KerberosNode
Realm Operations
Resource path:
/realm-config/authentication/authenticationtrees/nodes/product-KerberosNode/1.0
Resource version: 3.0
create
Usage
am> create KerberosNode --realm Realm --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "trustedKerberosRealms" : { "title" : "Trusted Kerberos realms", "description" : "List of Trusted Kerberos Realms for User Kerberos tickets.", "propertyOrder" : 500, "items" : { "type" : "string" }, "minItems" : 1, "type" : "array", "exampleValue" : "" }, "returnPrincipalWithDomainName" : { "title" : "Return Principal with Domain Name", "description" : "Returns the fully qualified name of the authenticated user rather than just the username.", "propertyOrder" : 600, "type" : "boolean", "exampleValue" : "" }, "kerberosRealm" : { "title" : "Kerberos Realm", "description" : "The name of the Kerberos (Active Directory) realm used for authentication.", "propertyOrder" : 300, "type" : "string", "exampleValue" : "" }, "kerberosServerName" : { "title" : "Kerberos Server Name", "description" : "The hostname/IP address of the Kerberos (Active Directory) server.", "propertyOrder" : 400, "type" : "string", "exampleValue" : "" }, "kerberosServiceIsInitiator" : { "title" : "Is Initiator", "description" : "True, if initiator. False, if acceptor only. Default is True.", "propertyOrder" : 800, "type" : "boolean", "exampleValue" : "" }, "keytabFileName" : { "title" : "Key Tab File Path", "description" : "The absolute pathname of the AD keytab file.", "propertyOrder" : 200, "type" : "string", "exampleValue" : "" }, "lookupUserInRealm" : { "title" : "Lookup User In Realm", "description" : "Validate that the user has a matched user profile configured in the data store.", "propertyOrder" : 700, "type" : "boolean", "exampleValue" : "" }, "principalName" : { "title" : "Service Principal", "description" : "The name of the Kerberos principal used during authentication. The format of the field is as follows:<br/><br/><code>HTTP/openam.forgerock.com@AD_DOMAIN.COM</code>", "propertyOrder" : 100, "type" : "string", "exampleValue" : "" } }, "required" : [ "trustedKerberosRealms", "returnPrincipalWithDomainName", "kerberosRealm", "kerberosServerName", "kerberosServiceIsInitiator", "keytabFileName", "lookupUserInRealm", "principalName" ] }
delete
Usage
am> delete KerberosNode --realm Realm --id id
Parameters
- --id
-
The unique identifier for the resource.
getType
List information related to the node such as a name, description, tags and metadata.
Usage
am> action KerberosNode --realm Realm --actionName getType
getUpgradedConfig
Get the upgraded configuration for the node type.
Usage
am> action KerberosNode --realm Realm --body body --actionName getUpgradedConfig --targetVersion targetVersion
Parameters
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "title" : "The current configuration of the node type." } - --targetVersion
-
=== listOutcomes
List the available outcomes for the node type.
Usage
am> action KerberosNode --realm Realm --body body --actionName listOutcomes
Parameters
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "description" : "Some configuration of the node. This does not need to be complete against the configuration schema.", "type" : "object", "title" : "Node configuration" }
query
Get the full list of instances of this collection. This query only supports _queryFilter=true filter.
Usage
am> query KerberosNode --realm Realm --filter filter
Parameters
- --filter
-
A CREST formatted query filter, where "true" will query all.
read
Usage
am> read KerberosNode --realm Realm --id id
Parameters
- --id
-
The unique identifier for the resource.
update
Usage
am> update KerberosNode --realm Realm --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "trustedKerberosRealms" : { "title" : "Trusted Kerberos realms", "description" : "List of Trusted Kerberos Realms for User Kerberos tickets.", "propertyOrder" : 500, "items" : { "type" : "string" }, "minItems" : 1, "type" : "array", "exampleValue" : "" }, "returnPrincipalWithDomainName" : { "title" : "Return Principal with Domain Name", "description" : "Returns the fully qualified name of the authenticated user rather than just the username.", "propertyOrder" : 600, "type" : "boolean", "exampleValue" : "" }, "kerberosRealm" : { "title" : "Kerberos Realm", "description" : "The name of the Kerberos (Active Directory) realm used for authentication.", "propertyOrder" : 300, "type" : "string", "exampleValue" : "" }, "kerberosServerName" : { "title" : "Kerberos Server Name", "description" : "The hostname/IP address of the Kerberos (Active Directory) server.", "propertyOrder" : 400, "type" : "string", "exampleValue" : "" }, "kerberosServiceIsInitiator" : { "title" : "Is Initiator", "description" : "True, if initiator. False, if acceptor only. Default is True.", "propertyOrder" : 800, "type" : "boolean", "exampleValue" : "" }, "keytabFileName" : { "title" : "Key Tab File Path", "description" : "The absolute pathname of the AD keytab file.", "propertyOrder" : 200, "type" : "string", "exampleValue" : "" }, "lookupUserInRealm" : { "title" : "Lookup User In Realm", "description" : "Validate that the user has a matched user profile configured in the data store.", "propertyOrder" : 700, "type" : "boolean", "exampleValue" : "" }, "principalName" : { "title" : "Service Principal", "description" : "The name of the Kerberos principal used during authentication. The format of the field is as follows:<br/><br/><code>HTTP/openam.forgerock.com@AD_DOMAIN.COM</code>", "propertyOrder" : 100, "type" : "string", "exampleValue" : "" } }, "required" : [ "trustedKerberosRealms", "returnPrincipalWithDomainName", "kerberosRealm", "kerberosServerName", "kerberosServiceIsInitiator", "keytabFileName", "lookupUserInRealm", "principalName" ] }