--- title: JwtProofOfPossessionModule description: Resource path: component: pingam version: 8.1 page_id: pingam:entity-reference:sec-amster-entity-jwtproofofpossessionmodule canonical_url: https://docs.pingidentity.com/pingam/8.1/entity-reference/sec-amster-entity-jwtproofofpossessionmodule.html section_ids: sec-amster-entity-jwtproofofpossessionmodule-realm-ops: Realm Operations sec-amster-entity-jwtproofofpossessionmodule-realm-ops-create: create sec-amster-entity-jwtproofofpossessionmodule-realm-ops-delete: delete sec-amster-entity-jwtproofofpossessionmodule-realm-ops-getalltypes: getAllTypes sec-amster-entity-jwtproofofpossessionmodule-realm-ops-getcreatabletypes: getCreatableTypes sec-amster-entity-jwtproofofpossessionmodule-realm-ops-nextdescendents: nextdescendents sec-amster-entity-jwtproofofpossessionmodule-realm-ops-query: query sec-amster-entity-jwtproofofpossessionmodule-realm-ops-read: read sec-amster-entity-jwtproofofpossessionmodule-realm-ops-update: update sec-amster-entity-jwtproofofpossessionmodule-global-ops: Global Operations sec-amster-entity-jwtproofofpossessionmodule-global-ops-getalltypes: getAllTypes sec-amster-entity-jwtproofofpossessionmodule-global-ops-getcreatabletypes: getCreatableTypes sec-amster-entity-jwtproofofpossessionmodule-global-ops-nextdescendents: nextdescendents sec-amster-entity-jwtproofofpossessionmodule-global-ops-read: read sec-amster-entity-jwtproofofpossessionmodule-global-ops-update: update --- # JwtProofOfPossessionModule ## Realm Operations Resource path: ``` /realm-config/authentication/modules/authJwtPoP ``` Resource version: `0.0` ### create **Usage** ``` am> create JwtProofOfPossessionModule --realm Realm --id id --body body ``` **Parameters** * *\--id* The unique identifier for the resource. * *\--body* The resource in JSON format, described by the following JSON schema: ```json { "type" : "object", "properties" : { "authenticationLevel" : { "title" : "Authentication Level", "description" : "The authentication level associated with this module.", "propertyOrder" : 10000, "required" : true, "type" : "integer", "exampleValue" : "" }, "responseEncryptionMethod" : { "title" : "Response Encryption Scheme", "description" : "Key exchange method to use for responses: ephemeral elliptic curve Diffie-Hellman (ECDHE)key agreement or using a pre-shared key (PSK) from the subject's JWK Set.", "propertyOrder" : 300, "required" : true, "type" : "string", "exampleValue" : "" }, "subjectJwkSetAttr" : { "title" : "Subject JWK Set Attribute", "description" : "Subject profile attribute that contains a JWK Set of confirmation and encryption keys.", "propertyOrder" : 100, "required" : true, "type" : "string", "exampleValue" : "" }, "enableTlsSessionBinding" : { "title" : "Use TLS Session Binding", "description" : "If enabled the response must arrive in the same TLS (HTTPS) session as the challenge was issued.", "propertyOrder" : 400, "required" : true, "type" : "boolean", "exampleValue" : "" }, "responseEncryptionCipher" : { "title" : "Response Encryption Cipher", "description" : "The authenticated encryption (AEAD) scheme to use for the response.", "propertyOrder" : 350, "required" : true, "type" : "string", "exampleValue" : "" }, "challengeSigningKey" : { "title" : "Challenge Signing Key", "description" : "Name of the key (in the AM keystore) to use to sign challenges.", "propertyOrder" : 200, "required" : true, "type" : "string", "exampleValue" : "" } } } ``` ### delete **Usage** ``` am> delete JwtProofOfPossessionModule --realm Realm --id id ``` **Parameters** * *\--id* The unique identifier for the resource. ### getAllTypes Obtain the collection of all secondary configuration types related to the resource. **Usage** ``` am> action JwtProofOfPossessionModule --realm Realm --actionName getAllTypes ``` ### getCreatableTypes Obtain the collection of secondary configuration types that have yet to be added to the resource. **Usage** ``` am> action JwtProofOfPossessionModule --realm Realm --actionName getCreatableTypes ``` ### nextdescendents Obtain the collection of secondary configuration instances that have been added to the resource. **Usage** ``` am> action JwtProofOfPossessionModule --realm Realm --actionName nextdescendents ``` ### query Get the full list of instances of this collection. This query only supports `_queryFilter=true` filter. **Usage** ``` am> query JwtProofOfPossessionModule --realm Realm --filter filter ``` **Parameters** * *\--filter* A CREST formatted query filter, where "true" will query all. ### read **Usage** ``` am> read JwtProofOfPossessionModule --realm Realm --id id ``` **Parameters** * *\--id* The unique identifier for the resource. ### update **Usage** ``` am> update JwtProofOfPossessionModule --realm Realm --id id --body body ``` **Parameters** * *\--id* The unique identifier for the resource. * *\--body* The resource in JSON format, described by the following JSON schema: ```json { "type" : "object", "properties" : { "authenticationLevel" : { "title" : "Authentication Level", "description" : "The authentication level associated with this module.", "propertyOrder" : 10000, "required" : true, "type" : "integer", "exampleValue" : "" }, "responseEncryptionMethod" : { "title" : "Response Encryption Scheme", "description" : "Key exchange method to use for responses: ephemeral elliptic curve Diffie-Hellman (ECDHE)key agreement or using a pre-shared key (PSK) from the subject's JWK Set.", "propertyOrder" : 300, "required" : true, "type" : "string", "exampleValue" : "" }, "subjectJwkSetAttr" : { "title" : "Subject JWK Set Attribute", "description" : "Subject profile attribute that contains a JWK Set of confirmation and encryption keys.", "propertyOrder" : 100, "required" : true, "type" : "string", "exampleValue" : "" }, "enableTlsSessionBinding" : { "title" : "Use TLS Session Binding", "description" : "If enabled the response must arrive in the same TLS (HTTPS) session as the challenge was issued.", "propertyOrder" : 400, "required" : true, "type" : "boolean", "exampleValue" : "" }, "responseEncryptionCipher" : { "title" : "Response Encryption Cipher", "description" : "The authenticated encryption (AEAD) scheme to use for the response.", "propertyOrder" : 350, "required" : true, "type" : "string", "exampleValue" : "" }, "challengeSigningKey" : { "title" : "Challenge Signing Key", "description" : "Name of the key (in the AM keystore) to use to sign challenges.", "propertyOrder" : 200, "required" : true, "type" : "string", "exampleValue" : "" } } } ``` ## Global Operations Resource path: ``` /global-config/authentication/modules/authJwtPoP ``` Resource version: `1.0` ### getAllTypes Obtain the collection of all secondary configuration types related to the resource. **Usage** ``` am> action JwtProofOfPossessionModule --global --actionName getAllTypes ``` ### getCreatableTypes Obtain the collection of secondary configuration types that have yet to be added to the resource. **Usage** ``` am> action JwtProofOfPossessionModule --global --actionName getCreatableTypes ``` ### nextdescendents Obtain the collection of secondary configuration instances that have been added to the resource. **Usage** ``` am> action JwtProofOfPossessionModule --global --actionName nextdescendents ``` ### read **Usage** ``` am> read JwtProofOfPossessionModule --global ``` ### update **Usage** ``` am> update JwtProofOfPossessionModule --global --body body ``` **Parameters** * *\--body* The resource in JSON format, described by the following JSON schema: ```json { "type" : "object", "properties" : { "defaults" : { "properties" : { "authenticationLevel" : { "title" : "Authentication Level", "description" : "The authentication level associated with this module.", "propertyOrder" : 10000, "required" : true, "type" : "integer", "exampleValue" : "" }, "challengeSigningKey" : { "title" : "Challenge Signing Key", "description" : "Name of the key (in the AM keystore) to use to sign challenges.", "propertyOrder" : 200, "required" : true, "type" : "string", "exampleValue" : "" }, "responseEncryptionCipher" : { "title" : "Response Encryption Cipher", "description" : "The authenticated encryption (AEAD) scheme to use for the response.", "propertyOrder" : 350, "required" : true, "type" : "string", "exampleValue" : "" }, "subjectJwkSetAttr" : { "title" : "Subject JWK Set Attribute", "description" : "Subject profile attribute that contains a JWK Set of confirmation and encryption keys.", "propertyOrder" : 100, "required" : true, "type" : "string", "exampleValue" : "" }, "responseEncryptionMethod" : { "title" : "Response Encryption Scheme", "description" : "Key exchange method to use for responses: ephemeral elliptic curve Diffie-Hellman (ECDHE)key agreement or using a pre-shared key (PSK) from the subject's JWK Set.", "propertyOrder" : 300, "required" : true, "type" : "string", "exampleValue" : "" }, "enableTlsSessionBinding" : { "title" : "Use TLS Session Binding", "description" : "If enabled the response must arrive in the same TLS (HTTPS) session as the challenge was issued.", "propertyOrder" : 400, "required" : true, "type" : "boolean", "exampleValue" : "" } }, "type" : "object", "title" : "Realm Defaults" } } } ```