--- title: HDAP Authorization Mechanism description: "The HDAP Authorization Mechanism authenticates the end-user using either a DN / password or using a JWT bearer token (obtained using the HDAP \"authenticate\" action) or anonymously depending on the user privileges on the requested resource." component: pingds version: 8.1 page_id: pingds:configref:objects-hdap-authorization-mechanism canonical_url: https://docs.pingidentity.com/pingds/8.1/configref/objects-hdap-authorization-mechanism.html section_ids: parent: Parent dependencies: Dependencies hdap_authorization_mechanism_properties: HDAP Authorization Mechanism properties basic_properties: Basic properties enabled: enabled jwt-algorithm: jwt-algorithm jwt-key-alias: jwt-key-alias jwt-key-manager-provider: jwt-key-manager-provider jwt-validity-period: jwt-validity-period advanced_properties: Advanced properties java-class: java-class --- # HDAP Authorization Mechanism The HDAP Authorization Mechanism authenticates the end-user using either a DN / password or using a JWT bearer token (obtained using the HDAP "authenticate" action) or anonymously depending on the user privileges on the requested resource. ## Parent The HDAP Authorization Mechanism object inherits from [HTTP Authorization Mechanism](objects-http-authorization-mechanism.html). ## Dependencies HDAP Authorization Mechanisms depend on the following objects: * [Key Manager Provider](objects-key-manager-provider.html) ## HDAP Authorization Mechanism properties You can use configuration expressions to set property values at startup time. For details, see [Property value substitution](expressions.html). | Basic Properties | Advanced Properties | | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | | [enabled](#enabled) [jwt-algorithm](#jwt-algorithm) [jwt-key-alias](#jwt-key-alias) [jwt-key-manager-provider](#jwt-key-manager-provider) [jwt-validity-period](#jwt-validity-period) | [java-class](#java-class) | ### Basic properties Use the `--advanced` option to access advanced properties. ### enabled | | | | ----------------------- | -------------------------------------------------------------- | | *Synopsis* | Indicates whether the HTTP Authorization Mechanism is enabled. | | *Default value* | None | | *Allowed values* | truefalse | | *Multi-valued* | No | | *Required* | Yes | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ### jwt-algorithm | | | | ----------------------- | -------------------------------------------------------------- | | *Synopsis* | The JWT algorithm used to sign and validate the HTTP requests. | | *Default value* | HS256 | | *Allowed values* | A string. | | *Multi-valued* | No | | *Required* | Yes | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ### jwt-key-alias | | | | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | Specifies the alias of the key from the key manager that is used for the JWT support with the HDAP Authorization Mechanism. If it is not specified and the HDAP Authorization Mechanism is enabled, an internal generated key will be used to sign and validate the JWTs. | | *Default value* | None | | *Allowed values* | A string. | | *Multi-valued* | No | | *Required* | No | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ### jwt-key-manager-provider | | | | ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | Specifies the name of the key manager that is used for the JWT support with theHDAP Authorization Mechanism. | | *Default value* | None | | *Allowed values* | The name of an existing [key-manager-provider](objects-key-manager-provider.html).The referenced key manager provider must be enabled. | | *Multi-valued* | No | | *Required* | No | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ### jwt-validity-period | | | | ----------------------- | -------------------------------------------------------------------- | | *Synopsis* | The validity period for a JWT. | | *Default value* | 5 minutes | | *Allowed values* | Uses [duration syntax](duration-syntax.html).Lower limit: 0 seconds. | | *Multi-valued* | No | | *Required* | Yes | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ## Advanced properties Use the `--advanced` option to access advanced properties. ### java-class | | | | ----------------------- | ------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | Specifies the fully-qualified name of the Java class that provides the HDAP Authorization Mechanism implementation. | | *Default value* | org.opends.server.protocols.http.authz.HdapAuthorizationMechanism | | *Allowed values* | A Java class that extends or implements:- org.opends.server.protocols.http.authz.HttpAuthorizationMechanism | | *Multi-valued* | No | | *Required* | Yes | | *Admin action required* | None | | *Advanced* | Yes | | *Read-only* | No |