Amster

WebAgentGroups

Realm Operations

Agent Groups handler that is responsible for managing agent groups

Resource path:

/realm-config/agents/groups/WebAgent

Resource version: 2.0

create

Usage

am> create WebAgentGroups --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "globalWebAgentConfig" : {
      "type" : "object",
      "title" : "Global",
      "propertyOrder" : 0,
      "properties" : {
        "jwtName" : {
          "title" : "JWT Cookie Name",
          "description" : "The name used by the agent to set the OIDC JWT on the user's browser.<br>Property: org.forgerock.agents.jwt.cookie.name <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 25500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "ssoOnlyMode" : {
          "title" : "SSO Only Mode",
          "description" : "Agent will just enforce authentication (SSO), but no authorization for policies. (property name: com.sun.identity.agents.config.sso.only)",
          "propertyOrder" : 26200,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "webSocketConnectionIntervalInMinutes" : {
          "title" : "WebSocket Connection Interval",
          "description" : "The time in minutes before WebSockets to AM are killed and reopened. This property helps ensure a balanced distribution of connections across the AM servers on the site. <br>Default: 30<br>Type: Integer<br>Hot-swap: Yes<br> Property: org.forgerock.agents.balance.websocket.interval.minutes <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 25400,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "resetIdleTime" : {
          "title" : "Reset Idle Timeout",
          "description" : "If the agent is configured in SSO-only mode, the session may unexpectedly expire in AM due to idle timeout before the user has finished accessing the application. <br>Set this property to true to refresh the timeout when the user performs an action. <br>When set to true, the agent makes an additional call to AM, this may cause a performance impact. Configure this property only if: <br>   The agent is configured in SSO-only mode. <br>   User's sessions are timing out in AM because they are unexpectedly reaching the maximum idle timeout value. <br>(property: com.forgerock.agents.call.session.refresh)",
          "propertyOrder" : 26250,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "notificationsEnabled" : {
          "title" : "Enable Notifications",
          "description" : "The notifications help in maintaining agent's sso, policy and configuration caches. (property name: com.sun.identity.agents.config.notification.enable) <br>Requires Agent Restart",
          "propertyOrder" : 25600,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "agentUriPrefix" : {
          "title" : "Agent Deployment URI Prefix",
          "description" : "(property name: com.sun.identity.agents.config.agenturi.prefix)",
          "propertyOrder" : 25800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "cdssoRootUrl" : {
          "title" : "Agent Root URL for CDSSO",
          "description" : "The list of agent root URLs for CDSSO. The valid value is in the format protocol://hostname:port/, where protocol represents the protocol used, such as http or https, hostname represents the host name of the system where the agent resides, and port represents the port number on which the agent is installed. The slash following the port number is required.<br> If your agent system also has virtual host names, add URLs with the virtual host names to this list as well. AM checks that goto URLs match one of the agent root URLs for CDSSO.<br>Property: sunIdentityServerDeviceKeyValue <br>Valid for Agent 5.0 onwards",
          "propertyOrder" : 26100,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "amLbCookieEnable" : {
          "title" : "AM Load Balancer Cookie Enabled",
          "description" : "When true, the Web Agent passes the amlbcookie to AM. Use this property to improve performance. AM Load balancer cookies can reduce the number of calls that different AM instances make to the Core Token Service (CTS). <br>Property: com.forgerock.agents.config.add.amlbcookie <br>Introduced in Web Agent 5.8",
          "propertyOrder" : 26150,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "agentDebugLevel" : {
          "title" : "Agent Debug Level",
          "description" : "Agent debug level. (property name: com.sun.identity.agents.config.debug.level)",
          "propertyOrder" : 26400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "configurationPollingInterval" : {
          "title" : "Configuration Reload Interval",
          "description" : "Interval in minutes to fetch agent configuration from AM. (property name: com.sun.identity.agents.config.polling.interval) <br>Requires Agent Restart",
          "propertyOrder" : 25900,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "fqdnCheck" : {
          "title" : "FQDN Check",
          "description" : "Enables checking of fqdn default value and fqdn map values. (property name: com.sun.identity.agents.config.fqdn.check.enable)",
          "propertyOrder" : 27300,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "auditLogLocation" : {
          "title" : "Audit Log Location",
          "description" : "Specifies where audit messages should be logged. (property name: com.sun.identity.agents.config.log.disposition)",
          "propertyOrder" : 26800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "status" : {
          "title" : "Status",
          "description" : "Status of the agent configuration.",
          "propertyOrder" : 25100,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "jwtAuditWhitelist" : {
          "title" : "Agent Profile ID Allow List",
          "description" : "Specifies a comma-separated list of profile IDs that the agent will consider as valid values for the audience claim. This claim is represented in the JWT containing the end user's session. <br>Example: <br>agentprofile1,agentprofile2,.... <br>When several agents configured with different agent profiles protect the same application, set this property to a list of the agent profiles that are protecting the same application. <br>Property: com.forgerock.agents.jwt.aud.whitelist <br>Introduced in Web Agent 5.6.2",
          "propertyOrder" : 25520,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "disableJwtAudit" : {
          "title" : "Disable validation of the audience claim",
          "description" : "Specifies whether the agent should validate the audience claim matches the agent profile ID represented in the JWT containing the end user's session. <br>Possible values are: <br>  false = The agent validates audience claim. <br>  true = The agent does not validate audience claim.<br> (property: com.forgerock.agents.jwt.aud.disable)",
          "propertyOrder" : 25510,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "accessDeniedUrl" : {
          "title" : "Resources Access Denied URL",
          "description" : "The URL of the customized access denied page. (property name: com.sun.identity.agents.config.access.denied.url)",
          "propertyOrder" : 26300,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "fqdnDefault" : {
          "title" : "FQDN Default",
          "description" : "Fully qualified hostname that the users should use in order to access resources. (property name: com.sun.identity.agents.config.fqdn.default)",
          "propertyOrder" : 27400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "fqdnMapping" : {
          "title" : "FQDN Virtual Host Map",
          "description" : "Maps virtual, invalid, or partial hostnames, and IP addresses to the FQDN to access protected resources. (property name: com.sun.identity.agents.config.fqdn.mapping) <br> Examples: <br>  To map the partial hostname myserver to myserver.mydomain.com: enter myserver in the Map Key field and myserver.mydomain.com in the Corresponding Map Value field. To map a virtual server rst.hostname.com that points to the actual server abc.hostname.com: enter valid1 in the Map Key field and rst.hostname.com in the Corresponding Map Value field.",
          "propertyOrder" : 27500,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "auditAccessType" : {
          "title" : "Audit Access Types",
          "description" : "Types of messages to log based on user URL access attempts. (property name: com.sun.identity.agents.config.audit.accesstype)",
          "propertyOrder" : 26700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "agentConfigChangeNotificationsEnabled" : {
          "title" : "Enable Notifications of Agent Configuration Change",
          "description" : "Enable agent to receive notification messages (via websockets) from AM server for configuration changes.<br>Property: com.sun.identity.agents.config.change.notification.enable <br>Valid for Web Agent 5.0 onwards",
          "propertyOrder" : 25300,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "amServicesWebAgent" : {
      "type" : "object",
      "title" : "AM Services",
      "propertyOrder" : 3,
      "properties" : {
        "userIdParameterType" : {
          "title" : "User ID Parameter Type",
          "description" : "User ID can be fetched from either SESSION and LDAP attributes. (property name: com.sun.identity.agents.config.userid.param.type)",
          "propertyOrder" : 30900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "amLoginUrl" : {
          "title" : "AM Login URL",
          "description" : "AM login page URL. (property name: com.sun.identity.agents.config.login.url)  <br> Example: <br> http://host:port/am/UI/Login",
          "propertyOrder" : 29900,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "logoutResetCookies" : {
          "title" : "Logout Cookies List for Reset",
          "description" : "Any cookies to be reset upon logout in the same format as cookie reset list. (property name: com.sun.identity.agents.config.logout.cookie.reset) <br> Cookie1 <br> Cookie2=value;Domain=subdomain.domain.com",
          "propertyOrder" : 30400,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "regexConditionalLoginUrl" : {
          "title" : "Regular Expression Conditional Login URL",
          "description" : "Conditionally redirect users based on the incoming request URL. If the incoming request URL matches a regular expression, the web agent redirects the request to a specific URL. That specific URL can be an AM instance, site, or a different website. Specifies the redirection URL and its parameters. This property needs to configure \"Regular Expression Conditional Login Pattern\" <br>Example: <br>  org.forgerock.agents.config.conditional.login.pattern[0] = .*shop <br>  org.forgerock.agents.config.conditional.login.url[0] = http://am.example.com/am/oauth2/authorize?realm=sales <br><br>Property: org.forgerock.agents.config.conditional.login.url",
          "propertyOrder" : 30100,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "enableLogoutRegex" : {
          "title" : "Enable Regex for Logout URL List",
          "description" : "This property allows regular expressions in \"Logout URL List\" (property: org.forgerock.agents.config.logout.regex.enable)",
          "propertyOrder" : 30530,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "logoutRedirectUrl" : {
          "title" : "Logout Redirect URL",
          "description" : "User gets redirected to this url after logout. (property name: com.sun.identity.agents.config.logout.redirect.url). This property should be specified along with the above Logout URL List.",
          "propertyOrder" : 30500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "fetchPoliciesFromRootResource" : {
          "title" : "Fetch Policies from Root Resource",
          "description" : "Agent caches policy decision of the resource and all resources from the root of the resource down. (property name: com.sun.identity.agents.config.fetch.from.root.resource) <br>Requires Agent Restart",
          "propertyOrder" : 31000,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "amLogoutUrl" : {
          "title" : "AM Logout URL",
          "description" : "AM logout page URL. (property name: com.sun.identity.agents.config.logout.url)  <br> Example: <br> http://host:port/am/UI/Logout",
          "propertyOrder" : 30200,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "retrieveClientHostname" : {
          "title" : "Retrieve Client Hostname",
          "description" : "Gets the client's hostname through DNS reverse lookup for use in policy evaluation. (property name: com.sun.identity.agents.config.get.client.host.name)",
          "propertyOrder" : 31100,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "policyClockSkew" : {
          "title" : "Policy Clock Skew",
          "description" : "Time in seconds used adjust time difference between Agent machine and AM. Clock skew in seconds = AgentTime - AMServerTime. (property name: com.sun.identity.agents.config.policy.clock.skew) <br>Requires Agent Restart",
          "propertyOrder" : 31200,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "policyEvaluationRealm" : {
          "title" : "Policy Evaluation Realm",
          "description" : "Which realm to start evaluating from. (property name: org.forgerock.openam.agents.config.policy.evaluation.realm)",
          "propertyOrder" : 31300,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "logoutRedirectDisabled" : {
          "title" : "Disabled Logout Redirection",
          "description" : "When disabled, instead of redirecting the user-agent, the web agent performs session logout in the background and then continues processing access to the current URL. (property: com.forgerock.agents.config.logout.redirect.disable)",
          "propertyOrder" : 30510,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "userIdParameter" : {
          "title" : "User ID Parameter",
          "description" : "Agent sets value of User Id to REMOTE_USER server variable. (property name: com.sun.identity.agents.config.userid.param)",
          "propertyOrder" : 30800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "ssoCachePollingInterval" : {
          "title" : "SSO Cache Polling Period",
          "description" : "Polling interval in minutes to refresh agent's sso cache. (property name: com.sun.identity.agents.config.sso.cache.polling.interval) <br>Requires Agent Restart",
          "propertyOrder" : 30700,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "policyEvaluationApplication" : {
          "title" : "Policy Set",
          "description" : "Which application contains the policies to evaluate with. (property name: org.forgerock.openam.agents.config.policy.evaluation.application)",
          "propertyOrder" : 31400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "customLoginMode" : {
          "title" : "Custom Login Mode",
          "description" : "Specifies whether the agent should use the default or the custom login mode when redirecting unauthenticated users.<br>Possible values are: <br>0. Disabled. Default login redirection mode enabled <br>  1. Custom login mode enabled based on converts the SSO token into an ID token <br>  2. Legacy Custom login mode. Can be used in specific migration cases from agent 4 <br>(property: org.forgerock.openam.agents.config.allow.custom.login)",
          "propertyOrder" : 29890,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "publicAmUrl" : {
          "title" : "Public AM URL",
          "description" : "Overrides the agent's behavior of finding a suitable AM server and specifies the public URL of the AM to redirect to. <br> Use this property if: <br>  - Your environment uses custom login pages (OIDC-compliant and non-OIDC-compliant flows). <br>  - Your environment's custom login pages are in a network that can only access AM using a proxy, a firewall, or any other technology that remaps the AM URL to one accessible by the custom login pages. <br>  -End-users cannot log in due to their cookies being set in the wrong domains. <br>(property: com.forgerock.agents.public.am.url) ",
          "propertyOrder" : 29950,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "policyCachePollingInterval" : {
          "title" : "Policy Cache Polling Period",
          "description" : "Polling interval in minutes to refresh agent's policy cache. (property name: com.sun.identity.agents.config.policy.cache.polling.interval) <br>Requires Agent Restart",
          "propertyOrder" : 30600,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "conditionalLoginUrl" : {
          "title" : "AM Conditional Login URL",
          "description" : "Conditionally redirect users based on the incoming request URL. If the incoming request URL matches a specified domain name, the web agent redirects the request to a specific URL. That specific URL can be an AM instance, site, or a different website. <br>Example: <br>  example.com|https://am.example.com/am/oauth2/authorize <br>  myapp.domain.com|https://am2.example.com/am/oauth2/authorize?realm=sales <br><br>Property: com.forgerock.agents.conditional.login.url",
          "propertyOrder" : 30000,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "invalidateLogoutSession" : {
          "title" : "Invalidate Logout Session",
          "description" : "Specifies whether the agent must invalidate the user session in AM when redirecting to the logout URL specified either by the Logout URL list (com.sun.identity.agents.config.agent.logout.url) or the AM logout URL (com.sun.identity.agents.config.logout.url) properties. (property: org.forgerock.agents.config.logout.session.invalidate)",
          "propertyOrder" : 30520,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "regexConditionalLoginPattern" : {
          "title" : "Regular Expression Conditional Login Pattern",
          "description" : "Conditionally redirect users based on the incoming request URL. If the incoming request URL matches a regular expression, the web agent redirects the request to a specific URL. That specific URL can be an AM instance, site, or a different website. Specifies the regular expression that the domain name must match. This property needs to configure \"Regular Expression Conditional Login URL\" <br>Example: <br>  org.forgerock.agents.config.conditional.login.pattern[0] = .*shop <br>  org.forgerock.agents.config.conditional.login.url[0] = http://am.example.com/am/oauth2/authorize?realm=sales <br><br>Property: org.forgerock.agents.config.conditional.login.pattern",
          "propertyOrder" : 30050,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "logoutUrlRegex" : {
          "title" : "Logout URL Regular Expression",
          "description" : "Perl-compatible regular expression that matches logout URLs. For example, to match URLs with protectedA or protectedB in the path and op=logout in the query string, use the following setting: <br>*(/protectedA\\?|/protectedB\\?/).*(\\&op=logout\\&)(.*|$)  <br>When you use this property, the agent ignores the settings for Logout URL List. (property: com.forgerock.agents.agent.logout.url.regex)",
          "propertyOrder" : 30540,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "applicationLogoutUrls" : {
          "title" : "Logout URL List",
          "description" : "List of application logout URLs. User gets logged out from AM session when these urls accessed. (property name: com.sun.identity.agents.config.agent.logout.url). If this property is used, user should specify a value for the below Logout Redirect URL property. <br> Example: <br> http://myagent.mydomain.com/logout.html",
          "propertyOrder" : 30300,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        }
      }
    },
    "applicationWebAgentConfig" : {
      "type" : "object",
      "title" : "Application",
      "propertyOrder" : 1,
      "properties" : {
        "fetchAttributesForNotEnforcedUrls" : {
          "title" : "Fetch Attributes for Not Enforced URLs",
          "description" : "Agent fetches profile attributes for not enforced urls by doing policy evaluation. (property name: com.sun.identity.agents.config.notenforced.url.attributes.enable)",
          "propertyOrder" : 27900,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "notEnforcedIps" : {
          "title" : "Not Enforced Client IP List",
          "description" : "No authentication and authorization are required for the requests coming from these client IP addresses. (property name: com.sun.identity.agents.config.notenforced.ip) <br> Examples: <br> 192.18.145.* <br> 192.18.146.123",
          "propertyOrder" : 28000,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "notEnforcedUrls" : {
          "title" : "Not Enforced URLs",
          "description" : "List of urls for which no authentication required. (property name: com.sun.identity.agents.config.notenforced.url) <br> Example: <br> http://myagent.mydomain.com/*.gif",
          "propertyOrder" : 27700,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "profileAttributeFetchMode" : {
          "title" : "Profile Attribute Fetch Mode",
          "description" : "(property name: com.sun.identity.agents.config.profile.attribute.fetch.mode)",
          "propertyOrder" : 28200,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "attributeMultiValueSeparator" : {
          "title" : "Attribute Multi Value Separator",
          "description" : "Specifies separator for multiple values. Applies to all types of attributes i.e. profile, session and response attributes. (property name: com.sun.identity.agents.config.attribute.multi.value.separator)",
          "propertyOrder" : 28800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "invertNotEnforcedUrls" : {
          "title" : "Invert Not Enforced URLs",
          "description" : "Only not enforced list of urls will be enforced. (property name: com.sun.identity.agents.config.notenforced.url.invert)",
          "propertyOrder" : 27800,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "notEnforcedIpsList" : {
          "title" : "Not-Enforced URL from IP Processing List",
          "description" : "Specifies a list of client IP addresses that do not require authentication when requesting the indicated URLs. <br>The supported format requires a list of IP addresses separated by spaces, the horizontal bar (|) character, and a list of URLs separated by spaces. <br>For example: <br>  10.1.2.1 192.168.0.2|/public/* <br>In the preceding example, the IP addresses 10.1.2.1 and  192.168.0.2 can access any resource inside /public without authenticating. (property: org.forgerock.agents.config.notenforced.ipurl)",
          "propertyOrder" : 28050,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sessionAttributeFetchMode" : {
          "title" : "Session Attribute Fetch Mode",
          "description" : "(property name: com.sun.identity.agents.config.session.attribute.fetch.mode)",
          "propertyOrder" : 28600,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "clientIpValidation" : {
          "title" : "Client IP Validation",
          "description" : "This validates if the subsequent browser requests come from the same ip address that the SSO token is initially issued against. (property name: com.sun.identity.agents.config.client.ip.validation.enable)",
          "propertyOrder" : 28100,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "continuousSecurityHeaders" : {
          "title" : "Continuous Security Header Map",
          "description" : "The name of the headers in the user's original request, that will be sent as part of the payload during policy evaluation, which can then be accessed via the 'environment' variable in a policy script. The 'key' is the name of the header to be sent, and the 'value' is the name which it will appear as in the policy evaluation script.It is possible to map multiple headers to the same name (they will simply appear as an array in the evaluation script). If the header doesn't exist, then the empty string will be sent. <br>Property: org.forgerock.agents.continuous.security.headers.map <br>Valid for Agent 5.0 onwards",
          "propertyOrder" : 29000,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "responseAttributeFetchMode" : {
          "title" : "Response Attribute Fetch Mode",
          "description" : "(property name: com.sun.identity.agents.config.response.attribute.fetch.mode)",
          "propertyOrder" : 28400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "responseAttributeMap" : {
          "title" : "Response Attribute Map",
          "description" : "Maps the policy response attributes to be populated under specific names for the currently authenticated user. (property name: com.sun.identity.agents.config.response.attribute.mapping)  <br> Example: <br> To populate the value of response attribute uid under name CUSTOM-USER-NAME: enter uid in Map Key field, and enter CUSTOM-USER-NAME in Corresponding Map Value field.",
          "propertyOrder" : 28500,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "sessionAttributeMap" : {
          "title" : "Session Attribute Map",
          "description" : "Maps the session attributes to be populated under specific names for the currently authenticated user. (property name: com.sun.identity.agents.config.session.attribute.mapping)   <br> Example: <br>  To populate the value of session attribute UserToken under name CUSTOM-userid: enter UserToken in Map Key field, and enter CUSTOM-userid in Corresponding Map Value field.",
          "propertyOrder" : 28700,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "notEnforcedIpsRegex" : {
          "title" : "Regular Expressions for Not-Enforced IPs",
          "description" : "Enable use of Perl-compatible regular expressions in Not-Enforced URL from IP settings. (property: org.forgerock.agents.config.notenforced.ext.regex.enable)",
          "propertyOrder" : 28150,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "profileAttributeMap" : {
          "title" : "Profile Attribute Map",
          "description" : "Maps the profile attributes to be populated under specific names for the currently authenticated user. (property name: com.sun.identity.agents.config.profile.attribute.mapping)  <br> Example: <br> To populate the value of profile attribute cn under name CUSTOM-Common-Name: enter cn in Map Key field, and enter CUSTOM-Common-Name in Corresponding Map Value field. <br> To populate the value of profile attribute mail under name CUSTOM-Email: enter mail in Map Key field, and enter CUSTOM-Email in Corresponding Map Value field.",
          "propertyOrder" : 28300,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "ignorePathInfoForNotEnforcedUrls" : {
          "title" : "Ignore Path Info for Not Enforced URLs",
          "description" : "Indicate whether the path info and query should be stripped from the request URL before being compared with the URLs of the not enforced list when those URLs have a wildcard '*' character.  (property name: com.sun.identity.agents.config.ignore.path.info.for.not.enforced.list)  ",
          "propertyOrder" : 27600,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "continuousSecurityCookies" : {
          "title" : "Continuous Security Cookie Map",
          "description" : "The name of the cookies to be sent as part of the payload during policy evaluation, which can be accessed via the 'environment' variable in a policy script. The 'key' is the name of the cookie to be sent, and the 'value' is the name which it will appear as in the policy evaluation script. It is possible to map multiple cookies to the same name (they will simply appear as an array in the evaluation script). If the cookie doesn't exist, then the empty string will be sent. <br>Property: org.forgerock.agents.continuous.security.cookies.map <br>Valid for Agent 5.0 onwards",
          "propertyOrder" : 28900,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "notEnforcedUrlsRegex" : {
          "title" : "Regular Expressions for Not-Enforced URLs",
          "description" : "When true, enables use of Perl-compatible regular expressions in Not-enforced URL settings. (property: com.forgerock.agents.notenforced.url.regex.enable)",
          "propertyOrder" : 27850,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "advancedWebAgentConfig" : {
      "type" : "object",
      "title" : "Advanced",
      "propertyOrder" : 5,
      "properties" : {
        "fragmentRedirectEnabled" : {
          "title" : "Fragment Redirect Enabled",
          "description" : "Enable to save the browser's URL fragment during authentication. <br>(property: org.forgerock.agents.config.fragment.redirect.enable) (Agent 5.7+ only)",
          "propertyOrder" : 33400,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "pdpStickySessionMode" : {
          "title" : "POST Data Sticky Load Balancing Mode",
          "description" : "Specifies whether to create a cookie, or to append a query string to the URL to assist with sticky load balancing. Possible values are: <br>COOKIE. The web agent creates a cookie with the value specified in the com.sun.identity.agents.config.postdata.preserve.stickysession.value property. <br>URL. The web agent appends the value specified in the com.sun.identity.agents.config.postdata.preserve.stickysession.value to the URL query string. <br> (property: com.sun.identity.agents.config.postdata.preserve.stickysession.mode)",
          "propertyOrder" : 33700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "postDataPreservation" : {
          "title" : "POST Data Preservation",
          "description" : "Enables POST data preservation. (property name: com.sun.identity.agents.config.postdata.preserve.enable) <br> Note that this feature is not supported in all the web agents. Please refer individual agents documentation for more details.",
          "propertyOrder" : 33500,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "logonAndImpersonation" : {
          "title" : "Logon and Impersonation",
          "description" : "Set to true if agent should do Windows Logon and User Impersonation. (property name: com.sun.identity.agents.config.iis.logonuser)",
          "propertyOrder" : 34500,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "postDataCachePeriod" : {
          "title" : "POST Data Entries Cache Period",
          "description" : "POST cache entry lifetime in minutes. (property name: com.sun.identity.agents.config.postcache.entry.lifetime)",
          "propertyOrder" : 33600,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "clientIpHeader" : {
          "title" : "Client IP Address Header",
          "description" : "HTTP header name that holds the IP address of the client. <br>Property: org.forgerock.agents.http.header.containing.ip.address <br>Valid for Agent 5.0 onwards",
          "propertyOrder" : 32800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "pdpSkipPostUrl" : {
          "title" : "URLs Ignored by the Agent POST Data Inspector",
          "description" : "Specifies a list of URLs that will not be processed by the web agent POST data inspector. This allows other modules on the same server to access the POST data directly. <br>The following example uses wildcards to add a file named postreader.jsp in the root of any protected website to the list of URLs that will not have their POST data inspected: <br>http*://*:*/postreader.jsp <br>Any URLs added to this property should also be added to the Not-Enforced URLs <br> (property: org.forgerock.agents.config.skip.post.url)",
          "propertyOrder" : 33740,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "overrideRequestHost" : {
          "title" : "Override Request URL Host",
          "description" : "Set to true if the agent is sitting behind a ssl/tls off-loader, load balancer, or proxy to override the host with the value from the property com.sun.identity.agents.config.agenturi.prefix. (property name: com.sun.identity.agents.config.override.host)",
          "propertyOrder" : 33200,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "pdpJavascriptRepost" : {
          "title" : "Submit POST Data using JavaScript",
          "description" : "When set to true, preserved POST data will be resubmitted to the destination server after authentication by using JavaScript. (property: org.forgerock.agents.pdp.javascript.repost)",
          "propertyOrder" : 33730,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "customProperties" : {
          "title" : "Custom Properties",
          "description" : "Additional properties that allow users to augment the set of properties supported by agent. (property name: com.sun.identity.agents.config.freeformproperties)  <br> Examples: <br> customproperty=custom-value1 <br> customlist[0]=customlist-value-0 <br> customlist[1]=customlist-value-1 <br> custommap[key1]=custommap-value-1 <br> custommap[key2]=custommap-value-2",
          "propertyOrder" : 35100,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "pdpStickySessionCookieName" : {
          "title" : "POST Data Sticky Load Balancing Cookie Name",
          "description" : "Specifies the name of a cookie to use for enabling sticky load balancing when the \"POST Data Sticky Load Balancing Mode\" property is set to COOKIE. Set the cookie name to the same value configured in the \"POST Data Sticky Load Balancing Value\" property. (property: com.sun.identity.agents.config.postdata.preserve.lbcookie)",
          "propertyOrder" : 33720,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "pdpStickySessionValue" : {
          "title" : "POST Data Sticky Load Balancing Value",
          "description" : "Specifies a key-value pair separated by the = character that the web agent creates when evaluating the \"POST Data Sticky Load Balancing Mode\". For example, a setting of lb=myserver either sets an lb cookie with myserver value, or adds lb=myserver to the URL query string. When configuring POST data preservation with cookies, set the cookie name in the cookie pair to the same value configured in the \"POST Data Sticky Load Balancing Cookie Name\". (property: com.sun.identity.agents.config.postdata.preserve.stickysession.value)",
          "propertyOrder" : 33710,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "retainSessionCache" : {
          "title" : "Retain Session Cache After Configuration Change",
          "description" : "Use this property to manage how the session cache is used after a change to the agent configuration: <br> False: Purge the session cache, and re-read the user session data. <br> True: Do not purge the session cache, and do not re-read the user session data. <br><br>Use this value to prevent the agent from flooding AM instances with requests, when the agent configuration changes regularly, and the changes do not affect the agent authorisation decisions. <br><br>Property: com.forgerock.agents.session.cache.eventually.consistent <br>Introduced in Web Agent 5.9.0",
          "propertyOrder" : 34700,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "apacheAuthDirectives" : {
          "title" : "Use Built-in Apache HTTPD Authentication Directives",
          "description" : "A regular expression pattern to specify which not-enforced URLs can use built-in Apache authentication directives, such as AuthName, FilesMatch, and Require, for basic authentication. <br>Requests with not-enforced URLs that match the expression can use built-in Apache authentication directives. <br><br>Property: com.forgerock.agents.no.remoteuser.module.compatibility <br>Introduced in Web Agent 5.9.0",
          "propertyOrder" : 34600,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "showPasswordInHeader" : {
          "title" : "Show Password in HTTP Header",
          "description" : "Set to true if encrypted password should be set in HTTP header AUTH_PASSWORD. (property name: com.sun.identity.agents.config.iis.password.header)",
          "propertyOrder" : 34400,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "replayPasswordKey" : {
          "title" : "Replay Password Key",
          "description" : "DES key for decrypting the basic authentication password in the session. <br>The value of this property is inherited from the secret mapped to the <code>am.authentication.replaypassword.key</code> secret label.<br>If you set a value in this field, it is ignored.",
          "propertyOrder" : 33900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "clientHostnameHeader" : {
          "title" : "Client Hostname Header",
          "description" : "HTTP header name that holds the Hostname of the client. <br>Property: org.forgerock.agents.http.header.containing.remote.hostname <br>Valid for Agent 5.0 onwards",
          "propertyOrder" : 32900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "overrideRequestPort" : {
          "title" : "Override Request URL Port",
          "description" : "Set to true if the agent is sitting behind a ssl/tls off-loader, load balancer, or proxy to override the port with the value from the property com.sun.identity.agents.config.agenturi.prefix. (property name: com.sun.identity.agents.config.override.port)",
          "propertyOrder" : 33300,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "overrideRequestProtocol" : {
          "title" : "Override Request URL Protocol",
          "description" : "Set to true if the agent is sitting behind a ssl/tls off-loader, load balancer, or proxy to override the protocol with the value from the property com.sun.identity.agents.config.agenturi.prefix. (property name: com.sun.identity.agents.config.override.protocol)",
          "propertyOrder" : 33100,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "hostnameToIpAddress" : {
          "title" : "Hostname to IP Address Map",
          "description" : "Map of a hostname to an IP address. The mapped hostname is automatically resolved to the IP address. <br>Format: Hostname|IP <br>Example: am.example.com|10.199.0.2 <br><br>Property: com.forgerock.agents.config.hostmap <br>Valid for Agent 5.0 onwards",
          "propertyOrder" : 32950,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        }
      }
    },
    "ssoWebAgentConfig" : {
      "type" : "object",
      "title" : "SSO",
      "propertyOrder" : 2,
      "properties" : {
        "cookieResetOnRedirect" : {
          "title" : "Session Cookie Reset on Authentication Redirect",
          "description" : "When set to true. the agent will not reset the session cookie on an authentication redirect if there is a policy advice present.By default, the agent resets the session cookie in all configured domains on every authentication redirect when a policy advice is present. (property: org.forgerock.agents.config.cdsso.advice.cleanup.disable)",
          "propertyOrder" : 29400,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "httpOnly" : {
          "title" : "HTTP Only Mode",
          "description" : "Agents with this property set to true mark cookies as HTTPOnly to prevent scripts and third-party programs from accessing the cookies. (property: com.sun.identity.cookie.httponly)",
          "propertyOrder" : 29250,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "cookieResetEnabled" : {
          "title" : "Cookie Reset",
          "description" : "Agent resets cookies in the response before redirecting to authentication. (property name: com.sun.identity.agents.config.cookie.reset.enable)",
          "propertyOrder" : 29700,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "persistentJwtCookie" : {
          "title" : "Persistent JWT Cookie",
          "description" : "Enable persistence for JWT cookie. If true JWT cookie will not be set as Session Cookie. (property: org.forgerock.agents.config.cdsso.persistent.cookie.enable)",
          "propertyOrder" : 29270,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "secureCookies" : {
          "title" : "Cookie Security",
          "description" : "Agent sends secure cookies if communication is secure. (property name: com.sun.identity.agents.config.cookie.secure) <br>Requires Agent Restart",
          "propertyOrder" : 29200,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "cookieName" : {
          "title" : "Cookie Name",
          "description" : "Name of the SSO Token cookie used between the AM server and the Agent. (property name: com.sun.identity.agents.config.cookie.name)<br>Requires Agent Restart",
          "propertyOrder" : 29100,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "cdssoCookieDomain" : {
          "title" : "Cookies Domain List",
          "description" : "List of domains in which cookies have to be set in CDSSO. (property name: com.sun.identity.agents.config.cdsso.cookie.domain) <br> Example: <br> .example.com",
          "propertyOrder" : 29600,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "acceptSsoToken" : {
          "title" : "Accept SSO Token",
          "description" : "Specifies whether the agent should accept SSO tokens as session cookies alongside with ID tokens. Possible values: <br>- false. The agent does not accept SSO Tokens <br>- true. The agent accepts both SSO tokens and ID tokens as session tokens during the login flow, and afterwards. SSO tokens are not converted to ID tokens <br>Set this property to \"true\" only for specific migration cases (see documentation for more info) <br>(property: com.forgerock.agents.accept.sso.token) (Agent 5.7+ only)",
          "propertyOrder" : 29850,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "cookieResetList" : {
          "title" : "Cookies Reset Name List",
          "description" : "List of cookies in the format: name[=value][;Domain=value]. (property name: com.sun.identity.agents.config.cookie.reset) <br> Examples: <br> Cookie1 <br> Cookie2=value;Domain=subdomain.domain.com",
          "propertyOrder" : 29800,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sameSite" : {
          "title" : "SameSite Cookie Attribute",
          "description" : "If set, agent will add SameSite attribute to all cookies created by agent with value which is provided in this property. <br>Example: Strict, Lax, None (property: com.forgerock.agents.cdsso.cookie.samesite)",
          "propertyOrder" : 29260,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "cdssoRedirectUri" : {
          "title" : "Authentication Redirect URI",
          "description" : "An intermediate URI that is used by the Agent for processing CDSSO requests. <br>Property: org.forgerock.agents.authn.redirect.uri <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 29300,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "multivaluePreAuthnCookie" : {
          "title" : "Multivalue for Pre-Authn Cookie",
          "description" : "With this set, the agent will use a legacy mode to create cookies that are used to track unauthenticated requests that have been redirected to login. This mode should only be used for backward compatibility, where the pre-5.7 way of tracking redirected requests is required, perhaps because the cookie names are referenced in proxy configuration. This property need not be set in any other situation. (property: org.forgerock.openam.agents.config.multivalue.pre.authn.cookies)",
          "propertyOrder" : 29280,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "miscWebAgentConfig" : {
      "type" : "object",
      "title" : "Miscellaneous",
      "propertyOrder" : 4,
      "properties" : {
        "gotoParameterName" : {
          "title" : "Goto Parameter Name",
          "description" : "This is the name of the HTTP query \"goto\" parameter. It is not recommended to change it.<br>Property: com.sun.identity.agents.config.redirect.param <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 32600,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "compositeAdviceEncode" : {
          "title" : "Composite Advice Encode",
          "description" : "This property is used to specify whether AM composite advices should be based64url encoded before sending to custom login endpoints. (property: com.forgerock.agents.advice.b64.url.encode)",
          "propertyOrder" : 32300,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "addCacheControlHeader" : {
          "title" : "Add Cache-Control Headers",
          "description" : "Set this property to true to enable use of Cache-Control headers that prevent proxies from caching resources accessed by unauthenticated users. (property: com.forgerock.agents.cache_control_header.enable)",
          "propertyOrder" : 32710,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "compositeAdviceRedirect" : {
          "title" : "Composite Advice Handling",
          "description" : "When set to true, the agent sends composite advice in the query (GET request) instead of sending it through a POST request. (property: com.sun.am.use_redirect_for_advice)",
          "propertyOrder" : 32200,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "invertUrlJsonResponse" : {
          "title" : "Invert Properties That Receive JSON-Formatted Responses",
          "description" : "Set to true to invert the meaning of both the org.forgerock.agents.config.json.url and org.forgerock.agents.config.json.header properties. When inverted the specified values in those two properties will not trigger JSON-formatted responses. Any non-specified value will trigger JSON-formatted responses, instead. (property: org.forgerock.agents.config.json.url.invert)",
          "propertyOrder" : 32750,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "ignorePathInfo" : {
          "title" : "Ignore Path Info in Request URL",
          "description" : "The path info will be stripped from the request URL while doing Not Enforced List check and url policy evaluation if the value is set to true. <br>Property: com.sun.identity.agents.config.ignore.path.info <br>Valid for Agent 5.0 onwards",
          "propertyOrder" : 32400,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "urlJsonResponse" : {
          "title" : "URLs to Receive JSON-Formatted Responses",
          "description" : "Returning the responses in JSON format is useful for non-browser-based, or AJAX applications, that may not want to redirect users to the AM user interface for authentication. <br>Example: org.forgerock.agents.config.json.url[0]=http*://*.example.com:*/api/* <br>org.forgerock.agents.config.json.response.code=202 <br>(property: org.forgerock.agents.config.json.url)",
          "propertyOrder" : 32730,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "encodeUrlSpecialCharacters" : {
          "title" : "Encode URL's Special Characters",
          "description" : "Encodes the url which has special characters before doing policy evaluation. (property name: com.sun.identity.agents.config.encode.url.special.chars.enable)",
          "propertyOrder" : 32100,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "anonymousUserId" : {
          "title" : "Anonymous User Default Value",
          "description" : "User id of unauthenticated users. (property name: com.sun.identity.agents.config.anonymous.user.id)",
          "propertyOrder" : 32700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "profileAttributesCookiePrefix" : {
          "title" : "Profile Attributes Cookie Prefix",
          "description" : "Sets cookie prefix in the attributes headers. (property name: com.sun.identity.agents.config.profile.attribute.cookie.prefix)",
          "propertyOrder" : 31800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "invalidUrlRegex" : {
          "title" : "Invalid URL Regular Expression",
          "description" : "Specifies a Perl-compatible regular expression to parse valid request URLs. The web agent rejects requests to invalid URLs with HTTP 403 Forbidden status without further processing. <br>Example, to filter out URLs containing a list of characters and words such as ./ /. / . %00-%1f, %7f-%ff, %25, %2B, %2C, %7E, .info, configure the following regular expression: <br>^(\\?!.\\/|\\/.|.|.info|%2B|%00-%1f|%7f-%ff|%25|%2C|%7E).*$ <br>(property: com.forgerock.agents.agent.invalid.url.regex)",
          "propertyOrder" : 32500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "mineEncodeHeader" : {
          "title" : "MIME-Encode HTTP Header Values",
          "description" : "Specifies whether the agent must MIME-encode HTTP header values, and when to do it. Possible values are: <br>  0. The agent MIME-encodes the value of HTTP headers if said value is a multi-byte Unicode string. <br>  1. The agent MIME-encodes the value of every HTTP header. <br>  2. The agent does not MIME-encode the value of any HTTP header. <br> (property: com.forgerock.agents.header.mime.encode)",
          "propertyOrder" : 32720,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "statusCodeJsonResponse" : {
          "title" : "HTTP Return Code for JSON-Formatted Responses",
          "description" : "Specifies an HTTP response code to return when a JSON-formatted error is triggered. (property: org.forgerock.agents.config.json.response.code)",
          "propertyOrder" : 32760,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "profileAttributesCookieMaxAge" : {
          "title" : "Profile Attributes Cookie Maxage",
          "description" : "Maxage of attributes cookie headers. (property name: com.sun.identity.agents.config.profile.attribute.cookie.maxage)",
          "propertyOrder" : 31900,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "caseInsensitiveUrlComparison" : {
          "title" : "URL Comparison Case Sensitivity Check",
          "description" : "Enforces case insensitivity in both policy and not enforced url evaluation. (property name: com.sun.identity.agents.config.url.comparison.case.ignore)",
          "propertyOrder" : 32000,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "anonymousUserEnabled" : {
          "title" : "Anonymous User",
          "description" : "Enable/Disable REMOTE_USER processing for anonymous users. (property name: com.sun.identity.agents.config.anonymous.user.enable)",
          "propertyOrder" : 31600,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "encodeSpecialCharsInCookies" : {
          "title" : "Encode special chars in Cookies",
          "description" : "Encode special chars in cookie by URL encoding. Useful when profile, session and response attributes contain special chars and attributes fetch mode is set to HTTP_COOKIE. (property name: com.sun.identity.agents.config.encode.cookie.special.chars.enable)  ",
          "propertyOrder" : 31700,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "headerJsonResponse" : {
          "title" : "Headers and Values to Receive JSON-Formatted Responses",
          "description" : "Specify HTTP headers and associated values that trigger JSON-formatted errors to be returned. <br>Example: <br>org.forgerock.agents.config.json.header[enableJsonResponse]=true <br>org.forgerock.agents.config.json.response.code=202 <br>(property: org.forgerock.agents.config.json.header[Header]=Value)",
          "propertyOrder" : 32740,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        }
      }
    }
  }
}

delete

Usage

am> delete WebAgentGroups --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action WebAgentGroups --realm Realm --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action WebAgentGroups --realm Realm --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action WebAgentGroups --realm Realm --actionName nextdescendents

query

Querying the agent groups of a specific type

Usage

am> query WebAgentGroups --realm Realm --filter filter

Parameters

--filter

A CREST formatted query filter, where "true" will query all.

read

Usage

am> read WebAgentGroups --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

update

Usage

am> update WebAgentGroups --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "globalWebAgentConfig" : {
      "type" : "object",
      "title" : "Global",
      "propertyOrder" : 0,
      "properties" : {
        "jwtName" : {
          "title" : "JWT Cookie Name",
          "description" : "The name used by the agent to set the OIDC JWT on the user's browser.<br>Property: org.forgerock.agents.jwt.cookie.name <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 25500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "ssoOnlyMode" : {
          "title" : "SSO Only Mode",
          "description" : "Agent will just enforce authentication (SSO), but no authorization for policies. (property name: com.sun.identity.agents.config.sso.only)",
          "propertyOrder" : 26200,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "webSocketConnectionIntervalInMinutes" : {
          "title" : "WebSocket Connection Interval",
          "description" : "The time in minutes before WebSockets to AM are killed and reopened. This property helps ensure a balanced distribution of connections across the AM servers on the site. <br>Default: 30<br>Type: Integer<br>Hot-swap: Yes<br> Property: org.forgerock.agents.balance.websocket.interval.minutes <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 25400,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "resetIdleTime" : {
          "title" : "Reset Idle Timeout",
          "description" : "If the agent is configured in SSO-only mode, the session may unexpectedly expire in AM due to idle timeout before the user has finished accessing the application. <br>Set this property to true to refresh the timeout when the user performs an action. <br>When set to true, the agent makes an additional call to AM, this may cause a performance impact. Configure this property only if: <br>   The agent is configured in SSO-only mode. <br>   User's sessions are timing out in AM because they are unexpectedly reaching the maximum idle timeout value. <br>(property: com.forgerock.agents.call.session.refresh)",
          "propertyOrder" : 26250,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "notificationsEnabled" : {
          "title" : "Enable Notifications",
          "description" : "The notifications help in maintaining agent's sso, policy and configuration caches. (property name: com.sun.identity.agents.config.notification.enable) <br>Requires Agent Restart",
          "propertyOrder" : 25600,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "agentUriPrefix" : {
          "title" : "Agent Deployment URI Prefix",
          "description" : "(property name: com.sun.identity.agents.config.agenturi.prefix)",
          "propertyOrder" : 25800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "cdssoRootUrl" : {
          "title" : "Agent Root URL for CDSSO",
          "description" : "The list of agent root URLs for CDSSO. The valid value is in the format protocol://hostname:port/, where protocol represents the protocol used, such as http or https, hostname represents the host name of the system where the agent resides, and port represents the port number on which the agent is installed. The slash following the port number is required.<br> If your agent system also has virtual host names, add URLs with the virtual host names to this list as well. AM checks that goto URLs match one of the agent root URLs for CDSSO.<br>Property: sunIdentityServerDeviceKeyValue <br>Valid for Agent 5.0 onwards",
          "propertyOrder" : 26100,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "amLbCookieEnable" : {
          "title" : "AM Load Balancer Cookie Enabled",
          "description" : "When true, the Web Agent passes the amlbcookie to AM. Use this property to improve performance. AM Load balancer cookies can reduce the number of calls that different AM instances make to the Core Token Service (CTS). <br>Property: com.forgerock.agents.config.add.amlbcookie <br>Introduced in Web Agent 5.8",
          "propertyOrder" : 26150,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "agentDebugLevel" : {
          "title" : "Agent Debug Level",
          "description" : "Agent debug level. (property name: com.sun.identity.agents.config.debug.level)",
          "propertyOrder" : 26400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "configurationPollingInterval" : {
          "title" : "Configuration Reload Interval",
          "description" : "Interval in minutes to fetch agent configuration from AM. (property name: com.sun.identity.agents.config.polling.interval) <br>Requires Agent Restart",
          "propertyOrder" : 25900,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "fqdnCheck" : {
          "title" : "FQDN Check",
          "description" : "Enables checking of fqdn default value and fqdn map values. (property name: com.sun.identity.agents.config.fqdn.check.enable)",
          "propertyOrder" : 27300,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "auditLogLocation" : {
          "title" : "Audit Log Location",
          "description" : "Specifies where audit messages should be logged. (property name: com.sun.identity.agents.config.log.disposition)",
          "propertyOrder" : 26800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "status" : {
          "title" : "Status",
          "description" : "Status of the agent configuration.",
          "propertyOrder" : 25100,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "jwtAuditWhitelist" : {
          "title" : "Agent Profile ID Allow List",
          "description" : "Specifies a comma-separated list of profile IDs that the agent will consider as valid values for the audience claim. This claim is represented in the JWT containing the end user's session. <br>Example: <br>agentprofile1,agentprofile2,.... <br>When several agents configured with different agent profiles protect the same application, set this property to a list of the agent profiles that are protecting the same application. <br>Property: com.forgerock.agents.jwt.aud.whitelist <br>Introduced in Web Agent 5.6.2",
          "propertyOrder" : 25520,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "disableJwtAudit" : {
          "title" : "Disable validation of the audience claim",
          "description" : "Specifies whether the agent should validate the audience claim matches the agent profile ID represented in the JWT containing the end user's session. <br>Possible values are: <br>  false = The agent validates audience claim. <br>  true = The agent does not validate audience claim.<br> (property: com.forgerock.agents.jwt.aud.disable)",
          "propertyOrder" : 25510,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "accessDeniedUrl" : {
          "title" : "Resources Access Denied URL",
          "description" : "The URL of the customized access denied page. (property name: com.sun.identity.agents.config.access.denied.url)",
          "propertyOrder" : 26300,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "fqdnDefault" : {
          "title" : "FQDN Default",
          "description" : "Fully qualified hostname that the users should use in order to access resources. (property name: com.sun.identity.agents.config.fqdn.default)",
          "propertyOrder" : 27400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "fqdnMapping" : {
          "title" : "FQDN Virtual Host Map",
          "description" : "Maps virtual, invalid, or partial hostnames, and IP addresses to the FQDN to access protected resources. (property name: com.sun.identity.agents.config.fqdn.mapping) <br> Examples: <br>  To map the partial hostname myserver to myserver.mydomain.com: enter myserver in the Map Key field and myserver.mydomain.com in the Corresponding Map Value field. To map a virtual server rst.hostname.com that points to the actual server abc.hostname.com: enter valid1 in the Map Key field and rst.hostname.com in the Corresponding Map Value field.",
          "propertyOrder" : 27500,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "auditAccessType" : {
          "title" : "Audit Access Types",
          "description" : "Types of messages to log based on user URL access attempts. (property name: com.sun.identity.agents.config.audit.accesstype)",
          "propertyOrder" : 26700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "agentConfigChangeNotificationsEnabled" : {
          "title" : "Enable Notifications of Agent Configuration Change",
          "description" : "Enable agent to receive notification messages (via websockets) from AM server for configuration changes.<br>Property: com.sun.identity.agents.config.change.notification.enable <br>Valid for Web Agent 5.0 onwards",
          "propertyOrder" : 25300,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "amServicesWebAgent" : {
      "type" : "object",
      "title" : "AM Services",
      "propertyOrder" : 3,
      "properties" : {
        "userIdParameterType" : {
          "title" : "User ID Parameter Type",
          "description" : "User ID can be fetched from either SESSION and LDAP attributes. (property name: com.sun.identity.agents.config.userid.param.type)",
          "propertyOrder" : 30900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "amLoginUrl" : {
          "title" : "AM Login URL",
          "description" : "AM login page URL. (property name: com.sun.identity.agents.config.login.url)  <br> Example: <br> http://host:port/am/UI/Login",
          "propertyOrder" : 29900,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "logoutResetCookies" : {
          "title" : "Logout Cookies List for Reset",
          "description" : "Any cookies to be reset upon logout in the same format as cookie reset list. (property name: com.sun.identity.agents.config.logout.cookie.reset) <br> Cookie1 <br> Cookie2=value;Domain=subdomain.domain.com",
          "propertyOrder" : 30400,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "regexConditionalLoginUrl" : {
          "title" : "Regular Expression Conditional Login URL",
          "description" : "Conditionally redirect users based on the incoming request URL. If the incoming request URL matches a regular expression, the web agent redirects the request to a specific URL. That specific URL can be an AM instance, site, or a different website. Specifies the redirection URL and its parameters. This property needs to configure \"Regular Expression Conditional Login Pattern\" <br>Example: <br>  org.forgerock.agents.config.conditional.login.pattern[0] = .*shop <br>  org.forgerock.agents.config.conditional.login.url[0] = http://am.example.com/am/oauth2/authorize?realm=sales <br><br>Property: org.forgerock.agents.config.conditional.login.url",
          "propertyOrder" : 30100,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "enableLogoutRegex" : {
          "title" : "Enable Regex for Logout URL List",
          "description" : "This property allows regular expressions in \"Logout URL List\" (property: org.forgerock.agents.config.logout.regex.enable)",
          "propertyOrder" : 30530,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "logoutRedirectUrl" : {
          "title" : "Logout Redirect URL",
          "description" : "User gets redirected to this url after logout. (property name: com.sun.identity.agents.config.logout.redirect.url). This property should be specified along with the above Logout URL List.",
          "propertyOrder" : 30500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "fetchPoliciesFromRootResource" : {
          "title" : "Fetch Policies from Root Resource",
          "description" : "Agent caches policy decision of the resource and all resources from the root of the resource down. (property name: com.sun.identity.agents.config.fetch.from.root.resource) <br>Requires Agent Restart",
          "propertyOrder" : 31000,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "amLogoutUrl" : {
          "title" : "AM Logout URL",
          "description" : "AM logout page URL. (property name: com.sun.identity.agents.config.logout.url)  <br> Example: <br> http://host:port/am/UI/Logout",
          "propertyOrder" : 30200,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "retrieveClientHostname" : {
          "title" : "Retrieve Client Hostname",
          "description" : "Gets the client's hostname through DNS reverse lookup for use in policy evaluation. (property name: com.sun.identity.agents.config.get.client.host.name)",
          "propertyOrder" : 31100,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "policyClockSkew" : {
          "title" : "Policy Clock Skew",
          "description" : "Time in seconds used adjust time difference between Agent machine and AM. Clock skew in seconds = AgentTime - AMServerTime. (property name: com.sun.identity.agents.config.policy.clock.skew) <br>Requires Agent Restart",
          "propertyOrder" : 31200,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "policyEvaluationRealm" : {
          "title" : "Policy Evaluation Realm",
          "description" : "Which realm to start evaluating from. (property name: org.forgerock.openam.agents.config.policy.evaluation.realm)",
          "propertyOrder" : 31300,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "logoutRedirectDisabled" : {
          "title" : "Disabled Logout Redirection",
          "description" : "When disabled, instead of redirecting the user-agent, the web agent performs session logout in the background and then continues processing access to the current URL. (property: com.forgerock.agents.config.logout.redirect.disable)",
          "propertyOrder" : 30510,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "userIdParameter" : {
          "title" : "User ID Parameter",
          "description" : "Agent sets value of User Id to REMOTE_USER server variable. (property name: com.sun.identity.agents.config.userid.param)",
          "propertyOrder" : 30800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "ssoCachePollingInterval" : {
          "title" : "SSO Cache Polling Period",
          "description" : "Polling interval in minutes to refresh agent's sso cache. (property name: com.sun.identity.agents.config.sso.cache.polling.interval) <br>Requires Agent Restart",
          "propertyOrder" : 30700,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "policyEvaluationApplication" : {
          "title" : "Policy Set",
          "description" : "Which application contains the policies to evaluate with. (property name: org.forgerock.openam.agents.config.policy.evaluation.application)",
          "propertyOrder" : 31400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "customLoginMode" : {
          "title" : "Custom Login Mode",
          "description" : "Specifies whether the agent should use the default or the custom login mode when redirecting unauthenticated users.<br>Possible values are: <br>0. Disabled. Default login redirection mode enabled <br>  1. Custom login mode enabled based on converts the SSO token into an ID token <br>  2. Legacy Custom login mode. Can be used in specific migration cases from agent 4 <br>(property: org.forgerock.openam.agents.config.allow.custom.login)",
          "propertyOrder" : 29890,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "publicAmUrl" : {
          "title" : "Public AM URL",
          "description" : "Overrides the agent's behavior of finding a suitable AM server and specifies the public URL of the AM to redirect to. <br> Use this property if: <br>  - Your environment uses custom login pages (OIDC-compliant and non-OIDC-compliant flows). <br>  - Your environment's custom login pages are in a network that can only access AM using a proxy, a firewall, or any other technology that remaps the AM URL to one accessible by the custom login pages. <br>  -End-users cannot log in due to their cookies being set in the wrong domains. <br>(property: com.forgerock.agents.public.am.url) ",
          "propertyOrder" : 29950,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "policyCachePollingInterval" : {
          "title" : "Policy Cache Polling Period",
          "description" : "Polling interval in minutes to refresh agent's policy cache. (property name: com.sun.identity.agents.config.policy.cache.polling.interval) <br>Requires Agent Restart",
          "propertyOrder" : 30600,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "conditionalLoginUrl" : {
          "title" : "AM Conditional Login URL",
          "description" : "Conditionally redirect users based on the incoming request URL. If the incoming request URL matches a specified domain name, the web agent redirects the request to a specific URL. That specific URL can be an AM instance, site, or a different website. <br>Example: <br>  example.com|https://am.example.com/am/oauth2/authorize <br>  myapp.domain.com|https://am2.example.com/am/oauth2/authorize?realm=sales <br><br>Property: com.forgerock.agents.conditional.login.url",
          "propertyOrder" : 30000,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "invalidateLogoutSession" : {
          "title" : "Invalidate Logout Session",
          "description" : "Specifies whether the agent must invalidate the user session in AM when redirecting to the logout URL specified either by the Logout URL list (com.sun.identity.agents.config.agent.logout.url) or the AM logout URL (com.sun.identity.agents.config.logout.url) properties. (property: org.forgerock.agents.config.logout.session.invalidate)",
          "propertyOrder" : 30520,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "regexConditionalLoginPattern" : {
          "title" : "Regular Expression Conditional Login Pattern",
          "description" : "Conditionally redirect users based on the incoming request URL. If the incoming request URL matches a regular expression, the web agent redirects the request to a specific URL. That specific URL can be an AM instance, site, or a different website. Specifies the regular expression that the domain name must match. This property needs to configure \"Regular Expression Conditional Login URL\" <br>Example: <br>  org.forgerock.agents.config.conditional.login.pattern[0] = .*shop <br>  org.forgerock.agents.config.conditional.login.url[0] = http://am.example.com/am/oauth2/authorize?realm=sales <br><br>Property: org.forgerock.agents.config.conditional.login.pattern",
          "propertyOrder" : 30050,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "logoutUrlRegex" : {
          "title" : "Logout URL Regular Expression",
          "description" : "Perl-compatible regular expression that matches logout URLs. For example, to match URLs with protectedA or protectedB in the path and op=logout in the query string, use the following setting: <br>*(/protectedA\\?|/protectedB\\?/).*(\\&op=logout\\&)(.*|$)  <br>When you use this property, the agent ignores the settings for Logout URL List. (property: com.forgerock.agents.agent.logout.url.regex)",
          "propertyOrder" : 30540,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "applicationLogoutUrls" : {
          "title" : "Logout URL List",
          "description" : "List of application logout URLs. User gets logged out from AM session when these urls accessed. (property name: com.sun.identity.agents.config.agent.logout.url). If this property is used, user should specify a value for the below Logout Redirect URL property. <br> Example: <br> http://myagent.mydomain.com/logout.html",
          "propertyOrder" : 30300,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        }
      }
    },
    "applicationWebAgentConfig" : {
      "type" : "object",
      "title" : "Application",
      "propertyOrder" : 1,
      "properties" : {
        "fetchAttributesForNotEnforcedUrls" : {
          "title" : "Fetch Attributes for Not Enforced URLs",
          "description" : "Agent fetches profile attributes for not enforced urls by doing policy evaluation. (property name: com.sun.identity.agents.config.notenforced.url.attributes.enable)",
          "propertyOrder" : 27900,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "notEnforcedIps" : {
          "title" : "Not Enforced Client IP List",
          "description" : "No authentication and authorization are required for the requests coming from these client IP addresses. (property name: com.sun.identity.agents.config.notenforced.ip) <br> Examples: <br> 192.18.145.* <br> 192.18.146.123",
          "propertyOrder" : 28000,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "notEnforcedUrls" : {
          "title" : "Not Enforced URLs",
          "description" : "List of urls for which no authentication required. (property name: com.sun.identity.agents.config.notenforced.url) <br> Example: <br> http://myagent.mydomain.com/*.gif",
          "propertyOrder" : 27700,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "profileAttributeFetchMode" : {
          "title" : "Profile Attribute Fetch Mode",
          "description" : "(property name: com.sun.identity.agents.config.profile.attribute.fetch.mode)",
          "propertyOrder" : 28200,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "attributeMultiValueSeparator" : {
          "title" : "Attribute Multi Value Separator",
          "description" : "Specifies separator for multiple values. Applies to all types of attributes i.e. profile, session and response attributes. (property name: com.sun.identity.agents.config.attribute.multi.value.separator)",
          "propertyOrder" : 28800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "invertNotEnforcedUrls" : {
          "title" : "Invert Not Enforced URLs",
          "description" : "Only not enforced list of urls will be enforced. (property name: com.sun.identity.agents.config.notenforced.url.invert)",
          "propertyOrder" : 27800,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "notEnforcedIpsList" : {
          "title" : "Not-Enforced URL from IP Processing List",
          "description" : "Specifies a list of client IP addresses that do not require authentication when requesting the indicated URLs. <br>The supported format requires a list of IP addresses separated by spaces, the horizontal bar (|) character, and a list of URLs separated by spaces. <br>For example: <br>  10.1.2.1 192.168.0.2|/public/* <br>In the preceding example, the IP addresses 10.1.2.1 and  192.168.0.2 can access any resource inside /public without authenticating. (property: org.forgerock.agents.config.notenforced.ipurl)",
          "propertyOrder" : 28050,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sessionAttributeFetchMode" : {
          "title" : "Session Attribute Fetch Mode",
          "description" : "(property name: com.sun.identity.agents.config.session.attribute.fetch.mode)",
          "propertyOrder" : 28600,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "clientIpValidation" : {
          "title" : "Client IP Validation",
          "description" : "This validates if the subsequent browser requests come from the same ip address that the SSO token is initially issued against. (property name: com.sun.identity.agents.config.client.ip.validation.enable)",
          "propertyOrder" : 28100,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "continuousSecurityHeaders" : {
          "title" : "Continuous Security Header Map",
          "description" : "The name of the headers in the user's original request, that will be sent as part of the payload during policy evaluation, which can then be accessed via the 'environment' variable in a policy script. The 'key' is the name of the header to be sent, and the 'value' is the name which it will appear as in the policy evaluation script.It is possible to map multiple headers to the same name (they will simply appear as an array in the evaluation script). If the header doesn't exist, then the empty string will be sent. <br>Property: org.forgerock.agents.continuous.security.headers.map <br>Valid for Agent 5.0 onwards",
          "propertyOrder" : 29000,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "responseAttributeFetchMode" : {
          "title" : "Response Attribute Fetch Mode",
          "description" : "(property name: com.sun.identity.agents.config.response.attribute.fetch.mode)",
          "propertyOrder" : 28400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "responseAttributeMap" : {
          "title" : "Response Attribute Map",
          "description" : "Maps the policy response attributes to be populated under specific names for the currently authenticated user. (property name: com.sun.identity.agents.config.response.attribute.mapping)  <br> Example: <br> To populate the value of response attribute uid under name CUSTOM-USER-NAME: enter uid in Map Key field, and enter CUSTOM-USER-NAME in Corresponding Map Value field.",
          "propertyOrder" : 28500,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "sessionAttributeMap" : {
          "title" : "Session Attribute Map",
          "description" : "Maps the session attributes to be populated under specific names for the currently authenticated user. (property name: com.sun.identity.agents.config.session.attribute.mapping)   <br> Example: <br>  To populate the value of session attribute UserToken under name CUSTOM-userid: enter UserToken in Map Key field, and enter CUSTOM-userid in Corresponding Map Value field.",
          "propertyOrder" : 28700,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "notEnforcedIpsRegex" : {
          "title" : "Regular Expressions for Not-Enforced IPs",
          "description" : "Enable use of Perl-compatible regular expressions in Not-Enforced URL from IP settings. (property: org.forgerock.agents.config.notenforced.ext.regex.enable)",
          "propertyOrder" : 28150,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "profileAttributeMap" : {
          "title" : "Profile Attribute Map",
          "description" : "Maps the profile attributes to be populated under specific names for the currently authenticated user. (property name: com.sun.identity.agents.config.profile.attribute.mapping)  <br> Example: <br> To populate the value of profile attribute cn under name CUSTOM-Common-Name: enter cn in Map Key field, and enter CUSTOM-Common-Name in Corresponding Map Value field. <br> To populate the value of profile attribute mail under name CUSTOM-Email: enter mail in Map Key field, and enter CUSTOM-Email in Corresponding Map Value field.",
          "propertyOrder" : 28300,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "ignorePathInfoForNotEnforcedUrls" : {
          "title" : "Ignore Path Info for Not Enforced URLs",
          "description" : "Indicate whether the path info and query should be stripped from the request URL before being compared with the URLs of the not enforced list when those URLs have a wildcard '*' character.  (property name: com.sun.identity.agents.config.ignore.path.info.for.not.enforced.list)  ",
          "propertyOrder" : 27600,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "continuousSecurityCookies" : {
          "title" : "Continuous Security Cookie Map",
          "description" : "The name of the cookies to be sent as part of the payload during policy evaluation, which can be accessed via the 'environment' variable in a policy script. The 'key' is the name of the cookie to be sent, and the 'value' is the name which it will appear as in the policy evaluation script. It is possible to map multiple cookies to the same name (they will simply appear as an array in the evaluation script). If the cookie doesn't exist, then the empty string will be sent. <br>Property: org.forgerock.agents.continuous.security.cookies.map <br>Valid for Agent 5.0 onwards",
          "propertyOrder" : 28900,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "notEnforcedUrlsRegex" : {
          "title" : "Regular Expressions for Not-Enforced URLs",
          "description" : "When true, enables use of Perl-compatible regular expressions in Not-enforced URL settings. (property: com.forgerock.agents.notenforced.url.regex.enable)",
          "propertyOrder" : 27850,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "advancedWebAgentConfig" : {
      "type" : "object",
      "title" : "Advanced",
      "propertyOrder" : 5,
      "properties" : {
        "fragmentRedirectEnabled" : {
          "title" : "Fragment Redirect Enabled",
          "description" : "Enable to save the browser's URL fragment during authentication. <br>(property: org.forgerock.agents.config.fragment.redirect.enable) (Agent 5.7+ only)",
          "propertyOrder" : 33400,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "pdpStickySessionMode" : {
          "title" : "POST Data Sticky Load Balancing Mode",
          "description" : "Specifies whether to create a cookie, or to append a query string to the URL to assist with sticky load balancing. Possible values are: <br>COOKIE. The web agent creates a cookie with the value specified in the com.sun.identity.agents.config.postdata.preserve.stickysession.value property. <br>URL. The web agent appends the value specified in the com.sun.identity.agents.config.postdata.preserve.stickysession.value to the URL query string. <br> (property: com.sun.identity.agents.config.postdata.preserve.stickysession.mode)",
          "propertyOrder" : 33700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "postDataPreservation" : {
          "title" : "POST Data Preservation",
          "description" : "Enables POST data preservation. (property name: com.sun.identity.agents.config.postdata.preserve.enable) <br> Note that this feature is not supported in all the web agents. Please refer individual agents documentation for more details.",
          "propertyOrder" : 33500,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "logonAndImpersonation" : {
          "title" : "Logon and Impersonation",
          "description" : "Set to true if agent should do Windows Logon and User Impersonation. (property name: com.sun.identity.agents.config.iis.logonuser)",
          "propertyOrder" : 34500,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "postDataCachePeriod" : {
          "title" : "POST Data Entries Cache Period",
          "description" : "POST cache entry lifetime in minutes. (property name: com.sun.identity.agents.config.postcache.entry.lifetime)",
          "propertyOrder" : 33600,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "clientIpHeader" : {
          "title" : "Client IP Address Header",
          "description" : "HTTP header name that holds the IP address of the client. <br>Property: org.forgerock.agents.http.header.containing.ip.address <br>Valid for Agent 5.0 onwards",
          "propertyOrder" : 32800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "pdpSkipPostUrl" : {
          "title" : "URLs Ignored by the Agent POST Data Inspector",
          "description" : "Specifies a list of URLs that will not be processed by the web agent POST data inspector. This allows other modules on the same server to access the POST data directly. <br>The following example uses wildcards to add a file named postreader.jsp in the root of any protected website to the list of URLs that will not have their POST data inspected: <br>http*://*:*/postreader.jsp <br>Any URLs added to this property should also be added to the Not-Enforced URLs <br> (property: org.forgerock.agents.config.skip.post.url)",
          "propertyOrder" : 33740,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "overrideRequestHost" : {
          "title" : "Override Request URL Host",
          "description" : "Set to true if the agent is sitting behind a ssl/tls off-loader, load balancer, or proxy to override the host with the value from the property com.sun.identity.agents.config.agenturi.prefix. (property name: com.sun.identity.agents.config.override.host)",
          "propertyOrder" : 33200,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "pdpJavascriptRepost" : {
          "title" : "Submit POST Data using JavaScript",
          "description" : "When set to true, preserved POST data will be resubmitted to the destination server after authentication by using JavaScript. (property: org.forgerock.agents.pdp.javascript.repost)",
          "propertyOrder" : 33730,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "customProperties" : {
          "title" : "Custom Properties",
          "description" : "Additional properties that allow users to augment the set of properties supported by agent. (property name: com.sun.identity.agents.config.freeformproperties)  <br> Examples: <br> customproperty=custom-value1 <br> customlist[0]=customlist-value-0 <br> customlist[1]=customlist-value-1 <br> custommap[key1]=custommap-value-1 <br> custommap[key2]=custommap-value-2",
          "propertyOrder" : 35100,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "pdpStickySessionCookieName" : {
          "title" : "POST Data Sticky Load Balancing Cookie Name",
          "description" : "Specifies the name of a cookie to use for enabling sticky load balancing when the \"POST Data Sticky Load Balancing Mode\" property is set to COOKIE. Set the cookie name to the same value configured in the \"POST Data Sticky Load Balancing Value\" property. (property: com.sun.identity.agents.config.postdata.preserve.lbcookie)",
          "propertyOrder" : 33720,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "pdpStickySessionValue" : {
          "title" : "POST Data Sticky Load Balancing Value",
          "description" : "Specifies a key-value pair separated by the = character that the web agent creates when evaluating the \"POST Data Sticky Load Balancing Mode\". For example, a setting of lb=myserver either sets an lb cookie with myserver value, or adds lb=myserver to the URL query string. When configuring POST data preservation with cookies, set the cookie name in the cookie pair to the same value configured in the \"POST Data Sticky Load Balancing Cookie Name\". (property: com.sun.identity.agents.config.postdata.preserve.stickysession.value)",
          "propertyOrder" : 33710,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "retainSessionCache" : {
          "title" : "Retain Session Cache After Configuration Change",
          "description" : "Use this property to manage how the session cache is used after a change to the agent configuration: <br> False: Purge the session cache, and re-read the user session data. <br> True: Do not purge the session cache, and do not re-read the user session data. <br><br>Use this value to prevent the agent from flooding AM instances with requests, when the agent configuration changes regularly, and the changes do not affect the agent authorisation decisions. <br><br>Property: com.forgerock.agents.session.cache.eventually.consistent <br>Introduced in Web Agent 5.9.0",
          "propertyOrder" : 34700,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "apacheAuthDirectives" : {
          "title" : "Use Built-in Apache HTTPD Authentication Directives",
          "description" : "A regular expression pattern to specify which not-enforced URLs can use built-in Apache authentication directives, such as AuthName, FilesMatch, and Require, for basic authentication. <br>Requests with not-enforced URLs that match the expression can use built-in Apache authentication directives. <br><br>Property: com.forgerock.agents.no.remoteuser.module.compatibility <br>Introduced in Web Agent 5.9.0",
          "propertyOrder" : 34600,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "showPasswordInHeader" : {
          "title" : "Show Password in HTTP Header",
          "description" : "Set to true if encrypted password should be set in HTTP header AUTH_PASSWORD. (property name: com.sun.identity.agents.config.iis.password.header)",
          "propertyOrder" : 34400,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "replayPasswordKey" : {
          "title" : "Replay Password Key",
          "description" : "DES key for decrypting the basic authentication password in the session. <br>The value of this property is inherited from the secret mapped to the <code>am.authentication.replaypassword.key</code> secret label.<br>If you set a value in this field, it is ignored.",
          "propertyOrder" : 33900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "clientHostnameHeader" : {
          "title" : "Client Hostname Header",
          "description" : "HTTP header name that holds the Hostname of the client. <br>Property: org.forgerock.agents.http.header.containing.remote.hostname <br>Valid for Agent 5.0 onwards",
          "propertyOrder" : 32900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "overrideRequestPort" : {
          "title" : "Override Request URL Port",
          "description" : "Set to true if the agent is sitting behind a ssl/tls off-loader, load balancer, or proxy to override the port with the value from the property com.sun.identity.agents.config.agenturi.prefix. (property name: com.sun.identity.agents.config.override.port)",
          "propertyOrder" : 33300,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "overrideRequestProtocol" : {
          "title" : "Override Request URL Protocol",
          "description" : "Set to true if the agent is sitting behind a ssl/tls off-loader, load balancer, or proxy to override the protocol with the value from the property com.sun.identity.agents.config.agenturi.prefix. (property name: com.sun.identity.agents.config.override.protocol)",
          "propertyOrder" : 33100,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "hostnameToIpAddress" : {
          "title" : "Hostname to IP Address Map",
          "description" : "Map of a hostname to an IP address. The mapped hostname is automatically resolved to the IP address. <br>Format: Hostname|IP <br>Example: am.example.com|10.199.0.2 <br><br>Property: com.forgerock.agents.config.hostmap <br>Valid for Agent 5.0 onwards",
          "propertyOrder" : 32950,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        }
      }
    },
    "ssoWebAgentConfig" : {
      "type" : "object",
      "title" : "SSO",
      "propertyOrder" : 2,
      "properties" : {
        "cookieResetOnRedirect" : {
          "title" : "Session Cookie Reset on Authentication Redirect",
          "description" : "When set to true. the agent will not reset the session cookie on an authentication redirect if there is a policy advice present.By default, the agent resets the session cookie in all configured domains on every authentication redirect when a policy advice is present. (property: org.forgerock.agents.config.cdsso.advice.cleanup.disable)",
          "propertyOrder" : 29400,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "httpOnly" : {
          "title" : "HTTP Only Mode",
          "description" : "Agents with this property set to true mark cookies as HTTPOnly to prevent scripts and third-party programs from accessing the cookies. (property: com.sun.identity.cookie.httponly)",
          "propertyOrder" : 29250,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "cookieResetEnabled" : {
          "title" : "Cookie Reset",
          "description" : "Agent resets cookies in the response before redirecting to authentication. (property name: com.sun.identity.agents.config.cookie.reset.enable)",
          "propertyOrder" : 29700,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "persistentJwtCookie" : {
          "title" : "Persistent JWT Cookie",
          "description" : "Enable persistence for JWT cookie. If true JWT cookie will not be set as Session Cookie. (property: org.forgerock.agents.config.cdsso.persistent.cookie.enable)",
          "propertyOrder" : 29270,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "secureCookies" : {
          "title" : "Cookie Security",
          "description" : "Agent sends secure cookies if communication is secure. (property name: com.sun.identity.agents.config.cookie.secure) <br>Requires Agent Restart",
          "propertyOrder" : 29200,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "cookieName" : {
          "title" : "Cookie Name",
          "description" : "Name of the SSO Token cookie used between the AM server and the Agent. (property name: com.sun.identity.agents.config.cookie.name)<br>Requires Agent Restart",
          "propertyOrder" : 29100,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "cdssoCookieDomain" : {
          "title" : "Cookies Domain List",
          "description" : "List of domains in which cookies have to be set in CDSSO. (property name: com.sun.identity.agents.config.cdsso.cookie.domain) <br> Example: <br> .example.com",
          "propertyOrder" : 29600,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "acceptSsoToken" : {
          "title" : "Accept SSO Token",
          "description" : "Specifies whether the agent should accept SSO tokens as session cookies alongside with ID tokens. Possible values: <br>- false. The agent does not accept SSO Tokens <br>- true. The agent accepts both SSO tokens and ID tokens as session tokens during the login flow, and afterwards. SSO tokens are not converted to ID tokens <br>Set this property to \"true\" only for specific migration cases (see documentation for more info) <br>(property: com.forgerock.agents.accept.sso.token) (Agent 5.7+ only)",
          "propertyOrder" : 29850,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "cookieResetList" : {
          "title" : "Cookies Reset Name List",
          "description" : "List of cookies in the format: name[=value][;Domain=value]. (property name: com.sun.identity.agents.config.cookie.reset) <br> Examples: <br> Cookie1 <br> Cookie2=value;Domain=subdomain.domain.com",
          "propertyOrder" : 29800,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sameSite" : {
          "title" : "SameSite Cookie Attribute",
          "description" : "If set, agent will add SameSite attribute to all cookies created by agent with value which is provided in this property. <br>Example: Strict, Lax, None (property: com.forgerock.agents.cdsso.cookie.samesite)",
          "propertyOrder" : 29260,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "cdssoRedirectUri" : {
          "title" : "Authentication Redirect URI",
          "description" : "An intermediate URI that is used by the Agent for processing CDSSO requests. <br>Property: org.forgerock.agents.authn.redirect.uri <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 29300,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "multivaluePreAuthnCookie" : {
          "title" : "Multivalue for Pre-Authn Cookie",
          "description" : "With this set, the agent will use a legacy mode to create cookies that are used to track unauthenticated requests that have been redirected to login. This mode should only be used for backward compatibility, where the pre-5.7 way of tracking redirected requests is required, perhaps because the cookie names are referenced in proxy configuration. This property need not be set in any other situation. (property: org.forgerock.openam.agents.config.multivalue.pre.authn.cookies)",
          "propertyOrder" : 29280,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "miscWebAgentConfig" : {
      "type" : "object",
      "title" : "Miscellaneous",
      "propertyOrder" : 4,
      "properties" : {
        "gotoParameterName" : {
          "title" : "Goto Parameter Name",
          "description" : "This is the name of the HTTP query \"goto\" parameter. It is not recommended to change it.<br>Property: com.sun.identity.agents.config.redirect.param <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 32600,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "compositeAdviceEncode" : {
          "title" : "Composite Advice Encode",
          "description" : "This property is used to specify whether AM composite advices should be based64url encoded before sending to custom login endpoints. (property: com.forgerock.agents.advice.b64.url.encode)",
          "propertyOrder" : 32300,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "addCacheControlHeader" : {
          "title" : "Add Cache-Control Headers",
          "description" : "Set this property to true to enable use of Cache-Control headers that prevent proxies from caching resources accessed by unauthenticated users. (property: com.forgerock.agents.cache_control_header.enable)",
          "propertyOrder" : 32710,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "compositeAdviceRedirect" : {
          "title" : "Composite Advice Handling",
          "description" : "When set to true, the agent sends composite advice in the query (GET request) instead of sending it through a POST request. (property: com.sun.am.use_redirect_for_advice)",
          "propertyOrder" : 32200,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "invertUrlJsonResponse" : {
          "title" : "Invert Properties That Receive JSON-Formatted Responses",
          "description" : "Set to true to invert the meaning of both the org.forgerock.agents.config.json.url and org.forgerock.agents.config.json.header properties. When inverted the specified values in those two properties will not trigger JSON-formatted responses. Any non-specified value will trigger JSON-formatted responses, instead. (property: org.forgerock.agents.config.json.url.invert)",
          "propertyOrder" : 32750,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "ignorePathInfo" : {
          "title" : "Ignore Path Info in Request URL",
          "description" : "The path info will be stripped from the request URL while doing Not Enforced List check and url policy evaluation if the value is set to true. <br>Property: com.sun.identity.agents.config.ignore.path.info <br>Valid for Agent 5.0 onwards",
          "propertyOrder" : 32400,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "urlJsonResponse" : {
          "title" : "URLs to Receive JSON-Formatted Responses",
          "description" : "Returning the responses in JSON format is useful for non-browser-based, or AJAX applications, that may not want to redirect users to the AM user interface for authentication. <br>Example: org.forgerock.agents.config.json.url[0]=http*://*.example.com:*/api/* <br>org.forgerock.agents.config.json.response.code=202 <br>(property: org.forgerock.agents.config.json.url)",
          "propertyOrder" : 32730,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "encodeUrlSpecialCharacters" : {
          "title" : "Encode URL's Special Characters",
          "description" : "Encodes the url which has special characters before doing policy evaluation. (property name: com.sun.identity.agents.config.encode.url.special.chars.enable)",
          "propertyOrder" : 32100,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "anonymousUserId" : {
          "title" : "Anonymous User Default Value",
          "description" : "User id of unauthenticated users. (property name: com.sun.identity.agents.config.anonymous.user.id)",
          "propertyOrder" : 32700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "profileAttributesCookiePrefix" : {
          "title" : "Profile Attributes Cookie Prefix",
          "description" : "Sets cookie prefix in the attributes headers. (property name: com.sun.identity.agents.config.profile.attribute.cookie.prefix)",
          "propertyOrder" : 31800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "invalidUrlRegex" : {
          "title" : "Invalid URL Regular Expression",
          "description" : "Specifies a Perl-compatible regular expression to parse valid request URLs. The web agent rejects requests to invalid URLs with HTTP 403 Forbidden status without further processing. <br>Example, to filter out URLs containing a list of characters and words such as ./ /. / . %00-%1f, %7f-%ff, %25, %2B, %2C, %7E, .info, configure the following regular expression: <br>^(\\?!.\\/|\\/.|.|.info|%2B|%00-%1f|%7f-%ff|%25|%2C|%7E).*$ <br>(property: com.forgerock.agents.agent.invalid.url.regex)",
          "propertyOrder" : 32500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "mineEncodeHeader" : {
          "title" : "MIME-Encode HTTP Header Values",
          "description" : "Specifies whether the agent must MIME-encode HTTP header values, and when to do it. Possible values are: <br>  0. The agent MIME-encodes the value of HTTP headers if said value is a multi-byte Unicode string. <br>  1. The agent MIME-encodes the value of every HTTP header. <br>  2. The agent does not MIME-encode the value of any HTTP header. <br> (property: com.forgerock.agents.header.mime.encode)",
          "propertyOrder" : 32720,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "statusCodeJsonResponse" : {
          "title" : "HTTP Return Code for JSON-Formatted Responses",
          "description" : "Specifies an HTTP response code to return when a JSON-formatted error is triggered. (property: org.forgerock.agents.config.json.response.code)",
          "propertyOrder" : 32760,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "profileAttributesCookieMaxAge" : {
          "title" : "Profile Attributes Cookie Maxage",
          "description" : "Maxage of attributes cookie headers. (property name: com.sun.identity.agents.config.profile.attribute.cookie.maxage)",
          "propertyOrder" : 31900,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "caseInsensitiveUrlComparison" : {
          "title" : "URL Comparison Case Sensitivity Check",
          "description" : "Enforces case insensitivity in both policy and not enforced url evaluation. (property name: com.sun.identity.agents.config.url.comparison.case.ignore)",
          "propertyOrder" : 32000,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "anonymousUserEnabled" : {
          "title" : "Anonymous User",
          "description" : "Enable/Disable REMOTE_USER processing for anonymous users. (property name: com.sun.identity.agents.config.anonymous.user.enable)",
          "propertyOrder" : 31600,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "encodeSpecialCharsInCookies" : {
          "title" : "Encode special chars in Cookies",
          "description" : "Encode special chars in cookie by URL encoding. Useful when profile, session and response attributes contain special chars and attributes fetch mode is set to HTTP_COOKIE. (property name: com.sun.identity.agents.config.encode.cookie.special.chars.enable)  ",
          "propertyOrder" : 31700,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "headerJsonResponse" : {
          "title" : "Headers and Values to Receive JSON-Formatted Responses",
          "description" : "Specify HTTP headers and associated values that trigger JSON-formatted errors to be returned. <br>Example: <br>org.forgerock.agents.config.json.header[enableJsonResponse]=true <br>org.forgerock.agents.config.json.response.code=202 <br>(property: org.forgerock.agents.config.json.header[Header]=Value)",
          "propertyOrder" : 32740,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        }
      }
    }
  }
}