---
title: WebAuthnMetadataService
description: Resource path:
component: pingam
version: 8.1
page_id: pingam:entity-reference:sec-amster-entity-webauthnmetadataservice
canonical_url: https://docs.pingidentity.com/pingam/8.1/entity-reference/sec-amster-entity-webauthnmetadataservice.html
section_ids:
  sec-amster-entity-webauthnmetadataservice-realm-ops: Realm Operations
  sec-amster-entity-webauthnmetadataservice-realm-ops-create: create
  sec-amster-entity-webauthnmetadataservice-realm-ops-delete: delete
  sec-amster-entity-webauthnmetadataservice-realm-ops-getalltypes: getAllTypes
  sec-amster-entity-webauthnmetadataservice-realm-ops-getcreatabletypes: getCreatableTypes
  sec-amster-entity-webauthnmetadataservice-realm-ops-nextdescendents: nextdescendents
  sec-amster-entity-webauthnmetadataservice-realm-ops-read: read
  sec-amster-entity-webauthnmetadataservice-realm-ops-update: update
  sec-amster-entity-webauthnmetadataservice-global-ops: Global Operations
  sec-amster-entity-webauthnmetadataservice-global-ops-getalltypes: getAllTypes
  sec-amster-entity-webauthnmetadataservice-global-ops-getcreatabletypes: getCreatableTypes
  sec-amster-entity-webauthnmetadataservice-global-ops-nextdescendents: nextdescendents
  sec-amster-entity-webauthnmetadataservice-global-ops-read: read
  sec-amster-entity-webauthnmetadataservice-global-ops-update: update
---

# WebAuthnMetadataService

## Realm Operations

Resource path:

```
/realm-config/services/webAuthnMetadataService
```

Resource version: `0.0`

### create

**Usage**

```
am> create WebAuthnMetadataService --realm Realm --body body
```

**Parameters**

* *\--body*

  The resource in JSON format, described by the following JSON schema:

  ```json
  {
    "type" : "object",
    "properties" : {
      "enforceRevocationCheck" : {
        "title" : "Enforce revocation check",
        "description" : "Whether to enforce checking of revocation entries from certificates. If you enable this, AM MUST be able to verify any attestation certificate's trust chain with a CRL or OCSP entry during processing. If you disable this, AM does not check presented certificates for revocation. NOTE: Certificates downloaded from the FIDO Metadata Service might not have a CRL/OCSP entry.",
        "propertyOrder" : 110,
        "required" : true,
        "type" : "boolean",
        "exampleValue" : ""
      },
      "fidoMetadataServiceUris" : {
        "title" : "Metadata service URIs",
        "description" : "A list of locations to download the metadata v3 blob from. The blob signature will be verified against secrets stored in the <code>am.authentication.nodes.webauthn.fidometadataservice.rootcertificate</code> alias. The location can be on a local filesystem if you don't want AM to connect to the internet, but it is your responsibility to keep it up to date.",
        "propertyOrder" : 100,
        "required" : true,
        "items" : {
          "type" : "string"
        },
        "type" : "array",
        "exampleValue" : ""
      }
    }
  }
  ```

### delete

**Usage**

```
am> delete WebAuthnMetadataService --realm Realm
```

### getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

**Usage**

```
am> action WebAuthnMetadataService --realm Realm --actionName getAllTypes
```

### getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

**Usage**

```
am> action WebAuthnMetadataService --realm Realm --actionName getCreatableTypes
```

### nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

**Usage**

```
am> action WebAuthnMetadataService --realm Realm --actionName nextdescendents
```

### read

**Usage**

```
am> read WebAuthnMetadataService --realm Realm
```

### update

**Usage**

```
am> update WebAuthnMetadataService --realm Realm --body body
```

**Parameters**

* *\--body*

  The resource in JSON format, described by the following JSON schema:

  ```json
  {
    "type" : "object",
    "properties" : {
      "enforceRevocationCheck" : {
        "title" : "Enforce revocation check",
        "description" : "Whether to enforce checking of revocation entries from certificates. If you enable this, AM MUST be able to verify any attestation certificate's trust chain with a CRL or OCSP entry during processing. If you disable this, AM does not check presented certificates for revocation. NOTE: Certificates downloaded from the FIDO Metadata Service might not have a CRL/OCSP entry.",
        "propertyOrder" : 110,
        "required" : true,
        "type" : "boolean",
        "exampleValue" : ""
      },
      "fidoMetadataServiceUris" : {
        "title" : "Metadata service URIs",
        "description" : "A list of locations to download the metadata v3 blob from. The blob signature will be verified against secrets stored in the <code>am.authentication.nodes.webauthn.fidometadataservice.rootcertificate</code> alias. The location can be on a local filesystem if you don't want AM to connect to the internet, but it is your responsibility to keep it up to date.",
        "propertyOrder" : 100,
        "required" : true,
        "items" : {
          "type" : "string"
        },
        "type" : "array",
        "exampleValue" : ""
      }
    }
  }
  ```

## Global Operations

Resource path:

```
/global-config/services/webAuthnMetadataService
```

Resource version: `1.0`

### getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

**Usage**

```
am> action WebAuthnMetadataService --global --actionName getAllTypes
```

### getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

**Usage**

```
am> action WebAuthnMetadataService --global --actionName getCreatableTypes
```

### nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

**Usage**

```
am> action WebAuthnMetadataService --global --actionName nextdescendents
```

### read

**Usage**

```
am> read WebAuthnMetadataService --global
```

### update

**Usage**

```
am> update WebAuthnMetadataService --global --body body
```

**Parameters**

* *\--body*

  The resource in JSON format, described by the following JSON schema:

  ```json
  {
    "type" : "object",
    "properties" : {
      "defaults" : {
        "properties" : {
          "fidoMetadataServiceUris" : {
            "title" : "Metadata service URIs",
            "description" : "A list of locations to download the metadata v3 blob from. The blob signature will be verified against secrets stored in the <code>am.authentication.nodes.webauthn.fidometadataservice.rootcertificate</code> alias. The location can be on a local filesystem if you don't want AM to connect to the internet, but it is your responsibility to keep it up to date.",
            "propertyOrder" : 100,
            "required" : true,
            "items" : {
              "type" : "string"
            },
            "type" : "array",
            "exampleValue" : ""
          },
          "enforceRevocationCheck" : {
            "title" : "Enforce revocation check",
            "description" : "Whether to enforce checking of revocation entries from certificates. If you enable this, AM MUST be able to verify any attestation certificate's trust chain with a CRL or OCSP entry during processing. If you disable this, AM does not check presented certificates for revocation. NOTE: Certificates downloaded from the FIDO Metadata Service might not have a CRL/OCSP entry.",
            "propertyOrder" : 110,
            "required" : true,
            "type" : "boolean",
            "exampleValue" : ""
          }
        },
        "type" : "object",
        "title" : "Realm Defaults"
      }
    }
  }
  ```