--- title: WebAuthnAuthenticationNode description: Resource path: component: pingam version: 8.1 page_id: pingam:entity-reference:sec-amster-entity-webauthnauthenticationnode canonical_url: https://docs.pingidentity.com/pingam/8.1/entity-reference/sec-amster-entity-webauthnauthenticationnode.html section_ids: sec-amster-entity-webauthnauthenticationnode-realm-ops: Realm Operations sec-amster-entity-webauthnauthenticationnode-realm-ops-create: create sec-amster-entity-webauthnauthenticationnode-realm-ops-delete: delete sec-amster-entity-webauthnauthenticationnode-realm-ops-gettype: getType sec-amster-entity-webauthnauthenticationnode-realm-ops-getupgradedconfig: getUpgradedConfig sec-amster-entity-webauthnauthenticationnode-realm-ops-query: query sec-amster-entity-webauthnauthenticationnode-realm-ops-read: read sec-amster-entity-webauthnauthenticationnode-realm-ops-update: update sec-amster-entity-webauthnauthenticationnode-realm-ops-versioninfo: versionInfo --- # WebAuthnAuthenticationNode ## Realm Operations Resource path: ``` /realm-config/authentication/authenticationtrees/nodes/WebAuthnAuthenticationNode/1.0 ``` Resource version: `3.0` ### create **Usage** ``` am> create WebAuthnAuthenticationNode --realm Realm --id id --body body ``` **Parameters** * *\--id* The unique identifier for the resource. * *\--body* The resource in JSON format, described by the following JSON schema: ```json { "type" : "object", "properties" : { "userVerificationRequirement" : { "title" : "User verification requirement", "description" : "If specified as REQUIRED, authenticators that don't verify user identity are filtered out and should not be selectable by the user.", "propertyOrder" : 20, "type" : "string", "exampleValue" : "" }, "timeout" : { "title" : "Timeout", "description" : "The number of seconds to wait for a valid WebAuthn authenticator to be registered before failing.", "propertyOrder" : 40, "type" : "integer", "exampleValue" : "" }, "requiresResidentKey" : { "title" : "Username from device", "description" : "Requests that the username is selected by the device. Devices which do not support storing and providing the username will be unable to utilise the node while it is operating in this mode.", "propertyOrder" : 50, "type" : "boolean", "exampleValue" : "" }, "isRecoveryCodeAllowed" : { "title" : "Allow recovery codes", "description" : "", "propertyOrder" : 30, "type" : "boolean", "exampleValue" : "" }, "relyingPartyDomain" : { "title" : "Relying party identifier", "description" : "The domain against which to register devices, if blank AM will make a best guess at the domain.", "propertyOrder" : 10, "type" : "string", "exampleValue" : "" }, "detectSignCountMismatch" : { "title" : "Detect sign count mismatch", "description" : "If enabled, the node compares the authenticator's sign count (signature counter) with the sign count stored in the user's profile. If the authenticator sign count is less than or equal to the stored value, the node outputs to the Sign Count Mismatch outcome. The node is considered to have succeeded even if this outcome is used. The outcome is useful for detecting cloned or malfunctioning authenticators.", "propertyOrder" : 70, "type" : "boolean", "exampleValue" : "" }, "asScript" : { "title" : "Return challenge as JavaScript", "description" : "If enabled, the node will return its challenge as a fully encapsulated client-side JavaScript that will interact directly with the WebAuthn API and submit the response back. If disabled, the node will return the challenge and associated data in a metadata node, and the custom UI will use that to interact with the WebAuthn API itself.", "propertyOrder" : 60, "type" : "boolean", "exampleValue" : "" }, "origins" : { "title" : "Origin domains", "description" : "A set of fully-qualified URLs of accepted origins, e.g. http://app.example.com:443. If empty, the accepted origin is the incoming request origin.", "propertyOrder" : 15, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" } }, "required" : [ "userVerificationRequirement", "timeout", "requiresResidentKey", "isRecoveryCodeAllowed", "detectSignCountMismatch", "asScript", "origins" ] } ``` ### delete **Usage** ``` am> delete WebAuthnAuthenticationNode --realm Realm --id id ``` **Parameters** * *\--id* The unique identifier for the resource. ### getType List information related to the node such as a name, description, tags and metadata. **Usage** ``` am> action WebAuthnAuthenticationNode --realm Realm --actionName getType ``` ### getUpgradedConfig Get the upgraded configuration for the node type. **Usage** ``` am> action WebAuthnAuthenticationNode --realm Realm --body body --actionName getUpgradedConfig --targetVersion targetVersion ``` **Parameters** * *\--body* The resource in JSON format, described by the following JSON schema: ```json { "type" : "object", "title" : "The current configuration of the node type." } ``` * *\--targetVersion* \=== listOutcomes List the available outcomes for the node type. **Usage** ``` am> action WebAuthnAuthenticationNode --realm Realm --body body --actionName listOutcomes ``` **Parameters** * *\--body* The resource in JSON format, described by the following JSON schema: ```json { "description" : "Some configuration of the node. This does not need to be complete against the configuration schema.", "type" : "object", "title" : "Node configuration" } ``` ### query Get the full list of instances of this collection. This query only supports `_queryFilter=true` filter. **Usage** ``` am> query WebAuthnAuthenticationNode --realm Realm --filter filter ``` **Parameters** * *\--filter* A CREST formatted query filter, where "true" will query all. ### read **Usage** ``` am> read WebAuthnAuthenticationNode --realm Realm --id id ``` **Parameters** * *\--id* The unique identifier for the resource. ### update **Usage** ``` am> update WebAuthnAuthenticationNode --realm Realm --id id --body body ``` **Parameters** * *\--id* The unique identifier for the resource. * *\--body* The resource in JSON format, described by the following JSON schema: ```json { "type" : "object", "properties" : { "userVerificationRequirement" : { "title" : "User verification requirement", "description" : "If specified as REQUIRED, authenticators that don't verify user identity are filtered out and should not be selectable by the user.", "propertyOrder" : 20, "type" : "string", "exampleValue" : "" }, "timeout" : { "title" : "Timeout", "description" : "The number of seconds to wait for a valid WebAuthn authenticator to be registered before failing.", "propertyOrder" : 40, "type" : "integer", "exampleValue" : "" }, "requiresResidentKey" : { "title" : "Username from device", "description" : "Requests that the username is selected by the device. Devices which do not support storing and providing the username will be unable to utilise the node while it is operating in this mode.", "propertyOrder" : 50, "type" : "boolean", "exampleValue" : "" }, "isRecoveryCodeAllowed" : { "title" : "Allow recovery codes", "description" : "", "propertyOrder" : 30, "type" : "boolean", "exampleValue" : "" }, "relyingPartyDomain" : { "title" : "Relying party identifier", "description" : "The domain against which to register devices, if blank AM will make a best guess at the domain.", "propertyOrder" : 10, "type" : "string", "exampleValue" : "" }, "detectSignCountMismatch" : { "title" : "Detect sign count mismatch", "description" : "If enabled, the node compares the authenticator's sign count (signature counter) with the sign count stored in the user's profile. If the authenticator sign count is less than or equal to the stored value, the node outputs to the Sign Count Mismatch outcome. The node is considered to have succeeded even if this outcome is used. The outcome is useful for detecting cloned or malfunctioning authenticators.", "propertyOrder" : 70, "type" : "boolean", "exampleValue" : "" }, "asScript" : { "title" : "Return challenge as JavaScript", "description" : "If enabled, the node will return its challenge as a fully encapsulated client-side JavaScript that will interact directly with the WebAuthn API and submit the response back. If disabled, the node will return the challenge and associated data in a metadata node, and the custom UI will use that to interact with the WebAuthn API itself.", "propertyOrder" : 60, "type" : "boolean", "exampleValue" : "" }, "origins" : { "title" : "Origin domains", "description" : "A set of fully-qualified URLs of accepted origins, e.g. http://app.example.com:443. If empty, the accepted origin is the incoming request origin.", "propertyOrder" : 15, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" } }, "required" : [ "userVerificationRequirement", "timeout", "requiresResidentKey", "isRecoveryCodeAllowed", "detectSignCountMismatch", "asScript", "origins" ] } ``` ### versionInfo List the versions available for the node type. **Usage** ``` am> action WebAuthnAuthenticationNode --realm Realm --actionName versionInfo ```