HDAP Authorization Mechanism
The HDAP Authorization Mechanism authenticates the end-user using either a DN / password or using a JWT bearer token (obtained using the HDAP "authenticate" action) or anonymously depending on the user privileges on the requested resource.
Parent
The HDAP Authorization Mechanism object inherits from HTTP Authorization Mechanism.
HDAP Authorization Mechanism properties
You can use configuration expressions to set property values at startup time. For details, see Property value substitution.
| Basic Properties | Advanced Properties |
|---|---|
enabled |
enabled
Synopsis |
Indicates whether the HTTP Authorization Mechanism is enabled. |
Default value |
None |
Allowed values |
true false |
Multi-valued |
No |
Required |
Yes |
Admin action required |
None |
Advanced |
No |
Read-only |
No |
jwt-algorithm
Synopsis |
The JWT algorithm used to sign and validate the HTTP requests. |
Default value |
HS256 |
Allowed values |
A string. |
Multi-valued |
No |
Required |
Yes |
Admin action required |
None |
Advanced |
No |
Read-only |
No |
jwt-key-alias
Synopsis |
Specifies the alias of the key from the key manager that is used for the JWT support with the HDAP Authorization Mechanism. If it is not specified and the HDAP Authorization Mechanism is enabled, an internal generated key will be used to sign and validate the JWTs. |
Default value |
None |
Allowed values |
A string. |
Multi-valued |
No |
Required |
No |
Admin action required |
None |
Advanced |
No |
Read-only |
No |
jwt-key-manager-provider
Synopsis |
Specifies the name of the key manager that is used for the JWT support with theHDAP Authorization Mechanism. |
Default value |
None |
Allowed values |
The name of an existing key-manager-provider. The referenced key manager provider must be enabled. |
Multi-valued |
No |
Required |
No |
Admin action required |
None |
Advanced |
No |
Read-only |
No |
jwt-validity-period
Synopsis |
The validity period for a JWT. |
Default value |
5 minutes |
Allowed values |
Uses duration syntax. Lower limit: 0 seconds. |
Multi-valued |
No |
Required |
Yes |
Admin action required |
None |
Advanced |
No |
Read-only |
No |
Advanced properties
Use the --advanced
option to access advanced properties.
java-class
Synopsis |
Specifies the fully-qualified name of the Java class that provides the HDAP Authorization Mechanism implementation. |
Default value |
org.opends.server.protocols.http.authz.HdapAuthorizationMechanism |
Allowed values |
A Java class that extends or implements:
|
Multi-valued |
No |
Required |
Yes |
Admin action required |
None |
Advanced |
Yes |
Read-only |
No |