---
title: LegacyUserSelfService
description: Resource path:
component: pingam
version: 8.1
page_id: pingam:entity-reference:sec-amster-entity-legacyuserselfservice
canonical_url: https://docs.pingidentity.com/pingam/8.1/entity-reference/sec-amster-entity-legacyuserselfservice.html
section_ids:
  sec-amster-entity-legacyuserselfservice-realm-ops: Realm Operations
  sec-amster-entity-legacyuserselfservice-realm-ops-create: create
  sec-amster-entity-legacyuserselfservice-realm-ops-delete: delete
  sec-amster-entity-legacyuserselfservice-realm-ops-getalltypes: getAllTypes
  sec-amster-entity-legacyuserselfservice-realm-ops-getcreatabletypes: getCreatableTypes
  sec-amster-entity-legacyuserselfservice-realm-ops-nextdescendents: nextdescendents
  sec-amster-entity-legacyuserselfservice-realm-ops-read: read
  sec-amster-entity-legacyuserselfservice-realm-ops-update: update
  sec-amster-entity-legacyuserselfservice-global-ops: Global Operations
  sec-amster-entity-legacyuserselfservice-global-ops-getalltypes: getAllTypes
  sec-amster-entity-legacyuserselfservice-global-ops-getcreatabletypes: getCreatableTypes
  sec-amster-entity-legacyuserselfservice-global-ops-nextdescendents: nextdescendents
  sec-amster-entity-legacyuserselfservice-global-ops-read: read
  sec-amster-entity-legacyuserselfservice-global-ops-update: update
---

# LegacyUserSelfService

## Realm Operations

Resource path:

```
/realm-config/services/security
```

Resource version: `0.0`

### create

**Usage**

```
am> create LegacyUserSelfService --realm Realm --body body
```

**Parameters**

* *\--body*

  The resource in JSON format, described by the following JSON schema:

  ```json
  {
    "type" : "object",
    "properties" : {
      "selfRegistrationEnabled" : {
        "title" : "Self-Registration for Users",
        "description" : "If enabled, new users can sign up using a REST API client.",
        "propertyOrder" : 200,
        "required" : true,
        "type" : "boolean",
        "exampleValue" : ""
      },
      "forgotPasswordEnabled" : {
        "title" : "Forgot Password for Users",
        "description" : "If enabled, users can assign themselves a new password using a REST API client.",
        "propertyOrder" : 500,
        "required" : true,
        "type" : "boolean",
        "exampleValue" : ""
      },
      "forgotPasswordTokenLifetime" : {
        "title" : "Forgot Password Token Lifetime (seconds)",
        "description" : "Maximum life time for the token that allows a user to process a forgotten password using the REST API.",
        "propertyOrder" : 600,
        "required" : true,
        "type" : "integer",
        "exampleValue" : ""
      },
      "selfServiceEnabled" : {
        "title" : "Legacy Self-Service REST Endpoint",
        "description" : "Specify whether to enable the legacy self-service endpoint.<p>OpenAM supports two User Self-Service components: the Legacy User Self-Service, which is based on a Java SDK and is available in OpenAM versions prior to OpenAM 13, and a common REST-based/XUI-based User Self-Service available in OpenAM 13 and later.<p>The Legacy User Self-Service will be deprecated in a future release.",
        "propertyOrder" : 100,
        "required" : true,
        "type" : "boolean",
        "exampleValue" : ""
      },
      "forgotPasswordConfirmationUrl" : {
        "title" : "Forgot Password Confirmation Email URL",
        "description" : "This page handles the HTTP GET request when the user clicks the link sent by email in the confirmation request.",
        "propertyOrder" : 700,
        "required" : true,
        "type" : "string",
        "exampleValue" : ""
      },
      "confirmationIdHmacKey" : {
        "title" : "Confirmation Id HMAC Signing Key",
        "description" : "256-bit key (base64-encoded) to use for HMAC signing of the legacy self-service confirmation email links.",
        "propertyOrder" : 1000,
        "required" : true,
        "type" : "string",
        "exampleValue" : ""
      },
      "selfRegistrationConfirmationUrl" : {
        "title" : "Self-Registration Confirmation Email URL",
        "description" : "This page handles the HTTP GET request when the user clicks the link sent by email in the confirmation request.",
        "propertyOrder" : 400,
        "required" : true,
        "type" : "string",
        "exampleValue" : ""
      },
      "userRegisteredDestination" : {
        "title" : "Destination After Successful Self-Registration",
        "description" : "Specifies the behavior when self-registration has successfully completed.",
        "propertyOrder" : 800,
        "required" : true,
        "type" : "string",
        "exampleValue" : ""
      },
      "selfRegistrationTokenLifetime" : {
        "title" : "Self-Registration Token LifeTime (seconds)",
        "description" : "Maximum life time for the token allowing User Self-Registration using the REST API.",
        "propertyOrder" : 300,
        "required" : true,
        "type" : "integer",
        "exampleValue" : ""
      },
      "protectedUserAttributes" : {
        "title" : "Protected User Attributes",
        "description" : "A list of user profile attributes. Users modifying any of the attributes in this list will be required to enter a password as confirmation before the change is accepted. This option applies to XUI deployments only.",
        "propertyOrder" : 900,
        "required" : true,
        "items" : {
          "type" : "string"
        },
        "type" : "array",
        "exampleValue" : ""
      }
    }
  }
  ```

### delete

**Usage**

```
am> delete LegacyUserSelfService --realm Realm
```

### getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

**Usage**

```
am> action LegacyUserSelfService --realm Realm --actionName getAllTypes
```

### getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

**Usage**

```
am> action LegacyUserSelfService --realm Realm --actionName getCreatableTypes
```

### nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

**Usage**

```
am> action LegacyUserSelfService --realm Realm --actionName nextdescendents
```

### read

**Usage**

```
am> read LegacyUserSelfService --realm Realm
```

### update

**Usage**

```
am> update LegacyUserSelfService --realm Realm --body body
```

**Parameters**

* *\--body*

  The resource in JSON format, described by the following JSON schema:

  ```json
  {
    "type" : "object",
    "properties" : {
      "selfRegistrationEnabled" : {
        "title" : "Self-Registration for Users",
        "description" : "If enabled, new users can sign up using a REST API client.",
        "propertyOrder" : 200,
        "required" : true,
        "type" : "boolean",
        "exampleValue" : ""
      },
      "forgotPasswordEnabled" : {
        "title" : "Forgot Password for Users",
        "description" : "If enabled, users can assign themselves a new password using a REST API client.",
        "propertyOrder" : 500,
        "required" : true,
        "type" : "boolean",
        "exampleValue" : ""
      },
      "forgotPasswordTokenLifetime" : {
        "title" : "Forgot Password Token Lifetime (seconds)",
        "description" : "Maximum life time for the token that allows a user to process a forgotten password using the REST API.",
        "propertyOrder" : 600,
        "required" : true,
        "type" : "integer",
        "exampleValue" : ""
      },
      "selfServiceEnabled" : {
        "title" : "Legacy Self-Service REST Endpoint",
        "description" : "Specify whether to enable the legacy self-service endpoint.<p>OpenAM supports two User Self-Service components: the Legacy User Self-Service, which is based on a Java SDK and is available in OpenAM versions prior to OpenAM 13, and a common REST-based/XUI-based User Self-Service available in OpenAM 13 and later.<p>The Legacy User Self-Service will be deprecated in a future release.",
        "propertyOrder" : 100,
        "required" : true,
        "type" : "boolean",
        "exampleValue" : ""
      },
      "forgotPasswordConfirmationUrl" : {
        "title" : "Forgot Password Confirmation Email URL",
        "description" : "This page handles the HTTP GET request when the user clicks the link sent by email in the confirmation request.",
        "propertyOrder" : 700,
        "required" : true,
        "type" : "string",
        "exampleValue" : ""
      },
      "confirmationIdHmacKey" : {
        "title" : "Confirmation Id HMAC Signing Key",
        "description" : "256-bit key (base64-encoded) to use for HMAC signing of the legacy self-service confirmation email links.",
        "propertyOrder" : 1000,
        "required" : true,
        "type" : "string",
        "exampleValue" : ""
      },
      "selfRegistrationConfirmationUrl" : {
        "title" : "Self-Registration Confirmation Email URL",
        "description" : "This page handles the HTTP GET request when the user clicks the link sent by email in the confirmation request.",
        "propertyOrder" : 400,
        "required" : true,
        "type" : "string",
        "exampleValue" : ""
      },
      "userRegisteredDestination" : {
        "title" : "Destination After Successful Self-Registration",
        "description" : "Specifies the behavior when self-registration has successfully completed.",
        "propertyOrder" : 800,
        "required" : true,
        "type" : "string",
        "exampleValue" : ""
      },
      "selfRegistrationTokenLifetime" : {
        "title" : "Self-Registration Token LifeTime (seconds)",
        "description" : "Maximum life time for the token allowing User Self-Registration using the REST API.",
        "propertyOrder" : 300,
        "required" : true,
        "type" : "integer",
        "exampleValue" : ""
      },
      "protectedUserAttributes" : {
        "title" : "Protected User Attributes",
        "description" : "A list of user profile attributes. Users modifying any of the attributes in this list will be required to enter a password as confirmation before the change is accepted. This option applies to XUI deployments only.",
        "propertyOrder" : 900,
        "required" : true,
        "items" : {
          "type" : "string"
        },
        "type" : "array",
        "exampleValue" : ""
      }
    }
  }
  ```

## Global Operations

Resource path:

```
/global-config/services/security
```

Resource version: `1.0`

### getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

**Usage**

```
am> action LegacyUserSelfService --global --actionName getAllTypes
```

### getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

**Usage**

```
am> action LegacyUserSelfService --global --actionName getCreatableTypes
```

### nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

**Usage**

```
am> action LegacyUserSelfService --global --actionName nextdescendents
```

### read

**Usage**

```
am> read LegacyUserSelfService --global
```

### update

**Usage**

```
am> update LegacyUserSelfService --global --body body
```

**Parameters**

* *\--body*

  The resource in JSON format, described by the following JSON schema:

  ```json
  {
    "type" : "object",
    "properties" : {
      "defaults" : {
        "properties" : {
          "protectedUserAttributes" : {
            "title" : "Protected User Attributes",
            "description" : "A list of user profile attributes. Users modifying any of the attributes in this list will be required to enter a password as confirmation before the change is accepted. This option applies to XUI deployments only.",
            "propertyOrder" : 900,
            "required" : true,
            "items" : {
              "type" : "string"
            },
            "type" : "array",
            "exampleValue" : ""
          },
          "forgotPasswordEnabled" : {
            "title" : "Forgot Password for Users",
            "description" : "If enabled, users can assign themselves a new password using a REST API client.",
            "propertyOrder" : 500,
            "required" : true,
            "type" : "boolean",
            "exampleValue" : ""
          },
          "selfRegistrationEnabled" : {
            "title" : "Self-Registration for Users",
            "description" : "If enabled, new users can sign up using a REST API client.",
            "propertyOrder" : 200,
            "required" : true,
            "type" : "boolean",
            "exampleValue" : ""
          },
          "userRegisteredDestination" : {
            "title" : "Destination After Successful Self-Registration",
            "description" : "Specifies the behavior when self-registration has successfully completed.",
            "propertyOrder" : 800,
            "required" : true,
            "type" : "string",
            "exampleValue" : ""
          },
          "selfRegistrationTokenLifetime" : {
            "title" : "Self-Registration Token LifeTime (seconds)",
            "description" : "Maximum life time for the token allowing User Self-Registration using the REST API.",
            "propertyOrder" : 300,
            "required" : true,
            "type" : "integer",
            "exampleValue" : ""
          },
          "selfServiceEnabled" : {
            "title" : "Legacy Self-Service REST Endpoint",
            "description" : "Specify whether to enable the legacy self-service endpoint.<p>OpenAM supports two User Self-Service components: the Legacy User Self-Service, which is based on a Java SDK and is available in OpenAM versions prior to OpenAM 13, and a common REST-based/XUI-based User Self-Service available in OpenAM 13 and later.<p>The Legacy User Self-Service will be deprecated in a future release.",
            "propertyOrder" : 100,
            "required" : true,
            "type" : "boolean",
            "exampleValue" : ""
          },
          "confirmationIdHmacKey" : {
            "title" : "Confirmation Id HMAC Signing Key",
            "description" : "256-bit key (base64-encoded) to use for HMAC signing of the legacy self-service confirmation email links.",
            "propertyOrder" : 1000,
            "required" : true,
            "type" : "string",
            "exampleValue" : ""
          },
          "forgotPasswordTokenLifetime" : {
            "title" : "Forgot Password Token Lifetime (seconds)",
            "description" : "Maximum life time for the token that allows a user to process a forgotten password using the REST API.",
            "propertyOrder" : 600,
            "required" : true,
            "type" : "integer",
            "exampleValue" : ""
          },
          "selfRegistrationConfirmationUrl" : {
            "title" : "Self-Registration Confirmation Email URL",
            "description" : "This page handles the HTTP GET request when the user clicks the link sent by email in the confirmation request.",
            "propertyOrder" : 400,
            "required" : true,
            "type" : "string",
            "exampleValue" : ""
          },
          "forgotPasswordConfirmationUrl" : {
            "title" : "Forgot Password Confirmation Email URL",
            "description" : "This page handles the HTTP GET request when the user clicks the link sent by email in the confirmation request.",
            "propertyOrder" : 700,
            "required" : true,
            "type" : "string",
            "exampleValue" : ""
          }
        },
        "type" : "object",
        "title" : "Realm Defaults"
      }
    }
  }
  ```