Policy Set will check each registered Resource Types one by one against config datastore if enabled. Consider disabling this option if you have large number of Resource Types registered to a Policy Set.", "propertyOrder" : 2100, "required" : true, "type" : "boolean", "exampleValue" : "" }, "usersBaseDn" : { "title" : "LDAP Users Base DN", "description" : "Base DN for LDAP Users subject searches.", "propertyOrder" : 500, "required" : true, "type" : "string", "exampleValue" : "" }, "usersSearchScope" : { "title" : "LDAP Users Search Scope", "description" : "Search scope to find user entries.", "propertyOrder" : 1100, "required" : true, "type" : "string", "exampleValue" : "" }, "connectionPoolMinimumSize" : { "title" : "LDAP Connection Pool Minimum Size", "description" : "Minimum number of connections in the pool.", "propertyOrder" : 1700, "required" : true, "type" : "integer", "exampleValue" : "" }, "ldapServer" : { "title" : "Primary LDAP Server", "description" : "Configuration directory server host:port that OpenAM searches for policy information.
Format: local OpenAM server name | hostname:port
Multiple entries must be prefixed by local server name. Make sure to place the multiple entries on a single line and separate the hostname:port URLs with a space.
For example, openam.example.com|opendj.example.com:1389 opendj.example.com:2389",
"propertyOrder" : 400,
"required" : true,
"items" : {
"type" : "string"
},
"type" : "array",
"exampleValue" : ""
},
"usersSearchAttribute" : {
"title" : "LDAP Users Search Attribute",
"description" : "Naming attribute for user entries.",
"propertyOrder" : 1300,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"policyHeartbeatTimeUnit" : {
"title" : "Heartbeat Unit",
"description" : "Defines the time unit corresponding to the Heartbeat Interval setting.
Use this option in case a firewall/loadbalancer can close idle connections, since the heartbeat requests will ensure that the connections won't become idle.",
"propertyOrder" : 1850,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"searchTimeout" : {
"title" : "Search Timeout",
"description" : "Time after which OpenAM returns an error for an incomplete search, in seconds.",
"propertyOrder" : 1500,
"required" : true,
"type" : "integer",
"exampleValue" : ""
},
"mtlsEnabled" : {
"title" : "mTLS Enabled",
"description" : "Enables mTLS (mutual TLS) between AM and this store. When mTLS is enabled:
LDAPS. LDAP Bind DN and LDAP Bind Password are ignored.0 prevents OpenAM from caching subject evaluations for policy decisions.",
"propertyOrder" : 1900,
"required" : true,
"type" : "integer",
"exampleValue" : ""
},
"bindPassword" : {
"title" : "LDAP Bind Password",
"description" : "Bind password to connect to the directory server for policy information.This property is ignored if mTLS Enabled is set.",
"propertyOrder" : 800,
"required" : true,
"type" : "string",
"format" : "password",
"exampleValue" : ""
},
"realmSearchFilter" : {
"title" : "LDAP Organization Search Filter",
"description" : "Search filter to match organization entries.",
"propertyOrder" : 900,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"maximumSearchResults" : {
"title" : "Maximum Results Returned from Search",
"description" : "Search limit for LDAP searches.",
"propertyOrder" : 1400,
"required" : true,
"type" : "integer",
"exampleValue" : ""
},
"userAliasEnabled" : {
"title" : "User Alias",
"description" : "If enabled, OpenAM can evaluate policy for remote users aliased to local users.",
"propertyOrder" : 2000,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
}
}
}
```
### delete
**Usage**
```
am> delete PolicyConfiguration --realm Realm
```
### getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
**Usage**
```
am> action PolicyConfiguration --realm Realm --actionName getAllTypes
```
### getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
**Usage**
```
am> action PolicyConfiguration --realm Realm --actionName getCreatableTypes
```
### nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
**Usage**
```
am> action PolicyConfiguration --realm Realm --actionName nextdescendents
```
### read
**Usage**
```
am> read PolicyConfiguration --realm Realm
```
### update
**Usage**
```
am> update PolicyConfiguration --realm Realm --body body
```
**Parameters**
* *\--body*
The resource in JSON format, described by the following JSON schema:
```json
{
"type" : "object",
"properties" : {
"connectionPoolMaximumSize" : {
"title" : "LDAP Connection Pool Maximum Size",
"description" : "Maximum number of connections in the pool.",
"propertyOrder" : 1800,
"required" : true,
"type" : "integer",
"exampleValue" : ""
},
"sslEnabled" : {
"title" : "LDAP SSL/TLS",
"description" : "If enabled, OpenAM connects securely to the directory server. This requires that you install the directory server certificate.",
"propertyOrder" : 1600,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
},
"checkIfResourceTypeExists" : {
"title" : "Check resources exist when Resource Server is updated",
"description" : "Check all registered resources exist when updating Resource Server. Policy Set will check each registered Resource Types one by one against config datastore if enabled. Consider disabling this option if you have large number of Resource Types registered to a Policy Set.", "propertyOrder" : 2100, "required" : true, "type" : "boolean", "exampleValue" : "" }, "usersBaseDn" : { "title" : "LDAP Users Base DN", "description" : "Base DN for LDAP Users subject searches.", "propertyOrder" : 500, "required" : true, "type" : "string", "exampleValue" : "" }, "usersSearchScope" : { "title" : "LDAP Users Search Scope", "description" : "Search scope to find user entries.", "propertyOrder" : 1100, "required" : true, "type" : "string", "exampleValue" : "" }, "connectionPoolMinimumSize" : { "title" : "LDAP Connection Pool Minimum Size", "description" : "Minimum number of connections in the pool.", "propertyOrder" : 1700, "required" : true, "type" : "integer", "exampleValue" : "" }, "ldapServer" : { "title" : "Primary LDAP Server", "description" : "Configuration directory server host:port that OpenAM searches for policy information.
Format: local OpenAM server name | hostname:port
Multiple entries must be prefixed by local server name. Make sure to place the multiple entries on a single line and separate the hostname:port URLs with a space.
For example, openam.example.com|opendj.example.com:1389 opendj.example.com:2389",
"propertyOrder" : 400,
"required" : true,
"items" : {
"type" : "string"
},
"type" : "array",
"exampleValue" : ""
},
"usersSearchAttribute" : {
"title" : "LDAP Users Search Attribute",
"description" : "Naming attribute for user entries.",
"propertyOrder" : 1300,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"policyHeartbeatTimeUnit" : {
"title" : "Heartbeat Unit",
"description" : "Defines the time unit corresponding to the Heartbeat Interval setting.
Use this option in case a firewall/loadbalancer can close idle connections, since the heartbeat requests will ensure that the connections won't become idle.",
"propertyOrder" : 1850,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"searchTimeout" : {
"title" : "Search Timeout",
"description" : "Time after which OpenAM returns an error for an incomplete search, in seconds.",
"propertyOrder" : 1500,
"required" : true,
"type" : "integer",
"exampleValue" : ""
},
"mtlsEnabled" : {
"title" : "mTLS Enabled",
"description" : "Enables mTLS (mutual TLS) between AM and this store. When mTLS is enabled:
LDAPS. LDAP Bind DN and LDAP Bind Password are ignored.0 prevents OpenAM from caching subject evaluations for policy decisions.",
"propertyOrder" : 1900,
"required" : true,
"type" : "integer",
"exampleValue" : ""
},
"bindPassword" : {
"title" : "LDAP Bind Password",
"description" : "Bind password to connect to the directory server for policy information.This property is ignored if mTLS Enabled is set.",
"propertyOrder" : 800,
"required" : true,
"type" : "string",
"format" : "password",
"exampleValue" : ""
},
"realmSearchFilter" : {
"title" : "LDAP Organization Search Filter",
"description" : "Search filter to match organization entries.",
"propertyOrder" : 900,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"maximumSearchResults" : {
"title" : "Maximum Results Returned from Search",
"description" : "Search limit for LDAP searches.",
"propertyOrder" : 1400,
"required" : true,
"type" : "integer",
"exampleValue" : ""
},
"userAliasEnabled" : {
"title" : "User Alias",
"description" : "If enabled, OpenAM can evaluate policy for remote users aliased to local users.",
"propertyOrder" : 2000,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
}
}
}
```
## Global Operations
Resource path:
```
/global-config/services/policyconfiguration
```
Resource version: `1.0`
### getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
**Usage**
```
am> action PolicyConfiguration --global --actionName getAllTypes
```
### getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
**Usage**
```
am> action PolicyConfiguration --global --actionName getCreatableTypes
```
### nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
**Usage**
```
am> action PolicyConfiguration --global --actionName nextdescendents
```
### read
**Usage**
```
am> read PolicyConfiguration --global
```
### update
**Usage**
```
am> update PolicyConfiguration --global --body body
```
**Parameters**
* *\--body*
The resource in JSON format, described by the following JSON schema:
```json
{
"type" : "object",
"properties" : {
"realmAliasReferrals" : {
"title" : "Realm Alias Referrals",
"description" : "If yes, then OpenAM allows creation of policies for HTTP and HTTPS resources whose FQDN matches the DNS alias for the realm even when no referral policy exists.",
"propertyOrder" : 300,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
},
"resourceComparators" : {
"title" : "Resource Comparator",
"description" : "OpenAM uses resource comparators to match resources specified in policy rules. When setting comparators on the command line, separate fields with | characters.",
"propertyOrder" : 100,
"required" : true,
"items" : {
"type" : "string"
},
"type" : "array",
"exampleValue" : ""
},
"continueEvaluationOnDeny" : {
"title" : "Continue Evaluation on Deny Decision",
"description" : "If no, then OpenAM stops evaluating policy as soon as it reaches a deny decision.",
"propertyOrder" : 200,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
},
"defaults" : {
"properties" : {
"usersBaseDn" : {
"title" : "LDAP Users Base DN",
"description" : "Base DN for LDAP Users subject searches.",
"propertyOrder" : 500,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"bindDn" : {
"title" : "LDAP Bind DN",
"description" : "Bind DN to connect to the directory server for policy information.This property is ignored if mTLS Enabled is set.",
"propertyOrder" : 700,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"usersSearchAttribute" : {
"title" : "LDAP Users Search Attribute",
"description" : "Naming attribute for user entries.",
"propertyOrder" : 1300,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"usersSearchScope" : {
"title" : "LDAP Users Search Scope",
"description" : "Search scope to find user entries.",
"propertyOrder" : 1100,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"subjectsResultTTL" : {
"title" : "Subjects Result Time to Live",
"description" : "Maximum time that OpenAM caches a subject result for evaluating policy requests, in minutes. A value of 0 prevents OpenAM from caching subject evaluations for policy decisions.",
"propertyOrder" : 1900,
"required" : true,
"type" : "integer",
"exampleValue" : ""
},
"sslEnabled" : {
"title" : "LDAP SSL/TLS",
"description" : "If enabled, OpenAM connects securely to the directory server. This requires that you install the directory server certificate.",
"propertyOrder" : 1600,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
},
"connectionPoolMinimumSize" : {
"title" : "LDAP Connection Pool Minimum Size",
"description" : "Minimum number of connections in the pool.",
"propertyOrder" : 1700,
"required" : true,
"type" : "integer",
"exampleValue" : ""
},
"ldapServer" : {
"title" : "Primary LDAP Server",
"description" : "Configuration directory server host:port that OpenAM searches for policy information.Format: local OpenAM server name | hostname:port
Multiple entries must be prefixed by local server name. Make sure to place the multiple entries on a single line and separate the hostname:port URLs with a space.
For example, openam.example.com|opendj.example.com:1389 opendj.example.com:2389",
"propertyOrder" : 400,
"required" : true,
"items" : {
"type" : "string"
},
"type" : "array",
"exampleValue" : ""
},
"realmSearchFilter" : {
"title" : "LDAP Organization Search Filter",
"description" : "Search filter to match organization entries.",
"propertyOrder" : 900,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"maximumSearchResults" : {
"title" : "Maximum Results Returned from Search",
"description" : "Search limit for LDAP searches.",
"propertyOrder" : 1400,
"required" : true,
"type" : "integer",
"exampleValue" : ""
},
"policyHeartbeatInterval" : {
"title" : "Heartbeat Interval",
"description" : "Specifies how often should OpenAM send a heartbeat request to the directory.
Use this option in case a firewall/loadbalancer can close idle connections, since the heartbeat requests will ensure that the connections won't become idle.",
"propertyOrder" : 1840,
"required" : true,
"type" : "integer",
"exampleValue" : ""
},
"usersSearchFilter" : {
"title" : "LDAP Users Search Filter",
"description" : "Search filter to match user entries.",
"propertyOrder" : 1000,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"connectionPoolMaximumSize" : {
"title" : "LDAP Connection Pool Maximum Size",
"description" : "Maximum number of connections in the pool.",
"propertyOrder" : 1800,
"required" : true,
"type" : "integer",
"exampleValue" : ""
},
"mtlsEnabled" : {
"title" : "mTLS Enabled",
"description" : "Enables mTLS (mutual TLS) between AM and this store. When mTLS is enabled:
LDAPS. LDAP Bind DN and LDAP Bind Password are ignored.Policy Set will check each registered Resource Types one by one against config datastore if enabled. Consider disabling this option if you have large number of Resource Types registered to a Policy Set.",
"propertyOrder" : 2100,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
},
"bindPassword" : {
"title" : "LDAP Bind Password",
"description" : "Bind password to connect to the directory server for policy information.This property is ignored if mTLS Enabled is set.",
"propertyOrder" : 800,
"required" : true,
"type" : "string",
"format" : "password",
"exampleValue" : ""
},
"policyHeartbeatTimeUnit" : {
"title" : "Heartbeat Unit",
"description" : "Defines the time unit corresponding to the Heartbeat Interval setting.
Use this option in case a firewall/loadbalancer can close idle connections, since the heartbeat requests will ensure that the connections won't become idle.",
"propertyOrder" : 1850,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"userAliasEnabled" : {
"title" : "User Alias",
"description" : "If enabled, OpenAM can evaluate policy for remote users aliased to local users.",
"propertyOrder" : 2000,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
},
"searchTimeout" : {
"title" : "Search Timeout",
"description" : "Time after which OpenAM returns an error for an incomplete search, in seconds.",
"propertyOrder" : 1500,
"required" : true,
"type" : "integer",
"exampleValue" : ""
}
},
"type" : "object",
"title" : "Realm Defaults"
}
}
}
```