Package org.forgerock.openig.openam

Class AmServiceHeaplet

java.lang.Object
org.forgerock.openig.heap.GenericHeaplet
org.forgerock.openig.openam.AmServiceHeaplet
All Implemented Interfaces:
Heaplet
public class AmServiceHeaplet extends GenericHeaplet
This heaplet represents an instance of an AmService that can shared amongst AM related filters such as the SingleSignOnFilter and the PolicyEnforcementFilter. 
 {
    "type": "AmService",
    "config": {
        "url"             :    expression         [REQUIRED - configuration time expression that represents the URI
                                                              of the AM Server, for example:
                                                              {@literal https://am.example.com/sso}]
        "amHandler"       :    expression         [OPTIONAL - by default, uses the 'ForgeRockClientHandler'
                                                              provided in heap.]
        "realm"           :    expression         [OPTIONAL - configuration time expression, default is
                                                              {@link Realm#ROOT_REALM}]
        "ssoTokenHeader"  :    expression         [OPTIONAL - configuration time expression, default is to query AM
                                                              if this setting is not provided.
        "version"         :    expression         [OPTIONAL - configuration time expression, defaults to
                                                              {@link AmService#DEFAULT_AM_VERSION}]
        "agent"           :    object             [REQUIRED - Define agent credentials for notifications]
        {
            "username"        :    expression              [REQUIRED - The IG Agent ID to use when authenticating
                                                                       with AM.]
            "passwordSecretId":    expression              [REQUIRED - the secretId to use for the agent password.]
        }
        "sessionProperties" :  string list        [OPTIONAL - The list of user's session properties to request
                                                              from AM. These are later transformed into a form that
                                                              selects them as properties from all the available
                                                              session attributes.
                                                              Default is to retrieve all available
                                                              session properties.]
        "sessionCache"    :    object             [OPTIONAL - By default the session cache is disabled.]
        {
            "enabled" :              expression(boolean)   [OPTIONAL - Allow to disable the cache while still keeping
                                                                       the configuration for later use. Default is
                                                                       false.]
            "maximumSize" :          expression(long)      [OPTIONAL - Sets the maximum size of the session cache.]
            "maximumTimeToCache" :   expression(long)      [OPTIONAL - Sets the maximum time to cache a session.]
            "onNotificationDisconnection":  enum           [OPTIONAL - What to do if AM goes offline:
                                                                       NEVER_CLEAR, CLEAR_ON_DISCONNECT,
                                                                       CLEAR_ON_RECONNECT.
                                                                       Default is: CLEAR_ON_DISCONNECT.]
            "executor" :             executor              [OPTIONAL - By default, {@link ForkJoinPool#commonPool()}
                                                                       is used.]
        }
        "sessionIdleRefresh" :     object             [OPTIONAL - Enable/Disable session idle refresh functionality.]
        {
            "enabled"          :    expression(boolean)    [OPTIONAL - Allow to enable session idle refresh function.
                                                                       Default is false]
            "interval"         :    expression(duration)   [OPTIONAL - Wait at least this long in between making
                                                                       session idle refresh requests.
                                                                       Default to 5 minutes]
        }
        "notifications"   :    object             [OPTIONAL - Enable/Disable notification service.]
        {
            "enabled"            :  expression(boolean)    [OPTIONAL - Allow to disable notification service.
                                                                       Default is true.]
            "initialConnectionAttempts": expression(number)[OPTIONAL - The maximum number of times IG attempts to open
                                                                       a WebSocket connection before failing to deploy
                                                                       a route. Default to 5. (-1 for no limit).
            "reconnectDelay"     :  expression(duration)   [OPTIONAL - Time to wait in between reconnection attempts
                                                                       Default to 5 seconds]
            "renewalDelay"       :  expression(duration)   [OPTIONAL - Time to wait between preventive connection
                                                                       renewal. Can be disabled with '0' or
                                                                       'unlimited'. Default 50 minutes to prevent
                                                                       ID Cloud connection killing every hour]
            "heartbeatInterval"  :  expression(duration)   [OPTIONAL - Time to wait in between heartbeats. Can be
                                                                       disabled with '0' or 'unlimited'.
                                                                       Default to 1 minute]
            "connectionTimeout"  :  expression(duration)   [OPTIONAL - Time to wait for before failing a connection
                                                                       attempt. Default to 60 seconds]
            "idleTimeout"        :  expression(duration)   [OPTIONAL - Time to wait without activity before closing
                                                                       the connection. Default to unlimited]
            "tls"                :  object                 [OPTIONAL - Configure TLS connection settings
            {                                                          Every setting defaults to default option value
                                                                       from HttpClientHandler.*_OPTION ]
                "sslContextAlgorithm"    : expression(string)
                "sslEnabledProtocols"    : [ expression(string) ]
                "sslCipherSuites"        : [ expression(string) ]
                "keyManager"             : keymanager or [ keymanager ]
                "trustManager"           : trustmanager or [ trustmanager ]
            },
            "proxyOptions"      :  ProxyOptions            [OPTIONAL - Configure WebSocket proxy options.
                                                                       Default to the global ProxyOptions from the
                                                                       heap]
            "vertx"             :  expression(object)      [OPTIONAL - The vertx configuration to pass to the
                                                                       underlying Vert.x Websocket client.]
        }
    }
  }
The sessionCache's entry default expiry policy is based on the "maxSessionExpirationTime" field located in the SessionInfo object stored.

  • Field Details

  • Constructor Details

    • AmServiceHeaplet

      public AmServiceHeaplet()

  • Method Details

    • create

      public Object create() throws HeapException
      Description copied from class: GenericHeaplet
      Called to request the heaplet create an object. Called by Heaplet.create(Name, JsonValue, Heap) after initializing the protected field members. Implementations should parse configuration but not acquire resources, start threads, or log any initialization messages. These tasks should be performed by the GenericHeaplet.start() method.
      Specified by:
      create in class GenericHeaplet
      Returns:
      The created object.
      Throws:
      HeapException - if an exception occurred during creation of the heap object or any of its dependencies.

    • start

      public void start() throws HeapException
      Description copied from class: GenericHeaplet
      Called to request the heaplet start an object. Called by Heaplet.create(Name, JsonValue, Heap) after creating and configuring the object and once the object's logger and storage have been configured. Implementations should override this method if they need to acquire resources, start threads, or log any initialization messages.
      Overrides:
      start in class GenericHeaplet
      Throws:
      HeapException - if an exception occurred while starting the heap object or any of its dependencies.

    • destroy

      public void destroy()
      Description copied from interface: Heaplet
      Called to indicate that the object created by the heaplet is going to be dereferenced. This gives the heaplet an opportunity to free any resources that are being held prior to its dereference.
      Specified by:
      destroy in interface Heaplet
      Overrides:
      destroy in class GenericHeaplet