WebAuthnAuthenticationNode2
Realm Operations
Resource path:
/realm-config/authentication/authenticationtrees/nodes/WebAuthnAuthenticationNode/2.0
Resource version: 3.0
create
Usage
am> create WebAuthnAuthenticationNode2 --realm Realm --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "userVerificationRequirement" : { "title" : "User verification requirement", "description" : "If specified as REQUIRED, authenticators that don't verify user identity are filtered out and should not be selectable by the user.", "propertyOrder" : 20, "type" : "string", "exampleValue" : "" }, "relyingPartyDomain" : { "title" : "Relying party identifier", "description" : "The domain against which to register devices, if blank AM will make a best guess at the domain.", "propertyOrder" : 10, "type" : "string", "exampleValue" : "" }, "requiresResidentKey" : { "title" : "Username from device", "description" : "Requests that the username is selected by the device. Devices which do not support storing and providing the username will be unable to utilise the node while it is operating in this mode.", "propertyOrder" : 50, "type" : "boolean", "exampleValue" : "" }, "isRecoveryCodeAllowed" : { "title" : "Allow recovery codes", "description" : "", "propertyOrder" : 30, "type" : "boolean", "exampleValue" : "" }, "timeout" : { "title" : "Timeout", "description" : "The number of seconds to wait for a valid WebAuthn authenticator to be registered before failing.", "propertyOrder" : 40, "type" : "integer", "exampleValue" : "" }, "origins" : { "title" : "Origin domains", "description" : "A set of fully-qualified URLs of accepted origins, e.g. http://app.example.com:443. If empty, the accepted origin is the incoming request origin.", "propertyOrder" : 15, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "mediation" : { "title" : "Mediation", "description" : "Allows configuring the mediation used by the browser. If set to default, the browser will use its default mediation.", "propertyOrder" : 80, "type" : "string", "exampleValue" : "" }, "conditionalManualButton" : { "title" : "Authentication Button", "description" : "If enabled, a button will be displayed to explicitly trigger the WebAuthn authentication flow, allowing the user to select a passkey. Only applies when using conditional mediation.", "propertyOrder" : 90, "type" : "boolean", "exampleValue" : "" }, "detectSignCountMismatch" : { "title" : "Detect sign count mismatch", "description" : "If enabled, the node compares the authenticator's sign count (signature counter) with the sign count stored in the user's profile. If the authenticator sign count is less than or equal to the stored value, the node outputs to the Sign Count Mismatch outcome. The node is considered to have succeeded even if this outcome is used. The outcome is useful for detecting cloned or malfunctioning authenticators.", "propertyOrder" : 70, "type" : "boolean", "exampleValue" : "" } }, "required" : [ "userVerificationRequirement", "requiresResidentKey", "isRecoveryCodeAllowed", "timeout", "origins", "mediation", "conditionalManualButton", "detectSignCountMismatch" ] }
delete
Usage
am> delete WebAuthnAuthenticationNode2 --realm Realm --id id
Parameters
- --id
-
The unique identifier for the resource.
getType
List information related to the node such as a name, description, tags and metadata.
Usage
am> action WebAuthnAuthenticationNode2 --realm Realm --actionName getType
getUpgradedConfig
Get the upgraded configuration for the node type.
Usage
am> action WebAuthnAuthenticationNode2 --realm Realm --body body --actionName getUpgradedConfig --targetVersion targetVersion
Parameters
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "title" : "The current configuration of the node type." } - --targetVersion
-
=== listOutcomes
List the available outcomes for the node type.
Usage
am> action WebAuthnAuthenticationNode2 --realm Realm --body body --actionName listOutcomes
Parameters
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "description" : "Some configuration of the node. This does not need to be complete against the configuration schema.", "type" : "object", "title" : "Node configuration" }
query
Get the full list of instances of this collection. This query only supports _queryFilter=true filter.
Usage
am> query WebAuthnAuthenticationNode2 --realm Realm --filter filter
Parameters
- --filter
-
A CREST formatted query filter, where "true" will query all.
read
Usage
am> read WebAuthnAuthenticationNode2 --realm Realm --id id
Parameters
- --id
-
The unique identifier for the resource.
update
Usage
am> update WebAuthnAuthenticationNode2 --realm Realm --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "userVerificationRequirement" : { "title" : "User verification requirement", "description" : "If specified as REQUIRED, authenticators that don't verify user identity are filtered out and should not be selectable by the user.", "propertyOrder" : 20, "type" : "string", "exampleValue" : "" }, "relyingPartyDomain" : { "title" : "Relying party identifier", "description" : "The domain against which to register devices, if blank AM will make a best guess at the domain.", "propertyOrder" : 10, "type" : "string", "exampleValue" : "" }, "requiresResidentKey" : { "title" : "Username from device", "description" : "Requests that the username is selected by the device. Devices which do not support storing and providing the username will be unable to utilise the node while it is operating in this mode.", "propertyOrder" : 50, "type" : "boolean", "exampleValue" : "" }, "isRecoveryCodeAllowed" : { "title" : "Allow recovery codes", "description" : "", "propertyOrder" : 30, "type" : "boolean", "exampleValue" : "" }, "timeout" : { "title" : "Timeout", "description" : "The number of seconds to wait for a valid WebAuthn authenticator to be registered before failing.", "propertyOrder" : 40, "type" : "integer", "exampleValue" : "" }, "origins" : { "title" : "Origin domains", "description" : "A set of fully-qualified URLs of accepted origins, e.g. http://app.example.com:443. If empty, the accepted origin is the incoming request origin.", "propertyOrder" : 15, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "mediation" : { "title" : "Mediation", "description" : "Allows configuring the mediation used by the browser. If set to default, the browser will use its default mediation.", "propertyOrder" : 80, "type" : "string", "exampleValue" : "" }, "conditionalManualButton" : { "title" : "Authentication Button", "description" : "If enabled, a button will be displayed to explicitly trigger the WebAuthn authentication flow, allowing the user to select a passkey. Only applies when using conditional mediation.", "propertyOrder" : 90, "type" : "boolean", "exampleValue" : "" }, "detectSignCountMismatch" : { "title" : "Detect sign count mismatch", "description" : "If enabled, the node compares the authenticator's sign count (signature counter) with the sign count stored in the user's profile. If the authenticator sign count is less than or equal to the stored value, the node outputs to the Sign Count Mismatch outcome. The node is considered to have succeeded even if this outcome is used. The outcome is useful for detecting cloned or malfunctioning authenticators.", "propertyOrder" : 70, "type" : "boolean", "exampleValue" : "" } }, "required" : [ "userVerificationRequirement", "requiresResidentKey", "isRecoveryCodeAllowed", "timeout", "origins", "mediation", "conditionalManualButton", "detectSignCountMismatch" ] }