Directory Services 7.3.5

HTTP OAuth2 CTS Authorization Mechanism

The HTTP OAuth2 CTS Authorization Mechanism is used to define OAuth2 authorization through a direct access to the CTS (Core Token Service).

Parent

The HTTP OAuth2 CTS Authorization Mechanism object inherits from HTTP OAuth2 Authorization Mechanism.

HTTP OAuth2 CTS Authorization Mechanism properties

You can use configuration expressions to set property values at startup time. For details, see Property value substitution.

Basic Properties Advanced Properties

access-token-cache-enabled
access-token-cache-expiration
authzid-json-pointer
base-dn
enabled
identity-mapper
required-scope

java-class

Basic properties

Use the --advanced option to access advanced properties.

access-token-cache-enabled

Synopsis

Indicates whether the HTTP OAuth2 Authorization Mechanism is enabled for use.

Default value

false

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

access-token-cache-expiration

Synopsis

Token cache expiration

Default value

None

Allowed values

Lower limit: 0 seconds.

Upper limit: 2147483647 seconds.

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

authzid-json-pointer

Synopsis

Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document.

Default value

None

Allowed values

A string.

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

base-dn

Synopsis

The base DN of the Core Token Service where access token are stored. (example: ou=famrecords,ou=openam-session,ou=tokens,dc=example,dc=com)

Default value

None

Allowed values

A string.

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

enabled

Synopsis

Indicates whether the HTTP Authorization Mechanism is enabled.

Default value

None

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

identity-mapper

Synopsis

Specifies the name of the identity mapper(s) to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token.

Default value

None

Allowed values

The name of an existing identity-mapper.

The referenced identity mapper(s) must be enabled when the HTTP OAuth2 Authorization Mechanism is enabled.

Multi-valued

Yes

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

required-scope

Synopsis

Scopes required to grant access to the service.

Default value

None

Allowed values

A string.

Multi-valued

Yes

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

Advanced properties

Use the --advanced option to access advanced properties.

java-class

Synopsis

Specifies the fully-qualified name of the Java class that provides the HTTP OAuth2 CTS Authorization Mechanism implementation.

Default value

org.opends.server.protocols.http.authz.HttpOAuth2CtsAuthorizationMechanism

Allowed values

A Java class that extends or implements:

  • org.opends.server.protocols.http.authz.HttpAuthorizationMechanism

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

Yes

Read-only

No