Package org.forgerock.openig.openam
Class AmServiceHeaplet
java.lang.Object
org.forgerock.openig.heap.GenericHeaplet
org.forgerock.openig.openam.AmServiceHeaplet
- All Implemented Interfaces:
Heaplet
This heaplet represents an instance of an
AmService
that can shared amongst AM
related filters such as the SingleSignOnFilter
and the PolicyEnforcementFilter
.
{
"type": "AmService",
"config": {
"url" : expression [REQUIRED - configuration time expression that represents the URI
of the AM Server, for example:
{@literal https://am.example.com/sso}]
"amHandler" : expression [OPTIONAL - by default, uses the 'ForgeRockClientHandler'
provided in heap.]
"realm" : expression [OPTIONAL - configuration time expression, default is
{@link Realm#ROOT_REALM}]
"ssoTokenHeader" : expression [OPTIONAL - configuration time expression, default is to query AM
if this setting is not provided.
"version" : expression [OPTIONAL - configuration time expression, defaults to
{@link AmService#DEFAULT_AM_VERSION}]
"agent" : object [REQUIRED - Define agent credentials for notifications]
{
"username" : expression [REQUIRED - The IG Agent ID to use when authenticating
with AM.]
"passwordSecretId": expression [REQUIRED - the secretId to use for the agent password.]
}
"sessionProperties" : string list [OPTIONAL - The list of user's session properties to request
from AM. These are later transformed into a form that
selects them as properties from all the available
session attributes.
Default is to retrieve all available
session properties.]
"sessionCache" : object [OPTIONAL - By default the session cache is disabled.]
{
"enabled" : expression(boolean) [OPTIONAL - Allow to disable the cache while still keeping
the configuration for later use. Default is
false.]
"maximumSize" : expression(long) [OPTIONAL - Sets the maximum size of the session cache.]
"maximumTimeToCache" : expression(long) [OPTIONAL - Sets the maximum time to cache a session.]
"onNotificationDisconnection": enum [OPTIONAL - What to do if AM goes offline:
NEVER_CLEAR, CLEAR_ON_DISCONNECT,
CLEAR_ON_RECONNECT.
Default is: CLEAR_ON_DISCONNECT.]
"executor" : executor [OPTIONAL - By default, {@link ForkJoinPool#commonPool()}
is used.]
}
"sessionIdleRefresh" : object [OPTIONAL - Enable/Disable session idle refresh functionality.]
{
"enabled" : expression(boolean) [OPTIONAL - Allow to enable session idle refresh function.
Default is false]
"interval" : expression(duration) [OPTIONAL - Wait at least this long in between making
session idle refresh requests.
Default to 5 minutes]
}
"notifications" : object [OPTIONAL - Enable/Disable notification service.]
{
"enabled" : expression(boolean) [OPTIONAL - Allow to disable notification service.
Default is true.]
"initialConnectionAttempts": expression(number)[OPTIONAL - The maximum number of times IG attempts to open
a WebSocket connection before failing to deploy
a route. Default to 5. (-1 for no limit).
"reconnectDelay" : expression(duration) [OPTIONAL - Time to wait in between reconnection attempts
Default to 5 seconds]
"renewalDelay" : expression(duration) [OPTIONAL - Time to wait between preventive connection
renewal. Can be disabled with '0' or
'unlimited'. Default 50 minutes to prevent
ID Cloud connection killing every hour]
"heartbeatInterval" : expression(duration) [OPTIONAL - Time to wait in between heartbeats. Can be
disabled with '0' or 'unlimited'.
Default to 1 minute]
"connectionTimeout" : expression(duration) [OPTIONAL - Time to wait for before failing a connection
attempt. Default to 60 seconds]
"idleTimeout" : expression(duration) [OPTIONAL - Time to wait without activity before closing
the connection. Default to unlimited]
"tls" : object [OPTIONAL - Configure TLS connection settings
{ Every setting defaults to default option value
from HttpClientHandler.*_OPTION ]
"sslContextAlgorithm" : expression(string)
"sslEnabledProtocols" : [ expression(string) ]
"sslCipherSuites" : [ expression(string) ]
"keyManager" : keymanager or [ keymanager ]
"trustManager" : trustmanager or [ trustmanager ]
},
"proxyOptions" : ProxyOptions [OPTIONAL - Configure WebSocket proxy options.
Default to the global ProxyOptions from the
heap]
"vertx" : expression(object) [OPTIONAL - The vertx configuration to pass to the
underlying Vert.x Websocket client.]
}
}
}
The sessionCache's entry default expiry policy is based on the "maxSessionExpirationTime" field located in
the SessionInfo
object stored.-
Field Summary
-
Constructor Summary
-
Method Summary
Methods inherited from class org.forgerock.openig.heap.GenericHeaplet
create, endpointRegistry, evaluatedWithHeapProperties, expression, getConfig, getHeap, getType, initialBindings, meterRegistryHolder
-
Field Details
-
NAME
Public name used by resolver.- See Also:
-
-
Constructor Details
-
AmServiceHeaplet
public AmServiceHeaplet()
-
-
Method Details
-
create
Description copied from class:GenericHeaplet
Called to request the heaplet create an object. Called byHeaplet.create(Name, JsonValue, Heap)
after initializing the protected field members. Implementations should parse configuration but not acquire resources, start threads, or log any initialization messages. These tasks should be performed by theGenericHeaplet.start()
method.- Specified by:
create
in classGenericHeaplet
- Returns:
- The created object.
- Throws:
HeapException
- if an exception occurred during creation of the heap object or any of its dependencies.
-
start
Description copied from class:GenericHeaplet
Called to request the heaplet start an object. Called byHeaplet.create(Name, JsonValue, Heap)
after creating and configuring the object and once the object's logger and storage have been configured. Implementations should override this method if they need to acquire resources, start threads, or log any initialization messages.- Overrides:
start
in classGenericHeaplet
- Throws:
HeapException
- if an exception occurred while starting the heap object or any of its dependencies.
-
destroy
public void destroy()Description copied from interface:Heaplet
Called to indicate that the object created by the heaplet is going to be dereferenced. This gives the heaplet an opportunity to free any resources that are being held prior to its dereference.- Specified by:
destroy
in interfaceHeaplet
- Overrides:
destroy
in classGenericHeaplet
-