AdaptiveRiskModule

Realm Operations

Resource path:

/realm-config/authentication/modules/adaptiverisk

Resource version: 1.0

create

Usage

am> create AdaptiveRiskModule --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "knowncookie" : {
      "type" : "object",
      "title" : "Known Cookie",
      "propertyOrder" : 4,
      "properties" : {
        "knownCookieScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 2000,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "createKnownCookieOnSuccessfulLogin" : {
          "title" : "Save Cookie Value on Successful Login",
          "description" : "The cookie will be created on the client after successful login<br><br>The Adaptive Risk Post Authentication Plug-in will set the cookie on the client response",
          "propertyOrder" : 1900,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "knownCookieName" : {
          "title" : "Cookie Name",
          "description" : "The name of the cookie to set on the client.",
          "propertyOrder" : 1700,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "invertKnownCookieScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 2100,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "knownCookieCheckEnabled" : {
          "title" : "Cookie Value Check",
          "description" : "Enables the checking of a known cookie value in the client request<br><br>If this check is enabled, the check looks for a known cookie in the client request. If the cookie exists and has the correct value then the check will pass. ",
          "propertyOrder" : 1600,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "knownCookieValue" : {
          "title" : "Cookie Value",
          "description" : "The value to be set on the cookie.",
          "propertyOrder" : 1800,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "iphistory" : {
      "type" : "object",
      "title" : "IP Address History",
      "propertyOrder" : 3,
      "properties" : {
        "saveSuccessfulIP" : {
          "title" : "Save Successful IP Address",
          "description" : "The IP History list will be updated in the data store<br><br>The Adaptive Risk Post Authentication Plug-in will update the IP history list if the overall authentication is successful.",
          "propertyOrder" : 1300,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "ipHistoryScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 1400,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "invertIPHistoryScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 1500,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "ipHistoryCheckEnabled" : {
          "title" : "IP History Check",
          "description" : "Enables the checking of client IP address against a list of past IP addresses.<br><br>If this check is enabled; a set number of past IP addresses used by the client to access OpenAM is recorded in the user profile. This check passes if the current client IP address is present in the history list. If the IP address is not present, the check fails and the IP address is added to list if the overall authentication is successful (causing the oldest IP address to be removed).",
          "propertyOrder" : 1000,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "ipHistoryProfileAttribute" : {
          "title" : "Profile Attribute Name",
          "description" : "The name of the attribute used to store the IP history list in the data store.<br><br>IP history list is stored in the Data Store meaning your Data Store should be able to store values under the configured attribute name. If you're using a directory server as backend, make sure your Data Store configuration contains the necessary objectclass and attribute related settings.",
          "propertyOrder" : 1200,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "ipHistoryCount" : {
          "title" : "History size",
          "description" : "The number of client IP addresses to save in the history list.",
          "propertyOrder" : 1100,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    },
    "authfailed" : {
      "type" : "object",
      "title" : "Failed Authentications",
      "propertyOrder" : 1,
      "properties" : {
        "failedAuthenticationCheckEnabled" : {
          "title" : "Failed Authentication Check",
          "description" : "Checks if the user has past authentication failures.<br><br>Check if the OpenAM account lockout mechanism has recorded past authentication failures for the user.<br/><br/><i>NB </i>For this check to function, Account Lockout must be enabled.",
          "propertyOrder" : 300,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "failureScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 400,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "invertFailureScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 500,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "iprange" : {
      "type" : "object",
      "title" : "IP Address Range",
      "propertyOrder" : 2,
      "properties" : {
        "invertIPRangeScoreEnabled" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 900,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "ipRangeScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 800,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "ipRangeCheckEnabled" : {
          "title" : "IP Range Check",
          "description" : "Enables the checking of the client IP address against a list of IP addresses.<br><br>The IP range check compares the IP of the client against a list of IP addresses, if the client IP is found within said list the check is successful.",
          "propertyOrder" : 600,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "ipRange" : {
          "title" : "IP Range",
          "description" : "The list of IP address to compare against the client IP address.<br><br>The format of the IP address is as follows:<br/><br/><ul><li>Single IP address: <code>172.16.90.1</code></li><li>CIDR notation: <code>172.16.90.0/24</code></li><li>IP net-block with netmask: <code>172.16.90.0:255.255.255.0</code></li></ul>",
          "propertyOrder" : 700,
          "required" : true,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        }
      }
    },
    "devicecookie" : {
      "type" : "object",
      "title" : "Device Cookie",
      "propertyOrder" : 5,
      "properties" : {
        "deviceCookieCheckEnabled" : {
          "title" : "Device Registration Cookie Check",
          "description" : "Enables the checking of the client request for a known cookie.<br><br>If this check is enabled, the check will pass if the client request contains the named cookie.",
          "propertyOrder" : 3300,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "deviceCookieName" : {
          "title" : "Cookie Name",
          "description" : "The name of the cookie to be checked for (and optionally set) on the client request",
          "propertyOrder" : 3400,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "invertDeviceCookieScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 3700,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "saveDeviceCookieValueOnSuccessfulLogin" : {
          "title" : "Save Device Registration on Successful Login",
          "description" : "Set the device cookie on the client response<br><br>The Adaptive Risk Post Authentication Plug-in will set the device cookie on the client response",
          "propertyOrder" : 3500,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "deviceCookieScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 3600,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    },
    "lastlogin" : {
      "type" : "object",
      "title" : "Time Since Last Login",
      "propertyOrder" : 6,
      "properties" : {
        "maxTimeSinceLastLogin" : {
          "title" : "Max Time since Last login",
          "description" : "The maximum number of days that can elapse before this test.",
          "propertyOrder" : 2400,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "timeSinceLastLoginCheckEnabled" : {
          "title" : "Time since Last login Check",
          "description" : "Enables the checking of the last time the user successfully authenticated.<br><br>If this check is enabled, the check ensures the user has successfully authenticated within a given interval. If the interval has been exceeded the check will fail. The last authentication for the user is stored in a client cookie.",
          "propertyOrder" : 2200,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "timeSinceLastLoginScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 2600,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "timeSinceLastLoginCookieName" : {
          "title" : "Cookie Name",
          "description" : "The name of the cookie used to store the time of the last successful authentication.",
          "propertyOrder" : 2300,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "saveLastLoginTimeOnSuccessfulLogin" : {
          "title" : "Save time of Successful Login",
          "description" : "The last login time will be saved in a client cookie<br><br>The Adaptive Risk Post Authentication Plug-in will update the last login time",
          "propertyOrder" : 2500,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "invertTimeSinceLastLoginScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 2700,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "geolocation" : {
      "type" : "object",
      "title" : "Geo Location",
      "propertyOrder" : 8,
      "properties" : {
        "geolocationCheckEnabled" : {
          "title" : "Geolocation Country Code Check",
          "description" : "Enables the checking of the client IP address against the geolocation database.<br><br>The geolocation database associates IP addresses against their known location. This check passes if the country associated with the client IP address is matched against the list of valid country codes.<br/><br/>The geolocation database is available in binary format at <a href=\"http://www.maxmind.com/app/country\" target=\"_blank\">MaxMind</a>.",
          "propertyOrder" : 3800,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "geolocationDatabaseLocation" : {
          "title" : "Geolocation Database location",
          "description" : "The path to the location of the GEO location database.<br><br>The Geolocation database is not distributed with OpenAM, you can get it in binary format from <a href=\"http://www.maxmind.com/app/country\" target=\"_blank\">MaxMind</a>.",
          "propertyOrder" : 3900,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "geolocationValidCountryCodes" : {
          "title" : "Valid Country Codes",
          "description" : "The list of country codes that are considered as valid locations for client IPs.<br><br>The list is made up of country codes separated by a | character; for example:<br/><br/><code>gb|us|no|fr</code>",
          "propertyOrder" : 4000,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "geolocationScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 4100,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "invertGeolocationScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 4200,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "attributecheck" : {
      "type" : "object",
      "title" : "Profile Attribute",
      "propertyOrder" : 7,
      "properties" : {
        "profileRiskAttributeScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 3100,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "profileRiskAttributeCheckEnabled" : {
          "title" : "Profile Risk Attribute check",
          "description" : "Enables the checking of the user profile for a matching attribute and value.<br><br>If this check is enabled, the check will pass if the users profile contains the required risk attribute and value.",
          "propertyOrder" : 2800,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "invertProfileRiskAttributeScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 3200,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "profileRiskAttributeValue" : {
          "title" : "Attribute Value",
          "description" : "The required value of the named attribute.",
          "propertyOrder" : 3000,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "profileRiskAttributeName" : {
          "title" : "Attribute Name",
          "description" : "The name of the attribute to retrieve from the user profile in the data store.",
          "propertyOrder" : 2900,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "general" : {
      "type" : "object",
      "title" : "General",
      "propertyOrder" : 0,
      "properties" : {
        "authenticationLevel" : {
          "title" : "Authentication Level",
          "description" : "The authentication level associated with this module.<br><br>Each authentication module has an authentication level that can be used to indicate the level of security associated with the module; 0 is the lowest (and the default).",
          "propertyOrder" : 100,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "riskThreshold" : {
          "title" : "Risk Threshold",
          "description" : "If the risk threshold value is not reached after executing the different tests, the authentication is considered to be successful.<br><br>Associated with many of the adaptive risk checks is a score; if a check does not passes then the score is added to the current running total. The final score is then compared with the <i>Risk Threshold</i>, if the score is lesser than said threshold the module will be successful. ",
          "propertyOrder" : 200,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    },
    "requestheader" : {
      "type" : "object",
      "title" : "Request Header",
      "propertyOrder" : 9,
      "properties" : {
        "requestHeaderScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 4600,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "requestHeaderName" : {
          "title" : "Request Header Name",
          "description" : "The name of the required HTTP header ",
          "propertyOrder" : 4400,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "requestHeaderCheckEnabled" : {
          "title" : "Request Header Check",
          "description" : "Enables the checking of the client request for a known header name and value.<br><br>The request header check will pass if the client request contains the required named header and value.",
          "propertyOrder" : 4300,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "invertRequestHeaderScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 4700,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "requestHeaderValue" : {
          "title" : "Request Header Value",
          "description" : "The required value of the named HTTP header.",
          "propertyOrder" : 4500,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    }
  }
}

delete

Usage

am> delete AdaptiveRiskModule --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action AdaptiveRiskModule --realm Realm --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action AdaptiveRiskModule --realm Realm --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action AdaptiveRiskModule --realm Realm --actionName nextdescendents

query

Get the full list of instances of this collection. This query only supports _queryFilter=true filter.

Usage

am> query AdaptiveRiskModule --realm Realm --filter filter

Parameters

--filter

A CREST formatted query filter, where "true" will query all.

read

Usage

am> read AdaptiveRiskModule --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

update

Usage

am> update AdaptiveRiskModule --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "knowncookie" : {
      "type" : "object",
      "title" : "Known Cookie",
      "propertyOrder" : 4,
      "properties" : {
        "knownCookieScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 2000,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "createKnownCookieOnSuccessfulLogin" : {
          "title" : "Save Cookie Value on Successful Login",
          "description" : "The cookie will be created on the client after successful login<br><br>The Adaptive Risk Post Authentication Plug-in will set the cookie on the client response",
          "propertyOrder" : 1900,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "knownCookieName" : {
          "title" : "Cookie Name",
          "description" : "The name of the cookie to set on the client.",
          "propertyOrder" : 1700,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "invertKnownCookieScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 2100,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "knownCookieCheckEnabled" : {
          "title" : "Cookie Value Check",
          "description" : "Enables the checking of a known cookie value in the client request<br><br>If this check is enabled, the check looks for a known cookie in the client request. If the cookie exists and has the correct value then the check will pass. ",
          "propertyOrder" : 1600,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "knownCookieValue" : {
          "title" : "Cookie Value",
          "description" : "The value to be set on the cookie.",
          "propertyOrder" : 1800,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "iphistory" : {
      "type" : "object",
      "title" : "IP Address History",
      "propertyOrder" : 3,
      "properties" : {
        "saveSuccessfulIP" : {
          "title" : "Save Successful IP Address",
          "description" : "The IP History list will be updated in the data store<br><br>The Adaptive Risk Post Authentication Plug-in will update the IP history list if the overall authentication is successful.",
          "propertyOrder" : 1300,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "ipHistoryScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 1400,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "invertIPHistoryScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 1500,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "ipHistoryCheckEnabled" : {
          "title" : "IP History Check",
          "description" : "Enables the checking of client IP address against a list of past IP addresses.<br><br>If this check is enabled; a set number of past IP addresses used by the client to access OpenAM is recorded in the user profile. This check passes if the current client IP address is present in the history list. If the IP address is not present, the check fails and the IP address is added to list if the overall authentication is successful (causing the oldest IP address to be removed).",
          "propertyOrder" : 1000,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "ipHistoryProfileAttribute" : {
          "title" : "Profile Attribute Name",
          "description" : "The name of the attribute used to store the IP history list in the data store.<br><br>IP history list is stored in the Data Store meaning your Data Store should be able to store values under the configured attribute name. If you're using a directory server as backend, make sure your Data Store configuration contains the necessary objectclass and attribute related settings.",
          "propertyOrder" : 1200,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "ipHistoryCount" : {
          "title" : "History size",
          "description" : "The number of client IP addresses to save in the history list.",
          "propertyOrder" : 1100,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    },
    "authfailed" : {
      "type" : "object",
      "title" : "Failed Authentications",
      "propertyOrder" : 1,
      "properties" : {
        "failedAuthenticationCheckEnabled" : {
          "title" : "Failed Authentication Check",
          "description" : "Checks if the user has past authentication failures.<br><br>Check if the OpenAM account lockout mechanism has recorded past authentication failures for the user.<br/><br/><i>NB </i>For this check to function, Account Lockout must be enabled.",
          "propertyOrder" : 300,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "failureScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 400,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "invertFailureScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 500,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "iprange" : {
      "type" : "object",
      "title" : "IP Address Range",
      "propertyOrder" : 2,
      "properties" : {
        "invertIPRangeScoreEnabled" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 900,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "ipRangeScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 800,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "ipRangeCheckEnabled" : {
          "title" : "IP Range Check",
          "description" : "Enables the checking of the client IP address against a list of IP addresses.<br><br>The IP range check compares the IP of the client against a list of IP addresses, if the client IP is found within said list the check is successful.",
          "propertyOrder" : 600,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "ipRange" : {
          "title" : "IP Range",
          "description" : "The list of IP address to compare against the client IP address.<br><br>The format of the IP address is as follows:<br/><br/><ul><li>Single IP address: <code>172.16.90.1</code></li><li>CIDR notation: <code>172.16.90.0/24</code></li><li>IP net-block with netmask: <code>172.16.90.0:255.255.255.0</code></li></ul>",
          "propertyOrder" : 700,
          "required" : true,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        }
      }
    },
    "devicecookie" : {
      "type" : "object",
      "title" : "Device Cookie",
      "propertyOrder" : 5,
      "properties" : {
        "deviceCookieCheckEnabled" : {
          "title" : "Device Registration Cookie Check",
          "description" : "Enables the checking of the client request for a known cookie.<br><br>If this check is enabled, the check will pass if the client request contains the named cookie.",
          "propertyOrder" : 3300,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "deviceCookieName" : {
          "title" : "Cookie Name",
          "description" : "The name of the cookie to be checked for (and optionally set) on the client request",
          "propertyOrder" : 3400,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "invertDeviceCookieScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 3700,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "saveDeviceCookieValueOnSuccessfulLogin" : {
          "title" : "Save Device Registration on Successful Login",
          "description" : "Set the device cookie on the client response<br><br>The Adaptive Risk Post Authentication Plug-in will set the device cookie on the client response",
          "propertyOrder" : 3500,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "deviceCookieScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 3600,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    },
    "lastlogin" : {
      "type" : "object",
      "title" : "Time Since Last Login",
      "propertyOrder" : 6,
      "properties" : {
        "maxTimeSinceLastLogin" : {
          "title" : "Max Time since Last login",
          "description" : "The maximum number of days that can elapse before this test.",
          "propertyOrder" : 2400,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "timeSinceLastLoginCheckEnabled" : {
          "title" : "Time since Last login Check",
          "description" : "Enables the checking of the last time the user successfully authenticated.<br><br>If this check is enabled, the check ensures the user has successfully authenticated within a given interval. If the interval has been exceeded the check will fail. The last authentication for the user is stored in a client cookie.",
          "propertyOrder" : 2200,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "timeSinceLastLoginScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 2600,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "timeSinceLastLoginCookieName" : {
          "title" : "Cookie Name",
          "description" : "The name of the cookie used to store the time of the last successful authentication.",
          "propertyOrder" : 2300,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "saveLastLoginTimeOnSuccessfulLogin" : {
          "title" : "Save time of Successful Login",
          "description" : "The last login time will be saved in a client cookie<br><br>The Adaptive Risk Post Authentication Plug-in will update the last login time",
          "propertyOrder" : 2500,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "invertTimeSinceLastLoginScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 2700,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "geolocation" : {
      "type" : "object",
      "title" : "Geo Location",
      "propertyOrder" : 8,
      "properties" : {
        "geolocationCheckEnabled" : {
          "title" : "Geolocation Country Code Check",
          "description" : "Enables the checking of the client IP address against the geolocation database.<br><br>The geolocation database associates IP addresses against their known location. This check passes if the country associated with the client IP address is matched against the list of valid country codes.<br/><br/>The geolocation database is available in binary format at <a href=\"http://www.maxmind.com/app/country\" target=\"_blank\">MaxMind</a>.",
          "propertyOrder" : 3800,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "geolocationDatabaseLocation" : {
          "title" : "Geolocation Database location",
          "description" : "The path to the location of the GEO location database.<br><br>The Geolocation database is not distributed with OpenAM, you can get it in binary format from <a href=\"http://www.maxmind.com/app/country\" target=\"_blank\">MaxMind</a>.",
          "propertyOrder" : 3900,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "geolocationValidCountryCodes" : {
          "title" : "Valid Country Codes",
          "description" : "The list of country codes that are considered as valid locations for client IPs.<br><br>The list is made up of country codes separated by a | character; for example:<br/><br/><code>gb|us|no|fr</code>",
          "propertyOrder" : 4000,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "geolocationScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 4100,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "invertGeolocationScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 4200,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "attributecheck" : {
      "type" : "object",
      "title" : "Profile Attribute",
      "propertyOrder" : 7,
      "properties" : {
        "profileRiskAttributeScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 3100,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "profileRiskAttributeCheckEnabled" : {
          "title" : "Profile Risk Attribute check",
          "description" : "Enables the checking of the user profile for a matching attribute and value.<br><br>If this check is enabled, the check will pass if the users profile contains the required risk attribute and value.",
          "propertyOrder" : 2800,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "invertProfileRiskAttributeScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 3200,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "profileRiskAttributeValue" : {
          "title" : "Attribute Value",
          "description" : "The required value of the named attribute.",
          "propertyOrder" : 3000,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "profileRiskAttributeName" : {
          "title" : "Attribute Name",
          "description" : "The name of the attribute to retrieve from the user profile in the data store.",
          "propertyOrder" : 2900,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "general" : {
      "type" : "object",
      "title" : "General",
      "propertyOrder" : 0,
      "properties" : {
        "authenticationLevel" : {
          "title" : "Authentication Level",
          "description" : "The authentication level associated with this module.<br><br>Each authentication module has an authentication level that can be used to indicate the level of security associated with the module; 0 is the lowest (and the default).",
          "propertyOrder" : 100,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "riskThreshold" : {
          "title" : "Risk Threshold",
          "description" : "If the risk threshold value is not reached after executing the different tests, the authentication is considered to be successful.<br><br>Associated with many of the adaptive risk checks is a score; if a check does not passes then the score is added to the current running total. The final score is then compared with the <i>Risk Threshold</i>, if the score is lesser than said threshold the module will be successful. ",
          "propertyOrder" : 200,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    },
    "requestheader" : {
      "type" : "object",
      "title" : "Request Header",
      "propertyOrder" : 9,
      "properties" : {
        "requestHeaderScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 4600,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "requestHeaderName" : {
          "title" : "Request Header Name",
          "description" : "The name of the required HTTP header ",
          "propertyOrder" : 4400,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "requestHeaderCheckEnabled" : {
          "title" : "Request Header Check",
          "description" : "Enables the checking of the client request for a known header name and value.<br><br>The request header check will pass if the client request contains the required named header and value.",
          "propertyOrder" : 4300,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "invertRequestHeaderScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 4700,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "requestHeaderValue" : {
          "title" : "Request Header Value",
          "description" : "The required value of the named HTTP header.",
          "propertyOrder" : 4500,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    }
  }
}

Global Operations

Resource path:

/global-config/authentication/modules/adaptiverisk

Resource version: 1.0

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action AdaptiveRiskModule --global --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action AdaptiveRiskModule --global --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action AdaptiveRiskModule --global --actionName nextdescendents

read

Usage

am> read AdaptiveRiskModule --global

update

Usage

am> update AdaptiveRiskModule --global --body body

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "defaults" : {
      "properties" : {
        "lastlogin" : {
          "type" : "object",
          "title" : "Time Since Last Login",
          "propertyOrder" : 6,
          "properties" : {
            "timeSinceLastLoginScore" : {
              "title" : "Score",
              "description" : "The amount to increment the score if this check fails.",
              "propertyOrder" : 2600,
              "required" : true,
              "type" : "integer",
              "exampleValue" : ""
            },
            "timeSinceLastLoginCheckEnabled" : {
              "title" : "Time since Last login Check",
              "description" : "Enables the checking of the last time the user successfully authenticated.<br><br>If this check is enabled, the check ensures the user has successfully authenticated within a given interval. If the interval has been exceeded the check will fail. The last authentication for the user is stored in a client cookie.",
              "propertyOrder" : 2200,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "maxTimeSinceLastLogin" : {
              "title" : "Max Time since Last login",
              "description" : "The maximum number of days that can elapse before this test.",
              "propertyOrder" : 2400,
              "required" : true,
              "type" : "string",
              "exampleValue" : ""
            },
            "invertTimeSinceLastLoginScore" : {
              "title" : "Invert Result",
              "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
              "propertyOrder" : 2700,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "timeSinceLastLoginCookieName" : {
              "title" : "Cookie Name",
              "description" : "The name of the cookie used to store the time of the last successful authentication.",
              "propertyOrder" : 2300,
              "required" : true,
              "type" : "string",
              "exampleValue" : ""
            },
            "saveLastLoginTimeOnSuccessfulLogin" : {
              "title" : "Save time of Successful Login",
              "description" : "The last login time will be saved in a client cookie<br><br>The Adaptive Risk Post Authentication Plug-in will update the last login time",
              "propertyOrder" : 2500,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            }
          }
        },
        "devicecookie" : {
          "type" : "object",
          "title" : "Device Cookie",
          "propertyOrder" : 5,
          "properties" : {
            "deviceCookieName" : {
              "title" : "Cookie Name",
              "description" : "The name of the cookie to be checked for (and optionally set) on the client request",
              "propertyOrder" : 3400,
              "required" : true,
              "type" : "string",
              "exampleValue" : ""
            },
            "deviceCookieCheckEnabled" : {
              "title" : "Device Registration Cookie Check",
              "description" : "Enables the checking of the client request for a known cookie.<br><br>If this check is enabled, the check will pass if the client request contains the named cookie.",
              "propertyOrder" : 3300,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "invertDeviceCookieScore" : {
              "title" : "Invert Result",
              "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
              "propertyOrder" : 3700,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "saveDeviceCookieValueOnSuccessfulLogin" : {
              "title" : "Save Device Registration on Successful Login",
              "description" : "Set the device cookie on the client response<br><br>The Adaptive Risk Post Authentication Plug-in will set the device cookie on the client response",
              "propertyOrder" : 3500,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "deviceCookieScore" : {
              "title" : "Score",
              "description" : "The amount to increment the score if this check fails.",
              "propertyOrder" : 3600,
              "required" : true,
              "type" : "integer",
              "exampleValue" : ""
            }
          }
        },
        "requestheader" : {
          "type" : "object",
          "title" : "Request Header",
          "propertyOrder" : 9,
          "properties" : {
            "requestHeaderCheckEnabled" : {
              "title" : "Request Header Check",
              "description" : "Enables the checking of the client request for a known header name and value.<br><br>The request header check will pass if the client request contains the required named header and value.",
              "propertyOrder" : 4300,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "requestHeaderValue" : {
              "title" : "Request Header Value",
              "description" : "The required value of the named HTTP header.",
              "propertyOrder" : 4500,
              "required" : true,
              "type" : "string",
              "exampleValue" : ""
            },
            "requestHeaderName" : {
              "title" : "Request Header Name",
              "description" : "The name of the required HTTP header ",
              "propertyOrder" : 4400,
              "required" : true,
              "type" : "string",
              "exampleValue" : ""
            },
            "requestHeaderScore" : {
              "title" : "Score",
              "description" : "The amount to increment the score if this check fails.",
              "propertyOrder" : 4600,
              "required" : true,
              "type" : "integer",
              "exampleValue" : ""
            },
            "invertRequestHeaderScore" : {
              "title" : "Invert Result",
              "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
              "propertyOrder" : 4700,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            }
          }
        },
        "attributecheck" : {
          "type" : "object",
          "title" : "Profile Attribute",
          "propertyOrder" : 7,
          "properties" : {
            "profileRiskAttributeCheckEnabled" : {
              "title" : "Profile Risk Attribute check",
              "description" : "Enables the checking of the user profile for a matching attribute and value.<br><br>If this check is enabled, the check will pass if the users profile contains the required risk attribute and value.",
              "propertyOrder" : 2800,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "profileRiskAttributeValue" : {
              "title" : "Attribute Value",
              "description" : "The required value of the named attribute.",
              "propertyOrder" : 3000,
              "required" : true,
              "type" : "string",
              "exampleValue" : ""
            },
            "profileRiskAttributeName" : {
              "title" : "Attribute Name",
              "description" : "The name of the attribute to retrieve from the user profile in the data store.",
              "propertyOrder" : 2900,
              "required" : true,
              "type" : "string",
              "exampleValue" : ""
            },
            "invertProfileRiskAttributeScore" : {
              "title" : "Invert Result",
              "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
              "propertyOrder" : 3200,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "profileRiskAttributeScore" : {
              "title" : "Score",
              "description" : "The amount to increment the score if this check fails.",
              "propertyOrder" : 3100,
              "required" : true,
              "type" : "integer",
              "exampleValue" : ""
            }
          }
        },
        "geolocation" : {
          "type" : "object",
          "title" : "Geo Location",
          "propertyOrder" : 8,
          "properties" : {
            "geolocationValidCountryCodes" : {
              "title" : "Valid Country Codes",
              "description" : "The list of country codes that are considered as valid locations for client IPs.<br><br>The list is made up of country codes separated by a | character; for example:<br/><br/><code>gb|us|no|fr</code>",
              "propertyOrder" : 4000,
              "required" : true,
              "type" : "string",
              "exampleValue" : ""
            },
            "geolocationDatabaseLocation" : {
              "title" : "Geolocation Database location",
              "description" : "The path to the location of the GEO location database.<br><br>The Geolocation database is not distributed with OpenAM, you can get it in binary format from <a href=\"http://www.maxmind.com/app/country\" target=\"_blank\">MaxMind</a>.",
              "propertyOrder" : 3900,
              "required" : true,
              "type" : "string",
              "exampleValue" : ""
            },
            "geolocationCheckEnabled" : {
              "title" : "Geolocation Country Code Check",
              "description" : "Enables the checking of the client IP address against the geolocation database.<br><br>The geolocation database associates IP addresses against their known location. This check passes if the country associated with the client IP address is matched against the list of valid country codes.<br/><br/>The geolocation database is available in binary format at <a href=\"http://www.maxmind.com/app/country\" target=\"_blank\">MaxMind</a>.",
              "propertyOrder" : 3800,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "invertGeolocationScore" : {
              "title" : "Invert Result",
              "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
              "propertyOrder" : 4200,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "geolocationScore" : {
              "title" : "Score",
              "description" : "The amount to increment the score if this check fails.",
              "propertyOrder" : 4100,
              "required" : true,
              "type" : "integer",
              "exampleValue" : ""
            }
          }
        },
        "authfailed" : {
          "type" : "object",
          "title" : "Failed Authentications",
          "propertyOrder" : 1,
          "properties" : {
            "invertFailureScore" : {
              "title" : "Invert Result",
              "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
              "propertyOrder" : 500,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "failedAuthenticationCheckEnabled" : {
              "title" : "Failed Authentication Check",
              "description" : "Checks if the user has past authentication failures.<br><br>Check if the OpenAM account lockout mechanism has recorded past authentication failures for the user.<br/><br/><i>NB </i>For this check to function, Account Lockout must be enabled.",
              "propertyOrder" : 300,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "failureScore" : {
              "title" : "Score",
              "description" : "The amount to increment the score if this check fails.",
              "propertyOrder" : 400,
              "required" : true,
              "type" : "integer",
              "exampleValue" : ""
            }
          }
        },
        "iphistory" : {
          "type" : "object",
          "title" : "IP Address History",
          "propertyOrder" : 3,
          "properties" : {
            "ipHistoryScore" : {
              "title" : "Score",
              "description" : "The amount to increment the score if this check fails.",
              "propertyOrder" : 1400,
              "required" : true,
              "type" : "integer",
              "exampleValue" : ""
            },
            "invertIPHistoryScore" : {
              "title" : "Invert Result",
              "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
              "propertyOrder" : 1500,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "ipHistoryCount" : {
              "title" : "History size",
              "description" : "The number of client IP addresses to save in the history list.",
              "propertyOrder" : 1100,
              "required" : true,
              "type" : "integer",
              "exampleValue" : ""
            },
            "saveSuccessfulIP" : {
              "title" : "Save Successful IP Address",
              "description" : "The IP History list will be updated in the data store<br><br>The Adaptive Risk Post Authentication Plug-in will update the IP history list if the overall authentication is successful.",
              "propertyOrder" : 1300,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "ipHistoryProfileAttribute" : {
              "title" : "Profile Attribute Name",
              "description" : "The name of the attribute used to store the IP history list in the data store.<br><br>IP history list is stored in the Data Store meaning your Data Store should be able to store values under the configured attribute name. If you're using a directory server as backend, make sure your Data Store configuration contains the necessary objectclass and attribute related settings.",
              "propertyOrder" : 1200,
              "required" : true,
              "type" : "string",
              "exampleValue" : ""
            },
            "ipHistoryCheckEnabled" : {
              "title" : "IP History Check",
              "description" : "Enables the checking of client IP address against a list of past IP addresses.<br><br>If this check is enabled; a set number of past IP addresses used by the client to access OpenAM is recorded in the user profile. This check passes if the current client IP address is present in the history list. If the IP address is not present, the check fails and the IP address is added to list if the overall authentication is successful (causing the oldest IP address to be removed).",
              "propertyOrder" : 1000,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            }
          }
        },
        "knowncookie" : {
          "type" : "object",
          "title" : "Known Cookie",
          "propertyOrder" : 4,
          "properties" : {
            "knownCookieScore" : {
              "title" : "Score",
              "description" : "The amount to increment the score if this check fails.",
              "propertyOrder" : 2000,
              "required" : true,
              "type" : "integer",
              "exampleValue" : ""
            },
            "knownCookieName" : {
              "title" : "Cookie Name",
              "description" : "The name of the cookie to set on the client.",
              "propertyOrder" : 1700,
              "required" : true,
              "type" : "string",
              "exampleValue" : ""
            },
            "knownCookieCheckEnabled" : {
              "title" : "Cookie Value Check",
              "description" : "Enables the checking of a known cookie value in the client request<br><br>If this check is enabled, the check looks for a known cookie in the client request. If the cookie exists and has the correct value then the check will pass. ",
              "propertyOrder" : 1600,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "knownCookieValue" : {
              "title" : "Cookie Value",
              "description" : "The value to be set on the cookie.",
              "propertyOrder" : 1800,
              "required" : true,
              "type" : "string",
              "exampleValue" : ""
            },
            "invertKnownCookieScore" : {
              "title" : "Invert Result",
              "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
              "propertyOrder" : 2100,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "createKnownCookieOnSuccessfulLogin" : {
              "title" : "Save Cookie Value on Successful Login",
              "description" : "The cookie will be created on the client after successful login<br><br>The Adaptive Risk Post Authentication Plug-in will set the cookie on the client response",
              "propertyOrder" : 1900,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            }
          }
        },
        "general" : {
          "type" : "object",
          "title" : "General",
          "propertyOrder" : 0,
          "properties" : {
            "authenticationLevel" : {
              "title" : "Authentication Level",
              "description" : "The authentication level associated with this module.<br><br>Each authentication module has an authentication level that can be used to indicate the level of security associated with the module; 0 is the lowest (and the default).",
              "propertyOrder" : 100,
              "required" : true,
              "type" : "integer",
              "exampleValue" : ""
            },
            "riskThreshold" : {
              "title" : "Risk Threshold",
              "description" : "If the risk threshold value is not reached after executing the different tests, the authentication is considered to be successful.<br><br>Associated with many of the adaptive risk checks is a score; if a check does not passes then the score is added to the current running total. The final score is then compared with the <i>Risk Threshold</i>, if the score is lesser than said threshold the module will be successful. ",
              "propertyOrder" : 200,
              "required" : true,
              "type" : "integer",
              "exampleValue" : ""
            }
          }
        },
        "iprange" : {
          "type" : "object",
          "title" : "IP Address Range",
          "propertyOrder" : 2,
          "properties" : {
            "invertIPRangeScoreEnabled" : {
              "title" : "Invert Result",
              "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
              "propertyOrder" : 900,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "ipRangeScore" : {
              "title" : "Score",
              "description" : "The amount to increment the score if this check fails.",
              "propertyOrder" : 800,
              "required" : true,
              "type" : "integer",
              "exampleValue" : ""
            },
            "ipRange" : {
              "title" : "IP Range",
              "description" : "The list of IP address to compare against the client IP address.<br><br>The format of the IP address is as follows:<br/><br/><ul><li>Single IP address: <code>172.16.90.1</code></li><li>CIDR notation: <code>172.16.90.0/24</code></li><li>IP net-block with netmask: <code>172.16.90.0:255.255.255.0</code></li></ul>",
              "propertyOrder" : 700,
              "required" : true,
              "items" : {
                "type" : "string"
              },
              "type" : "array",
              "exampleValue" : ""
            },
            "ipRangeCheckEnabled" : {
              "title" : "IP Range Check",
              "description" : "Enables the checking of the client IP address against a list of IP addresses.<br><br>The IP range check compares the IP of the client against a list of IP addresses, if the client IP is found within said list the check is successful.",
              "propertyOrder" : 600,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            }
          }
        }
      },
      "type" : "object",
      "title" : "Realm Defaults"
    }
  }
}