PingAM

RADIUSDecision

Realm Operations

Resource path:

/realm-config/authentication/authenticationtrees/nodes/RadiusDecisionNode/1.0

Resource version: 3.0

create

Usage

am> create RADIUSDecision --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "primaryServers" : {
      "title" : "Primary RADIUS Servers",
      "description" : "A list of primary RADIUS servers that will be used for authentication.<br/><br/>For a single entry, specify the IP address or fully qualified domain name of the RADIUS server.Optionally, append the port number to the server name using a colon, e.g. <code>radius.example.com:1812</code>.<br/><br/>If no port number is specified, the default port number 1812 is used.<br/><br/>Multiple entries allow associations between AM servers and RADIUS servers.",
      "propertyOrder" : 100,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    },
    "requireMessageAuthenticator" : {
      "title" : "Require Message-Authenticator attribute",
      "description" : "If enabled, the RADIUS client requires the RADIUS server to include a Message-Authenticator attribute in all its responses. The client also includes a Message-Authenticator attribute in all Access-Request packets it sends to the server.",
      "propertyOrder" : 700,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "secondaryServers" : {
      "title" : "Secondary RADIUS Servers",
      "description" : "A list of secondary RADIUS servers that will be used for authentication, in case the primary servers are unavailable.<br/><br/>For a single entry, specify the IP address or fully qualified domain name of the RADIUS server.Optionally, append the port number to the server name using a colon, e.g. <code>radius.example.com:1812</code>.<br/><br/>If no port number is specified, the default port number 1812 is used.<br/><br/>Multiple entries allow associations between AM servers and RADIUS servers.",
      "propertyOrder" : 200,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    },
    "healthCheckInterval" : {
      "title" : "Health Check Interval",
      "description" : "The interval between checks to unavailable RADIUS servers, in minutes. Determines how often AM checks an offline server's status. The check sends an invalid authentication request to the RADIUS server. Offline servers are not used until the healthcheck is successful. Primary servers that become available are used before secondary servers.",
      "propertyOrder" : 500,
      "type" : "integer",
      "exampleValue" : ""
    },
    "timeout" : {
      "title" : "Timeout",
      "description" : "Period of time in seconds to wait for the RADIUS server response. This sets the <code>SO_TIMEOUT</code> timeout on the RADIUS packet.",
      "propertyOrder" : 400,
      "type" : "integer",
      "exampleValue" : ""
    },
    "checkForLockout" : {
      "title" : "Stop RADIUS binds after lockout",
      "description" : "If enabled, no further bind requests are sent to the RADIUS Server when the user is locked out.",
      "propertyOrder" : 600,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "sharedSecretPurpose" : {
      "title" : "RADIUS Shared Secret Label Identifier",
      "description" : "Identifier used to create a secret label for mapping to a secret in a secret store. <br>AM uses this identifier to create a specific secret label for this node. The secret label takes the form <code>am.authentication.nodes.radius.{{identifier}}.secret</code> where {{identifier}} is the value of RADIUS Shared Secret Label Identifier. The identifier can only contain characters {{a-z}} {{A-Z}} {{0-9}} {{.}} and cannot start or end with {{.}}.",
      "propertyOrder" : 300,
      "type" : "string",
      "exampleValue" : ""
    }
  },
  "required" : [ "primaryServers", "requireMessageAuthenticator", "secondaryServers", "healthCheckInterval", "timeout", "checkForLockout" ]
}

delete

Usage

am> delete RADIUSDecision --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

getType

List information related to the node such as a name, description, tags and metadata.

Usage

am> action RADIUSDecision --realm Realm --actionName getType

getUpgradedConfig

Get the upgraded configuration for the node type.

Usage

am> action RADIUSDecision --realm Realm --body body --actionName getUpgradedConfig --targetVersion targetVersion

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "title" : "The current configuration of the node type."
}
--targetVersion

=== listOutcomes

List the available outcomes for the node type.

Usage

am> action RADIUSDecision --realm Realm --body body --actionName listOutcomes

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "description" : "Some configuration of the node. This does not need to be complete against the configuration schema.",
  "type" : "object",
  "title" : "Node configuration"
}

query

Get the full list of instances of this collection. This query only supports _queryFilter=true filter.

Usage

am> query RADIUSDecision --realm Realm --filter filter

Parameters

--filter

A CREST formatted query filter, where "true" will query all.

read

Usage

am> read RADIUSDecision --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

update

Usage

am> update RADIUSDecision --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "primaryServers" : {
      "title" : "Primary RADIUS Servers",
      "description" : "A list of primary RADIUS servers that will be used for authentication.<br/><br/>For a single entry, specify the IP address or fully qualified domain name of the RADIUS server.Optionally, append the port number to the server name using a colon, e.g. <code>radius.example.com:1812</code>.<br/><br/>If no port number is specified, the default port number 1812 is used.<br/><br/>Multiple entries allow associations between AM servers and RADIUS servers.",
      "propertyOrder" : 100,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    },
    "requireMessageAuthenticator" : {
      "title" : "Require Message-Authenticator attribute",
      "description" : "If enabled, the RADIUS client requires the RADIUS server to include a Message-Authenticator attribute in all its responses. The client also includes a Message-Authenticator attribute in all Access-Request packets it sends to the server.",
      "propertyOrder" : 700,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "secondaryServers" : {
      "title" : "Secondary RADIUS Servers",
      "description" : "A list of secondary RADIUS servers that will be used for authentication, in case the primary servers are unavailable.<br/><br/>For a single entry, specify the IP address or fully qualified domain name of the RADIUS server.Optionally, append the port number to the server name using a colon, e.g. <code>radius.example.com:1812</code>.<br/><br/>If no port number is specified, the default port number 1812 is used.<br/><br/>Multiple entries allow associations between AM servers and RADIUS servers.",
      "propertyOrder" : 200,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    },
    "healthCheckInterval" : {
      "title" : "Health Check Interval",
      "description" : "The interval between checks to unavailable RADIUS servers, in minutes. Determines how often AM checks an offline server's status. The check sends an invalid authentication request to the RADIUS server. Offline servers are not used until the healthcheck is successful. Primary servers that become available are used before secondary servers.",
      "propertyOrder" : 500,
      "type" : "integer",
      "exampleValue" : ""
    },
    "timeout" : {
      "title" : "Timeout",
      "description" : "Period of time in seconds to wait for the RADIUS server response. This sets the <code>SO_TIMEOUT</code> timeout on the RADIUS packet.",
      "propertyOrder" : 400,
      "type" : "integer",
      "exampleValue" : ""
    },
    "checkForLockout" : {
      "title" : "Stop RADIUS binds after lockout",
      "description" : "If enabled, no further bind requests are sent to the RADIUS Server when the user is locked out.",
      "propertyOrder" : 600,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "sharedSecretPurpose" : {
      "title" : "RADIUS Shared Secret Label Identifier",
      "description" : "Identifier used to create a secret label for mapping to a secret in a secret store. <br>AM uses this identifier to create a specific secret label for this node. The secret label takes the form <code>am.authentication.nodes.radius.{{identifier}}.secret</code> where {{identifier}} is the value of RADIUS Shared Secret Label Identifier. The identifier can only contain characters {{a-z}} {{A-Z}} {{0-9}} {{.}} and cannot start or end with {{.}}.",
      "propertyOrder" : 300,
      "type" : "string",
      "exampleValue" : ""
    }
  },
  "required" : [ "primaryServers", "requireMessageAuthenticator", "secondaryServers", "healthCheckInterval", "timeout", "checkForLockout" ]
}

versionInfo

List the versions available for the node type.

Usage

am> action RADIUSDecision --realm Realm --actionName versionInfo