am.services.authenticatorwebauthn.encryption to a secret in a secret store.",
"propertyOrder" : 600,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"authenticatorWebAuthnDeviceSettingsEncryptionKeystorePassword" : {
"title" : "Key Store Password",
"description" : "Password to unlock the key store. AM encrypts this password when you save it in the configuration. You should modify the default value.am.services.authenticatorwebauthn.encryption to a secret in a secret store.",
"propertyOrder" : 500,
"required" : true,
"type" : "string",
"format" : "password",
"exampleValue" : ""
},
"authenticatorWebAuthnDeviceSettingsEncryptionKeystorePrivateKeyPassword" : {
"title" : "Private Key Password",
"description" : "Password to unlock the private key.am.services.authenticatorwebauthn.encryption to a secret in a secret store.",
"propertyOrder" : 700,
"required" : true,
"type" : "string",
"format" : "password",
"exampleValue" : ""
},
"authenticatorWebAuthnDeviceSettingsEncryptionKeystoreType" : {
"title" : "Key Store Type",
"description" : "Type of key store to load.See the JDK 8 PKCS#11 Reference Guide for more details.
Note: AM ignores this value if you map am.services.authenticatorwebauthn.encryption to a secret in a secret store.",
"propertyOrder" : 400,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"webauthnAttrName" : {
"title" : "Profile Storage Attribute",
"description" : "The user's attribute in which to store WebAuthn profiles.
The default attribute is added to the schema when you prepare a user store for use with AM. If you want to use a different attribute, you must make sure to add it to your user store schema prior to deploying webauthn with AM. AM must be able to write to the attribute.",
"propertyOrder" : 100,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"authenticatorWebAuthnDeviceSettingsEncryptionScheme" : {
"title" : "Device Profile Encryption Scheme",
"description" : "Encryption scheme to use to secure device profiles stored on the server.
If enabled, each device profile is encrypted using a unique random secret key using the given strength of AES encryption in CBC mode with PKCS#5 padding. An HMAC-SHA of the given strength (truncated to half-size) is used to ensure integrity protection and authenticated encryption. The unique random key is encrypted with the given RSA key pair and stored with the device profile.
Note: AES-256 may require installation of the JCE Unlimited Strength policy files.",
"propertyOrder" : 200,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"authenticatorWebAuthnDeviceSettingsEncryptionKeystore" : {
"title" : "Encryption Key Store",
"description" : "Path to the key store from which to load encryption keys.
Note: AM ignores this value if you map am.services.authenticatorwebauthn.encryption to a secret in a secret store.",
"propertyOrder" : 300,
"required" : true,
"type" : "string",
"exampleValue" : ""
}
}
}
```
### delete
**Usage**
```
am> delete AuthenticatorWebAuthn --realm Realm
```
### getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
**Usage**
```
am> action AuthenticatorWebAuthn --realm Realm --actionName getAllTypes
```
### getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
**Usage**
```
am> action AuthenticatorWebAuthn --realm Realm --actionName getCreatableTypes
```
### nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
**Usage**
```
am> action AuthenticatorWebAuthn --realm Realm --actionName nextdescendents
```
### read
**Usage**
```
am> read AuthenticatorWebAuthn --realm Realm
```
### update
**Usage**
```
am> update AuthenticatorWebAuthn --realm Realm --body body
```
**Parameters**
* *\--body*
The resource in JSON format, described by the following JSON schema:
```json
{
"type" : "object",
"properties" : {
"authenticatorWebAuthnDeviceSettingsEncryptionKeystoreKeyPairAlias" : {
"title" : "Key-Pair Alias",
"description" : "Alias of the certificate and private key in the key store. The private key is used to encrypt and decrypt device profiles.
Note: AM ignores this value if you map am.services.authenticatorwebauthn.encryption to a secret in a secret store.",
"propertyOrder" : 600,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"authenticatorWebAuthnDeviceSettingsEncryptionKeystorePassword" : {
"title" : "Key Store Password",
"description" : "Password to unlock the key store. AM encrypts this password when you save it in the configuration. You should modify the default value.
Note: AM ignores this value if you map am.services.authenticatorwebauthn.encryption to a secret in a secret store.",
"propertyOrder" : 500,
"required" : true,
"type" : "string",
"format" : "password",
"exampleValue" : ""
},
"authenticatorWebAuthnDeviceSettingsEncryptionKeystorePrivateKeyPassword" : {
"title" : "Private Key Password",
"description" : "Password to unlock the private key.
Note: AM ignores this value if you map am.services.authenticatorwebauthn.encryption to a secret in a secret store.",
"propertyOrder" : 700,
"required" : true,
"type" : "string",
"format" : "password",
"exampleValue" : ""
},
"authenticatorWebAuthnDeviceSettingsEncryptionKeystoreType" : {
"title" : "Key Store Type",
"description" : "Type of key store to load.
Note: PKCS#11 key stores require hardware support such as a security device or smart card and is not available by default in most JVM installations.
See the JDK 8 PKCS#11 Reference Guide for more details.
Note: AM ignores this value if you map am.services.authenticatorwebauthn.encryption to a secret in a secret store.",
"propertyOrder" : 400,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"webauthnAttrName" : {
"title" : "Profile Storage Attribute",
"description" : "The user's attribute in which to store WebAuthn profiles.
The default attribute is added to the schema when you prepare a user store for use with AM. If you want to use a different attribute, you must make sure to add it to your user store schema prior to deploying webauthn with AM. AM must be able to write to the attribute.",
"propertyOrder" : 100,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"authenticatorWebAuthnDeviceSettingsEncryptionScheme" : {
"title" : "Device Profile Encryption Scheme",
"description" : "Encryption scheme to use to secure device profiles stored on the server.
If enabled, each device profile is encrypted using a unique random secret key using the given strength of AES encryption in CBC mode with PKCS#5 padding. An HMAC-SHA of the given strength (truncated to half-size) is used to ensure integrity protection and authenticated encryption. The unique random key is encrypted with the given RSA key pair and stored with the device profile.
Note: AES-256 may require installation of the JCE Unlimited Strength policy files.",
"propertyOrder" : 200,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"authenticatorWebAuthnDeviceSettingsEncryptionKeystore" : {
"title" : "Encryption Key Store",
"description" : "Path to the key store from which to load encryption keys.
Note: AM ignores this value if you map am.services.authenticatorwebauthn.encryption to a secret in a secret store.",
"propertyOrder" : 300,
"required" : true,
"type" : "string",
"exampleValue" : ""
}
}
}
```
## Global Operations
Resource path:
```
/global-config/services/authenticatorWebAuthnService
```
Resource version: `1.0`
### getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
**Usage**
```
am> action AuthenticatorWebAuthn --global --actionName getAllTypes
```
### getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
**Usage**
```
am> action AuthenticatorWebAuthn --global --actionName getCreatableTypes
```
### nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
**Usage**
```
am> action AuthenticatorWebAuthn --global --actionName nextdescendents
```
### read
**Usage**
```
am> read AuthenticatorWebAuthn --global
```
### update
**Usage**
```
am> update AuthenticatorWebAuthn --global --body body
```
**Parameters**
* *\--body*
The resource in JSON format, described by the following JSON schema:
```json
{
"type" : "object",
"properties" : {
"defaults" : {
"properties" : {
"authenticatorWebAuthnDeviceSettingsEncryptionScheme" : {
"title" : "Device Profile Encryption Scheme",
"description" : "Encryption scheme to use to secure device profiles stored on the server.
If enabled, each device profile is encrypted using a unique random secret key using the given strength of AES encryption in CBC mode with PKCS#5 padding. An HMAC-SHA of the given strength (truncated to half-size) is used to ensure integrity protection and authenticated encryption. The unique random key is encrypted with the given RSA key pair and stored with the device profile.
Note: AES-256 may require installation of the JCE Unlimited Strength policy files.",
"propertyOrder" : 200,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"authenticatorWebAuthnDeviceSettingsEncryptionKeystorePassword" : {
"title" : "Key Store Password",
"description" : "Password to unlock the key store. AM encrypts this password when you save it in the configuration. You should modify the default value.
Note: AM ignores this value if you map am.services.authenticatorwebauthn.encryption to a secret in a secret store.",
"propertyOrder" : 500,
"required" : true,
"type" : "string",
"format" : "password",
"exampleValue" : ""
},
"authenticatorWebAuthnDeviceSettingsEncryptionKeystoreType" : {
"title" : "Key Store Type",
"description" : "Type of key store to load.
Note: PKCS#11 key stores require hardware support such as a security device or smart card and is not available by default in most JVM installations.
See the JDK 8 PKCS#11 Reference Guide for more details.
Note: AM ignores this value if you map am.services.authenticatorwebauthn.encryption to a secret in a secret store.",
"propertyOrder" : 400,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"authenticatorWebAuthnDeviceSettingsEncryptionKeystore" : {
"title" : "Encryption Key Store",
"description" : "Path to the key store from which to load encryption keys.
Note: AM ignores this value if you map am.services.authenticatorwebauthn.encryption to a secret in a secret store.",
"propertyOrder" : 300,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"webauthnAttrName" : {
"title" : "Profile Storage Attribute",
"description" : "The user's attribute in which to store WebAuthn profiles.
The default attribute is added to the schema when you prepare a user store for use with AM. If you want to use a different attribute, you must make sure to add it to your user store schema prior to deploying webauthn with AM. AM must be able to write to the attribute.",
"propertyOrder" : 100,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"authenticatorWebAuthnDeviceSettingsEncryptionKeystoreKeyPairAlias" : {
"title" : "Key-Pair Alias",
"description" : "Alias of the certificate and private key in the key store. The private key is used to encrypt and decrypt device profiles.
Note: AM ignores this value if you map am.services.authenticatorwebauthn.encryption to a secret in a secret store.",
"propertyOrder" : 600,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"authenticatorWebAuthnDeviceSettingsEncryptionKeystorePrivateKeyPassword" : {
"title" : "Private Key Password",
"description" : "Password to unlock the private key.
Note: AM ignores this value if you map am.services.authenticatorwebauthn.encryption to a secret in a secret store.",
"propertyOrder" : 700,
"required" : true,
"type" : "string",
"format" : "password",
"exampleValue" : ""
}
},
"type" : "object",
"title" : "Realm Defaults"
}
}
}
```