UserSelfService
Realm Operations
Resource path:
/realm-config/services/selfService
Resource version: 0.0
create
Usage
am> create UserSelfService --realm Realm --body body
Parameters
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "generalConfig" : { "type" : "object", "title" : "General Configuration", "propertyOrder" : 0, "properties" : { "minimumAnswersToDefine" : { "title" : "Minimum Answers to Define", "description" : "Specifies the minimum number of KBA answers that users must define.", "propertyOrder" : 60, "required" : false, "type" : "integer", "exampleValue" : "" }, "captchaSecretKey" : { "title" : "Google reCAPTCHA Secret Key", "description" : "Google reCAPTCHA plugin secret key.", "propertyOrder" : 30, "required" : false, "type" : "string", "exampleValue" : "" }, "validQueryAttributes" : { "title" : "Valid Query Attributes", "description" : "Specifies the valid query attributes used to search for the user. This is a list of attributes used to identify your account for forgotten password and forgotten username.", "propertyOrder" : 80, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "encryptionKeyPairAlias" : { "title" : "Encryption Key Pair Alias", "description" : "An encryption key alias in the OpenAM server's JCEKS keystore. Used to encrypt the JWT token that OpenAM uses to track end users during User Self-Service operations.", "propertyOrder" : 5, "required" : false, "type" : "string", "exampleValue" : "selfserviceenctest" }, "kbaQuestions" : { "title" : "Security Questions", "description" : "Specifies the default set of knowledge-based authentication (KBA) security questions. The security questions can be set for the User Self-Registration, forgotten password reset, and forgotten username services, respectively.<p><p>Format is <code>unique key|locale|question</code>.", "propertyOrder" : 50, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "captchaVerificationUrl" : { "title" : "Google Re-captcha Verification URL", "description" : "Google reCAPTCHA plugin verification URL.", "propertyOrder" : 40, "required" : false, "type" : "string", "exampleValue" : "" }, "signingSecretKeyAlias" : { "title" : "Signing Secret Key Alias", "description" : "A signing secret key alias in the OpenAM server's JCEKS keystore. Used to sign the JWT token that OpenAM uses to track end users during User Self-Service operations.", "propertyOrder" : 10, "required" : false, "type" : "string", "exampleValue" : "selfservicesigntest" }, "useSecretStore" : { "title" : "Use Secret Store", "description" : "If enabled, self-service operations use the AM secret store to retrieve signing and encryption keys for snapshot tokens, and ignore the values set in the Signing Secret Key Alias and Encryption Key Pair Alias properties. Configure the following secret IDs in the secret store before enabling this option: <code>am.services.selfservice.token.encryption</code> and <code>am.services.selfservice.token.signing</code>. If disabled, self-service operations use the configured legacy key aliases.", "propertyOrder" : 0, "required" : true, "type" : "boolean", "exampleValue" : "" }, "captchaSiteKey" : { "title" : "Google reCAPTCHA Site Key", "description" : "Google reCAPTCHA plugin site key.", "propertyOrder" : 20, "required" : false, "type" : "string", "exampleValue" : "" }, "minimumAnswersToVerify" : { "title" : "Minimum Answers to Verify", "description" : "Specifies the minimum number of KBA questions that users need to answer to be granted the privilege to carry out an action, such as registering for an account, resetting a password, or retrieving a username. Specify a value from <code>0</code> to <code>50</code>.", "propertyOrder" : 70, "required" : false, "type" : "integer", "exampleValue" : "" } } }, "userRegistration" : { "type" : "object", "title" : "User Registration", "propertyOrder" : 1, "properties" : { "userRegistrationKbaEnabled" : { "title" : "Security Questions", "description" : "If enabled, users must set up their security questions during the self-registration process.", "propertyOrder" : 120, "required" : false, "type" : "boolean", "exampleValue" : "" }, "userRegistrationEmailVerificationEnabled" : { "title" : "Email Verification", "description" : "If enabled, users who self-register must perform email address verification.", "propertyOrder" : 110, "required" : false, "type" : "boolean", "exampleValue" : "" }, "userRegistrationEnabled" : { "title" : "User Registration", "description" : "If enabled, new users can sign up for an account.", "propertyOrder" : 90, "required" : true, "type" : "boolean", "exampleValue" : "" }, "userRegistrationTokenTTL" : { "title" : "Token Lifetime (seconds)", "description" : "Maximum lifetime of the token allowing User Self-Registration, in seconds.", "propertyOrder" : 130, "required" : false, "type" : "integer", "exampleValue" : "" }, "userRegistrationValidUserAttributes" : { "title" : "Valid Creation Attributes", "description" : "Specifies a whitelist of user attributes that can be set during user creation.", "propertyOrder" : 160, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "userRegisteredDestination" : { "title" : "Destination After Successful Self-Registration", "description" : "Specifies the action to be taken after a user successfully registers a new account. Choose from:<ul><li><code>default</code>. User is sent to a success page without being logged in.</li><li><code>login</code>. User is sent to the login page to authenticate.</li><li><code>autologin</code>. User is automatically logged in and sent to the appropriate page.</li></ul>", "propertyOrder" : 161, "required" : true, "type" : "string", "exampleValue" : "" }, "userRegistrationEmailVerificationFirstEnabled" : { "title" : "Verify Email before User Detail", "description" : "If enabled, email address verification will be performed first before user details screen is displayed. This will take effect only if Verify Email is enabled.", "propertyOrder" : 105, "required" : false, "type" : "boolean", "exampleValue" : "" }, "userRegistrationEmailSubject" : { "title" : "Outgoing Email Subject", "description" : "Customize the User Self-Registration verification email subject text. Format is <code>locale|subject text</code>.", "propertyOrder" : 140, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "userRegistrationCaptchaEnabled" : { "title" : "Captcha", "description" : "If enabled, users must pass a Google reCAPTCHA challenge during user self-registration to mitigate against software bots.", "propertyOrder" : 100, "required" : false, "type" : "boolean", "exampleValue" : "" }, "userRegistrationEmailBody" : { "title" : "Outgoing Email Body", "description" : "Customize the User Self-Registration verification email body text. Format is: <code>locale|body text</code>.", "propertyOrder" : 150, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" } } }, "forgottenUsername" : { "type" : "object", "title" : "Forgotten Username", "propertyOrder" : 3, "properties" : { "forgottenUsernameShowUsernameEnabled" : { "title" : "Show Username", "description" : "If enabled, users see their forgotten username on the browser page.", "propertyOrder" : 280, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenUsernameEmailUsernameEnabled" : { "title" : "Email Username", "description" : "If enabled, users receive their forgotten username by email.", "propertyOrder" : 270, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenUsernameKbaEnabled" : { "title" : "Security Questions", "description" : "If enabled, users must answer their security questions during the forgotten username process.", "propertyOrder" : 260, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenUsernameEmailSubject" : { "title" : "Outgoing Email Subject", "description" : "Customizes the forgotten username email subject text. Format is <code>locale|subject text</code>.", "propertyOrder" : 300, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "forgottenUsernameCaptchaEnabled" : { "title" : "Captcha", "description" : "If enabled, users must pass a Google reCAPTCHA challenge during the forgotten username retrieval process to mitigate against software bots.", "propertyOrder" : 250, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenUsernameEnabled" : { "title" : "Forgotten Username", "description" : "If enabled, users can retrieve their forgotten username.", "propertyOrder" : 240, "required" : true, "type" : "boolean", "exampleValue" : "" }, "forgottenUsernameEmailBody" : { "title" : "Outgoing Email Body", "description" : "Customizes the forgotten username email body text. Format is <code>locale|body text</code>.", "propertyOrder" : 310, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "forgottenUsernameTokenTTL" : { "title" : "Token LifeTime (seconds)", "description" : "Maximum lifetime for the token allowing forgotten username, in seconds.", "propertyOrder" : 290, "required" : false, "type" : "integer", "exampleValue" : "" } } }, "advancedConfig" : { "type" : "object", "title" : "Advanced Configuration", "propertyOrder" : 5, "properties" : { "userRegistrationConfirmationUrl" : { "title" : "User Registration Confirmation Email URL", "description" : "Specifies the confirmation URL that the user receives during the self-registration process. The <code>${realm}</code> string is replaced with the current realm.", "propertyOrder" : 330, "required" : false, "type" : "string", "exampleValue" : "" }, "forgottenPasswordServiceConfigClass" : { "title" : "Forgotten Password Service Config Provider Class", "description" : "Specifies the provider class to configure any custom plugins.", "propertyOrder" : 360, "required" : false, "type" : "string", "exampleValue" : "" }, "forgottenUsernameServiceConfigClass" : { "title" : "Forgotten Username Service Config Provider Class", "description" : "Specifies the provider class to configure any custom plugins.", "propertyOrder" : 370, "required" : false, "type" : "string", "exampleValue" : "" }, "userRegistrationServiceConfigClass" : { "title" : "User Registration Service Config Provider Class", "description" : "Specifies the provider class to configure any custom plugins.", "propertyOrder" : 350, "required" : false, "type" : "string", "exampleValue" : "" }, "forgottenPasswordConfirmationUrl" : { "title" : "Forgotten Password Confirmation Email URL", "description" : "Specifies the confirmation URL that the user receives after confirming their identity during the forgotten password process. The <code>${realm}</code> string is replaced with the current realm.", "propertyOrder" : 340, "required" : false, "type" : "string", "exampleValue" : "" } } }, "profileManagement" : { "type" : "object", "title" : "Profile Management", "propertyOrder" : 4, "properties" : { "profileAttributeWhitelist" : { "title" : "Self readable attributes", "description" : "Specifies the list of attributes that users can view when accessing their user profile.", "propertyOrder" : 325, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "profileProtectedUserAttributes" : { "title" : "Protected Update Attributes", "description" : "Specifies a profile's protected user attributes, which causes re-authentication when the user attempts to modify these attributes.", "propertyOrder" : 320, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" } } }, "forgottenPassword" : { "type" : "object", "title" : "Forgotten Password", "propertyOrder" : 2, "properties" : { "forgottenPasswordEmailSubject" : { "title" : "Outgoing Email Subject", "description" : "Customize the forgotten password email subject text. Format is <code>locale|subject text</code>.", "propertyOrder" : 220, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "forgottenPasswordEmailBody" : { "title" : "Outgoing Email Body", "description" : "Customize the forgotten password email body text. Format is <code>locale|body text</code>.", "propertyOrder" : 230, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "numberOfAllowedAttempts" : { "title" : "Lock Out After number of attempts", "description" : "Can be set to 1 or more attempts for a user to correctly answer all their security questions. After the number of configured attempts the user has not correctly answered them the password reset feature will be disabled.", "propertyOrder" : 202, "required" : false, "type" : "integer", "exampleValue" : "" }, "forgottenPasswordEmailVerificationEnabled" : { "title" : "Email Verification", "description" : "If enabled, users who reset passwords must perform email address verification.", "propertyOrder" : 190, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenPasswordKbaEnabled" : { "title" : "Security Questions", "description" : "If enabled, users must answer their security questions during the forgotten password process.", "propertyOrder" : 200, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenPasswordTokenTTL" : { "title" : "Token Lifetime (seconds)", "description" : "Maximum lifetime for the token allowing forgotten password reset, in seconds.<p><p>Specify a value from <code>0</code> to <code>2147483647</code>.", "propertyOrder" : 210, "required" : false, "type" : "integer", "exampleValue" : "" }, "forgottenPasswordTokenPaddingLength" : { "title" : "Token Padding Length (bytes)", "description" : "Desired length of the 'state' parameter in the JWT after padding. This should be greater than the highest possible sum of lengths for a username + userId + email to avoid the possibility of account enumeration based on the JWT length.", "propertyOrder" : 215, "required" : false, "type" : "integer", "exampleValue" : "" }, "forgottenPasswordEnabled" : { "title" : "Forgotten Password", "description" : "If enabled, users can reset their forgotten password.", "propertyOrder" : 170, "required" : true, "type" : "boolean", "exampleValue" : "" }, "numberOfAttemptsEnforced" : { "title" : "Enforce password reset lockout", "description" : "If enabled, users will be prevented from resetting their password after the configured number of failed attempts.", "propertyOrder" : 201, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenPasswordCaptchaEnabled" : { "title" : "Captcha", "description" : "If enabled, users must pass a Google reCAPTCHA challenge during password reset to mitigate against software bots.", "propertyOrder" : 180, "required" : false, "type" : "boolean", "exampleValue" : "" } } } } }
getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
Usage
am> action UserSelfService --realm Realm --actionName getAllTypes
getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
Usage
am> action UserSelfService --realm Realm --actionName getCreatableTypes
nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
Usage
am> action UserSelfService --realm Realm --actionName nextdescendents
update
Usage
am> update UserSelfService --realm Realm --body body
Parameters
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "generalConfig" : { "type" : "object", "title" : "General Configuration", "propertyOrder" : 0, "properties" : { "minimumAnswersToDefine" : { "title" : "Minimum Answers to Define", "description" : "Specifies the minimum number of KBA answers that users must define.", "propertyOrder" : 60, "required" : false, "type" : "integer", "exampleValue" : "" }, "captchaSecretKey" : { "title" : "Google reCAPTCHA Secret Key", "description" : "Google reCAPTCHA plugin secret key.", "propertyOrder" : 30, "required" : false, "type" : "string", "exampleValue" : "" }, "validQueryAttributes" : { "title" : "Valid Query Attributes", "description" : "Specifies the valid query attributes used to search for the user. This is a list of attributes used to identify your account for forgotten password and forgotten username.", "propertyOrder" : 80, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "encryptionKeyPairAlias" : { "title" : "Encryption Key Pair Alias", "description" : "An encryption key alias in the OpenAM server's JCEKS keystore. Used to encrypt the JWT token that OpenAM uses to track end users during User Self-Service operations.", "propertyOrder" : 5, "required" : false, "type" : "string", "exampleValue" : "selfserviceenctest" }, "kbaQuestions" : { "title" : "Security Questions", "description" : "Specifies the default set of knowledge-based authentication (KBA) security questions. The security questions can be set for the User Self-Registration, forgotten password reset, and forgotten username services, respectively.<p><p>Format is <code>unique key|locale|question</code>.", "propertyOrder" : 50, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "captchaVerificationUrl" : { "title" : "Google Re-captcha Verification URL", "description" : "Google reCAPTCHA plugin verification URL.", "propertyOrder" : 40, "required" : false, "type" : "string", "exampleValue" : "" }, "signingSecretKeyAlias" : { "title" : "Signing Secret Key Alias", "description" : "A signing secret key alias in the OpenAM server's JCEKS keystore. Used to sign the JWT token that OpenAM uses to track end users during User Self-Service operations.", "propertyOrder" : 10, "required" : false, "type" : "string", "exampleValue" : "selfservicesigntest" }, "useSecretStore" : { "title" : "Use Secret Store", "description" : "If enabled, self-service operations use the AM secret store to retrieve signing and encryption keys for snapshot tokens, and ignore the values set in the Signing Secret Key Alias and Encryption Key Pair Alias properties. Configure the following secret IDs in the secret store before enabling this option: <code>am.services.selfservice.token.encryption</code> and <code>am.services.selfservice.token.signing</code>. If disabled, self-service operations use the configured legacy key aliases.", "propertyOrder" : 0, "required" : true, "type" : "boolean", "exampleValue" : "" }, "captchaSiteKey" : { "title" : "Google reCAPTCHA Site Key", "description" : "Google reCAPTCHA plugin site key.", "propertyOrder" : 20, "required" : false, "type" : "string", "exampleValue" : "" }, "minimumAnswersToVerify" : { "title" : "Minimum Answers to Verify", "description" : "Specifies the minimum number of KBA questions that users need to answer to be granted the privilege to carry out an action, such as registering for an account, resetting a password, or retrieving a username. Specify a value from <code>0</code> to <code>50</code>.", "propertyOrder" : 70, "required" : false, "type" : "integer", "exampleValue" : "" } } }, "userRegistration" : { "type" : "object", "title" : "User Registration", "propertyOrder" : 1, "properties" : { "userRegistrationKbaEnabled" : { "title" : "Security Questions", "description" : "If enabled, users must set up their security questions during the self-registration process.", "propertyOrder" : 120, "required" : false, "type" : "boolean", "exampleValue" : "" }, "userRegistrationEmailVerificationEnabled" : { "title" : "Email Verification", "description" : "If enabled, users who self-register must perform email address verification.", "propertyOrder" : 110, "required" : false, "type" : "boolean", "exampleValue" : "" }, "userRegistrationEnabled" : { "title" : "User Registration", "description" : "If enabled, new users can sign up for an account.", "propertyOrder" : 90, "required" : true, "type" : "boolean", "exampleValue" : "" }, "userRegistrationTokenTTL" : { "title" : "Token Lifetime (seconds)", "description" : "Maximum lifetime of the token allowing User Self-Registration, in seconds.", "propertyOrder" : 130, "required" : false, "type" : "integer", "exampleValue" : "" }, "userRegistrationValidUserAttributes" : { "title" : "Valid Creation Attributes", "description" : "Specifies a whitelist of user attributes that can be set during user creation.", "propertyOrder" : 160, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "userRegisteredDestination" : { "title" : "Destination After Successful Self-Registration", "description" : "Specifies the action to be taken after a user successfully registers a new account. Choose from:<ul><li><code>default</code>. User is sent to a success page without being logged in.</li><li><code>login</code>. User is sent to the login page to authenticate.</li><li><code>autologin</code>. User is automatically logged in and sent to the appropriate page.</li></ul>", "propertyOrder" : 161, "required" : true, "type" : "string", "exampleValue" : "" }, "userRegistrationEmailVerificationFirstEnabled" : { "title" : "Verify Email before User Detail", "description" : "If enabled, email address verification will be performed first before user details screen is displayed. This will take effect only if Verify Email is enabled.", "propertyOrder" : 105, "required" : false, "type" : "boolean", "exampleValue" : "" }, "userRegistrationEmailSubject" : { "title" : "Outgoing Email Subject", "description" : "Customize the User Self-Registration verification email subject text. Format is <code>locale|subject text</code>.", "propertyOrder" : 140, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "userRegistrationCaptchaEnabled" : { "title" : "Captcha", "description" : "If enabled, users must pass a Google reCAPTCHA challenge during user self-registration to mitigate against software bots.", "propertyOrder" : 100, "required" : false, "type" : "boolean", "exampleValue" : "" }, "userRegistrationEmailBody" : { "title" : "Outgoing Email Body", "description" : "Customize the User Self-Registration verification email body text. Format is: <code>locale|body text</code>.", "propertyOrder" : 150, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" } } }, "forgottenUsername" : { "type" : "object", "title" : "Forgotten Username", "propertyOrder" : 3, "properties" : { "forgottenUsernameShowUsernameEnabled" : { "title" : "Show Username", "description" : "If enabled, users see their forgotten username on the browser page.", "propertyOrder" : 280, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenUsernameEmailUsernameEnabled" : { "title" : "Email Username", "description" : "If enabled, users receive their forgotten username by email.", "propertyOrder" : 270, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenUsernameKbaEnabled" : { "title" : "Security Questions", "description" : "If enabled, users must answer their security questions during the forgotten username process.", "propertyOrder" : 260, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenUsernameEmailSubject" : { "title" : "Outgoing Email Subject", "description" : "Customizes the forgotten username email subject text. Format is <code>locale|subject text</code>.", "propertyOrder" : 300, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "forgottenUsernameCaptchaEnabled" : { "title" : "Captcha", "description" : "If enabled, users must pass a Google reCAPTCHA challenge during the forgotten username retrieval process to mitigate against software bots.", "propertyOrder" : 250, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenUsernameEnabled" : { "title" : "Forgotten Username", "description" : "If enabled, users can retrieve their forgotten username.", "propertyOrder" : 240, "required" : true, "type" : "boolean", "exampleValue" : "" }, "forgottenUsernameEmailBody" : { "title" : "Outgoing Email Body", "description" : "Customizes the forgotten username email body text. Format is <code>locale|body text</code>.", "propertyOrder" : 310, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "forgottenUsernameTokenTTL" : { "title" : "Token LifeTime (seconds)", "description" : "Maximum lifetime for the token allowing forgotten username, in seconds.", "propertyOrder" : 290, "required" : false, "type" : "integer", "exampleValue" : "" } } }, "advancedConfig" : { "type" : "object", "title" : "Advanced Configuration", "propertyOrder" : 5, "properties" : { "userRegistrationConfirmationUrl" : { "title" : "User Registration Confirmation Email URL", "description" : "Specifies the confirmation URL that the user receives during the self-registration process. The <code>${realm}</code> string is replaced with the current realm.", "propertyOrder" : 330, "required" : false, "type" : "string", "exampleValue" : "" }, "forgottenPasswordServiceConfigClass" : { "title" : "Forgotten Password Service Config Provider Class", "description" : "Specifies the provider class to configure any custom plugins.", "propertyOrder" : 360, "required" : false, "type" : "string", "exampleValue" : "" }, "forgottenUsernameServiceConfigClass" : { "title" : "Forgotten Username Service Config Provider Class", "description" : "Specifies the provider class to configure any custom plugins.", "propertyOrder" : 370, "required" : false, "type" : "string", "exampleValue" : "" }, "userRegistrationServiceConfigClass" : { "title" : "User Registration Service Config Provider Class", "description" : "Specifies the provider class to configure any custom plugins.", "propertyOrder" : 350, "required" : false, "type" : "string", "exampleValue" : "" }, "forgottenPasswordConfirmationUrl" : { "title" : "Forgotten Password Confirmation Email URL", "description" : "Specifies the confirmation URL that the user receives after confirming their identity during the forgotten password process. The <code>${realm}</code> string is replaced with the current realm.", "propertyOrder" : 340, "required" : false, "type" : "string", "exampleValue" : "" } } }, "profileManagement" : { "type" : "object", "title" : "Profile Management", "propertyOrder" : 4, "properties" : { "profileAttributeWhitelist" : { "title" : "Self readable attributes", "description" : "Specifies the list of attributes that users can view when accessing their user profile.", "propertyOrder" : 325, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "profileProtectedUserAttributes" : { "title" : "Protected Update Attributes", "description" : "Specifies a profile's protected user attributes, which causes re-authentication when the user attempts to modify these attributes.", "propertyOrder" : 320, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" } } }, "forgottenPassword" : { "type" : "object", "title" : "Forgotten Password", "propertyOrder" : 2, "properties" : { "forgottenPasswordEmailSubject" : { "title" : "Outgoing Email Subject", "description" : "Customize the forgotten password email subject text. Format is <code>locale|subject text</code>.", "propertyOrder" : 220, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "forgottenPasswordEmailBody" : { "title" : "Outgoing Email Body", "description" : "Customize the forgotten password email body text. Format is <code>locale|body text</code>.", "propertyOrder" : 230, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "numberOfAllowedAttempts" : { "title" : "Lock Out After number of attempts", "description" : "Can be set to 1 or more attempts for a user to correctly answer all their security questions. After the number of configured attempts the user has not correctly answered them the password reset feature will be disabled.", "propertyOrder" : 202, "required" : false, "type" : "integer", "exampleValue" : "" }, "forgottenPasswordEmailVerificationEnabled" : { "title" : "Email Verification", "description" : "If enabled, users who reset passwords must perform email address verification.", "propertyOrder" : 190, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenPasswordKbaEnabled" : { "title" : "Security Questions", "description" : "If enabled, users must answer their security questions during the forgotten password process.", "propertyOrder" : 200, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenPasswordTokenTTL" : { "title" : "Token Lifetime (seconds)", "description" : "Maximum lifetime for the token allowing forgotten password reset, in seconds.<p><p>Specify a value from <code>0</code> to <code>2147483647</code>.", "propertyOrder" : 210, "required" : false, "type" : "integer", "exampleValue" : "" }, "forgottenPasswordTokenPaddingLength" : { "title" : "Token Padding Length (bytes)", "description" : "Desired length of the 'state' parameter in the JWT after padding. This should be greater than the highest possible sum of lengths for a username + userId + email to avoid the possibility of account enumeration based on the JWT length.", "propertyOrder" : 215, "required" : false, "type" : "integer", "exampleValue" : "" }, "forgottenPasswordEnabled" : { "title" : "Forgotten Password", "description" : "If enabled, users can reset their forgotten password.", "propertyOrder" : 170, "required" : true, "type" : "boolean", "exampleValue" : "" }, "numberOfAttemptsEnforced" : { "title" : "Enforce password reset lockout", "description" : "If enabled, users will be prevented from resetting their password after the configured number of failed attempts.", "propertyOrder" : 201, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenPasswordCaptchaEnabled" : { "title" : "Captcha", "description" : "If enabled, users must pass a Google reCAPTCHA challenge during password reset to mitigate against software bots.", "propertyOrder" : 180, "required" : false, "type" : "boolean", "exampleValue" : "" } } } } }
Global Operations
Resource path:
/global-config/services/selfService
Resource version: 1.0
getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
Usage
am> action UserSelfService --global --actionName getAllTypes
getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
Usage
am> action UserSelfService --global --actionName getCreatableTypes
nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
Usage
am> action UserSelfService --global --actionName nextdescendents
update
Usage
am> update UserSelfService --global --body body
Parameters
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "defaults" : { "properties" : { "userRegistration" : { "type" : "object", "title" : "User Registration", "propertyOrder" : 1, "properties" : { "userRegistrationValidUserAttributes" : { "title" : "Valid Creation Attributes", "description" : "Specifies a whitelist of user attributes that can be set during user creation.", "propertyOrder" : 160, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "userRegistrationEnabled" : { "title" : "User Registration", "description" : "If enabled, new users can sign up for an account.", "propertyOrder" : 90, "required" : true, "type" : "boolean", "exampleValue" : "" }, "userRegistrationEmailVerificationFirstEnabled" : { "title" : "Verify Email before User Detail", "description" : "If enabled, email address verification will be performed first before user details screen is displayed. This will take effect only if Verify Email is enabled.", "propertyOrder" : 105, "required" : false, "type" : "boolean", "exampleValue" : "" }, "userRegistrationCaptchaEnabled" : { "title" : "Captcha", "description" : "If enabled, users must pass a Google reCAPTCHA challenge during user self-registration to mitigate against software bots.", "propertyOrder" : 100, "required" : false, "type" : "boolean", "exampleValue" : "" }, "userRegistrationEmailBody" : { "title" : "Outgoing Email Body", "description" : "Customize the User Self-Registration verification email body text. Format is: <code>locale|body text</code>.", "propertyOrder" : 150, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "userRegisteredDestination" : { "title" : "Destination After Successful Self-Registration", "description" : "Specifies the action to be taken after a user successfully registers a new account. Choose from:<ul><li><code>default</code>. User is sent to a success page without being logged in.</li><li><code>login</code>. User is sent to the login page to authenticate.</li><li><code>autologin</code>. User is automatically logged in and sent to the appropriate page.</li></ul>", "propertyOrder" : 161, "required" : true, "type" : "string", "exampleValue" : "" }, "userRegistrationEmailSubject" : { "title" : "Outgoing Email Subject", "description" : "Customize the User Self-Registration verification email subject text. Format is <code>locale|subject text</code>.", "propertyOrder" : 140, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "userRegistrationTokenTTL" : { "title" : "Token Lifetime (seconds)", "description" : "Maximum lifetime of the token allowing User Self-Registration, in seconds.", "propertyOrder" : 130, "required" : false, "type" : "integer", "exampleValue" : "" }, "userRegistrationKbaEnabled" : { "title" : "Security Questions", "description" : "If enabled, users must set up their security questions during the self-registration process.", "propertyOrder" : 120, "required" : false, "type" : "boolean", "exampleValue" : "" }, "userRegistrationEmailVerificationEnabled" : { "title" : "Email Verification", "description" : "If enabled, users who self-register must perform email address verification.", "propertyOrder" : 110, "required" : false, "type" : "boolean", "exampleValue" : "" } } }, "forgottenUsername" : { "type" : "object", "title" : "Forgotten Username", "propertyOrder" : 3, "properties" : { "forgottenUsernameEmailUsernameEnabled" : { "title" : "Email Username", "description" : "If enabled, users receive their forgotten username by email.", "propertyOrder" : 270, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenUsernameKbaEnabled" : { "title" : "Security Questions", "description" : "If enabled, users must answer their security questions during the forgotten username process.", "propertyOrder" : 260, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenUsernameEnabled" : { "title" : "Forgotten Username", "description" : "If enabled, users can retrieve their forgotten username.", "propertyOrder" : 240, "required" : true, "type" : "boolean", "exampleValue" : "" }, "forgottenUsernameEmailBody" : { "title" : "Outgoing Email Body", "description" : "Customizes the forgotten username email body text. Format is <code>locale|body text</code>.", "propertyOrder" : 310, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "forgottenUsernameCaptchaEnabled" : { "title" : "Captcha", "description" : "If enabled, users must pass a Google reCAPTCHA challenge during the forgotten username retrieval process to mitigate against software bots.", "propertyOrder" : 250, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenUsernameTokenTTL" : { "title" : "Token LifeTime (seconds)", "description" : "Maximum lifetime for the token allowing forgotten username, in seconds.", "propertyOrder" : 290, "required" : false, "type" : "integer", "exampleValue" : "" }, "forgottenUsernameEmailSubject" : { "title" : "Outgoing Email Subject", "description" : "Customizes the forgotten username email subject text. Format is <code>locale|subject text</code>.", "propertyOrder" : 300, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "forgottenUsernameShowUsernameEnabled" : { "title" : "Show Username", "description" : "If enabled, users see their forgotten username on the browser page.", "propertyOrder" : 280, "required" : false, "type" : "boolean", "exampleValue" : "" } } }, "advancedConfig" : { "type" : "object", "title" : "Advanced Configuration", "propertyOrder" : 5, "properties" : { "forgottenPasswordServiceConfigClass" : { "title" : "Forgotten Password Service Config Provider Class", "description" : "Specifies the provider class to configure any custom plugins.", "propertyOrder" : 360, "required" : false, "type" : "string", "exampleValue" : "" }, "userRegistrationServiceConfigClass" : { "title" : "User Registration Service Config Provider Class", "description" : "Specifies the provider class to configure any custom plugins.", "propertyOrder" : 350, "required" : false, "type" : "string", "exampleValue" : "" }, "userRegistrationConfirmationUrl" : { "title" : "User Registration Confirmation Email URL", "description" : "Specifies the confirmation URL that the user receives during the self-registration process. The <code>${realm}</code> string is replaced with the current realm.", "propertyOrder" : 330, "required" : false, "type" : "string", "exampleValue" : "" }, "forgottenPasswordConfirmationUrl" : { "title" : "Forgotten Password Confirmation Email URL", "description" : "Specifies the confirmation URL that the user receives after confirming their identity during the forgotten password process. The <code>${realm}</code> string is replaced with the current realm.", "propertyOrder" : 340, "required" : false, "type" : "string", "exampleValue" : "" }, "forgottenUsernameServiceConfigClass" : { "title" : "Forgotten Username Service Config Provider Class", "description" : "Specifies the provider class to configure any custom plugins.", "propertyOrder" : 370, "required" : false, "type" : "string", "exampleValue" : "" } } }, "generalConfig" : { "type" : "object", "title" : "General Configuration", "propertyOrder" : 0, "properties" : { "minimumAnswersToDefine" : { "title" : "Minimum Answers to Define", "description" : "Specifies the minimum number of KBA answers that users must define.", "propertyOrder" : 60, "required" : false, "type" : "integer", "exampleValue" : "" }, "captchaSiteKey" : { "title" : "Google reCAPTCHA Site Key", "description" : "Google reCAPTCHA plugin site key.", "propertyOrder" : 20, "required" : false, "type" : "string", "exampleValue" : "" }, "validQueryAttributes" : { "title" : "Valid Query Attributes", "description" : "Specifies the valid query attributes used to search for the user. This is a list of attributes used to identify your account for forgotten password and forgotten username.", "propertyOrder" : 80, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "captchaSecretKey" : { "title" : "Google reCAPTCHA Secret Key", "description" : "Google reCAPTCHA plugin secret key.", "propertyOrder" : 30, "required" : false, "type" : "string", "exampleValue" : "" }, "signingSecretKeyAlias" : { "title" : "Signing Secret Key Alias", "description" : "A signing secret key alias in the OpenAM server's JCEKS keystore. Used to sign the JWT token that OpenAM uses to track end users during User Self-Service operations.", "propertyOrder" : 10, "required" : false, "type" : "string", "exampleValue" : "selfservicesigntest" }, "captchaVerificationUrl" : { "title" : "Google Re-captcha Verification URL", "description" : "Google reCAPTCHA plugin verification URL.", "propertyOrder" : 40, "required" : false, "type" : "string", "exampleValue" : "" }, "minimumAnswersToVerify" : { "title" : "Minimum Answers to Verify", "description" : "Specifies the minimum number of KBA questions that users need to answer to be granted the privilege to carry out an action, such as registering for an account, resetting a password, or retrieving a username. Specify a value from <code>0</code> to <code>50</code>.", "propertyOrder" : 70, "required" : false, "type" : "integer", "exampleValue" : "" }, "encryptionKeyPairAlias" : { "title" : "Encryption Key Pair Alias", "description" : "An encryption key alias in the OpenAM server's JCEKS keystore. Used to encrypt the JWT token that OpenAM uses to track end users during User Self-Service operations.", "propertyOrder" : 5, "required" : false, "type" : "string", "exampleValue" : "selfserviceenctest" }, "kbaQuestions" : { "title" : "Security Questions", "description" : "Specifies the default set of knowledge-based authentication (KBA) security questions. The security questions can be set for the User Self-Registration, forgotten password reset, and forgotten username services, respectively.<p><p>Format is <code>unique key|locale|question</code>.", "propertyOrder" : 50, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "useSecretStore" : { "title" : "Use Secret Store", "description" : "If enabled, self-service operations use the AM secret store to retrieve signing and encryption keys for snapshot tokens, and ignore the values set in the Signing Secret Key Alias and Encryption Key Pair Alias properties. Configure the following secret IDs in the secret store before enabling this option: <code>am.services.selfservice.token.encryption</code> and <code>am.services.selfservice.token.signing</code>. If disabled, self-service operations use the configured legacy key aliases.", "propertyOrder" : 0, "required" : true, "type" : "boolean", "exampleValue" : "" } } }, "forgottenPassword" : { "type" : "object", "title" : "Forgotten Password", "propertyOrder" : 2, "properties" : { "forgottenPasswordCaptchaEnabled" : { "title" : "Captcha", "description" : "If enabled, users must pass a Google reCAPTCHA challenge during password reset to mitigate against software bots.", "propertyOrder" : 180, "required" : false, "type" : "boolean", "exampleValue" : "" }, "numberOfAllowedAttempts" : { "title" : "Lock Out After number of attempts", "description" : "Can be set to 1 or more attempts for a user to correctly answer all their security questions. After the number of configured attempts the user has not correctly answered them the password reset feature will be disabled.", "propertyOrder" : 202, "required" : false, "type" : "integer", "exampleValue" : "" }, "forgottenPasswordTokenPaddingLength" : { "title" : "Token Padding Length (bytes)", "description" : "Desired length of the 'state' parameter in the JWT after padding. This should be greater than the highest possible sum of lengths for a username + userId + email to avoid the possibility of account enumeration based on the JWT length.", "propertyOrder" : 215, "required" : false, "type" : "integer", "exampleValue" : "" }, "forgottenPasswordKbaEnabled" : { "title" : "Security Questions", "description" : "If enabled, users must answer their security questions during the forgotten password process.", "propertyOrder" : 200, "required" : false, "type" : "boolean", "exampleValue" : "" }, "numberOfAttemptsEnforced" : { "title" : "Enforce password reset lockout", "description" : "If enabled, users will be prevented from resetting their password after the configured number of failed attempts.", "propertyOrder" : 201, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenPasswordTokenTTL" : { "title" : "Token Lifetime (seconds)", "description" : "Maximum lifetime for the token allowing forgotten password reset, in seconds.<p><p>Specify a value from <code>0</code> to <code>2147483647</code>.", "propertyOrder" : 210, "required" : false, "type" : "integer", "exampleValue" : "" }, "forgottenPasswordEmailSubject" : { "title" : "Outgoing Email Subject", "description" : "Customize the forgotten password email subject text. Format is <code>locale|subject text</code>.", "propertyOrder" : 220, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "forgottenPasswordEnabled" : { "title" : "Forgotten Password", "description" : "If enabled, users can reset their forgotten password.", "propertyOrder" : 170, "required" : true, "type" : "boolean", "exampleValue" : "" }, "forgottenPasswordEmailBody" : { "title" : "Outgoing Email Body", "description" : "Customize the forgotten password email body text. Format is <code>locale|body text</code>.", "propertyOrder" : 230, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "forgottenPasswordEmailVerificationEnabled" : { "title" : "Email Verification", "description" : "If enabled, users who reset passwords must perform email address verification.", "propertyOrder" : 190, "required" : false, "type" : "boolean", "exampleValue" : "" } } }, "profileManagement" : { "type" : "object", "title" : "Profile Management", "propertyOrder" : 4, "properties" : { "profileProtectedUserAttributes" : { "title" : "Protected Update Attributes", "description" : "Specifies a profile's protected user attributes, which causes re-authentication when the user attempts to modify these attributes.", "propertyOrder" : 320, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "profileAttributeWhitelist" : { "title" : "Self readable attributes", "description" : "Specifies the list of attributes that users can view when accessing their user profile.", "propertyOrder" : 325, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" } } } }, "type" : "object", "title" : "Realm Defaults" } } }