All Classes

Class	Description
AbandonRequest	The Abandon operation allows a client to request that the server abandon an uncompleted operation.
AbstractAsynchronousConnection	An abstract connection whose synchronous methods are implemented in terms of asynchronous methods.
AbstractAsynchronousConnection	An abstract connection whose synchronous methods are implemented in terms of asynchronous methods.
AbstractAttribute	This class provides a skeletal implementation of the Attribute interface, to minimize the effort required to implement this interface.
AbstractConnection	This class provides a skeletal implementation of the Connection interface, to minimize the effort required to implement this interface.
AbstractConnectionWrapper<C extends Connection>	An abstract base class from which connection wrappers may be easily implemented.
AbstractConnectionWrapper<C extends Connection>	An abstract base class from which connection wrappers may be easily implemented.
AbstractContext	A base implementation of the Context interface.
AbstractDecisionNode	An abstract node implementation for nodes that result in a simple true-false outcome.
AbstractDecisionNode.OutcomeProvider	Provides a static set of outcomes for decision nodes.
AbstractEncryptionHandler	Deprecated. Use ContentEncryptionHandler instead.
AbstractEntry	This class provides a skeletal implementation of the Entry interface, to minimize the effort required to implement this interface.
AbstractExtendedRequest<ER extends ExtendedRequest<S>,S extends ExtendedResult>	An abstract Extended request which can be used as the basis for implementing new Extended operations.
AbstractExtendedResult<S extends ExtendedResult>	An abstract Extended result which can be used as the basis for implementing new Extended operations.
AbstractExtendedResultDecoder<S extends ExtendedResult>	This class provides a skeletal implementation of the ExtendedResultDecoder interface, to minimize the effort required to implement this interface.
AbstractIntermediateResponse<S extends IntermediateResponse>	An abstract Intermediate response which can be used as the basis for implementing new Intermediate responses.
AbstractJwtBuilder	A base implementation for all JwtBuilders that provides the basis of the JWT builder methods.
AbstractJwtSessionModule<C extends JwtSessionCookie>	A JASPI Session Module which creates a JWT when securing the response from a successful authentication and sets it as a Cookie on the response.
AbstractKbaStage<C extends AbstractKbaStageConfig<?>>	Base class for KBA stages.
AbstractKbaStageConfig<C extends AbstractKbaStageConfig<C>>	Defines the common configurations for the KBA stages.
AbstractMapEntry<M extends Map<AttributeDescription,Attribute>>	Abstract implementation for Map based entries.
AbstractNodeAmPlugin	A convenient base class for AmPlugins that provide authentication nodes.
AbstractOrderingMatchingRuleImpl	This class implements a default ordering matching rule that matches normalized values in byte order.
AbstractRequestHandler	Deprecated. RequestHandler now has default methods which implement the not-supported behavior.
AbstractRequestVisitor<R,P,E extends Exception>	Abstract class that implements the RequestVisitor interface.
AbstractRouter<T extends AbstractRouter<T,R,H,D>,R,H,D>	An abstract base class for implementing routers.
AbstractSetCookieHeader	An abstract SetCookieHeader class for SetCookieHeader and SetCookie2Header.
AbstractSynchronousConnection	An abstract connection whose asynchronous methods are implemented in terms of synchronous methods.
AcceptApiVersionHeader	Processes the Accept-API-Version message header.
AcceptLanguageHeader	A header class representing the Accept-Language HTTP header.
AccessToken	Models an OAuth2 access token.
AccessTokenException	The exception thrown when creating OAuth2 token using client credential grant type.
AccessTokenException	Represents an exception whilst retrieving an OAuth2 access token.
AccessTokenInfo	Represents an OAuth2 Access Token.
AccessTokenModifier	A plugin or (extension point) that allows modification of the OAuth2 access token before the token is persisted/returned to the client.
AccessTokenRequest	Encapsulates all relevant data necessary to represent a request for a new access token.
AccessTokenRequest.Builder	Access token request builder.
AccessTokenRequest.GrantType
AccessTokenResolver	Resolves a given token against a dedicated OAuth2 Identity Provider (OpenAM, Google, Facebook, ...).
AccessTokenResponse	Encapsulates the minted access token along with its contextual data.
AccessTokenResponse.Builder	Access token response builder.
AccessTokenSecretStore	A secret store that can obtain access tokens from an OAuth 2 provider.
AccessTokenSecretStore.Builder	Builder object for the access token secret store.
AccessTokenService	Access token service is responsible for serving up OAuth2 access tokens along with its contextual data, based on the request having been passed.
AccountProvider	Implementations of this interface provide the means to search for and create users given a map of attributes.
Action	This class is designed for Action element in SAML core assertion.
Action	The Action element specifies an action on the specified resource for which permission is sought.
Action	The Action element specifies information about the action requested in the Request context by listing a sequence of Attribute elements associated with the action.
Action	Indicates an CREST action method on an annotated POJO.
Action	Class that represents the Action operation type in API descriptor.
Action	Immutable container for the result of processing a node.
Action<E extends Exception>	An Runnable functional interface which can throw a checked Exception.
Action.ActionBuilder	Builder for the Action.
Action.Builder	Builder class for creating the Action.
ActionDecision	Deprecated. As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
ActionImpl	The Action element specifies information about the action requested in the Request context by listing a sequence of Attribute elements associated with the action.
ActionRequest	An implementation specific action, or operation, upon a JSON resource.
ActionResponse	Response object for JSON responses.
Actions	Declare an array of Action operations from a single method.
AdditionalProperties	Annotation to define JSON Schema additionalProperties, which is useful when working with key/value JSON data structures.
AddRequest	The Add operation allows a client to request the addition of an entry into the Directory.
AddressMask	An address mask can be used to perform efficient comparisons against IP addresses to determine whether a particular IP address is in a given range.
AdminDNAction	The class is used to perform privileged operations using java.security.AccessController.doPrivileged() when using com.iplanet.am.util.AdminUtils to obtain Administrator DN.
AdminPasswordAction	The class is used to perform privileged operations using AccessController.doPrivileged() when using com.iplanet.am.util.AdminUtils to obtain Administrator passwords.
AdminTokenAction	Provides a centralised method for fetching an administrator token for operations where there is no user present.
AdminUtils	This class contains methods to retrieve Top Level Administrator information.
AdNotificationRequestControl	The persistent search request control for Active Directory as defined by Microsoft.
Advice	The Advice element contains additional information that the issuer wish to provide.
Advice	The Advice contains any additional information that the SAML authority wishes to provide.
AdviceBase	The Advice element contains additional information that the issuer wish to provide.
AdviceContext	A Context containing information which should be returned to the user in some appropriate form to the user.
AdviceWarning	WarningHeader implements RFC 2616 section 14.46 - Warning.
AESKeyWrapEncryptionHandler	Provides JWE key encapsulation using the AES KeyWrap algorithm.
Algorithm	The interface for each possible algorithm that can be used to sign and/or encrypt a JWT.
AMAuthCallBack	The AMAuthCallBack interface should be implemented by external business logic code, in order to receive callbacks from the authentication framework when one of the following events happens : account lockout password change (via LDAP module)
AMAuthCallBackException	The AMAuthCallBackException is used to specify an exception related to an authentication framework callback.
AMIdentity	This class represents an Identity which needs to be managed by Access Manager.
AMIdentityRepository	The class AMIdentityRepository represents an object to access the repositories in which user/role/group and other identity data is configured.
AMLoginModule	An abstract class which implements JAAS LoginModule, it provides methods to access OpenAM services and the module xml configuration.
AMPasswordUtil	This class which contains utilities to encrypt and decrypt attribute value of password type.
AmPlugin	Define an AM plugin.
AMPostAuthProcessInterface	The AMPostAuthProcessInterface interface needs to be implemented by services and applications to do post authentication processing.
AMSendMail	Interface for classes which send emails.
AnnotatedService<T>	Describes a service as defined by an annotated interface.
AnnotatedServiceRegistry	A registry for all service configuration that is defined in annotated service interfaces.
AnonymousProcessService	Anonymous process service progresses a chain of ProgressStage configurations, handling any required client interactions.
Answers	Utility methods for hashing and normalising answers to KBA questions.
ApiDescription	Class that represents the ApiDescription type in API descriptor.
ApiDescription.Builder	Builder for the ApiDescription.
ApiDocGenerator	Generates static AsciiDoc documentation for CREST API Descriptors.
ApiDocGeneratorException	Signals that an error occurred while generating API documentation.
ApiError	Details of an error that could be returned.
ApiError	Class that represents the ApiError type in API descriptor.
ApiError.Builder	Builder for the ApiError.
ApiProducer<D>	A producer of API Descriptions.
ApiValidationException	Signals that API failed validation.
ApiVersionRouterContext	A Context which is created when a request is and has been routed based on resource API version.
AppleClient	Oauth 2.0 Client Implementation that supports Apple.
AppleClientConfiguration	Configuration used for AppleClient implementation.
AppleClientConfiguration.Builder	Builder used to create AppleClientConfiguration instance.
Applications	Utility methods to work with CHF Applications.
Applications	A utility class for dealing with CrestApplication instances.
AppRoleTokenStore	Authenticates to Vault using the AppRole authentication backend to obtain a token that can be used for further operations.
AppSSOTokenProvider	This interface defines method to get application single sign on token.
Artifact	This class represents the Artifact element in SAMLv2 protocol schema.
ArtifactResolve	The ArtifactResolve message is used to request that a SAML protocol message be returned in an ArtifactResponse message by specifying an artifact that represents the SAML protocol message.
ArtifactResponse	The ArtifactResopnse message has the complex type ArtifactResponseType.
AsciiDoc	Root builder for AsciiDoc markup.
AsciiDocException	Signals that an error occurred while building AsciiDoc markup.
AsciiDocSymbols	Enumeration of AsciiDoc markup symbols.
AsciiDocTable	AsciiDoc table builder [ref], which defers insertion of the table, at the end of the parent document, until AsciiDocTable.tableEnd() is called.
AsciiDocTableColumnStyles	AsciiDoc table column-styles.
Asn1	This class contains various static factory methods for creating ASN.1 readers and writers.
Asn1Reader	An interface for decoding ASN.1 elements from a data source.
Asn1Tag	Provides methods for building and analyzing ASN.1 tag bytes.
Asn1Tag.Class	The Asn1 tag classes.
Asn1Writer	An ASN1Writer implementation that outputs to an outputstream.
Assertion	This object stands for Assertion element.
Assertion	The Assertion element is a package of information that supplies one or more Statement made by an issuer.
Assertion	A compiled attribute value assertion.
AssertionBase	This object stands for Assertion element.An Assertion is a package of information that supplies one or more Statement made by an issuer.
AssertionFactory	This is the factory class to obtain instances of the objects defined in assertion schema.
AssertionFailureException	Thrown when the result code returned in a Result indicates that the Request failed because the filter contained in an assertion control failed to match the target entry.
AssertionIDRef	This class represents the AssertionIDRef element.
AssertionIDReference	AssertionIDReference element makes reference to a SAML assertion.
AssertionIDRequest	This class represents the AssertionIDRequestType complex type.
AssertionIDRequestMapper	This interface AssertonIDRequestMapper is used by assertion ID request service to process assertion ID request.
AssertionIDRequestUtil	This class provides methods to send or process AssertionIDRequest.
AssertionRequestControl	The assertion request control as defined in RFC 4528.
AsyncFunction<VIN,VOUT,E extends Exception>	An asynchronous Function which returns a result at some point in the future.
AsyncServerAuthContext	An asynchronous interface counterpart for the ServerAuthContext.
AsyncServerAuthModule	An asynchronous interface counterpart for the ServerAuthModule.
AsyncSessionManager	A session manager is responsible to create/save a new type of Session.
AtomicThrowable	Atomic container for Throwables including combining and having a terminal state via ExceptionHelper.
Attribute	The Attribute element specifies an attribute of the assertion subject.
Attribute	The Attribute element identifies an attribute by name and optionally includes its value(s).
Attribute	The Attribute element specifies information about the action/subject/resource requested in the Request context by listing a sequence of Attribute elements associated with the action.
Attribute	Indicates that a method describes a configuration attribute of an SMS service.
Attribute	An attribute, comprising of an attribute description and zero or more attribute values.
AttributeAuthorityMapper	This interface AttributeAuthorityMapper is used by attribute authority to process attribute query.
AttributeCompressionStrategy	Responsible for performing a specialised JSON compression based on the attribute name being stored in the JSON.
AttributeDescription	An attribute description as defined in RFC 4512 section 2.5.
AttributeDesignator	The AttributeDesignator element identifies an attribute name within an attribute namespace.
AttributeFilter	A configurable factory for filtering the attributes exposed by an entry.
AttributeImpl	The Attribute element specifies information about the action/subject/resource requested in the Request context by listing a sequence of Attribute elements associated with the action.
AttributeMapper<T>	Translates from a source to a map of attributes.
AttributeMapper	Defines the concerns of mapping attributes into SAML2 AttributeStatements.
AttributeParser	A fluent API for parsing attributes as different types of object.
AttributeQuery	This class represents the AttributeQueryType complex type.
AttributeQueryUtil	This class provides methods to send or process AttributeQuery.
Attributes	This class contains methods for creating and manipulating attributes.
AttributeSchema	The class AttributeSchema provides methods to access the schema of a configuration parameter.
AttributeSchema.ListOrder	This enum ListOrder defines the list orders of schema attributes and provides constants for these list orders.
AttributeSchema.Syntax	The class Syntax defines the syntax of the schema attributes and provides static constants for these types.
AttributeSchema.Type	The class Type defines the types of schema attributes and provides static constants for these types.
AttributeSchema.UIType	The class UIType defines the UI types of schema attributes and provides static constants for these types.
AttributesContext	An AttributesContext is a mechanism for transferring transient state between components when processing a single request.
AttributeStatement	The AttributeStatement element supplies a statement by the issuer that the specified subject is associated with the specified attributes.
AttributeStatement	The AttributeStatement element describes a statement by the SAML authority asserting that the assertion subject is associated with the specified attributes.
AttributeStatementsProvider	Defines the concerns of generating the AttributeStatement list to be included in the SAML2 assertion.
AttributeType	This class defines a data structure for storing and interacting with an attribute type, which contains information about the format of an attribute and the syntax and matching rules that should be used when interacting with it.
AttributeType.Builder	A fluent API for incrementally constructing attribute type.
AttributeUsage	This enumeration defines the set of possible attribute usage values that may apply to an attribute type, as defined in RFC 2252.
AudienceRestriction	The AudienceRestriction specifies that the assertion is addressed to one or more specific Audiences.
AudienceRestrictionCondition	This is an implementation of the abstract Condition class, which specifes that the assertion this AuthenticationCondition is part of, is addressed to one or more specific audience.
AuditApi	Audit API interface for auditing the result of an authentication request.
AuditTrail	Responsible for tracking the auditing of an authentication attempt including auditing each of the modules that are executed and the overall result of the authentication.
AuthComparison	The available types of authentication context comparison methods.
AuthContext	The AuthContext provides the implementation for authenticating users.
AuthContext.IndexType	The class IndexType defines the possible kinds of "objects" or "resources" for which an authentication can be performed.
AuthContext.Status	The class Status defines the possible authentication states during the login process.
AuthContextLocal	The AuthContextLocal provides the implementation for authenticating users.
AuthContextWithState	AsyncServerAuthContext implementations should implement this interface when the AsyncServerAuthContext has its own implementation of a AuthenticationState that it will be using to store and maintain state for a single request.
AuthenticatedEncryptionCryptographyHandler	A JwtCryptographyHandler that ensures confidentiality and authenticity of data using authenticated encryption algorithms.
AuthenticationException	AuthenticationException class is for handling Exception that is thrown when the user-entered tokens cause the authentication module to be authenticated to fail.
AuthenticationException	A generic authentication exception which accepts a detail message and/or the cause.
AuthenticationException	Thrown when the result code returned in a Result indicates that the Bind Request failed due to an authentication failure.
AuthenticationFailedException	An authentication exception which signifies that authentication of the request has failed and an appropriate unauthorized response should be returned to the client.
AuthenticationFilter	A HTTP Filter that will protect all downstream filters or handlers.
AuthenticationFilter.AuthenticationFilterBuilder	Builder class that configures an Authentication Framework instance.
AuthenticationFilter.AuthenticationModuleBuilder	Builder class that configures AsyncServerAuthModules and ServerAuthModules.
AuthenticationFramework	An authentication framework for protecting all types of resources.
AuthenticationState	Maintains state information and provides to retrieve values in a type safe manner.
AuthenticationStateException	An exception that is thrown during AuthenticationState operations.
AuthenticationStatement	The AuthenticationStatement element supplies a statement by the issuer that its subject was authenticated by a particular means at a particular time.
AuthenticationStatementsProvider	Defines the concern of providing the AuthnStatement list to be included in the generated SAML2 assertion.
AuthLoginException	This class is for handling message localization in LoginException.
AuthnContext	The AuthnContext element specifies the context of an authentication event.
AuthnQuery	This class represents the AuthnQueryType complex type.
AuthnQueryUtil	This class provides methods to send or process AuthnQuery.
AuthnRequest	The AuthnRequest interface defines methods for properties required by an authentication request.
AuthnStatement	The AuthnStatement element describes a statement by the SAML authority asserting that the assertion subject was authenticated by a particular means at a particular time.
AuthorityBinding	The AuthorityBinding element may be used to indicate to a replying party receiving an AuthenticationStatement that a SAML authority may be available to provide additional information about the subject of the statement.
AuthorityBinding.AuthorityKindType	The AuthorityKindType is an inner class defining constants for the representing the type of SAML protocol queries to which the authority described by this element will respond.
AuthorizationAttribute<T>	Provides a convenience layer on top of AuthorizationContext to simplify access to particular attributes in the authorisation context.
AuthorizationCodeGrantTypeHandler	A handler that can send an authorization code and optional PKCE verifier to the token endpoint to receive an access token.
AuthorizationContext	Context to use for authorization requests.
AuthorizationDecisionStatement	The AuthorizationDecisionStatement element supplies a statement by the issuer that the request for access by the specified subject to the specified resource has resulted in the specified decision on the basis of some optionally specified evidence.
AuthorizationDecisionStatementBase	The AuthorizationDecisionStatement element supplies a statement by the issuer that the request for access by the specified subject to the specified resource has resulted in the specified decision on the basis of some optionally specified evidence.
AuthorizationDecisionStatementBase.DecisionType	The DecisionType is an inner class defining constants for the type of Decisions than can be conveyed by an AuthorizationDecisionStatement .
AuthorizationException	Represents an exception whilst performing Authorization.
AuthorizationException	Thrown when the result code returned in a Result indicates that the Request failed due to an authorization failure.
AuthorizationFilters	This class contains methods for creating FilterChains to protect resources by performing authorization on each incoming request.
AuthorizationHeader	A header class representing the Authorization HTTP header.
AuthorizationHeader.Factory	A factory for creating AuthorizationHeader instances.
AuthorizationIdentityRequestControl	The authorization request control as defined in RFC 3829.
AuthorizationIdentityResponseControl	The authorization response control as defined in RFC 3829.
AuthorizationResult	Represents the result of the authorization of a request.
AuthorizeEndpointDataProvider	A plugin or (extension point) that allows the OAuth2 provider to return additional data from an authorization request.
Authorizer	Deprecated.
AuthPassword	An authentication password, it has a storage scheme, authentication info and authentication value.
AuthStatusUtils	Utility class providing utility methods for determining the meaning behind each of the different AuthStatus values.
AuthzDecisionStatement	The AuthzDecisionStatement element describes a statement by the SAML authority asserting that a request for access by the assertion subject tot he specified resource has resulted in the specified authorization decision on the basis of some optionally specified evidence.
AuthzDecisionStatementsProvider	This interface defines the plug-in point for producing AuthzDecisionStatements.
Ava	An attribute value assertion (AVA) as defined in RFC 4512 section 2.3 consists of an attribute description with zero options and an attribute value.
BackpressureHelper	Utility class to help with backpressure-related operations such as request aggregation.
BadRequestException	An exception that is thrown during a operation on a resource when the requested operation is malformed.
Base64	This class provides methods for performing base64 encoding and decoding.
Base64	Provides RFC 4648 / RFC 2045 compatible Base64 encoding and decoding.
Base64url	Makes use of the Base64 class to encode and decode to and from URL-safe Base64.
BaseID	The BaseID is an extension point that allows applications to add new kinds of identifiers.
BaseIDAbstract	The BaseIDAbstract is an abstract type usable only as the base of a derived type.
BaseOpenIdResolver	Implementation of the OpenIdResolver interface.
BaseQueryFilterVisitor<R,P,F>	A base implementation of QueryFilterVisitor where all methods throw an UnsupportedOperationException by default - override just the methods you need.
BaseResourceName<T,E extends Exception>	The interface ResourceName provides methods to determine the hierarchy of resource names.
BaseSecretStoreProvider	A marker interface for types that provider secret store implementations.
BasicCredentials	A rich representation of basic credentials.
BearerToken	A rich representation of bearer credentials.
BiFunction<T,U,R,E extends Exception>	A BiFunction functional interface which can throw a checked Exception.
BigIntegerUtils	Utils to complement bit operations not covered by the BigInteger functions.
BinarySecurityToken	The class BinarySecurityToken provides interface to parse and create X.509 Security Token depicted by Web Service Security : X.509 Certificate Token Profile and Liberty ID-WSF Security Mechanisms specifications.
BindRequest	The Bind operation allows authentication information to be exchanged between the client and server.
BindResult	A Bind result indicates the status of the client's request for authentication.
BlackAndWhitelistFilter	This class can be used for filtering string elements by using blacklists and/or whitelists.
BlobStrategy	Responsible for defining the interface of the Token Blob Strategy.
BloomFilter<E>	General interface contract for implementations of Bloom Filters.
BloomFilterMonitor<T>	Generic Bloom Filter JMX monitoring.
BloomFilterMXBean	Operations for monitoring and management of Bloom Filter implementations.
BloomFilters	Factory methods for creating bloom filters with various requirements.
BloomFilters.BloomFilterBuilder<T>	Builder for constructing and configuring Bloom Filter implementations.
BloomFilters.RollingBloomFilterBuilder<T>	Builder pattern for Rolling Bloom Filters, which are Scalable Bloom Filters whose elements can expire allowing space to be reclaimed over time.
BloomFilters.ScalableBloomFilterBuilder<T>	Builder pattern for Scalable Bloom Filters.
BloomFilterStatistics	Provides a snapshot of the current statistics and configuration of a Bloom Filter implementation.
BranchingInputStream	An input stream that can branch into separate input streams to perform divergent reads.
Buffer	A dynamically growing data buffer.
ByteSequence	A ByteSequence is a readable sequence of byte values.
ByteSequenceReader	An interface for iteratively reading data from a ByteSequence .
ByteString	An immutable sequence of bytes backed by a byte array.
ByteStringBuilder	A mutable sequence of bytes backed by a byte array.
CachingAccessTokenResolver	A CachingAccessTokenResolver is a delegating AccessTokenResolver that uses a write-through cache to enable fast AccessTokenInfo resolution.
CancelExtendedRequest	The cancel extended request as defined in RFC 3909.
CancelledResultException	Thrown when the result code returned in a Result indicates that the Request was cancelled.
CancelRequestListener	An object that registers to be notified when a cancellation request has been received and processing of the request should be aborted if possible.
CaptchaStage	Stage is responsible for captcha based security.
CaptchaStageConfig	Configuration for the captcha stage.
CaseInsensitiveMap<V>	An implementation of a map whose keys are case-insensitive strings.
CaseInsensitiveSet	An implementation of a set whose values are case-insensitive strings.
CaveatVerifier	Generic interface for methods to verify that a caveat is satisfied.
CertificateService	This service provides operations for querying X509Certificates.
CertificateVerificationKey	A key used for verifying certificate signatures.
ChainedPropertyResolver	Contains a chain of PropertyResolvers that should be used to get a token replacement property.
ChangeRecord	A request to modify the content of the Directory in some way.
ChangeRecordReader	An interface for reading change records from a data source, typically an LDIF file.
ChangeRecordVisitor<R,P,E extends Exception>	A visitor of ChangeRecords, in the style of the visitor design pattern.
ChangeRecordWriter	An interface for writing change records to a data source, typically an LDIF file.
ChangeType	Indicates the type of change which occurred to a token, which can be understood at the CTS (above the data layer) layer.
CharsetDecoderFlowableTransformer	A CharsetDecoderFlowableTransformer decodes bytes from a stream of ByteBuffer into a stream of CharBuffer using the given Charset.
CheckSession	Interface is to define what needs to be implemented to do the OpenID Connect check session endpoint.
ChfHttpClient	Deprecated. Will be replaced in a later release by Client.
ChfHttpTransport	Implementation of the Google Cloud API HttpTransport interface using CHF.
ChoiceValues	The abstract class ChoiceValues provides a mechanism for services to provide choice values for attributes dynamically instead of being statically defined in the service XML file stored in the directory.
ChoiceValues
Claim	Models an OpenID Connect claim that has been requested in an authorize request.
Claim	Deprecated. use Claim
Claim.ClaimBuilder	Builder to keep the Claim immutable.
Claim.ClaimBuilder	Builder to keep the Claim immutable.
Claims	Models OpenID Connect claims that are requested in an authorize request.
ClaimsMapper	Utility class for converting Claims and Claim objects to and from JSON.
Client	An HTTP client which forwards requests to a wrapped Handler.
ClientContext	Client context gives easy access to client-related information that are available into the request.
ClientContext.Builder	Builder for creating ClientContext instances.
ClientCredentialsGrantTypeHandler	A grant type handler that can retrieve an access token using the client_credentials grant type.
ClientSecretBasicAuthenticationFilter	Deprecated. since 26.2.
ClientSecretPostAuthenticationFilter	A Filter implementation to add the credentials to request body for authenticating as per the OAuth 2.0 Authorization Framework specification.
Closeables	Common utility methods for Closeables.
CloseSilentlyAsyncFunction<VIN extends Closeable,VOUT,E extends Exception>	AsyncFunction that silently closes an input-parameter after a delegate-function's AsyncFunction.apply(Object) is completed.
CloseSilentlyFunction<VIN extends Closeable,VOUT,E extends Exception>	Function that silently closes an input-parameter after a delegate-function's Function.apply(Object) is invoked.
CodeGeneratorSource	For extensibility of the RecoveryCodeGenerator.
CoercionFunction	Coercions that can be applied to a given json value.
CollectionProvider	A marker annotation to indicate that the annotated class should be interpreted as an annotated CREST collection provider resource.
CollectionResourceProvider	An implementation interface for resource providers which exposes a collection of resource instances.
CommonsApi	Commons ForgeRock API description.
CommonsApi.Errors	Common api errors.
CommonStateFields	Constants class for defining fields for common state shared across stages.
CompareRequest	The Compare operation allows a client to compare an assertion value with the values of a particular attribute in a particular entry in the Directory.
CompareResult	An Compare result indicates the final status of an Compare operation.
CompressionAlgorithm	An Enum of the possible compression algorithms that can be applied to the JWE payload plaintext.
CompressionHandler	The interface for CompressionHandlers for all the different compression algorithms.
CompressionManager	A service to get the appropriate CompressionHandler for a specified Compression algorithm.
ConcurrencyStrategy	Strategy that determines how thread-safety of bloom filters should be managed.
ConcurrentRollingBloomFilter<T>	A thread-safe implementation of a Bloom Filter that can expand over time to accommodate arbitrary numbers of elements, while also allowing old elements to be deleted after they have expired.
Condition	Deprecated.
Condition	This is an abstract class which servers as an extension point for new conditions.
Condition	The Condition serves as an extension point for new conditions.
ConditionAbstract	The ConditionAbstract is abstract and is thus usable as the base of a derived class
ConditionDecision	Class to represent EntitlementCondition evaluation match result and - if applicable - its advice.
ConditionDecision	Deprecated. As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
ConditionDecision.Builder	Builder to help construct decisions.
ConditionResult	The result of a tri-state logical expression.
Conditions	This Conditions is a set of Condition.
Conditions	The Conditions defines the SAML constructs that place constraints on the acceptable use if SAML Assertions.
ConditionsProvider	Implementations of this interface will be consulted to obtain the Conditions object included in generated SAML2 assertions.
ConditionTypeManager	Deprecated. As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
Config	Indicates that an interface describes the configuration of an SMS service.
Config.Scope	The types of visibility available for a service.
ConfigIdentity	Represents an identity in which annotated service configuration may have its scope bounded by.
ConfigurationActionEvent	The ConfigurationActionEvent class represents Configuration event.
ConfigurationException	An ConfigurationException is thrown when there are errors related to service configuration operations.
ConfigurationInstance	ConfigurationInstance is the interface that provides the operations on service configuration.
ConfigurationListener	The interface ConfigurationListener needs to be implemented by applications in order to receive component data change notifications.
ConfigUtil	Utility methods for config value retrieval.
ConflictException	An exception that is thrown during a operation on a resource when such an operation would result in a conflict.
ConflictingSchemaElementException	Thrown when addition of a schema element to a schema builder fails because the OID of the schema element conflicts with an existing schema element and the caller explicitly requested not to override existing schema elements.
Connection	A client connection to a JSON resource provider over which read and update requests may be performed.
Connection	A connection with a Directory Server over which read and update operations may be performed.
ConnectionChangeRecordWriter	A ConnectionChangeRecordWriter is a bridge from Connections to ChangeRecordWriters.
ConnectionEntryReader	A ConnectionEntryReader is a bridge from Connections to EntryReaders.
ConnectionEntryWriter	A ConnectionEntryWriter is a bridge from Connections to EntryWriters.
ConnectionEventListener	An object that registers to be notified when a connection is closed by the application, receives an unsolicited notification, or experiences a fatal error.
ConnectionException	Deprecated.
ConnectionException	Thrown when the result code returned in a Result indicates that the Request was unsuccessful because of a connection failure.
ConnectionFactory	A connection factory provides an interface for obtaining a connection to a JSON resource provider.
ConnectionFactory	A connection factory provides an interface for obtaining a connection to a Directory Server.
ConnectionHeader	Processes the Connection message header.
ConnectionPool	A connection pool which maintains a cache of client sockets with a configurable core pool size, maximum size, and expiration policy.
ConnectionPool.Statistics	Statistics for a connection pool.
ConnectionPoolEventListener	An object that registers to be notified when a connection pool grows or shrinks.
Connections	This class contains methods for creating and manipulating LDAP clients and connections.
ConnectionSecurity	Indicates whether LDAP client connections should use SSL or StartTLS.
ConsentHeader	The ConsentHeader class represents Consent element defined in SOAP binding schema.
ConsistentHashMap<P>	An implementation of "consistent hashing" supporting per-partition weighting.
ConstraintViolationException	Thrown when the result code returned in a Result indicates that the update Request failed because it would have left the Directory in an inconsistent state.
Consumer<T,E extends Exception>	A Consumer functional interface which can throw a checked Exception.
ContentApiVersionHeader	Processes the Content-API-Version message header.
ContentEncodingHeader	Processes the Content-Encoding message header.
ContentLengthHeader	Processes the Content-Length message header.
ContentTypeHeader	Processes the Content-Type message header.
Context	Type-safe contextual information associated with the processing of a request in an application.
ContextFactory	This is the factory class to obtain instances of the objects defined in xacml context schema.
ContinuousListener	An interface for listener to generic changes from a remote source.
ContinuousQuery	Interface for ensuring that continuous queries can be controlled once configured.
ContinuousQueryListener<T>	Interface for an object that listens to changes resulting from a continuous query.
ContinuousWatcher<T extends ContinuousListener>	Interface by which all ContinuousWatchers ensure similar operation.
ContinuousWatcherDirectory	Service for setting up ContinuousWatchers and ContinuousListeners.
Control	Controls provide a mechanism whereby the semantics and arguments of existing LDAP operations may be extended.
ControlDecoder<C extends Control>	A factory interface for decoding a control as a control of specific type.
Controls	Utility class to resolve controls OID from aliases.
Cookie	This class creates an API which bridges the differences between the Servlet 2.5 and 3.0 Cookie APIs, as the Servlet 2.5 API does not support HttpOnly cookies and provides no methods to create a HttpOnly cookie.
Cookie	An HTTP cookie.
Cookie.SameSite	Indicates the SameSite value of the cookie.
CookieHeader	Processes the Cookie request message header.
CoreSchema	The OpenDJ SDK core schema contains standard LDAP RFC schema elements.
CoreSchemaSupportedLocales	Provides a map of supported locale tags to OIDs.
CoreTokenConfig	Represents any configuration required for the Core Token Service.
CoreTokenConstants	Responsible for collecting together all constants used in the Core Token Service.
CoreTokenException	Base Core Token Service exception for all sub types.
CoreTokenField	CoreTokenField contains a mapping from the Java enumeration and the defined attributes present in the LDAP Schema for the Core Token Service.
CoreTokenFieldTypes	Provides the mapping between CoreTokenFields and the type of the value that is associated to that field.
CorrelationHeader	The CorrelationHeader class represents Correlation element defined in SOAP binding schema.
CorsFilter	This filters implements the resource processing of the CORS protocol.
CorsPolicy	The CORS policy is responsible to handle both actual and preflight CORS requests and set the appropriate set of response headers based on its own configuration.
CorsPolicy.Builder	Builder for CorsPolicy instances.
CorsPolicyProvider	A CorsPolicyProvider allows the CorsFilter to lookup its configuration at runtime, also based on contextual information.
CountPolicy	Enum that represents the Query supported count-policy.
CountPolicy	An enum of count policy types.
Create	Indicates an CREST create method on an annotated POJO.
Create	Class that represents the Create Operation type in API descriptor.
Create.Builder	Builder for the Create.
CreateMode	Enum that represents the Create modes.
CreateNotSupportedException	A specific exception for when Create is not supported, but Upsert might be being attempted so distinguish from other BadRequestExceptions.
CreateRequest	A request to create a new JSON resource.
CreateSingleton	Types of create that might be singletons.
CredentialsParser<C>	This interface is used to parse the credentials component of an Authorization HTTP header.
CrestAnySchema	An extension to the Jackson AnySchema that includes the custom CREST JSON Schema attributes.
CrestApiProducer	An ApiProducer implementation for CREST resources, that provides ApiDescription descriptors.
CrestApplication	Declare a CREST Application.
CrestArraySchema	An extension to the Jackson ArraySchema that includes the custom CREST JSON Schema attributes.
CrestAuthorizationModule	A CrestAuthorizationModule authorizes client REST requests asynchronously.
CrestBooleanSchema	An extension to the Jackson BooleanSchema that includes the custom CREST JSON Schema attributes.
CrestJsonSchemaFactory	A JsonSchemaFactory that returns the extension schema objects rather than the default Jackson implementations.
CrestObjectSchema	An extension to the Jackson ObjectSchema that includes the custom CREST JSON Schema attributes.
CrestPropertyDetailsSchemaFactoryWrapper	A SchemaFactoryWrapper that adds the extra CREST schema attributes once the Jackson schema generation has been completed.
CryptoConstants	Constants for Crypto Algorithms and Json Crypto Json pointer keys.
CryptoKey	Base class for all secrets that are used as keys for cryptographic operations.
CryptoService	Cryptography Service for the user self service project.
CsrfFilter	A generic filter for preventing cross-site request forgery (CSRF) attacks when using cookie-based authentication.
CsrfFilter.Builder	Builder class for the CSRF filter.
CTSOptions	CTSOptions are intended to provide guidance to the CTS as to how it should perform the requested operation.
CTSPersistentStore	Persistent storage interface for the CTS (Core Token Service) provides callers with a generic way of storing and retrieving objects.
DataDecryptionKey	A key that is used for decrypting confidential data.
DataEncryptionKey	A key that is used for encrypting confidential data.
DataEncryptor	This class DataEncryptor is used to encrypt the data with symmetric and asymmetric keys.
DataLayerException	Base Data Layer exception for all sub types.
DataStore	Interface which needs to be implemented to use with OAuthClient implementations.
DataStoreException	Exception to be used when an error has occurred while interacting with the data store.
DataStoreProvider	Interface used for storing & retrieving information.
DataStoreProviderException	This class is to handle DataStoreProvider related exceptions.
DataStoreProviderManager	This is a singleton class used to manage DataStore providers.
DateTimeValidator
Debug	Deprecated. Use Logger instead.
Decision	The Decision element is a container of one or more Decisions issued by policy decision point
DecisionImpl	The Decision element is a container of one or more Decisions issued by policy decision point
DecodeAction	The class is used to perform privileged operations with AccessController.doPrivileged() when using com.iplanet.services.util.Crypt to decode passwords.
DecodeException	Thrown when data from an input source cannot be decoded, perhaps due to the data being malformed in some way.
DecodeOptions	Decode options allow applications to control how requests and responses are decoded.
Decoder	Decodes an HTTP message entity input stream.
DecryptAction	The class is used to perform privileged operation with AccessController.doPrivileged() when using com.iplanet.am.util.AMPasswordUtil to decrypt passwords.
DecryptionKey<T extends CryptoKey>	Marker interface for all key types that can be used for decryption.
Default	Annotation to define JSON Schema property's default-value, represented as a String.
DefaultingPurpose<S extends Secret>	A purpose that can fallback to a default secret ID if the first - more specific - secret ID could not be found in the secrets provider.
DefaultSessionPropertyUpgrader	Default implementation for SessionPropertyUpgrader This class basically just lets the session upgrade to copy every single property into the new session.
DefaultValues	The abstract class DefaultValues provides a mechanism for services to obtain their default values dynamically instead of being statically defined in the service XML file stored in the directory.
DefaultVersionBehaviour	The default routing behaviour to use when no Accept-API-Version is set on the request.
Definitions	Class that represents API descriptor Schema definitions.
Definitions.Builder	Builder to help construct the Definitions.
DeflateCompressionHandler	An implementation of the CompressionHandler for DEFLATE Compressed Data Format Specification.
DelegatingRouteMatcher<R>	A route matcher that delegates to a provided route matcher.
Delete	Indicates an CREST delete method on an annotated POJO.
Delete	Class that represents the Delete operation type in API descriptor.
Delete.Builder	Builder for the Delete.
DeleteFailedException	Represents a failure to delete a Token from the Core Token Service.
DeleteRequest	A request to delete a JSON resource.
DeleteRequest	The Delete operation allows a client to request the removal of an entry from the Directory.
DeploymentId	A deployment ID, together with its password, facilitates the generation of the cryptographic keys required to protect a deployment, such as a root CA key-pair for SSL/TLS and a master key-pair for protecting symmetric keys used for data encryption.
DeploymentId.DeploymentIdParameters	The deployment ID information to be displayed by the deployment ID tool.
DereferenceAliasesPolicy	A Search operation alias dereferencing policy as defined in RFC 4511 section 4.5.1.3 is used to indicate whether alias entries (as defined in RFC 4512) are to be dereferenced during stages of a Search operation.
DerUtils	Utility methods for reading and writing DER-encoded values.
Describable<D,R>	A routing component (a CHF Handler or CREST RequestHandler) can describe its API by implementing this interface.
Describable.Listener	Interface for listener instances.
DescribableHandler	A handler that both handles Requests, and also supports querying for API Descriptors.
DescribedHttpApplication	An HttpApplication that produces OpenAPI API Descriptors.
DescribedSyncRequestHandlerAdapter	Version of SynchronousRequestHandlerAdapter that exposes a described handler.
Description	Annotation to define JSON Schema property's description.
DirectEncryptionHandler	Supports direct encryption using a shared symmetric key.
Directive	Represents the name/value pair of a HTTP header directives.
DirectoryWatcher	High-level interface to the WatchService API for detecting filesystem change events.
DitContentRule	This class defines a DIT content rule, which defines the set of allowed, required, and prohibited attributes for entries with a given structural objectclass, and also indicates which auxiliary classes may be included in the entry.
DitContentRule.Builder	A fluent API for incrementally constructing DIT content rule.
DitStructureRule	This class defines a DIT structure rule, which is used to indicate the types of children that entries may have.
DitStructureRule.Builder	A fluent API for incrementally constructing DIT structure rules.
Dn	A distinguished name (DN) as defined in RFC 4512 section 2.3 is the concatenation of its relative distinguished name (RDN) and its immediate superior's DN.
DNValidator
DomainValidator	Validates domain
DoNotCacheCondition	This is an implementation of the abstract Condition class, which specifes that the assertion this DoNotCacheCondition is part of, is the new element in SAML 1.1, that allows an assertion party to express that an assertion should not be cached by the relying party for future use.
DriverLoadException	Deprecated.
DropwizardMetricsCollectionResourceProvider	A CREST CollectionResourceProvider that adds queryFilter, field filtering, sorting abilities, and paging to the dropwizard json metrics data.
DSEvent
DuplicateDescriptionException	An exception that is used when trying to merge multiple descriptors but a duplicate is detected.
Duration	Represents a duration in english.
Dynamic	Marks an attribute as being dynamic.
ECDHEncryptionHandler	Implements Elliptic Curve Diffie-Hellman (ECDH) key agreement in ephemeral-static (ECDH-ES) mode.
ECDSASigningHandler	Deprecated. Use SecretECDSASigningHandler instead
EcJWK	This class implements an Elliptical Curve Json Web Key storage and manipulation class.
EcJWK.Builder	EC JWK builder.
ECPFactory	This is the factory class to obtain object instances for concrete elements in the ecp schema.
ECPRelayState	The ECPRelayState interface defines methods for properties required by an ECP RelayState.
ECPRequest	The ECPRequest interface defines methods for properties required by an ECP request.
ECPResponse	The ECPResponse interface defines methods for properties required by an ECP response.
EdDSASigningHandler	Deprecated. Use SecretEdDSASigningHandler instead.
EllipticCurveJwk	Encapsulates common functionality for JWKs that represent elliptic curve keys: EcJWK and OkpJWK.
EmailGateway
EmailUsernameConfig	Configuration for the email based user name retrieval stage.
EmailUsernameStage	Stage is responsible for retrieving the user name.
EmailVerificationWhitelist	Simple whitelisting interface to enforce one-time use for email verification codes.
EmptySubscription	An empty subscription that does nothing other than validates the request amount.
EncodeAction	The class is used to perform privileged operation with AccessController.doPrivileged() when using com.iplanet.services.util.Crypt to encode passwords.
EncryptAction	The class is used to perform privileged operation with AccessController.doPrivileged() when using com.iplanet.am.util.AMPasswordUtil to encrypt passwords.
EncryptedAssertion	The EncryptedAssertion represents an assertion in encrypted fashion, as defined by the XML Encryption Syntax and Processing specification [XMLEnc].
EncryptedAttribute	The EncryptedAttribute element represents a SAML attribute in encrypted fashion.
EncryptedElement	The EncryptedElement carries the content of an unencrypted identifier in encrypted fasion.
EncryptedID	The EncryptedID carries the content of an unencrypted identifier in encrypted fashion.
EncryptedJwt	A JWE implementation of the Jwt interface.
EncryptedJwtBuilder	An implementation of a JwtBuilder that can build a JWT and encrypt it, resulting in an EncryptedJwt object.
EncryptedOpenIdResolver	A resolver capable of verifying encrypted ID tokens.
EncryptedOpenIdResolverFactory	Factory class responsible for creating EncryptedOpenIdResolver instances.
EncryptedPrivateKeyJwtClientAuthenticationFilter	A Filter implementation to add the client credentials to request as signed then encrypted private key jwt as per the OpenID Connect Client Authentication specification.
EncryptedPrivateKeyJwtClientAuthenticationFilter.Builder	Builder class for creating the Encrypted PrivateKey Jwt ClientAuthentication Filter.
EncryptedThenSignedJwt	An implementation of a JWS with a nested JWE as its payload.
EncryptedThenSignedJwtBuilder	An implementation of a JwtBuilder that can build a JWT and encrypt it and nest it within another signed JWT, resulting in an SignedEncryptedJwt object.
EncryptedThenSignedJwtHeaderBuilder	An implementation of a JWS Header builder that provides a fluent builder pattern to create JWS headers for signed encrypted JWTs.
EncryptionHandler	The interface for EncryptionHandlers for all the different encryption algorithms.
EncryptionKey<T extends CryptoKey>	Marker interface for all key types that can be used for encryption.
EncryptionManager	A service to get the appropriate EncryptionHandler for a specified Java Cryptographic encryption algorithm.
EncryptionMethod	An Enum of the possible encryption methods that can be used when encrypting a JWT.
EntitlementCondition	Encapsulates a Strategy to decide if a Privilege applies to a given request.
EntitlementException	Entitlement related exception.
EntitlementModule	Service provider interface for registering custom entitlement conditions and subjects.
EntitlementRegistry	Provides methods for discovering and loading entitlements conditions and subject implementations.
EntitlementSubject	Encapsulates a Strategy to decide if a Privilege applies to a given Subject.
Entity	Message content.
Entries	This class contains methods for creating and manipulating entries.
Entries.DiffStrategy	Defines the available strategy to compute changes.
Entries.NullEntry	An Entry which implements the null object pattern.
Entries.ReplaceStrategy	Defines the available strategy to generate changes.
Entry	An entry, comprising of a distinguished name and zero or more attributes.
EntryChangeNotificationResponseControl	The entry change notification response control as defined in draft-ietf-ldapext-psearch.
EntryGenerator	A template driven entry generator, as used by the makeldif tool.
EntryNotFoundException	Thrown when the result code returned in a Result indicates that the Request failed because the target entry was not found by the Directory Server.
EntryReader	An interface for reading entries from a data source, typically an LDIF file.
EntryWriter	An interface for writing entries to a data source, typically an LDIF file.
EnumTitle	Annotation to provide a title for a given enum value.
EnumValueOfHelper<E extends Enum<E>>	Provides a EnumValueOfHelper.valueOf(String) method as a replacement for the implicitly declared enum function valueOf(String), which has the advantage of not throwing exceptions when the name argument is null or cannot be found in the enum's values.
Environment	The Environment element contains information about the enviroment of the Request context by listing a sequence of Attribute elements associated with the environment.
EnvironmentImpl	The Environment element specifies information about the environment requested in the Request context by listing a sequence of Attribute elements associated with the environment.
EnvironmentVariableResolver	A property accessor that allows access to environment variables.
Errors	Class that represents API descriptor ApiError errors.
Errors.Builder	Builder to help construct the Errors.
ETag	Describes an ETag for a given Token.
Evaluator	The class evaluates entitlement request and provides decisions.
EventException	Exception occurs while setting an event request or when trigering the "entryChanged()" method after a persistent search results are received from the Directory Server.
EventService	The EventService is responsible for listening to and dispatching to listening objects messages returning from persistent searches running in an underlying LDAP implementation.
Evidence	The Evidence element specifies an assertion either by reference or by value.
Evidence	The Evidence element contains one or more assertions or assertion references that the SAML authority relied on in issuing the authorization decision.
EvidenceBase	The Evidence element specifies an assertion either by reference or by value.
Evolving	This annotation marks AM APIs that are continuing to evolve and so should be expected to change, potentially in backwards-incompatible ways even in a minor release.
EvolvingAll	This annotation marks AM APIs that are continuing to evolve and so should be expected to change, potentially in backwards-incompatible ways even in a minor release.
Example	Specify an example value for the JSON schema.
ExampleValue	An annotation to specify an example value for the attribute.
ExceptionHandler<E>	A completion handler for consuming exceptions which occur during the execution of asynchronous tasks.
ExecutorServiceFactory	Responsible for generating ExecutorService instances which are automatically wired up to shutdown when the ShutdownListener event triggers.
ExpiredTokenException	An exception generated by a TokenHandler on extraction when the token is expired.
ExpiryStrategy<T>	Strategy pattern for determining when elements added to a ConcurrentRollingBloomFilter should expire.
ExtendedRequest<S extends ExtendedResult>	The Extended operation allows additional operations to be defined for services not already available in the protocol; for example, to implement an operation which installs transport layer security (see StartTlsExtendedRequest).
ExtendedRequestDecoder<R extends ExtendedRequest<S>,S extends ExtendedResult>	A factory interface for decoding a generic extended request as an extended request of specific type.
ExtendedResult	A Extended result indicates the status of an Extended operation and any additional information associated with the Extended operation, including the optional response name and value.
ExtendedResultDecoder<S extends ExtendedResult>	A factory interface for decoding a generic extended result as an extended result of specific type.
Extensions	The interface Extensions defines methods for adding protcol message extension elements.
ExternalKeyWrappingStrategy	A service provider interface for externalizing the strategy used for wrapping individual private/secret keys.
ExternalRequestContext	A representation of the external HTTP request in the current tree authentication context.
ExternalRequestContext.Builder	A builder for ExternalRequestContext instances.
FacebookClient	OAuth 2.0 Client Implementation that supports Facebook.
FacebookClientConfiguration	Configuration used for Facebook Client Implementation.
FacebookClientConfiguration.Builder	Builder used to create FacebookClientConfiguration instance.
Factory<T>	A factory interface.
FailableInputStream	Wraps an existing InputStream, supporting a failed state that is checked before and after each operation.
FailedToLoadJWKException	Unable to load the JWK/x5u location points.
FallbackAuthContext	An AsyncServerAuthContext which manages a List of AsyncServerAuthModules that are in a desired order of preference for authenticating incoming request messages.
FallbackJwtCryptographyHandler	A cryptography handler that tries multiple JwtCryptographyHandlers in turn for decryption.
FedletAdapter	Deprecated, for removal: This API element is subject to removal in a future version. since AM 7.3.0 Implement use-case specific FedletAdapter implementations instead.
FedletAdapter	The FedletAdapterPlugin abstract class provides methods that could be extended to perform user specific logics during SAMLv2 protocol processing on the Service Provider side.
FieldStorageScheme	This interface defines a field storage scheme.
FileBranchingStream	A BranchingInputStream for reading from files.
Filter	Filters the request and/or response of an HTTP exchange.
Filter	An interface for implementing request handler filters.
Filter	A search filter as defined in RFC 4511.
Filter.FilterType	This enumeration defines the set of possible filter types that may be used for search filters.
FilterChain	A chain of filters terminated by a target request handler.
FilterCondition	A condition which controls whether or not a filter will be invoked or not.
Filters	Utility methods for creating common types of filters.
Filters	This class contains methods for creating various kinds of Filter and FilterConditions.
FlatFileResolver	A PropertyResolver in which each property is stored in its own file in some directory.
FloatValidator
FlowableDecoder	Decodes an HTTP message entity flow.
ForbiddenException	An exception that is thrown when access to a resource is forbidden during an operation on an resource.
ForgottenPasswordConsoleConfig	Represents forgotten password console configuration.
ForgottenPasswordConsoleConfig.ForgottenPasswordBuilder	Builder for ForgottenPasswordConsoleConfig.
ForgottenUsernameConsoleConfig	Represents forgotten username console configuration.
ForgottenUsernameConsoleConfig.ForgottenUsernameBuilder	Builder for ForgottenUsernameConsoleConfig.
Form	Form fields, a case-sensitive multi-string-valued map.
Format	Annotation to mark a JSON Schema property's format field.
ForwardedHeader	A Header representation of the Forwarded HTTP header.
ForwardedHeader.Hop	This class represents a request's hop detail.
Function<VIN,VOUT,E extends Exception>	A synchronous function which returns a result immediately.
Functions	Common Function implementations which may be used when parsing attributes.
GeneralizedTime	An LDAP generalized time as defined in RFC 4517.
GenericControl	A generic control which can be used to represent arbitrary raw request and response controls.
GenericExtendedRequest	A generic Extended request which should be used for unsupported extended operations.
GenericExtendedResult	A Generic Extended result indicates the final status of an Generic Extended operation.
GenericHeader	An undecoded HTTP message header.
GenericIntermediateResponse	A Generic Intermediate response provides a mechanism for communicating unrecognized or unsupported Intermediate responses to the client.
GenericOpenIdResolver<J extends Jwt>	Validation of Open ID Connect JWTs via verification of their internals (issuer, audience, signature, etc.).
GenericSecret	A generic secret represented as an opaque blob of bytes, such as a password or API key.
GetComplete	This interface contains methods for the GetComplete Element in the SAMLv2 Protocol Schema.
GetEffectiveRightsRequestControl	A partial implementation of the get effective rights request control as defined in draft-ietf-ldapext-acl-model.
GlobalConfiguration<T>	This interface identifies the ServiceComponentConfig as containing configuration that is applied globally.
GoogleKmsAesCipher	A Cipher implementation using Google KMS symmetric encryption/decryption.
GoogleKmsEncryptedPropertyFormat	A SecretPropertyFormat for the PropertyResolverSecretStore that can decrypt secrets using a Google KMS decryption key.
GoogleKmsKey	Abstract base class for keys stored in Google KMS.
GoogleKmsPrivateKey	Represents a private key stored in the Google Cloud Platform Key Management Service.
GoogleKmsProvider	Provides implementations of Java Cryptography Architecture primitives that use the Google Cloud Platform Key Management Service.
GoogleKmsRsaCipher	A cipher implementation for RSA-OAEP based on Google Cloud KMS.
GoogleKmsSecretKey	A symmetric secret key stored in Google KMS.
GoogleKmsSecretStore	A secret store that can provide cryptographic keys based on the Google Cloud Platform Key Management Service.
GoogleKmsSecretStore.Builder	Builder class for GoogleKmsSecretStore.
GoogleKmsSignature	Implementation of the Java Signature SPI that delegates signature operations to the Google Cloud Platform Key Management Service.
GoogleKmsSignature.RSAPSS	Implements generic RSA-PSS signing.
GoogleKmsSignature.WithSHA256	Implements signing with the SHA-256 message digest.
GoogleKmsSignature.WithSHA384	Implements signing with the SHA-384 message digest.
GoogleKmsSignature.WithSHA512	Implements signing with the SHA-512 message digest.
GoogleSecretManagerSecretStore	A secret store that can read secrets directly from Google Secret Manager.
GoogleSecretManagerSecretStore.Builder	A builder class for configuring an instance of the GoogleSecretManagerSecretStore.
GoogleSecretManagerSecretStoreProvider	Provides support for fetching secrets from Google Secret Manager.
GrantType	Identifies the OAuth2 Authorization Grant (aka OAuth2 Flow) undertaken to obtain an OAuth2 token.
GrantTypeHandler	Abstract base class for OAuth 2 grant type handlers for calling the token endpoint.
GserParser	This class implements a parser for strings which are encoded using the Generic String Encoding Rules (GSER) defined in RFC 3641.
Handler	Details of a handler.
Handler	Asynchronously handles an HTTP Request by producing an associated Response.
Handlers	Utility methods for creating common types of handlers.
HasPropertyVisitor	This visitor detects if there is any token/placeholder inside the given Template.
Header	An HTTP message header.
HeaderFactory<H extends Header>	Creates instances of Header classes from String representation.
Headers	Message headers, a case-insensitive multiple-value map.
HeaderUtil	Utility class for processing values in HTTP header fields.
HealthCheckRestRouteProvider	A RestRouteProvider that add routes for the AM health check endpoints.
HealthGuiceModule	Guice module for binding together AM health services and endpoints.
Hex	Routines for encoding and decoding binary data in hexadecimal format.
HKDFKeyGenerator	Implements the HKDF key deriviation function to allow a single input key to be expanded into multiple component keys.
HKDFKeyGenerator.HKDFMasterKey	A secret key designed to be used as the master key for HKDF key generation.
HmacSigningHandler	Deprecated. Use SecretHmacSigningHandler instead
HsmKeyStoreLoader	A loader for the KeyStoreSecretStore that knows how to load standard PKCS#11 Hardware Security Module (HSM) providers on our supported platforms.
HttpApplication	Configuration class to configure the HttpApplication instance.
HttpApplicationException	An exception that is thrown during a Http Application start up when the start up of the application fails.
HttpCallback	HttpCallback class implements Callback and is used by the authentication module with HTTP protocol based handshaking negotiation.
HttpCallbackHandler	Callback handler for the JASPI runtime.
HttpClient	An SPI interface for HTTP Client implementations.
HttpClientHandler	An HTTP client for sending requests to remote servers.
HttpClientHandler.HostnameVerifier	SSL host name verification policies.
HttpClientHandler.ProxyInfo	Encapsulates the details of the proxy if one is required when making outgoing requests.
HttpClientProvider	A provider interface for obtaining HttpClient instances.
HttpClientRequest	Models the request that a script can send over a HttpClient.
HttpClientRequestCookie	Models a cookie which can be added to a HttpClientRequest.
HttpClientRequestFactory	Factory provided to hide implementation details from the scripting module.
HttpClientResponse	Models the response that a script can receive from sending a HttpClientRequest over a HttpClient.
I18n	The I18n class provides methods for applications and services to internationalize their messages.
I18nKey	Annotate the choice value enum constant for an Attribute with a i18nKey value property.
IAuthorizer	Deprecated.
Id	Indicates that a method returns the identifier of a configuration set of a multiple-configuration SMS service.
IdConstants
IdentifierQueryResourceHandler	QueryResourceHandler that searches for a specific identifier value.
Identity	Models an identity.
IdentityActivityService	Service informs the caller of an identity's active status.
IdentityActivityService.ActivityLookupException	Exception that represents an error on looking up an identity's active status.
IdentityConfiguration<T>	This interface identifies the ServiceComponentConfig as containing configuration that is applied to an identity.
IdentityException	Exception encapsulates an error from trying to interact with an underlying identity.
IdentityFactory	Factory that helps with the creation of Identity instances.
IdentityNotFoundException	Exception that signifies that the requested identity was not found.
IdentityService	An identity service that allows performing updates to Identity instances.
IdentityService.IdentityAttributeUpdater	A builder which allows several changes to the attributes to be combined into a single update operation per attribute type.
IdentityServicesInitializer	Interface for initializing Identity services.
IdentityStore	Represents an identity store in which user/role/group and other identity data is configured.
IdentityStoreFactory	Factory for creating IdentityStore instances.
IdEventListener	Represents the event listener interface that consumers of this API should implement and register with the IdentityStore to receive notifications.
IdGenerator	Defines the contract to generate global unique identifiers.
IdGenerator.SequenceUuidIdGenerator	Default implementation of the IdGenerator that will output some ids based on the following pattern : <uuid> + '-' + an incrementing sequence.
IdOperation	The class IdOperation defines the types of operations supported on managed identities, and provides static constants for these operation.
IDPAccountMapper	The interface IDPAccountMapper is used to map the local identities to the SAML protocol objects and also the vice versa for some of the protocols for e.g.
IDPAccountMapper	The interface IDPAccountMapper is used to map the local identities to the SAML protocol objects and also the vice versa for some of the protocols for e.g.
IDPAdapter	This interface IDPAdapter is used to perform specific tasks in the IdP.
IdpAdapterScriptHelper	Provides helper functions for IDP Adapter Script Implementations.
IDPAttributeMapper	This interface IDPAttributeMapper is used to map the authenticated user configured attributes to SAML Attributes so that the SAML framework may insert these attribute information as SAML AttributeStatements in SAML Assertion.
IDPAttributeMapper	This interface IDPAttributeMapper is used to map the authenticated user configured attributes to SAML Attributes so that the SAML framework may insert these attribute information as SAML AttributeStatements in SAML Assertion.
IdpAttributeMapperScriptHelper	This class exposes methods that are only intended to be used by IDP Attribute Mapper script types.
IDPAuthenticationMethodMapper	The interface IDPAuthenticationMethodMapper creates an IDPAuthenticationTypeInfo based on the RequestAuthnContext from the AuthnRequest sent by a Service Provider and the AuthnContext configuration at the IDP entity config.
IDPAuthenticationTypeInfo	The class IDPAuthenticationTypeInfo consists of the mapping between AuthenticationType and the actual authentication mechanism at the Identity Provider.
IDPAuthnContextInfo	The class IDPAuthnContextInfo consists of the mapping between AuthnContextClassRef and the actual authentication mechanism at the Identity Provider.
IDPAuthnContextMapper	The interface IDPAuthnContextMapper creates an IDPAuthnContextInfo based on the RequestAuthnContext from the AuthnRequest sent by a Service Provider and the AuthnContext configuration at the IDP entity config.
IDPECPSessionMapper	This interface IDPECPSessionMapper is used to find a valid session from HTTP servlet request on IDP with ECP profile.
IDPEntry	This interface defines methods to set/retrieve single identity provider information trusted by the request issuer to authenticate the presenter.
IDPFinder	This interface IDPFinder is used to find a list of preferred Identity Authenticating providers to service the authentication request.
IDPList	This interface specifies the identity providers trusted by the requester to authenticate the presenter.
IdRepo	This interface defines the methods which need to be implemented by plugins.
IdRepoBundle
IdRepoConfig	Indicates that an interface describes the configuration of an Identity Repository.
IdRepoDuplicateObjectException	An exception type thrown when an IdRepo is asked to create an object with a name that is already used.
IdRepoErrorCode	Class is representing error code for different error states
IdRepoException	The exception class whose instance is thrown if there is any error during the operation of objects of the com.sun.identity.sms package.
IdRepoFatalException	The exception class whose instance is thrown if there is any error during the operation of objects of the com.sun.identity.sms package.
IdRepoListener	Provides methods that can be called by IdRepo plugins to notify change events.
IdRepoService	Service for managing an identity repository.
IdRepoUnsupportedOpException	The exception class whose instance is thrown if there is any error during the operation of objects of the com.sun.identity.sms package.
IdSearchControl	This is a helper class which is used in the IdentityStore search method.
IdSearchOpModifier	This is a helper class which can be in conjunction with the IdSearchControl class to make simple modifications to the basic search performed by each plugin.
IdSearchResults	This class IdSearchResults provides to obtain the search results.
IDSEventListener	The purpose of this interface is to allow classes that implement this interface to listen to Directory Server Events.
IdType	The class IdType defines the types of supported identities, and provides static constants for these identities.
IdTypeService	Allows performing operations related to IdType
IdUtils	The class defines some static utilities used by other components like policy and auth
IFSConstants	Deprecated.
IllegalStageTagException	Exception that represents an unknown stage tag.
IncomparableRouteMatchException	An exception which is thrown when two incompatible RouteMatch instances are attempted to be compared.
Indexed<T>	Interface of an object that can be indexed with a unique key.
Indexer	This class is registered with a Backend and it provides callbacks for indexing attribute values.
IndexingOptions	Contains options indicating how indexing must be performed.
IndexQueryFactory<T>	A factory for creating arbitrarily complex index queries.
InitializablePlugin	All the SAML federation plugins that need to be initialized should extend this.
IntDate	This class provides utility methods for converting Java Date objects into and from IntDates.
IntermediateResponse	An Intermediate response provides a general mechanism for defining single-request/multiple-response operations.
IntermediateResponseHandler	A completion handler for consuming intermediate responses returned from extended operations, or other operations for which an appropriate control was sent.
InternalServerErrorException	An exception that is thrown during an operation on a resource when the server encountered an unexpected condition which prevented it from fulfilling the request.
IntrospectableToken	An OAuth 2.0 token abstraction for introspection.
InvalidAttributeNameException	The InvalidAttributeNameException is thrown to indicate that an invalid attribute name was used.
InvalidAttributeValueException
InvalidAudException	Invalid audience.
InvalidFormatException	Exception thrown if a name of an object such as policy, rule or referral has invalid format
InvalidIssException	Invalid issuer.
InvalidJwtException	Represents an exception that occurs when a JWT is determined as invalid.
InvalidJWTException	Invalid JWT.
InvalidNameException	Exception thrown if a name of an object such as policy, rule or referral is invalid
InvalidOAuthClientException	Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method).
InvalidOAuthRequestException	Exception to be used when an OAuth Request cannot be handled due to known causes.
InvalidPasswordException	Exception that is thrown when the user-entered password token causes the authentication module to be authenticated to fail.
InvalidRequest	Represents a request which has been received and decoded but but is invalid according to the LDAP standard because of an invalid DN syntax or an invalid attribute syntax.
InvalidRequestException	Thrown when the request is missing any required parameters or is otherwise malformed.
InvalidSignatureException	Invalid signature.
InvalidTokenException	An exception generated by a TokenHandler on validation or extraction when the token is invalid.
IO	Utility class that can stream to and from streams.
IotAuthenticationNode	This node handles the authentication of things.
IotAuthenticationNode.AuthenticationOutcomeProvider	Defines the possible outcomes from this node.
IotAuthenticationNode.Config	Configuration for the node.
IotAuthenticationNode.JwtAuthenticationMethod	The JWT authentication method used to verify the JWT presented for authentication.
IotGuiceModule	The IotGuiceModule handles all the Guice dependency injections to allow the plugin to be operational within AM.
IotPlugin	Installs the IoT authentication nodes and services.
IotRegistrationNode	This node handles the registration of things.
IotRegistrationNode.Config	Configuration for the node.
IotRegistrationNode.JwtRegistrationMethod	The JWT registration method used to verify the JWT presented for registration.
IotRegistrationNode.RegistrationOutcomeProvider	Defines the possible outcomes from this node.
IotRestRouteProvider	IotRestRouteProvider adds the IoT routes to the CREST router.
IotSecretIdProvider	This provider exposes the secret IDs used by the IoT component to the SecretIdRegistry.
IotServiceConfig	Service interface for configuring the IoT Service.
IotServiceConfig.RealmConfig	Realm config interface holding the config for the IoT service attributes.
ISSecurityPermission	This class ISSecurityPermission is used to protect the Access Manager resources which should be accessed only by trusted application.
Issuer	The Issuer provides information about the issuer of a SAML assertion or protocol message.
IssuerComparators	Comparators for comparing "issuer" values.
Items	Class that represents the Items type in API descriptor.
Items.Builder	Builder to help construct the Items.
IVerifierOutput	Deprecated.
JacksonUtils	Some utilities for dealing with Jackson schemas.
JaspiAdapters	Adapter class implementing methods that adapt to and from JASPI interfaces to be able to inter-op with pure JASPI implementations.
JavaBeanAdapter<T>	A TokenAdapter that can adapt Java bean-compliant POJOs that have been annotated with the annotations in org.forgerock.openam.tokens.
JavaBeanAdapterFactory	Factory interface for Guice JavaBeanAdapter instances.
JoseSecretConstraints	Set of SecretConstraints for filtering Secrets.
Json	Provides read and write JSON capabilities.
Json.JsonValueModule	Jackson Module that uses a mixin to make sure that a JsonValue instance is serialized using its #getObject() value only.
Json.LocalizableStringModule	Jackson Module that adds a serializer for LocalizableString.
JsonCaveatSet	Convenience class for constructing a set of JSON-based 1st-party caveats for use with Macaroon.addFirstPartyCaveat(JsonValue).
JsonCaveatVerifier	Implements caveats that are structured as JSON objects.
JsonCryptoException	An exception that is thrown during JSON cryptographic operations.
JsonException	An exception that is thrown during JSON operations.
JsonPatch	Processes partial modifications to JSON values.
JsonPatchValueTransformer	RFC6902 expects the patch value to be a predetermined, static value to be used in the patch operation's execution.
JsonPointer	Identifies a specific value within a JSON structure.
JSONSerialisation	Responsible for serialising and deserialising objects to and from JSON.
JsonValue	Represents a value in a JSON object model structure.
JsonValueException	An exception that is thrown during JSON value operations.
JsonValueFilterVisitor	A QueryFilterVisitor that returns true if the provide JsonValue meets the criteria of the QueryFilter assertions and false if it does not.
JsonValueFunctions	This class contains the utility functions to convert a JsonValue to another type.
JsonValueFunctions	This class contains the utility functions to convert a JsonValue to CREST (json-resource) types.
JsonValuePropertyEvaluator	A utility that traverses a JsonValue and does property substitution as well as type coercion.
JsonValuePropertyEvaluator.CoercionFunctionSpec	The specification for a coercion function.
JsonValuePropertyEvaluator.CoercionFunctionSpecBuilder	Builder to create a JsonValuePropertyEvaluator.CoercionFunctionSpec.
JsonValueResolver	A configuration property resolver that uses a JsonValue to resolve properties.
JsonValueTraverseFunction	An implementation of Function that recursively traverses the JsonValue and applies some transformation if needed.
JweAlgorithm	An Enum of the possible encryption algorithms that can be used to encrypt a JWT.
JweAlgorithmType	An Enum of the possible types of JWE algorithms that can be used to encrypt a JWT.
JweCompressionException	Represents an exception for when compression/decompression of the plaintext fails.
JweDecryptionCheckedException	This exception entirely duplicates JweDecryptionException except that it is a checked exception so that it can be used with a Promise.
JweDecryptionException	Represents an exception for when decryption of the JWE fails.
JweEncryption	This class represents the result from the encryption process of the JWT plaintext.
JweEncryptionException	Represents an exception for when encryption of the JWE fails.
JweException	Represents a generic exception for JWE operations.
JweHeader	An implementation for the JWE Header parameters.
JweHeaderBuilder<B extends EncryptedJwtBuilder>	An implementation of a JWE Header builder that provides a fluent builder pattern to create JWE headers.
JweHeaderKey	An Enum for the additional JWE Header parameter names.
JWK	The abstract base class for the 3 implementations of JWK.
JWK.Builder<B extends JWK.Builder>	JWK builder.
JwkKeyFormat	Exports keys in JSON Web Key (JWK) format.
JWKLookup	Helper class to look up and return the keys from specific JWK implementation algorithm types.
JWKOpenIdResolverImpl	This class exists to allow Open Id Providers to supply or promote a JWK exposure point for their public keys.
JWKSet	Holds a Set of JWKs.
JWKSetParser	Provides methods to gather a JWKSet from a URL and return a map of key ids to keys as dictated by that JWKS.
JwkSetSecretStore	A secret store that loads cryptographic keys from a local or remote JWKSet.
JwksStore	Store JWKs into a jwkSet from a JWKs_URI and refresh the jwkSet when necessary.
JwksStoreService	Manage the jwks store, to avoid having more than one jwks store for the same JWKs_URI unnecessary.
JWObject	A base implementation class for a JSON Web object.
JwsAlgorithm	An Enum of the possible signing algorithms that can be used to sign a JWT.
JwsAlgorithmType	An Enum of the possible types of JWS algorithms that can be used to sign a JWT.
JwsException	Represents a generic exception for JWS operations.
JwsHeader	An implementation for the JWS Header parameters.
JwsHeaderBuilder	An implementation of a JWS Header builder that provides a fluent builder pattern to create JWS headers.
JwsHeaderKey	An Enum for the JWS Header parameter names.
JwsSigningException	Represents an exception for when signing of the JWS fails.
JwsVerifyingException	Represents an exception for when verification of the JWS signature fails.
Jwt	The interface for all types of JSON Web Tokens (JWTs).
JwtAuthenticationTokenStore	A secret store that authenticates to Vault using a JWT.
JwtBearerGrantTypeHandler	Implements the JWT bearer assertion grant type.
JwtBuilder	The base interface for all JwtBuilders for each type of JWT (plaintext, signed or encrypted).
JwtBuilderException	Represents an exception that occurs when creating/rebuilding JWTs.
JwtBuilderFactory	A factory for getting builders for plaintext, signed and encrypted JWTs and reconstructing JWT strings back into their relevant JWT objects.
JwtClaimsSet	An implementation that holds a JWT's Claims Set.
JwtClaimsSetBuilder	An implementation of a JWT Claims Set builder that provides a fluent builder pattern to creating JWT Claims Sets.
JwtClaimsSetKey	An Enum for the JWT Claims Set names.
JwtCryptographyHandler	An abstraction of the cryptographic operations that the JWT session modules will need to do to create a read JWTs.
JwtExpiredException	Expired JWT.
JwtHeader	A base implementation class for JWT Headers.
JwtHeaderBuilder<T extends JwtBuilder,B extends JwtHeaderBuilder<T,B>>	A base implementation of a JWT header builder that provides a fluent builder pattern to creating JWT headers.
JwtHeaderKey	An Enum for the JWT Header parameter names.
JwtReconstruction	A service that provides a method for reconstruct a JWT string back into its relevant JWT object, (SignedJwt, EncryptedJwt, SignedThenEncryptedJwt, EncryptedThenSignedJwt).
JwtReconstructionException	Represents an exception that occurs when reconstructing JWTs.
JwtRequestParameterOption	Enum denoting how the request parameter jwt would to be sent to the OIDC provider.
JwtRuntimeException	Represents a generic exception for JWT operations.
JwtSecureHeader	A base implementation for the common security header parameters shared by the JWS and JWE headers.
JwtSecureHeaderBuilder<T extends JwtBuilder,B extends JwtSecureHeaderBuilder<T,B>>	A base implementation of a JWT header builder, for the common security header parameters shared by the JWS and JWE headers, that provides a fluent builder pattern to creating JWT headers.
JwtSessionCookie	Abstraction of a cookie to allow for the CHF Cookie and the Http Cookie.
JwtSessionModule	A JASPI CHF Session Module which creates a JWT when securing the response from a successful authentication and sets it as a Cookie on the response.
JwtTokenHandler	Deprecated. Prefer SecretsJwtTokenHandler instead.
JwtTokenHandlerConfig	Configuration for a JwtTokenHandler.
JwtType	An Enum for the possible types of JWTs.
KbaConfig	Represents a single KBA question in various Locales.
KeyAgreementKey	A key that is used in a key-agreement protocol (such as Diffie-Hellman) to agree another key.
KeyDecryptionKey	A key that is used to decrypt (or "unwrap") other keys that have been encrypted with a KeyEncryptionKey.
KeyEncryptionKey	A key that is used to encrypt ("wrap") other keys.
KeyFormat<T>	A format that can be used for exporting key material.
KeyFormatPem	Exports a key in the PEM (Privacy Enhanced Mail) format.
KeyFormatRaw	Exports the raw key.
KeyInfoConfirmationData	The KeyInfoConfirmationData constrains a SubjectConfirmationData element to contain one or more ds:KeyInfo elements that identify cryptographic keys that are used in some way to authenticate an attesting entity.
KeyManagers	This class contains methods for creating common types of key manager.
KeyOperation	Represents the Possible key operations values.
KeyProvider	The class KeyProvider is an interface that is implemented to retrieve X509Certificates and Private Keys from user data store.
KeyStoreBasedSecretStoreProvider	An abstraction of initialising a keystore-based BaseSecretStoreProvider.
KeyStoreBuilder	Builder class for loading key stores.
KeyStoreJwtCryptographyHandler	Deprecated. The AuthenticatedEncryptionCryptographyHandler should be preferred.
KeyStoreKeyIdProvider	This interface allows customization of the key ID values associated with public keys stored in KeyStoreSecretStores.
KeyStoreManager	A class that manages a Java Key Store and has methods for extracting out public/private keys and certificates.
KeystoreManagerException	Represents an exception from an operation using the KeyStoreManager class.
KeyStoreObjectCache	A service provider interface for implementing key store caches.
KeyStoreParameters	The parameters which configure how the LDAP key store will be accessed.
KeyStoreSecretStore	A secret store for cryptographic keys based on a standard Java KeyStore.
KeyStoreSecretStore.AliasSpec	Specifies an alias with its validity for use in the store.
KeyStoreSecretStore.StableIdProvider	An interface to allow the consuming application to provide the stable ID for the secret.
KeyType	Enum representing the possible KeyTypes.
KeyType	Indicates the type of key.
KeyUsage	Indicates the allowed usages for a particular key.
KeyUseConstants	Represents the supported KeyUse values.
LambdaExceptionUtils	Utility methods for interacting with lambdas that throw exceptions.
LazyList<E>	A list with lazy initialization.
LazyMap<K,V>	A map with lazy initialization.
LazySupplier<T,E extends Exception>	A Supplier that lazily computes a value the first time it is accessed and then caches the result to return on subsequent requests.
Ldap	This class contains various static utility methods encoding and decoding LDAP protocol elements.
LdapClient	An LDAP client provides an interface for obtaining a connection to a Directory Server.
LdapClients	This class contains methods for creating and manipulating LDAP clients and connections.
LdapClientSocket	A connection with a Directory Server over which read and update operations may be performed.
LdapConnectionFactory	A factory class which can be used to obtain connections to an LDAP Directory Server.
LdapException	Thrown when the result code returned in a Result indicates that the Request was unsuccessful.
LdapMessage	Encapsulates a ProtocolOp with LDAP specific message information.
LdapPromise<S>	A handle which can be used to retrieve the Result of an asynchronous Request.
LdapReader	Reads LDAP messages from an underlying ASN.1 reader.
LdapResultHandler<S>	A completion handler for consuming the result of an asynchronous operation or connection attempts.
LdapServer	An LDAP server connection listener which waits for LDAP connection requests to come in over the network and binds them to a server connection created using the provided server connection factory.
LdapSession	Server side representation of a connected LDAP client.
LdapSocket	A reactive socket implementation representing a stream of LDAP messages.
LdapUrl	An LDAP URL as defined in RFC 4516.
LDAPUtils	Utility methods to help interaction with the OpenDJ LDAP SDK.
LDAPUtils.CachedPoolOptions	A model object that contains the settings used for cached connection pools.
LDAPUtils.FailoverLdapClient	Simple failover Ldap Client.
LdapWriter	Writes LDAP messages to an underlying ASN.1 writer.
Ldif	This class contains common utility methods for creating and manipulating readers and writers.
LdifChangeRecordReader	An LDIF change record reader reads change records using the LDAP Data Interchange Format (LDIF) from a user defined source.
LdifChangeRecordWriter	An LDIF change record writer writes change records using the LDAP Data Interchange Format (LDIF) to a user defined destination.
LdifEntryReader	An LDIF entry reader reads attribute value records (entries) using the LDAP Data Interchange Format (LDIF) from a user defined source.
LdifEntryWriter	An LDIF entry writer writes attribute value records (entries) using the LDAP Data Interchange Format (LDIF) to a user defined destination.
LegacyIdentityService	This is a collection of identity related methods which either should not exist, or belong elsewhere.
LegacyIdentityServiceStore	This allows reading and writing service config which is related to a specific identity.
LimitExceededException	Exception thrown if any configured limit is exceeded
LinkedAttribute	An implementation of the Attribute interface with predictable iteration order.
LinkedHashMapEntry	An implementation of the Entry interface which uses a LinkedHashMap for storing attributes.
LinkedInClient	Oauth 2.0 Client Implementation that supports LinkedIn.
LinkedInClientConfiguration	Configuration used for LinkedInClient Implementation.
LinkedInClientConfiguration.Builder	Builder used to create LinkedInClientConfiguration instance.
ListDecorator<E>	Wraps another map.
ListenableConfig	Annotated configuration classes implementing this interface will be able to have listeners registered to be invoked on configuration changes.
Listener	Builder responsible for providing fluent-like functions for building up Action instances which will respond to changes in Service configuration.
Listener.Action	A generic listener which will respond to a configuration or schema change event.
Listener.ConfigType
Listener.ServiceListenerEvent	Represents an event provided to a service listener.
ListMultimap<K,V>	Deprecated. Use ListMultimap instead.
Lists	Provides helper methods for List.
LivenessCheck	This interface defines the contract for checking whether an AM service or component is alive and able to function independent of the state of any 3rd party dependencies or whether the service or component has fallen over to the point of being beyond recovery.
LivenessCheckEndpoint	CHF endpoint that reports AMs liveness, pertaining to the characteristics laid out in the Kubernetes documentation for the liveness probe.
LoadBalancerEventListener	An object that registers to be notified when an LDAP client associated with a load-balancer changes state from offline to online or vice-versa.
Loader	An SPI interface for implementing alternative service loading strategies.
Loader	Provides methods for dynamically loading classes.
Locale	This class Locale.java is a utility that provides functionality for applications and services to internationalize their messages.
LocaleUtils	Utility class for Locales.
LocalizableException	A mix-in interface which can be used to identify exceptions which support localization.
LocalizableMessage	A localizable message whose String representation can be retrieved in one or more locales.
LocalizableMessageBuilder	A mutable sequence of localizable messages and their parameters.
LocalizableMessageDescriptor	An opaque handle to a localizable message.
LocalizableMessageDescriptor.Arg0	Subclass for creating messages with no arguments.
LocalizableMessageDescriptor.Arg1<T1>	Subclass for creating messages with one argument.
LocalizableMessageDescriptor.Arg2<T1,T2>	Subclass for creating messages with two arguments.
LocalizableMessageDescriptor.Arg3<T1,T2,T3>	Subclass for creating messages with three arguments.
LocalizableMessageDescriptor.Arg4<T1,T2,T3,T4>	Subclass for creating messages with four arguments.
LocalizableMessageDescriptor.Arg5<T1,T2,T3,T4,T5>	Subclass for creating messages with five arguments.
LocalizableMessageDescriptor.Arg6<T1,T2,T3,T4,T5,T6>	Subclass for creating messages with six arguments.
LocalizableMessageDescriptor.Arg7<T1,T2,T3,T4,T5,T6,T7>	Subclass for creating messages with seven arguments.
LocalizableMessageDescriptor.Arg8<T1,T2,T3,T4,T5,T6,T7,T8>	Subclass for creating messages with eight arguments.
LocalizableMessageDescriptor.Arg9<T1,T2,T3,T4,T5,T6,T7,T8,T9>	Subclass for creating messages with nine arguments.
LocalizableMessageDescriptor.ArgN	Subclass for creating messages with an any number of arguments.
LocalizableOperation	Localizable Operation.
LocalizableRefProperty	Localizable RefProperty.
LocalizableString	Represents a String which could be localizable.
LocalizableTag	Localizable Tag.
LocalizedIllegalArgumentException	Thrown to indicate that a method has been passed an illegal or inappropriate argument.
LocalizedKeyStoreException	A localized KeyStoreException.
LocalizedLogger	A logger implementation which formats and localizes messages before forwarding them to an underlying SLF4J Logger.
LocalizedLoggerFactory	A factory of LocalizedLogger instances which obtains a SLF4J Logger by calling the appropriate LoggerFactory method and wrapping it in an instance of LocalizedLogger.
LocalizedMarker	An implementation of SLF4J marker that contains a LocalizableMessage and does not allow to manage references to other markers.
LocationHeader	Processes the Location message header.
LockedSecretStoreProvider	A provider of commons SecretStore instances.
LogConstants	Deprecated.
LogException	Deprecated.
LogException	Deprecated.
Logger	Deprecated.
Logger	Deprecated.
LogManager	Deprecated.
LogoutRequest	This class represents the LogoutRequest element in SAML protocol schema.
LogoutResponse	This class represents the LogoutResponse element in SAML protocol schema.
LogQuery	Deprecated.
LogReader	Deprecated.
LogRecord	Deprecated.
Logs	Helper class for logging securely sensitive values.
Macaroon	A macaroon is a cryptographically protected token which can be attenuated by appending caveats.
Macaroon.Caveat	Represents a caveat on a macaroon.
MacaroonEncodingException	Indicates that a macaroon is not well-formed according to a SerializationFormat.
MacaroonToken<T extends IntrospectableToken>	An OAuth2 access or refresh token that is represented as a Macaroon.
MacaroonVerifier	A macaroon verifier is used to verify the caveats on a Macaroon.
MacaroonVerifierResult	Indicates whether a macaroon was successfully verified or not.
MailAddressValidator	Validates mail address This class is constructed using default(noarguments) constructor and mail address is passed to validate function with optional rules The passed mail address is validated for authenticity and boolean value is returned accordingly.
MailConstants	Constants representing the names of the mail server configuration attributes.
MailRouteProvider	A RestRouteProvider that add routes for all email endpoints.
MailServer	Pluggable interface for all email sending in OpenAM.
MailServerFactory<T extends MailServer>	Factory interface for creating instances of MailServer.
MailServerImpl	Default MailServer implementation that sends email via the configured SMTP server.
MailServerLoader	Interface which loads MailServer.
MalformedHeaderException	Thrown when a header string cannot be parsed to a rich Header implementation.
ManageDsaItRequestControl	The ManageDsaIT request control as defined in RFC 3296.
ManageNameIDRequest	This class represents the ManageNameIDRequestType complex type.
ManageNameIDResponse	This class represents the ManageNameIDResponse element declaration.
MapDecorator<K,V>	Wraps another map.
MapFilterVisitor<F>	A QueryFilterVisitor that produces a Map representation of the filter tree.
MapKeyStoreParameters	Configures a keystore based on a key/value map.
MatchedValuesRequestControl	The matched values request control as defined in RFC 3876.
Matcher	A compiled search Filter which may be used for matching against entries.
Matcher.MatcherType	The types of compiled matcher.
MatchingRule	This class defines a data structure for storing and interacting with matching rules, which are used by servers to compare attribute values against assertion values when performing Search and Compare operations.
MatchingRule.Builder	A fluent API for incrementally constructing matching rules.
MatchingRule.MatchingRuleType	Represents the types of matching rules, according to RFC 4517 section 4.1.
MatchingRuleImpl	This interface defines the set of methods that must be implemented to define a new matching rule.
MatchingRuleUse	This class defines a data structure for storing and interacting with a matching rule use definition, which may be used to restrict the set of attribute types that may be used for a given matching rule.
MatchingRuleUse.Builder	A fluent API for incrementally constructing matching rule uses.
MdcAwareAction	An implementation of Action that will preserve the SLF4J MDC.
MdcAwareConsumer<T>	An implementation of Consumer that will preserve the SLF4J MDC.
MdcAwareSubscriber<T>	An implementation of Subscriber that will preserve the SLF4J MDC.
MdcExecutorServiceDelegate	Store SLF4J Mapped Diagnosed Context (aka MDC) when tasks are submitted, and re-inject it when tasks are executed.
MdcScheduledExecutorServiceDelegate	Store SLF4J Mapped Diagnosed Context (aka MDC) when tasks are submitted, and re-inject it when tasks are executed.
MemoryBackend	A simple in-memory collection resource provider which uses a Map to store resources.
MemoryBackend	A simple in-memory back-end which can be used for testing.
Message	The Message class is used by web service client and server to construct request or response.
Message<M extends Message<M>>	Elements common to requests and responses.
MessageContext	The authentication framework uses this MessageContext to pass messages and message processing state to authentication contexts for processing by authentication modules.
MessageContextImpl	An implementation of MessageContext that holds contextual information and state for a given request and response message exchange.
MessageImpl<T extends MessageImpl<T>>	Abstract message base class.
MessageInfoContext	The authentication framework uses this MessageContextInfo to pass messages and message processing state to authentication modules for processing of messages.
MethodCallStatisticsMXBean	Exposes statistics on method call timings and rates to JMX monitoring.
MicrosoftRestMailServer	Sends emails over REST using the OAuth2 client credentials grant type for authentication.
MissingAttributeDetail	The StatusCode element is a container of one or more Statuss issuded by authorization authority.
Modification	A modification to be performed on an entry during a Modify operation.
ModificationType	A Modify operation change type as defined in RFC 4511 section 4.6 is used to specify the type of modification being performed on an attribute.
ModificationType.Enum	Contains equivalent values for the ModificationType values.
ModifyDnRequest	The Modify DN operation allows a client to change the Relative Distinguished Name (RDN) of an entry in the Directory and/or to move a subtree of entries to a new location in the Directory.
ModifyRequest	The Modify operation allows a client to request that a modification of an entry be performed on its behalf by a server.
Multimap<K,V>	Deprecated. Use Multimap instead.
MultipleEntriesFoundException	Thrown when the result code returned in a Result indicates that the requested single entry search operation or read operation failed because the Directory Server returned multiple matching entries (or search references) when only a single matching entry was expected.
MultipleOf	Annotation to mark a numeric JSON Schema property's multipleOf field.
MultipleOfSchema	Interface defining support for multipleOf JSON Schema field.
Multiset<E>	Deprecated. Use Multiset instead.
Multiset.Entry<E>	An unmodifiable element-count pair for a multiset.
MultiValueMap<K,V>	Wraps a map for which the values are lists, providing a set of convenience methods for handling list values.
MutableUri	A MutableUri is a modifiable URI substitute.
NameAlreadyExistsException	Exception thrown if a name of an object such as policy, rule or referral already exists (used by another object of the same type)
NameForm	This class defines a data structure for storing and interacting with a name form, which defines the attribute type(s) that must and/or may be used in the RDN of an entry with a given structural objectclass.
NameForm.Builder	A fluent API for incrementally constructing name forms.
NameID	The NameID is used in various SAML assertion constructs such as Subject and SubjectConfirmation elements, and in various protocol messages.
NameIdentifier	The NameIdentifier element specifies a Subject by a combination of a name and a security domain governing the name of the Subject.
NameIDMapping	This class provides methods to send or process NameIDMappingRequest.
NameIDMappingRequest	This class represents the ManageNameIDRequestType complex type.
NameIDMappingResponse	This class represents the NameIDMappingResponseType complex type.
NameIDPolicy	This interface defines methods to retrieve name identifier related properties.
NameIDType	The NameIDType is used when an element serves to represent an entity by a string-valued name.
NameNotFoundException	Exception thrown if an object such as policy, rule or referral for the given name does not exist.
NeverThrowsException	The NeverThrowsException class is an uninstantiable placeholder exception which should be used for indicating that a Function or AsyncFunction never throws an exception (i.e.
NewEncryptedID	Java content class for NewEncryptedID element declaration.
NewID	This interface identifies the new identifier in an ManageNameIDRequest message.
Node	A node is the core abstraction within an authentication tree.
Node.Metadata	Annotation that describes the metadata of the node.
NodeProcessException	An Exception to indicate that there was a problem processing a Node that could not be resolved to a Action.
NodeState	Encapsulates all state that is provided by each node and passed between nodes on tree execution.
NonExpiringCache<K,V>	Allows the Caching of an object.
NOPCompressionHandler	A NOP implementation of the Compression Handler, which will be used when no compression is to be applied.
NoPermissionException	Exception thrown if a policy operation attempted could not be done due to insufficient permissions
NOPSigningHandler	Deprecated. This algorithm is inherently insecure and shouldn't be used.
NoSuchSecretException	Indicates that no secret was configured for the given purpose, or the named secret is not available.
NotFoundException	An exception that is thrown when a specified resource cannot be found.
NotSupportedException	An exception that is thrown during an operation on a resource when the resource does not implement/support the feature to fulfill the request.
NullLocationException	Deprecated.
NumberRange	An annotation which tags a configuration method as representing a number range.
NumberValidator
OAuth2	OAuth2 utility class.
OAuth2Client<T extends OAuth2ClientConfiguration>	OAuth 2.0 Client Implementation that supports the Authorization Code Grant Flow.
OAuth2ClientConfiguration	Configuration used for OAuth2 Client Implementations.
OAuth2ClientConfiguration.Builder<T extends OAuth2ClientConfiguration.Builder<T,C>,C extends OAuth2ClientConfiguration>	Builder class for creating the OAuth2ClientConfiguration.
OAuth2Context	An OAuth2Context could be used to store and retrieve an AccessTokenInfo.
OAuth2Error	Describes an error which occurred during an OAuth 2.0 authorization request or when performing an authorized request.
OAuth2Request	An abstraction of the actual request so as to allow the core of the OAuth2 provider to be agnostic of the library used to translate the HTTP request.
OAuth2SessionInfo	OAuth2 Session Info Object used to determine if the access token expiry time has passed and to determine if a session is still active.
OAuth2UserInfo	Information about the current user.
OAuthClient	Generic interface for all OAuth-like clients.
OAuthClientConfiguration	Base configuration of an OAuth client.
OAuthClientConfiguration.Builder<T extends OAuthClientConfiguration.Builder<T,C>,C extends OAuthClientConfiguration>	Base builder used to create OAuthClientConfiguration instances.
OAuthConfigException	Exception used when an error has occurred with an OAuth client's configuration.
OAuthException	An exception that is thrown when an OAuth request has failed.
ObjectClass	This class defines a data structure for storing and interacting with an objectclass, which contains a collection of attributes that must and/or may be present in an entry with that objectclass.
ObjectClass.Builder	A fluent API for incrementally constructing object classes.
ObjectClassType	This enumeration defines the set of possible objectclass types that may be used, as defined in RFC 2252.
ObjectInUseException	Exception thrown to indicate that an object you are trying to remove is in use and therefore can not be removed.
Objects	Common utility methods for Objects.
Obligation	The Obligation element is a container of one or more AttributeAssignments issuded by authorization authority.
ObligationImpl	The Obligation element is a container of one or more AttributeAssignments issuded by authorization authority.
Obligations	The Obligations element is a container of one or more Obligations issuded by authorization authority.
ObligationsImpl	The Obligations element is a container of one or more Obligations issuded by authorization authority.
OctJWK	Creates an Octet JWK.
OctJWK.Builder	The Octet JWK builder.
OkpJWK	An Octet Key-Pair (OKP) JWK as defined in RFC 8037.
OkpJWK.Builder	Builder object for Octet Key-Pair (OKP) JWKs.
OneTimeUse	The OneTimeUse indicates that the assertion should be used immediately by the relying party and must not be retained for future use.
OpenAmAccessTokenResolver	Deprecated. The “/oauth2/tokeninfo” endpoint was deprecated in AM 6.5.
OpenApiHelper	Helper methods for applying commonly needed changes to the Swagger model.
OpenApiHelper.OperationVisitor	Visits a Swagger Operation.
OpenApiTransformer	Transforms an ApiDescription into an OpenAPI/Swagger model.
OpenDjSecurityProvider	The OpenDJ LDAP security provider which exposes an LDAP/LDIF based KeyStore service, as well as providing utility methods facilitating construction of LDAP/LDIF based key stores.
OpenDjSecurityProviderSchema	Utility methods for accessing the LDAP schema elements required in order to support the OpenDJ security provider.
OpenIDConnectClient	OpenID Connect Client Implementation that supports the Authorization Code Grant Flow.
OpenIDConnectClientConfiguration	Configuration used for OpenID Connect Client Implementations.
OpenIDConnectClientConfiguration.Builder<T extends OpenIDConnectClientConfiguration.Builder<T,C>,C extends OAuth2ClientConfiguration>	Builder class for creating the OpenIDConnectClientConfiguration.
OpenIdConnectModule	OpenID Connect module that allows access when a valid OpenID Connect JWT which our server trusts is presented in the specific header field.
OpenIDConnectSessionInfo	OpenIDSessionInfo object used to determine if the access token or id token expiry time has passed and to determine if a session is still active.
OpenIdConnectTokenAuthMethodReferencesMapper	An interface which allows soap-sts publishers to generate the amr claim for issued OpenIdConnect tokens on the basis of the validated input token.
OpenIdConnectTokenAuthnContextMapper	OpenIdConnect tokens can include an Authentication Context Class Reference (acr) claim which indicates how the subject asserted by the OIDC token was authenticated.
OpenIdConnectTokenClaimMapper	An instance of this interface will be used to insert any custom claims into issued OpenIdConnect tokens.
OpenIDConnectUserInfo	OpenID Connect user information related to a users current social session.
OpenIdConnectVerificationException	Problem during the verification of an OpenId Connect module.
OpenIdResolver	A resolver that performs validation against a supplied SignedJwt.
OpenIdResolverFactory	For producing OpenId Resolvers.
OpenIdResolverService	Interface through which OpenIdResolvers are obtained, and the service providing them is configured.
OpenIdResolverServiceConfigurator	Interface directing how to configure (OpenIdResolverServiceConfigurator.configureService(OpenIdResolverService, java.util.List)) an OpenIdResolverService.
OpenIdResolverServiceConfiguratorImpl	Implementation of the OpenIdResolverServiceConfigurator interface which applies a simple priority ordering when reading a service configuration.
OpenIdResolverServiceImpl	Holds a copy of the current OpenID Resolvers.
Operation	The common details of an operation.
Operation	Class that represents the Operation type in API descriptor.
Operation.Builder<T extends Operation.Builder<T>>	Builder to help construct the Operation.
Option<T>	A configuration option whose value can be stored in a set of Options.
Options	A set of options which can be used for customizing the behavior of HTTP clients and servers.
OptionsFilter	Filter which handles OPTION HTTP requests to CREST resources.
OrganizationAlreadyExistsException	The OrganizationAlreadyExistsException is thrown if the organization already exists.
OrganizationConfigManager	The class OrganizationConfigManager provides interfaces to manage an organization's configuration data.
OutcomeProvider	Describes the outcomes for node instances.
OutcomeProvider.Outcome	A model object for an outcome.
OverflowException	An exception that is thrown if a buffer would overflow as a result of a write operation.
PagePropertiesCallback	PagePropertiesCallback class implements Callback and used for exchanging all UI related attributes information such as template name, errorState to indicate whether a template is an error page, page header, image name , page timeout value, name of module.
PagingMode	Enum that represents the Query paging mode.
Pair<F,S>	Ordered pair of arbitrary objects.
PAOSConstants	This interface defines constants common to all PAOS elements.
PAOSException	The PAOSException class represents a error while processing SOAP request and response.
PAOSHeader	The PAOSHeader class is used by a web application on HTTP server side to parse a PAOS header in an HTTP request from the user agent side.
PAOSRequest	The PAOSRequest class is used by a web application on HTTP server side to construct a PAOS request message and send it via an HTTP response to the user agent side.
PAOSUtils	The PAOSUtils contains utility methods for PAOS implementation.
Parameter	A extra parameter to an operation.
Parameter	Class that represents the Parameter type in API descriptor.
Parameter.Builder	Builder to construct Parameter object.
ParametersConfig	Configuration for parameter passing stage.
ParameterSource	Enum that represents where the Parameter comes from.
ParametersStage	Captures input parameters to be passed back out at the end of the process.
PartialToken	Represents a partial CTS Token.
Partition	Named set of servers defining a distributed service.
Partition.Server	A server from a partition.
Password	An annotation which tags a configuration method as representing a "secret" value that is encrypted.
Password	An encoded password.
PasswordDecoder	The class PasswordDecoder is an interface that is implemented to decode password.
PasswordExpiredResponseControl	The Netscape password expired response control as defined in draft-vchu-ldap-pwd-policy.
PasswordExpiringResponseControl	The Netscape password expiring response control as defined in draft-vchu-ldap-pwd-policy.
PasswordModifyExtendedRequest	The password modify extended request as defined in RFC 3062.
PasswordModifyExtendedResult	The password modify extended result as defined in RFC 3062.
PasswordPolicyErrorType	A password policy error type as defined in draft-behera-ldap-password-policy is used to indicate problems concerning a user's account or password.
PasswordPolicyException	The exception class whose instance is thrown if there is any error related with password issue.
PasswordPolicyRequestControl	The password policy request control as defined in draft-behera-ldap-password-policy.
PasswordPolicyResponseControl	The password policy response control as defined in draft-behera-ldap-password-policy.
PasswordPolicyWarningType	A password policy warning type as defined in draft-behera-ldap-password-policy is used to indicate the current state of a user's password.
Patch	Indicates an CREST patch method on an annotated POJO.
Patch	Class that represents the Patch operation type in API descriptor.
Patch.Builder	Builder to help construct the Patch.
PatchOperation	Represents all Patch operations.
PatchOperation	An individual patch operation which is to be performed against a field within a resource.
PatchRequest	A request to update a JSON resource by applying a set of changes to its existing content.
Path	Allocate a path to a component.
Paths	Class that represents the Paths type in API descriptor.
Paths	Utilities for manipulating paths.
Paths.Builder	Builder to help construct the Paths.
PathsModule	Jackson Module that adds a serializer modifier for Paths.
PathUtil	Utilities for working with API Description paths and path-parameters.
Payload	The interface represents the body of a JWT.
PemPropertyFormat	Supports decoding keys and certificates in PEM format.
PerItemEvictionStrategyCache<K,V>	PerItemEvictionStrategyCache is a thread-safe write-through cache.
PermanentException	An exception that indicates that a failure is permanent, i.e.
PermissionRequestFilter	Extension filter that will be called before permission request creation.
PermissionTicket	A POJO to represent the UMA Permission Ticket.
PermissiveModifyRequestControl	The Microsoft defined permissive modify request control.
PersistentSearchChangeType	A persistent search change type as defined in draft-ietf-ldapext-psearch is used to indicate the type of update operation that caused an entry change notification to occur.
PersistentSearchRequestControl	The persistent search request control as defined in draft-ietf-ldapext-psearch.
PipeBufferedStream	Represents a pipe for transferring bytes from an OutputStream to a InputStream.
PkceMethod	Proof Key for Code Exchange (PKCE) transformation method.
PluginException	An exception for an error in plugin operation.
PluginTools	A collection of simple tools for interacting with the SMS (Service Management Service).
Policy	Deprecated. As of OpenSSO Express 8.0, use Entitlement instead as Entitlement has replaced Policy.
PolicyDecision	Deprecated. As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
PolicyEvaluationException	The class PolicyEvaluationException is the exception for the error happening in policy request XML parsing and policy request evaluation.
PolicyEvaluator	Deprecated. As of OpenSSO Express 8.0, use Evaluator instead as Entitlement has replaced Policy.
PolicyEvent	Deprecated. As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
PolicyException	The class PolicyException is the basic exception for the the policy component.
PolicyFactory	This is the factory class to obtain instances of the objects defined in xacml context schema.
PolicyListener	Deprecated.
PolicyManager	Deprecated. As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
PostReadRequestControl	The post-read request control as defined in RFC 4527.
PostReadResponseControl	The post-read response control as defined in RFC 4527.
PreconditionFailedException	An exception that is thrown to indicate that a resource's current version does not match the version provided.
PreconditionRequiredException	An exception that is thrown to indicate that a resource requires a version, but no version was supplied in the request.
Predicate	An interface for a basic, stand-alone predicate which can be evaluated given some JsonValue input and serialized for storage.
Predicate<T,E extends Exception>	A Predicate functional interface which can thrown a checked Exception.
PreferredLocales	This class encapsulates an ordered list of preferred locales, and the logic to use those to retrieve i18n ResourceBundles.
PreReadRequestControl	The pre-read request control as defined in RFC 4527.
PreReadResponseControl	The pre-read response control as defined in RFC 4527.
PrivateKeyJwtClientAuthenticationFilter	A Filter implementation for adding the client credentials to request as signed private key jwt as per the OpenID Connect Client Authentication specification.
PrivateKeyJwtClientAuthenticationFilter.Builder<T extends PrivateKeyJwtClientAuthenticationFilter.Builder<T>>	Builder class for creating the PrivateKey Jwt ClientAuthentication Filter.
PrivilegeEvaluatorContext	Holds the context of the policy evaluation making it available to policy conditions.
ProcessContext	Process context represents the current state of the workflow.
ProcessInstanceConfig	Represents the configuration for an instance of the anonymous process service.
ProcessStore	Process store is used to persist state throughout a given flow cycle.
ProductPathResolver	A property accessor for product paths.
ProgressStage<C extends StageConfig>	Progress stage represents a single stage within the overall advance flow.
ProgressStageBinder	Progress stage binder is responsible for creating bindings between the stage configs and their consuming stages.
ProgressStageBinding<C extends StageConfig>	Binds together the progress stage with its config.
ProgressStageProvider	Progress stage provider.
Promise<V,E extends Exception>	A Promise represents the result of an asynchronous task.
PromiseImpl<V,E extends Exception>	An implementation of Promise which can be used as is, or as the basis for more complex asynchronous behavior.
Promises	Utility methods for creating and composing Promises.
Promises.Results	Ordered list of joined asynchronous results.
ProofTokenState	When issuing SAML2 Holder-of-Key assertions, the proof token is usually an X509Certificate.
ProofTokenState.ProofTokenStateBuilder	Builder class for ProofTokenState
PropertiesResolver	Given a file path this will load the properties within the file as a PropertyResolver.
PropertyFormat	Supported property formats for file-based and system/environment variable properties.
PropertyFormatBase64	Decodes secrets in raw base64 format.
PropertyOrder	Annotation to provide a property order for a given object property.
PropertyPolicies	An annotation to declare the policies for property access in the CREST API Descriptor schema elements.
PropertyResolver	A property resolver attempt to get the value of a given config property.
PropertyResolvers	A utility class that gives access to the default property resolvers for a product.
PropertyResolverSecretStore	A SecretStore implementation that resolves secrets as base64-encoded strings from an underlying PropertyResolver.
ProtectedResource	Deprecated. As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
ProtocolFactory	This is the factory class to obtain object instances for concrete elements in the protocol schema.
ProtocolOp	The base class of all requests and responses provides methods for querying and manipulating the set of Controls.
ProxiedAuthV1RequestControl	The proxy authorization v1 request control as defined in draft-weltman-ldapv3-proxy-04.
ProxiedAuthV2RequestControl	The proxy authorization v2 request control as defined in RFC 4370.
ProxyPolicyEvaluator	Deprecated. As of OpenSSO Express 8.0, use Evaluator instead as Entitlement has replaced Policy.
ProxyPolicyEvaluatorFactory	Deprecated. As of OpenSSO Express 8.0, use Evaluator instead as Entitlement has replaced Policy.
ProxyProtocolHeader	This class defines the proxy protocol header as it is described in the proxy protocol documentation.
ProxyProtocolHeader.SslTlv	Exposes the content of the "pp2_tlv_ssl" structure present in the ProxyProtocolHeader.PP2_TYPE_SSL TLV header.
ProxyProtocolHeader.SslTlv.ClientBit	Represents the possible values for the client property of the "pp2_tlv_ssl" structure.
ProxyProtocolHeader.SslTlv.SslSubType	Represents the possible types of the "sub_tlv" contained in the "pp2_tlv_ssl" structure present in the ProxyProtocolHeader.PP2_TYPE_SSL TLV header.
ProxyRestriction	The ProxyRestriction specifies limitations that the asserting party imposes on relying parties that in turn wish to act as asserting parties and issue subsequent assertions of their own on the basis of the information contained in the original assertion.
PublicKeyOpenIdResolverImpl	This class exists to allow functionality for those Open ID Connect providers which supply their signatures through asymmetric key algorithms (e.g.
Purpose<T extends Secret>	A purpose encapsulates both a name for a function that requires access to secrets, together with a hint as to the intended usage of those secrets.
PurposeMapping	A mapping of purpose to alias with a valid-from date.
PurposeMappingValidator	This validator makes sure that the secret mappings have both the alias and the secret ID specified, and additionally it verifies that there is no other secret mapping in the configuration already for the same secret ID.
PushNotificationDelegate	A PushNotificationDelegate is an implementation of OpenAM's Push Notification Service PushNotificationService specific to a realm as generated by a PushNotificationDelegateFactory.
PushNotificationDelegateFactory	Defines how PushNotificationDelegates should be created.
Queries	Declare an array of Query operations from a single method.
Query	Indicates an CREST query method on an annotated POJO.
Query	Class that represents the Create Operation type in API descriptor.
Query.Builder	Builder to help construct the Read.
QueryElement	Deprecated.
QueryFilter<F>	A filter which can be used to select resources, which is compatible with the CREST query filters.
QueryFilterOperators	QueryFilter constants.
QueryFilterParser<F>	A query string has the following string representation:
QueryFilters	Convenience methods to create QueryFilter that specify fields in terms of JsonPointer instances.
QueryFilterVisitor<R,P,F>	A visitor of QueryFilters, in the style of the visitor design pattern.
QueryRequest	A request to search for all JSON resources matching a user specified set of criteria.
QueryResourceHandler	A completion handler for consuming the results of a query request.
QueryResponse	The final result of a query request returned after all resources matching the request have been returned.
QueryType	Enum that represents the Query type.
QuotaExhaustionAction	Interface to define the resulting behavior when the session quota is exhausted.
RangeSet	Exposes a range of integer values as a set.
Rdn	A relative distinguished name (RDN) as defined in RFC 4512 section 2.3 is the name of an entry relative to its immediate superior.
Read	Indicates an CREST read method on an annotated POJO.
Read	Class that represents the Read Operation type in API descriptor.
Read.Builder	Builder to help construct the Read.
ReadinessCheck	This interface defines the contract for checking whether an AM service or component is ready to service requests successfully, independent of the state of any 3rd party dependencies.
ReadinessCheckEndpoint	CHF endpoint that reports AMs readiness, pertaining to the characteristics laid out in the Kubernetes documentation for the readiness probe.
ReadOnly	Annotation to mark a JSON Schema property as read-only.
ReadPolicy	Enum that represents the Schema read policies.
ReadRequest	A request to read a single identified JSON resource.
Realm	Models a valid realm within OpenAM.
RealmConfiguration<T>	This interface identifies the ServiceComponentConfig as containing configuration that is applied to a realm.
RealmLookup	API for looking up realms and determining if they are active or not.
RealmLookupException	Signals that the realm String used to lookup a realm failed due to it being an invalid realm identifier or the lookup operation failed.
Realms	A class to statically obtain Realm instances.
RecoveryCodeGenerator	Generates codes of a specified length using a given Alphabet as valid characters.
Reference	Class that represents the Reference type in API descriptor.
Reference.Builder	Builder to help construct the Reference.
ReferenceResolver	Helper that registers one or more ApiDescription instances and provides a means to resolve References.
Referral	Deprecated.
ReferralException	Thrown when the result code returned in a Result indicates that the Request could not be processed by the Directory Server because the target entry is located on another server.
ReferralTypeManager	Deprecated. As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
ReferrerHeader	A Header representation of the Referrer HTTP header.
RefreshTokenGrantTypeHandler	A grant type handler that can obtain an access token using a previously obtained refresh token.
Reject	A input parameter-validating utility class using fluent invocation:
RejectedChangeRecordListener	A listener interface which is notified whenever a change record cannot be applied to an entry.
RejectedLdifListener	A listener interface which is notified whenever LDIF records are skipped, malformed, or fail schema validation.
RejectedMacaroonException	Indicates that a macaroon has been rejected by a MacaroonVerifier for a reason other than being invalid.
RelaxRulesRequestControl	The internet-draft defined Relax Rules control.
ReplicationServiceDiscoveryMechanism	Service Discovery Mechanism retrieving information from a replication topology.
Request	The Request element is the top-level element in the XACML context scehema.
Request	A request message.
Request	Common attributes of all JSON resource requests.
Request	The base class of all Requests provides methods for querying and manipulating the set of Controls included with a Request.
Request.RequestType	The type of this request.
RequestAbstract	This interface defines methods for setting and retrieving attributes and elements associated with a SAML request message used in SAML protocols.
RequestAuditContext	A context for audit information for an incoming request.
RequestAuthorizationFilter	Extension filter that will be called before request authorization and after request authorization.
RequestCookies	Exposes incoming request cookies.
RequestedAuthnContext	Java content class for RequestedAuthnContext element declaration.
RequesterID	This interface identifies the requester in an AuthnRequest message.
RequestHandle	Provides the ability to terminate an asynchronous LDAP request.
RequestHandler	A marker annotation to indicate that the annotated class should be interpreted as an annotated CREST request handler.
RequestHandler	Represents the contract with a set of resources.
RequestImpl	The Request element is the top-level element in the XACML context schema.
Requests	A utility class containing various factory methods for creating and manipulating requests.
Requests	This class contains various methods for creating and manipulating requests.
RequestType	An enumeration whose values represent the different types of request.
RequestVisitor<R,P>	A visitor of Requests, in the style of the visitor design pattern.
RequestVisitor<R,P,E extends Exception>	A visitor of Requests, in the style of the visitor design pattern.
RequirementsBuilder	Helper class to assist with the building of requirements.
ResetStage	The reset password stage.
ResetStageConfig	Configuration for the password reset stage.
Resource	The Resource element specifies information about the resource to which access is requested by listing a sequence of Attribute elements associated with the resource.
Resource	Class that represents the Resource type in API descriptor.
Resource.AnnotatedTypeVariant	The variant of the annotated type.
Resource.Builder	Builder to help construct the Resource.
ResourceAccess	A ResourceAccess encapsulates the logic of required scope selection.
ResourceApiVersionBehaviourManager	Implementations of this interface will be responsible for maintaining the behaviour of API Version routing.
ResourceApiVersionRoutingFilter	API Version routing filter which creates a ApiVersionRouterContext which contains the default routing behaviour when the Accept-API-Version header is set on the request.
ResourceApiVersionRoutingFilter	API Version routing filter which creates a ApiVersionRouterContext which contains the default routing behaviour when the Accept-API-Version header is set on the request.
ResourceApiVersionSpecificationFilter	A Filter supporting the specification of resource API version configuration to be used when a request on a specific endpoint does not contain an Accept-API-Version header.
ResourceApiVersionSpecificationFilter.NoApiVersionHandler	Handler allowing products to extend behaviour when a request has no resource API version supplied.
ResourceApiVersionSpecificationFilter.ResourcePathAndVersion	Class representing a mapping between a ResourcePath and a Version.
ResourceApiVersionSpecificationFilter.ResourcePathAndVersionSpecification	ResourceApiVersionSpecificationFilter.VersionSpecification supporting specification of a request's resource version based on its resource path.
ResourceApiVersionSpecificationFilter.VersionSpecification	Mechanism supporting specification of a version on the request.
ResourceAttribute	Encapsulates a Strategy to derive attributes to be returned with a particular Entitlement when evaluating Privileges.
ResourceContent	The ResourceContent element specifies information about the resource to which access is requested by listing a sequence of Attribute elements associated with the resource.
ResourceDelegationFilter	Extension filter that will be called before a resource is shared, after a resource is shared, before a shared resource is modified and on a resource no longer being shared.
ResourceException	An exception that is thrown during the processing of a JSON resource request.
ResourceImpl	The Resource element specifies information about the resource to which access is requested by listing a sequence of Attribute elements associated with the resource.
ResourceMatch	Deprecated. As of OpenSSO Express 8.0, use ResourceMatch instead as Entitlement has replaced Policy.
ResourceMatch	The class ResourceMatch defines the results of a resource match with respect to Policy.
ResourceName	Deprecated.
ResourceName	The interface ResourceName provides methods to determine the hierarchy of resource names.
ResourceOwnerPasswordGrantTypeHandler	A grant type handler that can obtain an access token using the Resource Owner Password Credentials (ROPC) grant.
ResourcePath	A relative path, or URL, to a resource.
ResourceRegistrationFilter	Extension filter that will be called before and after resource sets are registered.
ResourceResponse	A resource, comprising of a resource ID, a revision (etag), and its JSON content.
ResourceResult	Deprecated. As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
Resources	This class contains methods for creating and manipulating connection factories and connections.
ResourceServerFilter	Validates a Request that contains an OAuth 2.0 access token.
ResourceSetDescription	Represents a resource set description created by an OAuth2 client (resource server).
Response	The Response message element is used when a response consists of a list of zero or more assertions that satisfy the request.
Response	The Response element is a container of one or more Results issued by policy decision point
Response	A response message.
Response	Common response object of all resource responses.
Response	The base class of all Responses provides methods for querying and manipulating the set of Controls included with a Response.
ResponseCacheControl	Indicates whether a response can be cached and under what conditions.
ResponseException	An HTTP Framework Exception that can be used by filters/handlers to simplify control-flow inside async call-backs.
ResponseMode	Response mode enum as described by OAuth 2.0 Multiple Response Type Encoding Practices - Response Modes.
ResponseProvider	Deprecated.
ResponseProviderTypeManager	Deprecated. As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
Responses	Provide out-of-the-box, pre-configured Response objects.
Responses	A utility class containing various factory methods for creating and manipulating responses.
Responses	This class contains various methods for creating and manipulating responses.
ResponseTypeHandler	Handles the issuing of Tokens for a response type, i.e.
ResponseWriter	Writes AuthenticationException responses for different media types.
RestrictedTokenContextFilter	A filter that can be applied to a CREST route in order to enter the restricted token context for a request if it contains a requester token as well as subject token.
RestTokenProvider<T>	Interface defining token creators in the rest-sts.
RestTokenProviderParameters<T>	Parameter state passed to JsonTokenProvider instances.
RestTokenTransformValidator<T>	Defines the contract for token validators deployed in the context of token transformation.
RestTokenTransformValidatorParameters<T>	Defines the parameter state which needs to be passed to the RestTokenTransformValidator#validateToken instances.
Result	The Result element is a container of one or more Results issuded by authorization authority.
Result	A Result is used to indicate the status of an operation performed by the server.
ResultCode	An operation result code as defined in RFC 4511 section 4.1.9 is used to indicate the final status of an operation.
ResultCode.Enum	Contains equivalent values for the ResultCode values.
ResultHandler<T,E extends Exception>	ResultHandler is responsible for providing a mechanism of allowing access to the result of an asynchronous operation.
ResultHandler<V>	A completion handler for consuming the results of asynchronous tasks.
RetrieveEmailConfig	Configuration for the retrieve email stage.
RetrieveEmailStage	Stage is responsible for retrieving the email.
RetrieveUsernameConfig	Configuration for the retrieve username stage.
RetrieveUsernameStage	Stage is responsible for retrieving the username.
RetryableException	An exception that indicates that a failure may be temporary, and that retrying the same request may be able to succeed in the future.
RootContext	A Context which has an a globally unique ID but no parent.
RootDse	The root DSE is a DSA-specific Entry (DSE) and not part of any naming context (or any subtree), and which is uniquely identified by the empty DN.
RootUrlManager	Singleton class used to manage Root URL providers.
RootUrlProvider	Interface used for getting a context's root url.
RootUrlProviderException	To be used when an exception has occurred in a root url provider.
RouteMatch	Contains the result of routing to a particular route.
RouteMatcher<R>	A matcher for evaluating whether a route matches the incoming request.
RouteMatchers	A utility class that contains methods for creating route matchers.
RouteMatchers	A utility class that contains methods for creating route matchers.
Router	A router which routes requests based on route matchers.
Router	A router which routes requests based on route predicates.
Router.UriTemplate	Represents a URI template string that will be used to match and route incoming requests.
RoutingMode	The algorithm which should be used when matching URI templates against request resource names.
RSA15AES128CBCHS256EncryptionHandler	Deprecated. Use RSAEncryptionHandler and AESCBCHMACSHA2ContentEncryptionHandler instead.
RSA15AES256CBCHS512EncryptionHandler	Deprecated. Use RSAEncryptionHandler and AESCBCHMACSHA2ContentEncryptionHandler instead.
RSAEncryptionHandler	Abstract base class for implementations of the RSAES-PKCS1-v1_5 and RSA-OAEP encryption schemes.
RsaJWK	Implements a RsaJWK.
RsaJWK.Builder	The RSA JWK builder.
RsaJWK.PrimesInfo	Holds the other prime factors.
RSASigningHandler	Deprecated. Use SecretRSASigningHandler instead
Rule	Deprecated. As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
RuntimeExceptionHandler	A completion handler for consuming runtime exceptions which occur during the execution of asynchronous tasks.
RxIo	Utility class for creating reactive transports and sockets.
RxServerSocket<M,S extends RxSocket<M>>	A reactive server socket listens for incoming connections and binds them to a RxSocket.
RxSocket<M>	A transport agnostic reactive socket abstraction.
RxTransport<M,S extends RxSocket<M>>	Factory interface for creating reactive client and server sockets.
Saml2ClientConstants	Constants used by the SAML2 Client implementation.
Saml2ClientModule	Guice module containing bindings for SAML2 client APIs.
SAML2Config	Encapsulates the configuration state necessary to produce SAML2 assertions.
SAML2Config.SAML2ConfigBuilder	Builder used to programmatically create SAML2Config objects
SAML2Constants	This interface defines constants common to all SAMLv2 elements.
SAML2Constants.ScriptParams	Constants for SAML2 scripted plugins
SAML2Exception	This class is an extension point for all SAML related exceptions.
SAML2IdentityProviderAdapter	Deprecated, for removal: This API element is subject to removal in a future version. since AM 7.3.0 Implement use-case specific IDPAdapter implementations instead.
SAML2IDPFinder	Deprecated, for removal: This API element is subject to removal in a future version. since AM 7.3.0 Implement use-case specific IDPFinder implementations instead.
SAML2InvalidNameIDPolicyException	This class is an extension point for all SAML related exceptions.
SAML2InvalidUserException	This class is an extension point for invalid usernames in the SAML flow.
SAML2MetaUtils	The SAML2MetaUtils provides metadata related util methods.
Saml2Options	This class contains the currently available options that can control the SAML2 flows.
Saml2Proxy	Called on the way back into the SAML2 Authentication Module by the saml2AuthAssertionConsumer jsp.
Saml2ResponseData	Response data from SAML2 IDP, combined here for ease of access.
SAML2SDKUtils	The SAML2SDKUtils contains utility methods for SAML 2.0 implementation.
SAML2ServiceProviderAdapter	Deprecated, for removal: This API element is subject to removal in a future version. since AM 7.3.0 Implement use-case specific SPAdapter implementations instead.
Saml2SpSsoInitiator	Initiates SAML2 single sign-on on the service provider side.
Saml2SsoException	An exception type that highlights that an issue has occurred during SAML2 single sign-on.
Saml2SsoInitiator	This interface exposes APIs to allow callers to initiate SAML2 Single Sign-on flows when AM acts as a service provider.
Saml2SsoResponseUtils	Utility methods for working with SAML2 SSO responses.
Saml2SsoResult	This POJO contains information collated during SAML2 response processing.
SAML2SubjectConfirmation	Enum defining the SAML2 SubjectConfirmation values used in the REST-STS and the TokenGenerationService.
SAML2Utils	The SAML2Utils contains utility methods for SAML 2.0 implementation.
SAMLConstants	This is a common class defining some constants common to all SAML elements.
SAMLException	This class is an extension point for all SAML related exceptions.
SAMLPlugin	The marker interface that all the federation plugins should extend from.
SAMLRequesterException	This exception is thrown when the request could not be performed due to an error in the sender or in the request.
SAMLResponderException	This exception is thrown when the request could not be performed due to an error at the receiving end.
SAMLUtils	This class contains some utility methods for processing SAML protocols.
SAMLVersionMismatchException	This exception is thrown when the receiver could not process the request because the version was incorrect.
SaslRxSocket	A reactive socket which adds SASL QOP to an underlying reactive socket..
Schema	Specify a schema for the element that is being described.
Schema	Class that represents the Schema type in API descriptor.
Schema	This class defines a data structure that holds information about the components of the LDAP schema.
Schema.Builder	A builder class for Schema instances.
SchemaBuilder	Schema builders should be used for incremental construction of new schemas.
SchemaBuilder.SchemaBuilderHook	Allows to perform modifications on element's builders before adding the result to this schema builder.
SchemaElement	Interface for schema elements.
SchemaException	The SchemaException is thrown if the error encountered is related to the schema.
SchemaOptions	Common options for LDAP schemas.
SchemaResolver	Schema resolvers are included with a set of DecodeOptions in order to allow application to control how Schema instances are selected when decoding requests and responses.
SchemaType	The class SchemaType defines the types of schema objects, and provides static constants for these schema objects.
SchemaValidationPolicy	This class provides various schema validation policy options for controlling how entries should be validated against the directory schema.
SchemaValidationPolicy.Action	An enumeration of the possible actions which can be performed when a schema validation failure is encountered.
ScopeEvaluator	A plugin or (extension point) that evaluates and returns an OAuth2 access token's scope information.
ScopeValidator	A plugin or (extension point) that allows the OAuth2 provider to customise the set of requested scopes for authorize, access token, refresh token and back channel authorize requests.
ScopeValidator	Deprecated. since 7.2.0
Scoping	This interface defines methods to retrieve Identity Providers and context/limitations related to proxying of the request message.
ScramCredential	The SCRAM credential data persisted in the server using the representation described in RFC 5803 which is a specialization of RFC 3112.
ScramCredentialCallback	Server-side callback for obtaining the stored SCRAM credential for a given user and mechanism.
ScramMechanism	SASL/SCRAM client and server implementations as specified in RFC 5802.
ScriptedIdentity	A wrapper class to limit an authentication script's exposure to a AmIdentity object
ScriptedIdentityRepository	A repository to retrieve user information within a scripting module's script
ScriptedSecrets	A wrapper around the Secrets API that allows a simplified interface to access secrets from a scripting context.
ScriptEntitlementInfo	This class wraps around an EntitlementInfo object for consumption in scripts.
ScriptPropertyResolver	Resolver for getting properties in scripts.
SearchRequest	The Search operation is used to request a server to return, subject to access controls and other restrictions, a set of entries matching a complex search criterion.
SearchResultEntry	A Search Result Entry represents an entry found during a Search operation.
SearchResultHandler	A completion handler for consuming the results of a Search operation.
SearchResultReference	A Search Result Reference represents an area not yet explored during a Search operation.
SearchResultReferenceIOException	Thrown when an iteration over a set of search results using a ConnectionEntryReader encounters a SearchResultReference.
SearchScope	A Search operation search scope as defined in RFC 4511 section 4.5.1.2 is used to specify the scope of a Search operation.
SearchScope.Enum	Contains equivalent values for the SearchScope values.
Secret	Value object that models a secret as a value.
Secret	A secret is any piece of data that should be kept confidential.
SecretBuilder	Provides a uniform way for secrets providers to construct secrets and keys.
SecretConfigurationException	An exception that occured when reading the configuration of the secret API.
SecretConstraint<T extends Secret>	Interface for constraints on a secret that must be satisfied for a given Purpose.
SecretDecoder	Specifies how data retrieved from a SecretStore should be decoded into a secret object.
SecretECDSASigningHandler	Elliptic Curve Digital Signature Algorithm (ECDSA) signing and verification.
SecretEdDSASigningHandler	Signing handler for Edwards Curve DSA (EdDSA) as defined in RFC 8037.
SecretException	A class of exception arising from use of the secrets API.
SecretHmacSigningHandler	An implementation of the SigningHandler which can sign and verify using algorithms from the HMAC family.
SecretIdChoiceValues	A ChoiceValues implementation that fetches the names of all known purposes.
SecretIdProvider	This interface allows AM's modules/components to easily expose which secret IDs they are using.
SecretInitialisationException	An exception that occurred when initialising the secret API.
SecretInstantiationException	An exception that represents an inability to instantiate a secret object.
SecretKeyPropertyFormat	Wraps a property format that decodes raw bytes and converts it into a property format for extracting secret keys using some algorithm.
SecretPropertyFormat	Defines the format of secrets loaded from configuration properties.
SecretReference<T extends Secret>	A long-lived reference to an active or named secret.
SecretRSASigningHandler	An Secret-based implementation of the SigningHandler which can sign and verify using algorithms from the RSA family.
Secrets	The top-level API to obtain secrets in AM.
SecretsApiBearerTokenCredentials	Provides Google SDK credentials from the secrets API.
SecretSigningHandler	Provides Secret-based signing and verification code base.
SecretsJwtTokenHandler	Token handler for creating tokens using a JWT as the store.
SecretsJwtTokenHandler.Builder	Builder pattern object for configuring a SecretsJwtTokenHandler.
SecretsKeyManager	An X509ExtendedKeyManager implementation that gets keys and certificates from a SecretsProvider.
SecretsKeyStoreProvider	A Java security provider that exposes a KeyStore view of a secret store.
SecretsLoadStoreParameter	Class used to initialise the keystore when it is initialised via the standard Java interfaces.
SecretsProvider	The secrets provider is used to get hold of active, named or valid secret objects.
SecretsProviderFacade	A facade around SecretsProvider instances from the realm and global levels that will delegate correctly to the global provider when a secret is not found in the realm, and knows how to resolve secrets for a DefaultingPurpose.
SecretsProviderJwtCryptographyHandler	Deprecated. The AuthenticatedEncryptionCryptographyHandler should be preferred.
SecretsReferenceProvider	A class that can provide secret references for a given purpose.
SecretStore<T extends Secret>	A backend storage mechanism for certain kinds of secrets.
SecretStoreContext	Encapsulates the context in which a secret store is being instantiated.
SecretsTrustManager	Provides an implementation of a standard Java TLS X509ExtendedTrustManager that will retrieve trusted certificates from the Secrets API.
SecretsUtils	Utility methods for dealing with secrets.
SecureAttrs	SecureAttrs class forms the core api of "Secure Attributes Exchange" (SAE) feature.
SecurityAnswer	Utility Class for Security Answers.
SecurityAnswerDefinitionConfig	Configuration for the KBA Security Answer Definition Stage.
SecurityAnswerDefinitionStage	Stage is responsible for supplying the KBA questions to the user and capturing the answers provided by the user.
SecurityAnswerLockoutManager	Interface to manage security question answer match failures and subsequent lockout.
SecurityAnswerVerificationConfig	Configuration for the KBA Security Answer Verification Stage.
SecurityAnswerVerificationStage	Stage is responsible for verifying the answers provided by the user for the KBA questions.
SecurityAssertion	The SecurityAssertion class provides an extension to Assertion class to support ID-WSF ResourceAccessStatement and SessionContextStatement.
SecurityContext	A Context containing information about the client performing the request which may be used when performing authorization decisions.
SecurityUtils	This class has common utility methods .
SelfService	Denotes self service dependencies.
SelfServiceConsoleConfig	Defines the bases for which all self service console configuration should be built on.
SelfServiceContext	A Context that indicates the request came from Self-Service.
SerializationFormat	Determines how to serialize and deserialize macaroons into a string format.
ServerSideSortRequestControl	The server-side sort request control as defined in RFC 2891.
ServerSideSortResponseControl	The server-side sort response control as defined in RFC 2891.
ServiceAlreadyExistsException	The ServiceAlreadyExistsException is thrown if the service already exists.
ServiceAttributeValidator	The interface ServiceAttributeValidator should be implemented by the services/applications if validator plugins are required.
ServiceComponentConfig	A marker interface indicating that the sub-type defines configuration for a Service Component.
ServiceConfig	The class ServiceConfig provides interfaces to manage the configuration information of a service configuration.
ServiceConfigException	An exception that indicates there was a problem when using the Service Component Config API.
ServiceConfigException	A sub-exception of SMSException for the ServiceConfigValidator.
ServiceConfigManager	The class ServiceConfigurationManager provides interfaces to manage the service's configuration data.
ServiceConfigProvider<C extends SelfServiceConsoleConfig>	Provides self service config instances based of the passed console configuration instance.
ServiceConfigValidator	This interface provides a means to validate an entire ServiceConfig's attribute values together.
ServiceConfigValidatorV2	This interface provides a means to validate an entire ServiceConfig's attribute values together.
ServiceDiscoveryChangeListener	This interface defines the methods that a Service Discovery consumer should implement if it wishes to be notified of changes in the service.
ServiceDiscoveryMechanism	Maintains a set of Partitions keeping it up to date according to a specific discovery mechanism.
ServiceErrorException	A sub-exception of SMSException for the ServiceConfigValidator.
ServiceInstance	The class ServiceInstance provides methods to manage service's instance variables.
ServiceInstanceUpdateHeader	The ServiceInstanceUpdateHeader class represents ServiceInstanceUpdate element defined in SOAP binding schema.
ServiceInstanceUpdateHeader.Credential	The ServiceInstanceUpdateHeader.Credential class represents Credential element in ServiceInstanceUpdate element defined in SOAP binding schema.
ServiceListener	The interface ServiceListener needs to be implemented by applications in order to receive service data change notifications.
ServiceManager	The ServiceManager class provides methods to register/remove services and to list currently registered services.
ServiceNotFoundException	The ServiceNotFoundException is thrown if the service does not exist.
Services	Class that represents API descriptor's Service Resource definitions.
Services.Builder	Builder to help construct the Services.
ServiceSchema	The class ServiceSchema provides interfaces to manage the schema information of a service.
ServiceSchemaManager	The class ServiceSchemaManager provides interfaces to manage the service's schema.
ServiceUnavailableException	An exception that is thrown during an operation on a resource when the server is temporarily unable to handle the request.
ServiceUtils	General utility class.
ServletJwtSessionModule	A JASPI Servlet API Session Module which creates a JWT when securing the response from a successful authentication and sets it as a Cookie on the response.
Session	An interface for managing attributes across multiple requests from the same user agent.
SessionContext	A SessionContext is a mechanism for maintaining state between components when processing a successive requests from the same logical client or end-user.
SessionException	This class is to handle Session related exceptions.
SessionIndex	This class represents the SessionIndex element in SAML protocol schema.
SessionInfo	SessionInfo object represents information about an Oauth session.
SessionListener	Interface used for session invalidation notification.
SessionManager	Deprecated.
SessionPropertyUpgrader	This class is used in case of session upgrade for copying session properties from the old session into the new one.
SessionProvider	Interface used for creating sessions, and for accessing session information.
SessionTimeoutHandler	Implementation of this class gets executed every time when an SSO Session times out (either idle or max timeout).
SetCookie2Header	Deprecated, for removal: This API element is subject to removal in a future version. This header is no longer supported by browsers.
SetCookieHeader	Processes the Set-Cookie request message header.
SetCookieSupport	Support class for generating Set-Cookie header values.
SetDecorator<E>	Contains another set, which is uses as its basic source of data, possibly transforming the data along the way.
SharedSecretOpenIdResolverImpl	This class exists to allow functionality for those Open ID Connect providers which supply their signatures through symmetric key algorithms (e.g.
SharedSecretProvider	Provided as an extension point to allow customised transformation of the OATH shared secret attribute.
SharedStateConstants	This class represents all the constants that can be used as keys for storing values in the tree's shared state.
ShutdownListener	Any component which needs to be shut down should implement this interface and use the function to shut down the component.
ShutdownManager	Interface used by shutdown managers to allow for thread safe adding and removing of shutdown listeners.
ShutdownPriority	This class defines the shutdown priorities that are consumed by com.sun.identity.common.ShutdownManager.
SignatureUtil	Utility class for signing and verifying signatures.
SignedEncryptedJwsHeaderBuilder	Deprecated. Use EncryptedThenSignedJwtHeaderBuilder instead.
SignedEncryptedJwt	Deprecated. Use EncryptedThenSignedJwt instead.
SignedEncryptedJwtBuilder	Deprecated. Use EncryptedThenSignedJwtBuilder instead.
SignedJwt	A JWS implementation of the Jwt interface.
SignedJwtBuilder	A base interface for both SignedJwtBuilder and SignedEncryptedJwtBuilder to create Signed JWTs and Signed and Encrypted JWTs.
SignedJwtBuilderImpl	An implementation of a JwtBuilder that can build a JWT and sign it, resulting in a SignedJwt object.
SignedThenEncryptedJwt	A nested signed-then-encrypted JWT.
SignedThenEncryptedJwtBuilder	Builder for nested signed-then-encrypted JWT.
SigningHandler	The interface for SigningHandlers for all the different signing algorithms.
SigningKey	A key that is used for signing digital signatures.
SigningManager	A service to get the appropriate SigningHandler for a specific Java Cryptographic signing algorithm.
SimpleHttpClientRequest	A basic implementation of HttpClientRequest that a script can send over a HttpClient.
SimpleHttpClientResponse	A basic implementation of HttpClientResponse that a script can receive from sending a HttpClientRequest over a HttpClient.
SimplePagedResultsControl	The simple paged results request and response control as defined in RFC 2696.
SimpleSecretStoreProvider	Provides instances of the commons secrets SecretStore without needing references to other secrets.
SingleAliasPurposeMappingValidator	Validates purpose mappings for the GoogleKeyManagementServiceSecretStore and GoogleSecretManagerSecretStoreProvider.
SingleOutcomeNode	Abstract node for nodes that always result in the same single outcome.
SingleOutcomeNode.OutcomeProvider	Provides a static single outcome for nodes with a single outcome.
SingletonProvider	A marker annotation to indicate that the annotated class should be interpreted as an annotated CREST singleton provider resource.
SingletonResourceProvider	An implementation interface for resource providers which exposes a single permanent resource instance.
SMSException	The exception class whose instance is thrown if there is any error during the operation of objects of the com.sun.identity.sms package.
SMSGateway	Defines the ability to send SMS (Short Message Service) and e-mail via a gateway implementation.
SMSThreadPool	The class SMSThreadPool provides interfaces to manage notification thread pools shared by idm and sm.
SnapshotTokenCallback	Callback is invoked when a new snapshot token is created just before requirements are returned to the client.
SnapshotTokenConfig	Represents the configuration for an TokenHandler.
SnapshotTokenHandlerFactory	Factory for delivering snapshot token handlers.
SOAPBindingConstants	This class contains all the constants used by the Soapbinding classes.
SOAPBindingException	The SOAPBindingException class represents a error while processing SOAP request and response.
SOAPClientException	An SOAPClientException is thrown when there are errors related to JAXRPC and SOAP methods.
SOAPClientException	An SOAPClientException is thrown when there are errors related to JAXRPC and SOAP methods.
SOAPFault	The SOAPFault class represents a SOAP Fault element.
SOAPFaultDetail	The SOAPFaultDetail class represents the 'Detail' child element of SOAP Fault element.
SOAPFaultException	The SOAPFaultException class represents a SOAP Fault while processing SOAP request.
SortKey	A sort key which can be used to specify the order in which JSON resources should be included in the results of a query request.
SortKey	A search result sort key as defined in RFC 2891 is used to specify how search result entries should be ordered.
SortKeyComparator	This comparator iterates through the provided sortKeys and finds the first comparative difference between the left and right side JsonValues.
SortKeyComparator.NullPosition	Defines possible positions for JsonValue that wraps a null object.
SPAccountMapper	The interface SPAccountMapper is used to identify the local identities that maps the SAML protocol objects such as Assertion, ManageNameIDRequest etc.
SPAccountMapper	The class PartnerAccountMapper is an interface that is implemented to map partner account to user account in OpenAM.
SPACSUtils	This class is used by a service provider (SP) to process the response from an identity provider for the SP's Assertion Consumer Service.
SPAdapter	The SPAdapterPlugin provides contracts to perform user specific logics during SAMLv2 protocol processing on the Service Provider side.
SpAdapterScriptHelper	Provides helper functions for SP Adapter Script Implementations.
SPAttributeMapper	This interface SPAttributeMapper is used to map the SAML Attributes to the local user attributes.
SPAttributeMapper	This interface SPAttributeMapper is used to map the SAML Attributes to the local user attributes.
SPAuthnContextMapper	The interface SPAuthnContextMapper.java determines the Authentication Context to be set in the Authentication Request and the Auth Level of an Authentication Context.
SpecialUserService	Collection of methods for identifying whether a given String corresponds to the UniversalId or Dn of the super or special users.
SslConnectionManager	This interface exposes the key components necessary to establish secure HTTPS connections.
SslOptions	Encapsulates options for configuring SSL based security as well as providing methods for building SSLEngines.
SslOptions.ClientAuthPolicy	Represents the client authentication policy option.
SslRxSocket	A reactive socket implementation which adds SSL to an underlying reactive socket.
SSOException	This SSOException is thrown when there are single sign on token operation error.
SSOProviderImpl	This final class SSOProviderImpl implements SSOProvider interface and provides implementation of the methods to create , destroy , check the validity of a single sign on token.
SSOToken	The SSOToken class represents a "single sign on"(SSO) token.
SSOTokenEvent	The SSOTokenEvent is an interface that represents an SSO token event.The single sign on token event represents a change in SSOToken.
SSOTokenID	The SSOTokenID is an interface that is used to identify a single sign on token object.
SSOTokenListener	The SSOTokenListener interface needs to be implemented by the applications to receive SSO token events.
SSOTokenListenersUnsupportedException	This SSOTokenCannotBeObservedException is thrown when calling SSOToken.addSSOTokenListener(SSOTokenListener) on an SSOToken type that does not generate lifecycle events.
SSOTokenManager	SSOTokenManager is the final class that is the mediator between the SSO APIs and SSO providers.
Stability	Represents API stability.
StageConfig	Represents the configuration for a given progress stage.
StageConfigException	Represents some framework error around the use of progress stages and configs.
StageResponse	Stage response represents a response from having invoked a progress stage.
StageResponse.Builder	Builder assists with the creation of StageResponse instances.
StageResponse.RequirementsBuilder	Requirements builder allows for the definition of a snapshot token callback, which gets invoked with just prior to requirements being sent to the client.
StageUtils	Utility class.
StartTlsExtendedRequest	The start TLS extended request as defined in RFC 4511.
StartTlsExtendedResult	The start tls extended result as defined in RFC 4511.
Statement	The Statement element is an extension point that allows other assertion-based applications to reuse the SAML assertion framework.
Statement	The Statement element is an extension point that allows other assertion-based applications to reuse the SAML assertion framework.
StaticOutcomeProvider	Describes the outcomes for node instances that have static outcomes.
StaticServiceDiscoveryMechanism	This mechanism only returns the list of servers in its configuration, without checking for availability.
Stats	Allows a uniform interface to statistics information in a uniform format.
Status	This class represents the StatusType complex type in SAML protocol schema.
Status	The Status element is a container of one or more Statuss issuded by authorization authority.
Status	The status-code element is a three-digit integer code giving the result of the attempt to understand and satisfy the request.
Status.Family	The first digit of the status-code defines the class of response.
StatusCode	This class represents the StatusCodeType complex type in SAML protocol schema.
StatusCode	The StatusCode element is a container of one or more StatusCodes issuded by authorization authority.
StatusCodeImpl	The StatusCode element is a container of one or more StatusCodes issuded by authorization authority.
StatusDetail	This class represents the StatusDetailType complex type in SAML protocol schema.
StatusDetail	The StatusCode element is a container of one or more Statuss issuded by authorization authority.
StatusDetailImpl	The StatusCode element is a container of one or more Statuss issuded by authorization authority.
StatusImpl	The Status element is a container of one or more Statuss issuded by authorization authority.
StatusMessage	This class represents the StatusMessage element in SAML protocol schema.
StatusMessage	The StatusMessage element is a container of one or more StatusMessages issuded by authorization authority.
StatusMessageImpl	The StatusMessage element is a container of one or more StatusMessages issuded by authorization authority.
StatusResponse	This class represents the StatusResponseType complex type in SAML protocol schema.
StorageType	Indicates whether the service should operate in stateless or stateful mode.
Streams	Utility methods for operating on IO streams.
StringOrURI	This class provides an utility method for validating that a String is either an arbitrary string without any ":" characters or if the String does contain a ":" character then the String is a valid URI.
Strings	Common utility methods for Strings.
SubConfig	Indicates that a method contains rich sub-configuration(s) of the parent configuration (or sub-configuration).
SubentriesRequestControl	The sub-entries request control as defined in RFC 3672.
Subject	Deprecated.
Subject	The Subject element specifies one or more subjects.
Subject	The Subject specifies the principal that is the subject of all of the statements in the assertion.
Subject	The Subject element specifies information about a subject of the Request context by listing a sequence of Attribute elements associated with the subject.
SubjectConfirmation	The SubjectConfirmation element specifies a subject by specifying data that authenticates the subject.
SubjectConfirmation	The SubjectConfirmation provides the means for a relying party to verify the correspondence of the subject of the assertion with the party with whom the relying party is communicating.
SubjectConfirmationData	The SubjectConfirmationData specifies additional data that allows the subject to be confirmed or constrains the circumstances under which the act of subject confirmation can take place.
SubjectDecision	Class to represent EntitlementSubject evaluation match result and - if applicable - its advices.
SubjectImpl	The Subject element specifies information about a subject of the Request context by listing a sequence of Attribute elements associated with the subject.
SubjectLocality	The SubjectLocality element specifies the DNS domain name and IP address for the system entity that performed the authentication.
SubjectLocality	The SubjectLocality element specifies the DNS domain name and IP address for the system entity that performed the authentication.
SubjectProvider	Defines the concerns of providing the Subject to be included in the generated SAML2 assertion.
SubjectQueryAbstract	This class represents the SubjectQueryAbstractType complex type.
SubjectStatement	The SubjectStatement element is an extension point that allows other assertion-based applications to reuse the SAML assertion framework.
SubjectTypeManager	Deprecated. As of OpenSSO Express 8.0, use EntitlementSubject instead as Entitlement has replaced Policy.
SubResources	Sub-resources of a resource are declared here.
SubResources.Builder	Builder to help construct the SubResources.
SubscriptionHelper	Utility methods to validate Subscriptions in the various onSubscribe calls.
SubstitutionContext	A SubstitutionContext holds both runtime and config time values for the substitution process.
SubstitutionException	Exception thrown during substitution process.
SubstitutionService	Substitute tokens in the source String with their resolved value.
SubstitutionVisitor	This visitor evaluates Templates with the help of a PropertyResolver.
SubstitutionVisitor.Builder	Builder of SubstitutionVisitor.
SubtreeDeleteRequestControl	The tree delete request control as defined in draft-armijo-ldap-treedelete.
Supplier<T,E extends Exception>	A Supplier functional interface which can throw a checked Exception.
Supported	This annotation marks AM APIs that are considered stable and should not change in minor releases (except possibly when a security fix requires such change).
SupportedAll	This annotation marks AM APIs that are considered stable and should not change in minor releases (except possibly when a security fix requires such change).
SupportedEllipticCurve	Enumerates all supported elliptic curve parameters for ESXXX signature formats.
SuspendedTextOutputCallback	Suspended text output callback extends TextOutputCallback to allow a custom message to be displayed to the user whilst informing the client that the current auth flow has been suspended.
SuspensionHandler	This handler interface allows authentication nodes to suspend authentication and send a unique ID out of band to the end-user.
SwitchableRxSocket<M>	A reactive socket implementation which delegates to a replaceable delegate reactive socket.
SynchronousRequestHandler	An interface for implementing synchronous RequestHandlers.
Syntax	Deprecated. As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
Syntax	This class defines a data structure for storing and interacting with an LDAP syntaxes, which constrain the structure of attribute values stored in an LDAP directory, and determine the representation of attribute and assertion values transferred in the LDAP protocol.
Syntax.Builder	A fluent API for incrementally constructing syntaxes.
SyntaxImpl	This interface defines the set of methods and structures that must be implemented to define a new attribute syntax.
SystemProperties	This class provides functionality that allows single-point-of-access to all related system properties.
SystemPropertyResolver	A SystemPropertyResolver resolves a config token using system properties.
Template	Represents a templated string.
TemplateParser	A template parser receives a string input source, tokenize it (honoring escaping settings) and build a Template that can be processed later on.
TemplateVisitor<T,C>	A TemplateVisitor represents an operation applied to a Template.
TextArea	An annotation which tags a configuration method as representing a large body of text which requires a larger input.
ThingsAccessAuditFilter	Audit filter for capturing details about the things endpoint responses.
ThingsResource	ThingsResource handles REST calls made to the things endpoint.
ThreadPool	This thread pool maintains a number of threads that run the tasks from a task queue one by one.
ThreadPoolSecretStore<T extends Secret>	A secret store that wraps another secret store and performs all query operations in a background thread using a thread pool.
Threads	Common utility methods for Threads.
TimeoutResultException	Thrown when the result code returned in a Result indicates that the Request was aborted because it did not complete in the required time out period.
TimeoutScheduler	Invokes TimeoutScheduler.TimeoutEventListener at a regular interval.
TimeoutScheduler.TimeoutEventListener	Listener on timeout events.
Title	Annotation to define JSON Schema property's title.
Token	A simple domain value responsible for modelling a Core Token Service Token.
Token	Models a OAuth2 token.
TokenAdapter<T>	Describes the ability to convert from one type of object into a Token and the reverse operation of converting from a Token into the object of type T.
TokenBlobStrategy	Responsible for selecting the appropriate algorithm for dealing with Token binary objects prior to them being stored in the data store.
TokenBlobUtils	Responsible for handling the encoding and decoding of the binary object format the CTS Token.
TokenCreationException	An instance of this exception is thrown for errors encountered during token creation.
TokenDeletionStrategy	Is responsible for deleting expired tokens and performing any post-processing.
TokenFactory	Creates a Token object that can then be stored into the CTS.
TokenFilter	Describes a collection of filters which can be applied to the CTS query function as part of a complex query.
TokenFilterBuilder	Allows the assembly of TokenFilter instances for use with the CTSPersistentStore and other uses of the generic data layer.
TokenHandler	Responsible for the validation, generation and parsing of tokens used for keying a JsonValue representative of some state.
TokenHandlerException	An exception generated by a TokenHandler on either creation, validation, or state extraction.
TokenIdGenerator	In interface for objects that can generate an identifier for a token if the existing one is null.
TokenIntrospectionAccessTokenResolver	An AccessTokenResolver which is RFC 7662 compliant.
TokenModifications	Describes the possible modifications that can be applied as part of the CTSPersistentStore patch operation.
TokenModifications.TokenModificationType	Contains equivalent values for the ModificationType values.
TokenStorageAdapter	Adapts the token to some activity against the connection type.
TokenStrategyFailedException	Responsible for capturing the reason why a Token Blob Strategy failed.
TokenType	Responsible for defining the available token types in the Core Token Service.
TokenTypeId	Provides an extensible means of identifying a to-be-validated or to-be-provided token type.
TokenValidationException	An instance of this exception is thrown for all errors related to token validation.
TrailerHeader	A Header representation of the Trailer HTTP response header.
TransactionId	TransactionId value should be unique per request coming from an external agent so that all events occurring in response to the same external stimulus can be tied together.
TransactionIdContext	This context aims to hold the TransactionId.
TransactionIdHeader	Processes the transactionId header used mainly for audit purpose.
TransactionIdInboundFilter	This filter is responsible to create the TransactionIdContext in the context's chain.
TransactionIdOutboundFilter	This filter aims to create a sub-transaction's id and inserts that value as a header of the request.
TransformedRxSocket<U,D>	A reactive socket which wraps an underlying downstream reactive socket, providing opportunities to transform transferred data or provide additional functionality.
TransformerException	Signals that an error occurred while transforming an API Description to another format.
TranslateJsonSchema	Iterates over each JsonValue node in the JsonValue structure and if it's a String marked for translation, It replaces the String with a LocalizableString.
TreeContext	A representation of the context of the current tree authentication process.
TreeHook	A TreeHook encapsulates some functionality that should be executed at the end of a tree, after authentication.
TreeHook.Metadata	Annotation that describes the metadata of the node.
TreeMapEntry	An implementation of the Entry interface which uses a TreeMap for storing attributes.
TreeMetaData	Meta data API to expose data concerning the evaluating tree, to nodes who care for that data.
TrustedJwtIssuerConfig	A trusted JWT issuer for use in validating a JWT bearer grant.
TrustManagers	This class contains methods for creating common types of trust manager.
UnavailableSecretReferenceException	An exception that occured when a secret reference is not available.
UnbindRequest	The Unbind operation allows a client to terminate an LDAP session.
UncategorizedException	An exception that indicates that a failure is not directly known to the system, and hence requires out-of-band knowledge or enhancements to determine if a failure should be categorized as temporary or permanent.
UniqueItems	Annotation to mark a JSON Schema array-items as unique.
UniversalId	Represents a reference to an identity that is managed by AM.
UnknownRequest	Wraps a message that the LdapServer was unable to decode because it did not recognize it.
UnknownRxTransportException	Exception thrown when a transport implementation can't be found.
UnknownSchemaElementException	Thrown when a schema query fails because the requested schema element could not be found or is ambiguous.
UnmodifiableCollection	An marker interface for tagging collection implementations as read-only.
UnrecognizedCriticalHeaderException	Indicates that the JWT had critical headers that were not recognized by the JWT library and not implemented by the application.
UnsupportedMediaTypeException	Indicates a 415 Unsupported Media Type response that the Content-Type of the request was not acceptable.
Update	Indicates an CREST update method on an annotated POJO.
Update	Class that represents the Create Operation type in API descriptor.
Update.Builder	Builder to help construct Update.
UpdateRequest	A request to update a JSON resource by replacing its existing content with new content.
UpgradeException	This class is an extension point for all Upgrade related exceptions.
UpgradeUtils	This class contains utilities to upgrade the service schema configuration to be compatible with OpenAM.
UriRouterContext	A Context which is created when a request has been routed.
UriRouterContext.Builder	Ease UriRouterContext construction.
Uris	Utility class for performing operations on universal resource identifiers.
URLValidator
UsageDirectiveHeader	The UsageDirectiveHeader class represents 'UsageDirective' element defined in SOAP binding schema.
UserCodeGenerator	Generator for OAuth2 User Codes.
UserDetailsConfig	Configuration for the user details stage.
UserDetailsStage	Stage is responsible for request a new user json representation.
UserIDGenerator	An application implements a UserIDGenerator interface and registers itself to the Core Authentication service so that authentication modules can retrieve a list of auto-generated user IDs.
UserInfo	Each instance will return the user subject that identifies a user on an auth server as well as the entire raw profile that was retrieved when making a request to the user info endpoint.
UserInfoClaims	Simple bean that contains the values of claims, and the scopes that provisioned them (if any).
UserInfoClaimsPlugin	A plugin or (extension point) that fetches the resource owners information based on an issued access token.
UsernameExtractor	Deprecated.
UserNamePasswordValidationException	This class is for handling Exception that is thrown when the user name password validation plugin is failed or any invalid characters detected in user name.
UserPassword	An encoded user password that contains a storage scheme and an encoded vaulue.
UserQueryConfig	Configuration for the user query stage.
UserQueryStage	Stage is responsible for querying the underlying service for a user based on the supplied query fields.
UserRegistrationConfig	Configuration for the user registration stage.
UserRegistrationConsoleConfig	Represents user registration console configuration.
UserRegistrationConsoleConfig.UserRegistrationBuilder	Builder for UserRegistrationConsoleConfig.
UserRegistrationStage	Stage is responsible for registering the user supplied data using the underlying service.
UserUpdateService	A RequestHandler that proxies user requests to update the user's KBA answers.
Utils	This class contains utility methods.
Utils	This class provides utility methods to share common behaviour.
Utils	This class provides utility functions.
Utils	Deprecated. Use Strings, Closeables, Objects or Threads instead.
ValidateActiveAccountConfig	Configuration for the validate active account stage.
ValidateActiveAccountStage	Stage is responsible for validating account status.
ValidationUtil	API Descriptor model-validation utilities.
ValidValues	Deprecated. As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
VaultCipher	Cipher implementation for the Hashicorp Vault transit backend.
VaultConfig	Encapsulates the common configuration required for Hashicorp Vault secret backends.
VaultConfig.Builder	Builder object for Vault configuration settings.
VaultDatabaseCredentialsSecretStore	A secret store that can fetch fresh database credentials from the Vault Database secret engine.
VaultKeyValueSecretStore	A secret store that fetches secrets from a Hashicorp Vault server, using version 2 of the key-value backend.
VaultKeyValueSecretStore.SecretField	Standard implementations of VaultKeyValueSecretStore.SecretFieldDecoder for common fields.
VaultKeyValueSecretStore.SecretFieldDecoder	Determines how a field in the Vault JSON response should be decoded into one or more fields on a SecretBuilder object.
VaultMac	Provides HMAC support using the Hashicorp Vault transit backend.
VaultMac.HmacSha224	HMAC-SHA-224.
VaultMac.HmacSha256	HMAC-SHA-256.
VaultMac.HmacSha384	HMAC-SHA-384.
VaultMac.HmacSha512	HMAC-SHA-512.
VaultPkiSecretStore	A secret store that is able to retrieve PKI certificates and private keys from the Hashicorp Vault PKI backend.
VaultSignature	Provides signature support using the Hashicorp Vault transit backend.
VaultSignature.EcdsaP256Sha256Signature	ECDSA with SHA-256.
VaultSignature.EcdsaP384Sha384Signature	ECDSA with SHA-384.
VaultSignature.EcdsaP521Sha512Signature	ECDSA with SHA-512.
VaultSignature.Ed25519Signature	Ed25519.
VaultSignature.GenericRsaPssSignature	Generic RSA with PSS padding.
VaultSignature.RsaPkcs1Sha256Signature	RSA with SHA-256 and PKCS#1 v1.5 padding.
VaultSignature.RsaPkcs1Sha384Signature	RSA with SHA-384 and PKCS#1 v1.5 padding.
VaultSignature.RsaPkcs1Sha512Signature	RSA with SHA-512 and PKCS#1 v1.5 padding.
VaultSignature.RsaPssSha256Signature	RSA with SHA-256 and PSS padding.
VaultSignature.RsaPssSha384Signature	RSA with SHA-384 and PSS padding.
VaultSignature.RsaPssSha512Signature	RSA with SHA-512 and PSS padding.
VaultTransitProvider	Cryptographic provider that delegates cryptographic operations to the Hashicorp Vault transit backend.
VaultTransitSecretStore	Implements a store for cryptographic keys based on Vault's transit engine, which implements cryptography as a service.
VerificationKey	A key used for verifying digital signatures.
VerifyEmailAccountConfig	Configuration for the email account verification stage.
VerifyEmailAccountStage	Having retrieved the email address from the context or in response to the initial requirements, verifies the validity of the email address with the user who submitted the requirements via an email flow.
Version	Represents some version in the form majorNumber.minorNumber, for instance 2.4.
VersionedPath	Class that represents versioned Resources on an API descriptor path.
VersionedPath.Builder	Builder to help construct the VersionedPath.
VirtualListViewRequestControl	The virtual list view request control as defined in draft-ietf-ldapext-ldapv3-vlv.
VirtualListViewResponseControl	The virtual list view response control as defined in draft-ietf-ldapext-ldapv3-vlv.
VisibleForTesting	This annotation doesn't actually do anything, other than provide documentation of the fact that a function has either been marked public, or package private in order for a test (somewhere physically distant in the system) to compile.
Warning	WarningHeader entry.
WarningHeader	Processes the Warning message header.
WebtopParser	XMLParser provides a way for applications to handle a hook into applications and applications and its server.
WellKnownOpenIdConfigurationFactory	This class creates JWKOpenIdResolverImpl's from a supplied well-known open id configuration url.
WhoAmIExtendedRequest	The who am I extended request as defined in RFC 4532.
WhoAmIExtendedResult	The who am I extended result as defined in RFC 4532.
WithExampleSchema<T>	Extension for CREST and OpenAPI schemas to express an example value.
WritePolicy	Enum that represents the Schema write policies.
WSFederationException	This class is an extension point for all WS-Federation related exceptions.
WwwAuthenticateHeader	A Header representation of the WWW-Authenticate HTTP header.
WwwAuthenticateHeader.Challenge	A single WWW-Authenticate challenge.
X509CertificateBuilder	A class for building X509 certificates as described in RFC 5280.
X509CertificateBuilder.ExtendedKeyUsage	An enumeration of extended key usages.
X509CertificateBuilder.KeyUsage	An enumeration of key usages.
XACMLAuthzDecisionQuery	The XACMLAuthzDecisionQuery element is a SAML Query that extends SAML Protocol schema type RequestAbstractType.
XACMLAuthzDecisionQueryImpl	The XACMLAuthzDecisionQueryImpl is an impelmentation of XACMLAuthzDecisionQuery interface.
XACMLAuthzDecisionStatement	XACMLAuthzDecisionStatement is an extension of samlp:StatementAbstractType that is carried in a SAML Assertion to convey xacml-context:Response Schema:
XACMLConstants	This interface defines constants common to all XACML elements.
XACMLException	This class is an extension point for all XACML related exceptions.
XACMLQueryUtil	This class provides methods to send or process AttributeQuery.
XACMLRequestProcessor	This class provides the public API to process XACML context Request.
XACMLSDKUtils	The XACMLSDKUtils contains utility methods for XACML 2.0 implementation.
XECUtils	Utilities for handling XEC keys for X25519 and X448 ECDH key agreement.
XForwardedForHeader	Processes the X-Forwarded-For message header.
XMLHandler	This is a custom XML handler to load the dtds from the classpath This should be used by all the xml parsing document builders to set the default entity resolvers.
XmlSerializable	Common super-interface for all SAML elements that can be serialized into XML.
XMLUtils	Utility classes for handling XML.