize the User Self-Registration verification email body text. Format is: <code>locale|body text</code>.",
          "propertyOrder" : 150,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "userRegistrationValidUserAttributes" : {
          "title" : "Valid Creation Attributes",
          "description" : "Specifies a whitelist of user attributes that can be set during user creation.",
          "propertyOrder" : 160,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "userRegistrationCaptchaEnabled" : {
          "title" : "Captcha",
          "description" : "If enabled, users must pass a Google reCAPTCHA challenge during user self-registration to mitigate against software bots.",
          "propertyOrder" : 100,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "userRegistrationKbaEnabled" : {
          "title" : "Security Questions",
          "description" : "If enabled, users must set up their security questions during the self-registration process.",
          "propertyOrder" : 120,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "userRegistrationEmailSubject" : {
          "title" : "Outgoing Email Subject",
          "description" : "Customize the User Self-Registration verification email subject text. Format is <code>locale|subject text</code>.",
          "propertyOrder" : 140,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "userRegisteredDestination" : {
          "title" : "Destination After Successful Self-Registration",
          "description" : "Specifies the action to be taken after a user successfully registers a new account. Choose from:<ul><li><code>default</code>. User is sent to a success page without being logged in.</li><li><code>login</code>. User is sent to the login page to authenticate.</li><li><code>autologin</code>. User is automatically logged in and sent to the appropriate page.</li></ul>",
          "propertyOrder" : 161,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "userRegistrationEnabled" : {
          "title" : "User Registration",
          "description" : "If enabled, new users can sign up for an account.",
          "propertyOrder" : 90,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "userRegistrationEmailVerificationEnabled" : {
          "title" : "Email Verification",
          "description" : "If enabled, users who self-register must perform email address verification.",
          "propertyOrder" : 110,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "advancedConfig" : {
      "type" : "object",
      "title" : "Advanced Configuration",
      "propertyOrder" : 5,
      "properties" : {
        "forgottenPasswordServiceConfigClass" : {
          "title" : "Forgotten Password Service Config Provider Class",
          "description" : "Specifies the provider class to configure any custom plugins.",
          "propertyOrder" : 360,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "forgottenUsernameServiceConfigClass" : {
          "title" : "Forgotten Username Service Config Provider Class",
          "description" : "Specifies the provider class to configure any custom plugins.",
          "propertyOrder" : 370,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "userRegistrationServiceConfigClass" : {
          "title" : "User Registration Service Config Provider Class",
          "description" : "Specifies the provider class to configure any custom plugins.",
          "propertyOrder" : 350,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "userRegistrationConfirmationUrl" : {
          "title" : "User Registration Confirmation Email URL",
          "description" : "Specifies the confirmation URL that the user receives during the self-registration process. The <code>${realm}</code> string is replaced with the current realm.",
          "propertyOrder" : 330,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "forgottenPasswordConfirmationUrl" : {
          "title" : "Forgotten Password Confirmation Email URL",
          "description" : "Specifies the confirmation URL that the user receives after confirming their identity during the forgotten password process. The <code>${realm}</code> string is replaced with the current realm.",
          "propertyOrder" : 340,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "forgottenPassword" : {
      "type" : "object",
      "title" : "Forgotten Password",
      "propertyOrder" : 2,
      "properties" : {
        "forgottenPasswordEmailVerificationEnabled" : {
          "title" : "Email Verification",
          "description" : "If enabled, users who reset passwords must perform email address verification.",
          "propertyOrder" : 190,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenPasswordCaptchaEnabled" : {
          "title" : "Captcha",
          "description" : "If enabled, users must pass a Google reCAPTCHA challenge during password reset to mitigate against software bots.",
          "propertyOrder" : 180,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenPasswordEnabled" : {
          "title" : "Forgotten Password",
          "description" : "If enabled, users can reset their forgotten password.",
          "propertyOrder" : 170,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenPasswordTokenPaddingLength" : {
          "title" : "Token Padding Length (bytes)",
          "description" : "Desired length of the 'state' parameter in the JWT after padding. This should be greater than the highest possible sum of lengths for a username + userId + email to avoid the possibility of account enumeration based on the JWT length.",
          "propertyOrder" : 215,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "numberOfAttemptsEnforced" : {
          "title" : "Enforce password reset lockout",
          "description" : "If enabled, users will be prevented from resetting their password after the configured number of failed attempts.",
          "propertyOrder" : 201,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenPasswordTokenTTL" : {
          "title" : "Token Lifetime (seconds)",
          "description" : "Maximum lifetime for the token allowing forgotten password reset, in seconds.<p><p>Specify a value from <code>0</code> to <code>2147483647</code>.",
          "propertyOrder" : 210,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "forgottenPasswordKbaEnabled" : {
          "title" : "Security Questions",
          "description" : "If enabled, users must answer their security questions during the forgotten password process.",
          "propertyOrder" : 200,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenPasswordEmailBody" : {
          "title" : "Outgoing Email Body",
          "description" : "Customize the forgotten password email body text. Format is <code>locale|body text</code>.",
          "propertyOrder" : 230,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "forgottenPasswordEmailSubject" : {
          "title" : "Outgoing Email Subject",
          "description" : "Customize the forgotten password email subject text. Format is <code>locale|subject text</code>.",
          "propertyOrder" : 220,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "numberOfAllowedAttempts" : {
          "title" : "Lock Out After number of attempts",
          "description" : "Can be set to 1 or more attempts for a user to correctly answer all their security questions. After the number of configured attempts the user has not correctly answered them the password reset feature will be disabled.",
          "propertyOrder" : 202,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    },
    "forgottenUsername" : {
      "type" : "object",
      "title" : "Forgotten Username",
      "propertyOrder" : 3,
      "properties" : {
        "forgottenUsernameShowUsernameEnabled" : {
          "title" : "Show Username",
          "description" : "If enabled, users see their forgotten username on the browser page.",
          "propertyOrder" : 280,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenUsernameEnabled" : {
          "title" : "Forgotten Username",
          "description" : "If enabled, users can retrieve their forgotten username.",
          "propertyOrder" : 240,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenUsernameKbaEnabled" : {
          "title" : "Security Questions",
          "description" : "If enabled, users must answer their security questions during the forgotten username process.",
          "propertyOrder" : 260,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenUsernameCaptchaEnabled" : {
          "title" : "Captcha",
          "description" : "If enabled, users must pass a Google reCAPTCHA challenge during the forgotten username retrieval process to mitigate against software bots.",
          "propertyOrder" : 250,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenUsernameEmailSubject" : {
          "title" : "Outgoing Email Subject",
          "description" : "Customizes the forgotten username email subject text. Format is <code>locale|subject text</code>.",
          "propertyOrder" : 300,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "forgottenUsernameTokenTTL" : {
          "title" : "Token LifeTime (seconds)",
          "description" : "Maximum lifetime for the token allowing forgotten username, in seconds.",
          "propertyOrder" : 290,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "forgottenUsernameEmailBody" : {
          "title" : "Outgoing Email Body",
          "description" : "Customizes the forgotten username email body text. Format is <code>locale|body text</code>.",
          "propertyOrder" : 310,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "forgottenUsernameEmailUsernameEnabled" : {
          "title" : "Email Username",
          "description" : "If enabled, users receive their forgotten username by email.",
          "propertyOrder" : 270,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    }
  }
}

delete

Usage

am> delete UserSelfService --realm Realm

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action UserSelfService --realm Realm --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action UserSelfService --realm Realm --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action UserSelfService --realm Realm --actionName nextdescendents

read

Usage

am> read UserSelfService --realm Realm

update

Usage

am> update UserSelfService --realm Realm --body body

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "generalConfig" : {
      "type" : "object",
      "title" : "General Configuration",
      "propertyOrder" : 0,
      "properties" : {
        "minimumAnswersToVerify" : {
          "title" : "Minimum Answers to Verify",
          "description" : "Specifies the minimum number of KBA questions that users need to answer to be granted the privilege to carry out an action, such as registering for an account, resetting a password, or retrieving a username. Specify a value from <code>0</code> to <code>50</code>.",
          "propertyOrder" : 70,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "kbaQuestions" : {
          "title" : "Security Questions",
          "description" : "Specifies the default set of knowledge-based authentication (KBA) security questions. The security questions can be set for the User Self-Registration, forgotten password reset, and forgotten username services, respectively.<p><p>Format is <code>unique key|locale|question</code>.",
          "propertyOrder" : 50,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "signingSecretKeyAlias" : {
          "title" : "Signing Secret Key Alias",
          "description" : "A signing secret key alias in the OpenAM server's JCEKS keystore. Used to sign the JWT token that OpenAM uses to track end users during User Self-Service operations.",
          "propertyOrder" : 10,
          "required" : true,
          "type" : "string",
          "exampleValue" : "selfservicesigntest"
        },
        "captchaSiteKey" : {
          "title" : "Google reCAPTCHA Site Key",
          "description" : "Google reCAPTCHA plugin site key.",
          "propertyOrder" : 20,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "captchaSecretKey" : {
          "title" : "Google reCAPTCHA Secret Key",
          "description" : "Google reCAPTCHA plugin secret key.",
          "propertyOrder" : 30,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "encryptionKeyPairAlias" : {
          "title" : "Encryption Key Pair Alias",
          "description" : "An encryption key alias in the OpenAM server's JCEKS keystore. Used to encrypt the JWT token that OpenAM uses to track end users during User Self-Service operations.",
          "propertyOrder" : 0,
          "required" : true,
          "type" : "string",
          "exampleValue" : "selfserviceenctest"
        },
        "validQueryAttributes" : {
          "title" : "Valid Query Attributes",
          "description" : "Specifies the valid query attributes used to search for the user. This is a list of attributes used to identify your account for forgotten password and forgotten username.",
          "propertyOrder" : 80,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "captchaVerificationUrl" : {
          "title" : "Google Re-captcha Verification URL",
          "description" : "Google reCAPTCHA plugin verification URL.",
          "propertyOrder" : 40,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "minimumAnswersToDefine" : {
          "title" : "Minimum Answers to Define",
          "description" : "Specifies the minimum number of KBA answers that users must define.",
          "propertyOrder" : 60,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    },
    "profileManagement" : {
      "type" : "object",
      "title" : "Profile Management",
      "propertyOrder" : 4,
      "properties" : {
        "profileProtectedUserAttributes" : {
          "title" : "Protected Update Attributes",
          "description" : "Specifies a profile's protected user attributes, which causes re-authentication when the user attempts to modify these attributes.",
          "propertyOrder" : 320,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "profileAttributeWhitelist" : {
          "title" : "Self readable attributes",
          "description" : "Specifies the list of attributes that users can view when accessing their user profile.",
          "propertyOrder" : 325,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        }
      }
    },
    "userRegistration" : {
      "type" : "object",
      "title" : "User Registration",
      "propertyOrder" : 1,
      "properties" : {
        "userRegistrationTokenTTL" : {
          "title" : "Token Lifetime (seconds)",
          "description" : "Maximum lifetime of the token allowing User Self-Registration, in seconds.",
          "propertyOrder" : 130,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "userRegistrationEmailVerificationFirstEnabled" : {
          "title" : "Verify Email before User Detail",
          "description" : "If enabled, email address verification will be performed first before user details screen is displayed. This will take effect only if Verify Email is enabled.",
          "propertyOrder" : 105,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "userRegistrationEmailBody" : {
          "title" : "Outgoing Email Body",
          "description" : "Customize the User Self-Registration verification email body text. Format is: <code>locale|body text</code>.",
          "propertyOrder" : 150,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "userRegistrationValidUserAttributes" : {
          "title" : "Valid Creation Attributes",
          "description" : "Specifies a whitelist of user attributes that can be set during user creation.",
          "propertyOrder" : 160,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "userRegistrationCaptchaEnabled" : {
          "title" : "Captcha",
          "description" : "If enabled, users must pass a Google reCAPTCHA challenge during user self-registration to mitigate against software bots.",
          "propertyOrder" : 100,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "userRegistrationKbaEnabled" : {
          "title" : "Security Questions",
          "description" : "If enabled, users must set up their security questions during the self-registration process.",
          "propertyOrder" : 120,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "userRegistrationEmailSubject" : {
          "title" : "Outgoing Email Subject",
          "description" : "Customize the User Self-Registration verification email subject text. Format is <code>locale|subject text</code>.",
          "propertyOrder" : 140,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "userRegisteredDestination" : {
          "title" : "Destination After Successful Self-Registration",
          "description" : "Specifies the action to be taken after a user successfully registers a new account. Choose from:<ul><li><code>default</code>. User is sent to a success page without being logged in.</li><li><code>login</code>. User is sent to the login page to authenticate.</li><li><code>autologin</code>. User is automatically logged in and sent to the appropriate page.</li></ul>",
          "propertyOrder" : 161,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "userRegistrationEnabled" : {
          "title" : "User Registration",
          "description" : "If enabled, new users can sign up for an account.",
          "propertyOrder" : 90,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "userRegistrationEmailVerificationEnabled" : {
          "title" : "Email Verification",
          "description" : "If enabled, users who self-register must perform email address verification.",
          "propertyOrder" : 110,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "advancedConfig" : {
      "type" : "object",
      "title" : "Advanced Configuration",
      "propertyOrder" : 5,
      "properties" : {
        "forgottenPasswordServiceConfigClass" : {
          "title" : "Forgotten Password Service Config Provider Class",
          "description" : "Specifies the provider class to configure any custom plugins.",
          "propertyOrder" : 360,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "forgottenUsernameServiceConfigClass" : {
          "title" : "Forgotten Username Service Config Provider Class",
          "description" : "Specifies the provider class to configure any custom plugins.",
          "propertyOrder" : 370,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "userRegistrationServiceConfigClass" : {
          "title" : "User Registration Service Config Provider Class",
          "description" : "Specifies the provider class to configure any custom plugins.",
          "propertyOrder" : 350,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "userRegistrationConfirmationUrl" : {
          "title" : "User Registration Confirmation Email URL",
          "description" : "Specifies the confirmation URL that the user receives during the self-registration process. The <code>${realm}</code> string is replaced with the current realm.",
          "propertyOrder" : 330,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "forgottenPasswordConfirmationUrl" : {
          "title" : "Forgotten Password Confirmation Email URL",
          "description" : "Specifies the confirmation URL that the user receives after confirming their identity during the forgotten password process. The <code>${realm}</code> string is replaced with the current realm.",
          "propertyOrder" : 340,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "forgottenPassword" : {
      "type" : "object",
      "title" : "Forgotten Password",
      "propertyOrder" : 2,
      "properties" : {
        "forgottenPasswordEmailVerificationEnabled" : {
          "title" : "Email Verification",
          "description" : "If enabled, users who reset passwords must perform email address verification.",
          "propertyOrder" : 190,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenPasswordCaptchaEnabled" : {
          "title" : "Captcha",
          "description" : "If enabled, users must pass a Google reCAPTCHA challenge during password reset to mitigate against software bots.",
          "propertyOrder" : 180,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenPasswordEnabled" : {
          "title" : "Forgotten Password",
          "description" : "If enabled, users can reset their forgotten password.",
          "propertyOrder" : 170,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenPasswordTokenPaddingLength" : {
          "title" : "Token Padding Length (bytes)",
          "description" : "Desired length of the 'state' parameter in the JWT after padding. This should be greater than the highest possible sum of lengths for a username + userId + email to avoid the possibility of account enumeration based on the JWT length.",
          "propertyOrder" : 215,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "numberOfAttemptsEnforced" : {
          "title" : "Enforce password reset lockout",
          "description" : "If enabled, users will be prevented from resetting their password after the configured number of failed attempts.",
          "propertyOrder" : 201,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenPasswordTokenTTL" : {
          "title" : "Token Lifetime (seconds)",
          "description" : "Maximum lifetime for the token allowing forgotten password reset, in seconds.<p><p>Specify a value from <code>0</code> to <code>2147483647</code>.",
          "propertyOrder" : 210,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "forgottenPasswordKbaEnabled" : {
          "title" : "Security Questions",
          "description" : "If enabled, users must answer their security questions during the forgotten password process.",
          "propertyOrder" : 200,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenPasswordEmailBody" : {
          "title" : "Outgoing Email Body",
          "description" : "Customize the forgotten password email body text. Format is <code>locale|body text</code>.",
          "propertyOrder" : 230,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "forgottenPasswordEmailSubject" : {
          "title" : "Outgoing Email Subject",
          "description" : "Customize the forgotten password email subject text. Format is <code>locale|subject text</code>.",
          "propertyOrder" : 220,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "numberOfAllowedAttempts" : {
          "title" : "Lock Out After number of attempts",
          "description" : "Can be set to 1 or more attempts for a user to correctly answer all their security questions. After the number of configured attempts the user has not correctly answered them the password reset feature will be disabled.",
          "propertyOrder" : 202,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    },
    "forgottenUsername" : {
      "type" : "object",
      "title" : "Forgotten Username",
      "propertyOrder" : 3,
      "properties" : {
        "forgottenUsernameShowUsernameEnabled" : {
          "title" : "Show Username",
          "description" : "If enabled, users see their forgotten username on the browser page.",
          "propertyOrder" : 280,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenUsernameEnabled" : {
          "title" : "Forgotten Username",
          "description" : "If enabled, users can retrieve their forgotten username.",
          "propertyOrder" : 240,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenUsernameKbaEnabled" : {
          "title" : "Security Questions",
          "description" : "If enabled, users must answer their security questions during the forgotten username process.",
          "propertyOrder" : 260,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenUsernameCaptchaEnabled" : {
          "title" : "Captcha",
          "description" : "If enabled, users must pass a Google reCAPTCHA challenge during the forgotten username retrieval process to mitigate against software bots.",
          "propertyOrder" : 250,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenUsernameEmailSubject" : {
          "title" : "Outgoing Email Subject",
          "description" : "Customizes the forgotten username email subject text. Format is <code>locale|subject text</code>.",
          "propertyOrder" : 300,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "forgottenUsernameTokenTTL" : {
          "title" : "Token LifeTime (seconds)",
          "description" : "Maximum lifetime for the token allowing forgotten username, in seconds.",
          "propertyOrder" : 290,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "forgottenUsernameEmailBody" : {
          "title" : "Outgoing Email Body",
          "description" : "Customizes the forgotten username email body text. Format is <code>locale|body text</code>.",
          "propertyOrder" : 310,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "forgottenUsernameEmailUsernameEnabled" : {
          "title" : "Email Username",
          "description" : "If enabled, users receive their forgotten username by email.",
          "propertyOrder" : 270,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    }
  }
}

Global Operations

Resource path:

/global-config/services/selfService

Resource version: 1.0

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action UserSelfService --global --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action UserSelfService --global --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action UserSelfService --global --actionName nextdescendents

read

Usage

am> read UserSelfService --global

update

Usage

am> update UserSelfService --global --body body

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "defaults" : {
      "properties" : {
        "forgottenPassword" : {
          "type" : "object",
          "title" : "Forgotten Password",
          "propertyOrder" : 2,
          "properties" : {
            "forgottenPasswordCaptchaEnabled" : {
              "title" : "Captcha",
              "description" : "If enabled, users must pass a Google reCAPTCHA challenge during password reset to mitigate against software bots.",
              "propertyOrder" : 180,
              "required" : false,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "forgottenPasswordEmailSubject" : {
              "title" : "Outgoing Email Subject",
              "description" : "Customize the forgotten password email subject text. Format is <code>locale|subject text</code>.",
              "propertyOrder" : 220,
              "required" : false,
              "items" : {
                "type" : "string"
              },
              "type" : "array",
              "exampleValue" : ""
            },
            "numberOfAllowedAttempts" : {
              "title" : "Lock Out After number of attempts",
              "description" : "Can be set to 1 or more attempts for a user to correctly answer all their security questions. After the number of configured attempts the user has not correctly answered them the password reset feature will be disabled.",
              "propertyOrder" : 202,
              "required" : false,
              "type" : "integer",
              "exampleValue" : ""
            },
            "forgottenPasswordEmailVerificationEnabled" : {
              "title" : "Email Verification",
              "description" : "If enabled, users who reset passwords must perform email address verification.",
              "propertyOrder" : 190,
              "required" : false,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "forgottenPasswordTokenTTL" : {
              "title" : "Token Lifetime (seconds)",
              "description" : "Maximum lifetime for the token allowing forgotten password reset, in seconds.<p><p>Specify a value from <code>0</code> to <code>2147483647</code>.",
              "propertyOrder" : 210,
              "required" : false,
              "type" : "integer",
              "exampleValue" : ""
            },
            "forgottenPasswordTokenPaddingLength" : {
              "title" : "Token Padding Length (bytes)",
              "description" : "Desired length of the 'state' parameter in the JWT after padding. This should be greater than the highest possible sum of lengths for a username + userId + email to avoid the possibility of account enumeration based on the JWT length.",
              "propertyOrder" : 215,
              "required" : false,
              "type" : "integer",
              "exampleValue" : ""
            },
            "forgottenPasswordEnabled" : {
              "title" : "Forgotten Password",
              "description" : "If enabled, users can reset their forgotten password.",
              "propertyOrder" : 170,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "numberOfAttemptsEnforced" : {
              "title" : "Enforce password reset lockout",
              "description" : "If enabled, users will be prevented from resetting their password after the configured number of failed attempts.",
              "propertyOrder" : 201,
              "required" : false,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "forgottenPasswordKbaEnabled" : {
              "title" : "Security Questions",
              "description" : "If enabled, users must answer their security questions during the forgotten password process.",
              "propertyOrder" : 200,
              "required" : false,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "forgottenPasswordEmailBody" : {
              "title" : "Outgoing Email Body",
              "description" : "Customize the forgotten password email body text. Format is <code>locale|body text</code>.",
              "propertyOrder" : 230,
              "required" : false,
              "items" : {
                "type" : "string"
              },
              "type" : "array",
              "exampleValue" : ""
            }
          }
        },
        "profileManagement" : {
          "type" : "object",
          "title" : "Profile Management",
          "propertyOrder" : 4,
          "properties" : {
            "profileAttributeWhitelist" : {
              "title" : "Self readable attributes",
              "description" : "Specifies the list of attributes that users can view when accessing their user profile.",
              "propertyOrder" : 325,
              "required" : false,
              "items" : {
                "type" : "string"
              },
              "type" : "array",
              "exampleValue" : ""
            },
            "profileProtectedUserAttributes" : {
              "title" : "Protected Update Attributes",
              "description" : "Specifies a profile's protected user attributes, which causes re-authentication when the user attempts to modify these attributes.",
              "propertyOrder" : 320,
              "required" : false,
              "items" : {
                "type" : "string"
              },
              "type" : "array",
              "exampleValue" : ""
            }
          }
        },
        "forgottenUsername" : {
          "type" : "object",
          "title" : "Forgotten Username",
          "propertyOrder" : 3,
          "properties" : {
            "forgottenUsernameEmailUsernameEnabled" : {
              "title" : "Email Username",
              "description" : "If enabled, users receive their forgotten username by email.",
              "propertyOrder" : 270,
              "required" : false,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "forgottenUsernameShowUsernameEnabled" : {
              "title" : "Show Username",
              "description" : "If enabled, users see their forgotten username on the browser page.",
              "propertyOrder" : 280,
              "required" : false,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "forgottenUsernameCaptchaEnabled" : {
              "title" : "Captcha",
              "description" : "If enabled, users must pass a Google reCAPTCHA challenge during the forgotten username retrieval process to mitigate against software bots.",
              "propertyOrder" : 250,
              "required" : false,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "forgottenUsernameTokenTTL" : {
              "title" : "Token LifeTime (seconds)",
              "description" : "Maximum lifetime for the token allowing forgotten username, in seconds.",
              "propertyOrder" : 290,
              "required" : false,
              "type" : "integer",
              "exampleValue" : ""
            },
            "forgottenUsernameEnabled" : {
              "title" : "Forgotten Username",
              "description" : "If enabled, users can retrieve their forgotten username.",
              "propertyOrder" : 240,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "forgottenUsernameEmailBody" : {
              "title" : "Outgoing Email Body",
              "description" : "Customizes the forgotten username email body text. Format is <code>locale|body text</code>.",
              "propertyOrder" : 310,
              "required" : false,
              "items" : {
                "type" : "string"
              },
              "type" : "array",
              "exampleValue" : ""
            },
            "forgottenUsernameKbaEnabled" : {
              "title" : "Security Questions",
              "description" : "If enabled, users must answer their security questions during the forgotten username process.",
              "propertyOrder" : 260,
              "required" : false,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "forgottenUsernameEmailSubject" : {
              "title" : "Outgoing Email Subject",
              "description" : "Customizes the forgotten username email subject text. Format is <code>locale|subject text</code>.",
              "propertyOrder" : 300,
              "required" : false,
              "items" : {
                "type" : "string"
              },
              "type" : "array",
              "exampleValue" : ""
            }
          }
        },
        "generalConfig" : {
          "type" : "object",
          "title" : "General Configuration",
          "propertyOrder" : 0,
          "properties" : {
            "captchaSiteKey" : {
              "title" : "Google reCAPTCHA Site Key",
              "description" : "Google reCAPTCHA plugin site key.",
              "propertyOrder" : 20,
              "required" : false,
              "type" : "string",
              "exampleValue" : ""
            },
            "captchaVerificationUrl" : {
              "title" : "Google Re-captcha Verification URL",
              "description" : "Google reCAPTCHA plugin verification URL.",
              "propertyOrder" : 40,
              "required" : false,
              "type" : "string",
              "exampleValue" : ""
            },
            "minimumAnswersToVerify" : {
              "title" : "Minimum Answers to Verify",
              "description" : "Specifies the minimum number of KBA questions that users need to answer to be granted the privilege to carry out an action, such as registering for an account, resetting a password, or retrieving a username. Specify a value from <code>0</code> to <code>50</code>.",
              "propertyOrder" : 70,
              "required" : false,
              "type" : "integer",
              "exampleValue" : ""
            },
            "captchaSecretKey" : {
              "title" : "Google reCAPTCHA Secret Key",
              "description" : "Google reCAPTCHA plugin secret key.",
              "propertyOrder" : 30,
              "required" : false,
              "type" : "string",
              "exampleValue" : ""
            },
            "encryptionKeyPairAlias" : {
              "title" : "Encryption Key Pair Alias",
              "description" : "An encryption key alias in the OpenAM server's JCEKS keystore. Used to encrypt the JWT token that OpenAM uses to track end users during User Self-Service operations.",
              "propertyOrder" : 0,
              "required" : true,
              "type" : "string",
              "exampleValue" : "selfserviceenctest"
            },
            "signingSecretKeyAlias" : {
              "title" : "Signing Secret Key Alias",
              "description" : "A signing secret key alias in the OpenAM server's JCEKS keystore. Used to sign the JWT token that OpenAM uses to track end users during User Self-Service operations.",
              "propertyOrder" : 10,
              "required" : true,
              "type" : "string",
              "exampleValue" : "selfservicesigntest"
            },
            "validQueryAttributes" : {
              "title" : "Valid Query Attributes",
              "description" : "Specifies the valid query attributes used to search for the user. This is a list of attributes used to identify your account for forgotten password and forgotten username.",
              "propertyOrder" : 80,
              "required" : false,
              "items" : {
                "type" : "string"
              },
              "type" : "array",
              "exampleValue" : ""
            },
            "minimumAnswersToDefine" : {
              "title" : "Minimum Answers to Define",
              "description" : "Specifies the minimum number of KBA answers that users must define.",
              "propertyOrder" : 60,
              "required" : false,
              "type" : "integer",
              "exampleValue" : ""
            },
            "kbaQuestions" : {
              "title" : "Security Questions",
              "description" : "Specifies the default set of knowledge-based authentication (KBA) security questions. The security questions can be set for the User Self-Registration, forgotten password reset, and forgotten username services, respectively.<p><p>Format is <code>unique key|locale|question</code>.",
              "propertyOrder" : 50,
              "required" : false,
              "items" : {
                "type" : "string"
              },
              "type" : "array",
              "exampleValue" : ""
            }
          }
        },
        "userRegistration" : {
          "type" : "object",
          "title" : "User Registration",
          "propertyOrder" : 1,
          "properties" : {
            "userRegistrationEnabled" : {
              "title" : "User Registration",
              "description" : "If enabled, new users can sign up for an account.",
              "propertyOrder" : 90,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "userRegistrationEmailBody" : {
              "title" : "Outgoing Email Body",
              "description" : "Customize the User Self-Registration verification email body text. Format is: <code>locale|body text</code>.",
              "propertyOrder" : 150,
              "required" : false,
              "items" : {
                "type" : "string"
              },
              "type" : "array",
              "exampleValue" : ""
            },
            "userRegistrationValidUserAttributes" : {
              "title" : "Valid Creation Attributes",
              "description" : "Specifies a whitelist of user attributes that can be set during user creation.",
              "propertyOrder" : 160,
              "required" : false,
              "items" : {
                "type" : "string"
              },
              "type" : "array",
              "exampleValue" : ""
            },
            "userRegistrationEmailVerificationEnabled" : {
              "title" : "Email Verification",
              "description" : "If enabled, users who self-register must perform email address verification.",
              "propertyOrder" : 110,
              "required" : false,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "userRegistrationEmailSubject" : {
              "title" : "Outgoing Email Subject",
              "description" : "Customize the User Self-Registration verification email subject text. Format is <code>locale|subject text</code>.",
              "propertyOrder" : 140,
              "required" : false,
              "items" : {
                "type" : "string"
              },
              "type" : "array",
              "exampleValue" : ""
            },
            "userRegistrationTokenTTL" : {
              "title" : "Token Lifetime (seconds)",
              "description" : "Maximum lifetime of the token allowing User Self-Registration, in seconds.",
              "propertyOrder" : 130,
              "required" : false,
              "type" : "integer",
              "exampleValue" : ""
            },
            "userRegisteredDestination" : {
              "title" : "Destination After Successful Self-Registration",
              "description" : "Specifies the action to be taken after a user successfully registers a new account. Choose from:<ul><li><code>default</code>. User is sent to a success page without being logged in.</li><li><code>login</code>. User is sent to the login page to authenticate.</li><li><code>autologin</code>. User is automatically logged in and sent to the appropriate page.</li></ul>",
              "propertyOrder" : 161,
              "required" : true,
              "type" : "string",
              "exampleValue" : ""
            },
            "userRegistrationCaptchaEnabled" : {
              "title" : "Captcha",
              "description" : "If enabled, users must pass a Google reCAPTCHA challenge during user self-registration to mitigate against software bots.",
              "propertyOrder" : 100,
              "required" : false,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "userRegistrationEmailVerificationFirstEnabled" : {
              "title" : "Verify Email before User Detail",
              "description" : "If enabled, email address verification will be performed first before user details screen is displayed. This will take effect only if Verify Email is enabled.",
              "propertyOrder" : 105,
              "required" : false,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "userRegistrationKbaEnabled" : {
              "title" : "Security Questions",
              "description" : "If enabled, users must set up their security questions during the self-registration process.",
              "propertyOrder" : 120,
              "required" : false,
              "type" : "boolean",
              "exampleValue" : ""
            }
          }
        },
        "advancedConfig" : {
          "type" : "object",
          "title" : "Advanced Configuration",
          "propertyOrder" : 5,
          "properties" : {
            "forgottenPasswordConfirmationUrl" : {
              "title" : "Forgotten Password Confirmation Email URL",
              "description" : "Specifies the confirmation URL that the user receives after confirming their identity during the forgotten password process. The <code>${realm}</code> string is replaced with the current realm.",
              "propertyOrder" : 340,
              "required" : false,
              "type" : "string",
              "exampleValue" : ""
            },
            "forgottenUsernameServiceConfigClass" : {
              "title" : "Forgotten Username Service Config Provider Class",
              "description" : "Specifies the provider class to configure any custom plugins.",
              "propertyOrder" : 370,
              "required" : false,
              "type" : "string",
              "exampleValue" : ""
            },
            "forgottenPasswordServiceConfigClass" : {
              "title" : "Forgotten Password Service Config Provider Class",
              "description" : "Specifies the provider class to configure any custom plugins.",
              "propertyOrder" : 360,
              "required" : false,
              "type" : "string",
              "exampleValue" : ""
            },
            "userRegistrationServiceConfigClass" : {
              "title" : "User Registration Service Config Provider Class",
              "description" : "Specifies the provider class to configure any custom plugins.",
              "propertyOrder" : 350,
              "required" : false,
              "type" : "string",
              "exampleValue" : ""
            },
            "userRegistrationConfirmationUrl" : {
              "title" : "User Registration Confirmation Email URL",
              "description" : "Specifies the confirmation URL that the user receives during the self-registration process. The <code>${realm}</code> string is replaced with the current realm.",
              "propertyOrder" : 330,
              "required" : false,
              "type" : "string",
              "exampleValue" : ""
            }
          }
        }
      },
      "type" : "object",
      "title" : "Realm Defaults"
    }
  }
}