J2EEAgentGroups

Realm Operations

Agent Groups handler that is responsible for managing agent groups

Resource path:

/realm-config/agents/groups/J2EEAgent

Resource version: 1.0

create

Usage

am> create J2EEAgentGroups --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "miscJ2EEAgentConfig" : {
      "type" : "object",
      "title" : "Miscellaneous",
      "propertyOrder" : 4,
      "properties" : {
        "agent302RedirectContentType" : {
          "title" : "HTTP 302 Redirect Content Type",
          "description" : "When HTTP 302 Redirects Enabled is false, this property specifies the content type of the data to return instead of an HTTP 302 Redirect.<br>Type: String<br>Default: application/json<br>Hot-swap: Yes<br>Property: org.forgerock.agents.302.redirect.http.content.type <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 20000,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "portCheckEnabled" : {
          "title" : "Port Check Enable",
          "description" : "Indicates if port check functionality is enabled or disabled.<br>Property: org.forgerock.agents.port.check.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 7200,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "agent302RedirectStatusCode" : {
          "title" : "HTTP 302 Redirect Replacement HTTP Code",
          "description" : "When HTTP 302 Redirects Enabled is false, this property specifies the HTTP code to return instead of an HTTP 302 Redirect. <br>Type: Integer<br>Default: 200<br>Hot-swap: Yes<br> Property: org.forgerock.agents.302.redirect.http.status.code <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 19900,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "portCheckSetting" : {
          "title" : "Port Check Setting",
          "description" : "Map of port versus protocol entries with the key being the listening port number and value being the listening protocol to be used by the Agent to identify requests with invalid port numbers.<br> Example: <br> To map port 80 to protocol http: enter 80 in Map Key field, and enter http in Corresponding Map Value field. <br>Property name: org.forgerock.agents.port.check.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 7400,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "unwantedHttpUrlRegexParams" : {
          "title" : "Regular Expression Remove Query Parameters",
          "description" : "Specifies a list of regular expressions the agent uses to match query parameters to be removed from a URL for policy decision and caching purposes. The property has the format [Domain/path] | regular_expression[,regular_expression...] with no spaces between values.<br>Property: org.forgerock.agents.unwanted.http.url.params.regex.list <br>Introduced in Java Agent 5.5",
          "propertyOrder" : 19600,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "authFailReasonParameterName" : {
          "title" : "Authentication Fail Reason Parameter Name",
          "description" : "If this property is defined, the agent will pass the named parameter to a custom page (defined by \"Authentication Fail Reason Url\") saying why authentication failed. The reason can be very detailed and users may want to use the \"Authentication Fail Reason Parameter Value Map\" to give custom detail, otherwise these default values will be used: AUTHN_BOOKKEEPING_COOKIE_MISSING, NONCE_MISSING, EXCEPTION <br>Property: org.forgerock.agents.authn.fail.reason.parameter.name <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 19000,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "portCheckFile" : {
          "title" : "Port Check File",
          "description" : "Name or complete path of a file that has the necessary content needed to handle requests that need port correction. <br>Property: org.forgerock.agents.port.check.file <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 7300,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "loginReasonParameterName" : {
          "title" : "Login Reason Parameter Name",
          "description" : "Property to say why the user is being asked to login, the agent will (in custom login mode ONLY) pass the named parameter to the custom login endpoint, with an appropriate value. Note that this property is not enabled by default as this additional information represents an information leak. Default reasons: NO_TOKEN, JWT_INVALID, TOKEN_EXPIRED, EXCEPTION. <br>Property: org.forgerock.agents.login.reason.parameter.name <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 18700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "authFailReasonUrl" : {
          "title" : "Authentication Fail Reason Url",
          "description" : "This property allows administrators to set the URL/URI of a web page that says that authentication failed and which may, using the login fail reason parameter, explain why.<br>Property: org.forgerock.agents.authn.fail.url <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 18900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "wantedHttpUrlRegexParams" : {
          "title" : "Regular Expression Retain Query Parameters",
          "description" : "Specifies a list of regular expressions the agent uses to match query parameters to be retained for policy decision and caching purposes. The property has the format [Domain/path] | regular_expression[,regular_expression...] with no spaces between values. <br>Property: org.forgerock.agents.wanted.http.url.params.regex.list <br>Introduced in Java Agent 5.5",
          "propertyOrder" : 19400,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "localeCountry" : {
          "title" : "Locale Country",
          "description" : "<br>Property: org.forgerock.agents.locale.country <br>Valid for Java Agent 5.0 onwards<br>Requires Agent Restart",
          "propertyOrder" : 1400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "loginReasonMap" : {
          "title" : "Login Reason Value Map",
          "description" : "This map allows some of the possible reasons to be mapped to arbitrary values, when empty will be used default values(see: \"Login Reason Parameter Name\" description). LOGIN REASON=CUSTOM VALUE e.g. [JWT_INVALID]=corrupted_token. <br>Property: org.forgerock.agents.login.reason.remapper <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 18800,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "legacyRedirectUri" : {
          "title" : "Legacy User Agent Redirect URI",
          "description" : "An intermediate URI used by the Agent to redirect legacy user agent requests.<br>Property: org.forgerock.agents.legacy.redirect.uri <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 6900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "agent302RedirectHttpData" : {
          "title" : "HTTP 302 Redirect Data",
          "description" : "When HTTP 302 Redirects Enabled is false, this property specifies the data to return instead of an HTTP 302 Redirect.<br>The following values are substituted in the default example:<br>%REQUEST_URI% is substituted for the URI of the incoming request.<br>%REQUEST_URL% is substituted for full path of the incoming request.<br>%TARGET% is substituted for the URI of the full path of the intended redirection target, and includes parameters if appropriate.<br> Substituted values can each occur zero or more times in the text.<br> Type: String<br>Default:<br> <pre>{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}</pre><br> Hot-swap: Yes<br>Property: org.forgerock.agents.302.redirect.http.data <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 20100,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "wantedHttpUrlParams" : {
          "title" : "Retain Query Parameters",
          "description" : "Specifies a list of query parameters to be retained (other parameters will be removed) from a URL for policy decision and caching purposes. The property has the format [Domain/path] | parameter[,parameter...] with no spaces between values.<br>Example: myapp.example.com/customers|location,lang <br>Property: org.forgerock.agents.wanted.http.url.param.list <br>Introduced in Java Agent 5.5",
          "propertyOrder" : 19300,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "gotoUrl" : {
          "title" : "Goto Url",
          "description" : "This is a URL used in rare circumstances where the Agent has nowhere else to go. For instance if the user requests a resource, authenticates for the first time, then presses the back button and the administrator hasn't set up the authn fail URL. <br>Property: org.forgerock.agents.default.goto.url <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 19200,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "gotoParameterName" : {
          "title" : "Goto Parameter Name",
          "description" : "This is the name of the HTTP query \"goto\" parameter. It is not recommended to change it.<br>Property: com.sun.identity.agents.config.redirect.param <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 3600,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "legacyUserAgentSupport" : {
          "title" : "Legacy User Agent Support Enable",
          "description" : "Enables support for legacy user agents (browser).<br>Property: org.forgerock.agents.legacy.support.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 6700,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "agent302RedirectEnabled" : {
          "title" : "HTTP 302 Redirects Enabled",
          "description" : "Controls how the Agent handles redirects, as follows: <br> true: HTTP 302 Redirects are enabled. When an unauthenticated user attempts to access a resource, and not-enforced rules do not automatically grant access to the resource, the Agent returns an HTTP 302 to redirect the user to an authentication endpoint.<br>false: HTTP 302 Redirects are disabled. When an unauthenticated user attempts to access a resource, the Agent returns a block of configurable JSON that can be intercepted.<br> The returned HTTP code, content type, and data is configured by the properties <b>HTTP 302 Redirect Replacement HTTP Code, HTTP 302 Redirect Content Type, and HTTP 302 Redirect Data.</b><br> Lists of URLs in a not-enforced rule style, for which the data is produced are configured by the properties <b>HTTP 302 Redirect Not Enforced List and HTTP 302 Redirect Invert Not Enforced List.</b><br>The following example JSON shows the request path as a URL and URI, and the target URL of the disabled redirect: <br> <pre>{\"redirect\": { \"requestUri\": \"examples/index.html#section_two\", \"requestUrl\": \"http://my.example.com:8020/examples/index.html#section_two\", \"targetUrl\": \"http://openam.example.com:8010/openam/oauth2/authorize?scope=openid&response_type=id_token&redirect_uri= . . . }}</pre><br> Use this option when it is difficult to handle 302, for example, when the Agent is accessed by a JavaScript application, or by something other than a browser.<br>Type: Boolean<br>Default: true<br>Hot-swap: Yes <br>Property: org.forgerock.agents.302.redirects.enabled <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 19800,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "agent302RedirectInvertEnabled" : {
          "title" : "HTTP 302 Redirect Invert Not Enforced List",
          "description" : "When true, this property inverts the meaning of HTTP 302 Redirect Not Enforced List, so that it specifies a list of URLs for which HTTP 302 Redirect does take place.<br>Type: Boolean<br>Default: false<br>Hot-swap: Yes<br> Property: org.forgerock.agents.302.redirect.invert.enabled <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 20300,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "agent302RedirectNerList" : {
          "title" : "HTTP 302 Redirect Not Enforced List",
          "description" : "When HTTP 302 Redirects Enabled is false, this property specifies a list of URLs for which HTTP 302 Redirect does not take place.<br>If a request does not match an entry in the list, or if the list is empty, an HTTP 302 Redirect takes place for all unauthenticated requests to access a resource, where other not-enforced rules do not automatically grant access to the resource.<br>If a request matches an entry in the list, HTTP 302 Redirect does not take place for that request, and the Agent returns a block of configurable JSON.<br> Type: List of not-enforced rules that comply with \"Conventions for Not-Enforced Rules\"<br>Default: Empty<br> Hot-swap: Yes<br>Property: org.forgerock.agents.302.redirect.ner.list <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 20200,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "unwantedHttpUrlParams" : {
          "title" : "Remove Query Parameters",
          "description" : "Specifies a list of query parameters to be removed from a URL for policy decision and caching purposes. The property has the format [Domain/path] | parameter[,parameter...] with no spaces between values <br>Example: myapp.example.com/customers|location,lang <br>Property: org.forgerock.agents.unwanted.http.url.param.list <br>Introduced in Java Agent 5.5",
          "propertyOrder" : 19500,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "authFailReasonParameterRemapper" : {
          "title" : "Authentication Fail Reason Parameter Value Map",
          "description" : "This map allows some of the possible reasons to be mapped to arbitrary values. When empty, will use default values. <br>Property: org.forgerock.agents.authn.fail.reason.remapper <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 19100,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "ignorePathInfo" : {
          "title" : "Ignore Path Info in Request URL",
          "description" : "The path info will be stripped from the request URL while doing Not Enforced List check and url policy evaluation if the value is set to true. <br>Property: com.sun.identity.agents.config.ignore.path.info <br>Valid for Agent 5.0 onwards",
          "propertyOrder" : 18600,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "localeLanguage" : {
          "title" : "Locale Language",
          "description" : "Property: org.forgerock.agents.locale.language <br>Valid for Java Agent 5.0 onwards <br>Requires Agent Restart",
          "propertyOrder" : 1300,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "legacyUserAgentList" : {
          "title" : "Legacy User Agent List",
          "description" : "List of user agent header values that identify legacy browsers. Entries in this list can have wild card character '*'. <br>Property: org.forgerock.agents.legacy.user.agent.list <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 6800,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        }
      }
    },
    "globalJ2EEAgentConfig" : {
      "type" : "object",
      "title" : "Global",
      "propertyOrder" : 0,
      "properties" : {
        "loginAttemptLimitCookieName" : {
          "title" : "Login Attempt Limit Cookie Name",
          "description" : "The name of the cookie used to record the number of login attempts.<br>Property: org.forgerock.agents.login.counter.cookie.name <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 4500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "filterMode" : {
          "title" : "Agent Filter Mode",
          "description" : "Specifies the mode of operation of the Filter.<br>Valid key: the web application name. <br>Valid values: ALL, URL_POLICY, SSO_ONLY, NONE <br>For this property, a global value can be set to apply to all the applications that don't have their own specific filter mode. <br>Examples: <br>To set ALL as the global filter mode: leave Map Key field empty, and enter ALL in Corresponding MapValue field. <br>To set URL_POLICY as the filter mode for application BankApp: enter BankApp in Map Key field, and enter URL_POLICY in Corresponding Map Value field. <br>Property: org.forgerock.agents.filter.mode.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 500,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "redirectAttemptLimit" : {
          "title" : "Redirect Attempt Limit",
          "description" : "Number of successive single point redirects that a user can make using a single browser session which will trigger the blocking of the user request. Set to 0 to disable this feature.<br>Property: org.forgerock.agents.redirect.attempt.limit <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 7100,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "agentConfigChangeNotificationsEnabled" : {
          "title" : "Agent Configuration Change Notification",
          "description" : "Enable agent to receive notification messages (via websockets) from AM server for configuration changes.<br>Property: org.forgerock.agents.config.change.notifications.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 12100,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "preAuthCookieName" : {
          "title" : "Pre-Authenticated Cookie Name",
          "description" : "Specifies the name of the cookie the agent uses to track the progress of authentication with AM.<br>Property: org.forgerock.agents.authn.cookie.name <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 11210,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "localAuditLogRotation" : {
          "title" : "Rotate Local Audit Log",
          "description" : "Flag to indicate that audit log files should be rotated when reaching a certain size.<br>Property: org.forgerock.agents.local.audit.log.rotation.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 1800,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "debugLogfileRotationSize" : {
          "title" : "Debug File Rotation Size",
          "description" : "This specifies the approximate size in bytes at which a log file will be rotated to a new log file.<br>Property: org.forgerock.agents.debug.rotation.size.bytes <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 10030,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "fallforwardModeEnabled" : {
          "title" : "Fall-Forward Mode",
          "description" : "Determines how the Agent behaves when AM is unavailable, and when org.forgerock.agents.fallback.mode.enabled is NOT enabled (default behavior):<br>false: The Agent denies every incoming request for a resource, with an HTTP 403, even if the resource matched a not enforced rule at the time that AM became unavailable. <br>true: The Agent allows every incoming request for a resource matched by a not enforced rule, until AM is available, and a config change notification tells the agent to reload the not enforced rules. <br>Default: false<br>Type: Boolean<br>Hot-swap: Yes<br>Bootstrap property: No <br>Property: org.forgerock.agents.fallforward.mode.enabled <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 12115,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "status" : {
          "title" : "Status",
          "description" : "Status of the agent configuration.",
          "propertyOrder" : 200,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "loginAttemptLimit" : {
          "title" : "Login Attempt Limit",
          "description" : "Limit of failed login attempts for a user's single browser session until triggering the blocking of the user request. Value of 0 disables this feature.Property: org.forgerock.agents.login.attempt.limit.count <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 4400,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "cdssoRootUrl" : {
          "title" : "Agent Root URL for CDSSO",
          "description" : "The list of agent root URLs for CDSSO. The valid value is in the format protocol://hostname:port/, where protocol represents the protocol used, such as http or https, hostname represents the host name of the system where the agent resides, and port represents the port number on which the agent is installed. The slash following the port number is required.<br> If your agent system also has virtual host names, add URLs with the virtual host names to this list as well. AM checks that goto URLs match one of the agent root URLs for CDSSO.<br>Property: sunIdentityServerDeviceKeyValue <br>Valid for Agent 5.0 onwards",
          "propertyOrder" : 22700,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "userPrincipalFlag" : {
          "title" : "User Principal Flag",
          "description" : "Use principal instead of just the user-ID for authenticating the user.<br>Property: org.forgerock.agents.userid.mapping.mode.use.dn.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 800,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "debugLogfileRetentionCount" : {
          "title" : "Debug File Rotation Retention Count",
          "description" : "This is the number of log files to retain after rotation, so for example, setting it to 10 would give you one current debug file and nine older (rotated) files.<br>Property: org.forgerock.agents.debug.retention.count <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 10050,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "userMappingMode" : {
          "title" : "User Mapping Mode",
          "description" : "Specifies mechanism agent uses to determine user-ID.<br>Property: org.forgerock.agents.user.mapping.mode <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 600,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "userTokenName" : {
          "title" : "User Token Name",
          "description" : "Session property name for user-ID of the authenticated user in session.<br>Property: org.forgerock.agents.userid.mapping.mode.use.session.property.name <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "configurationReloadInterval" : {
          "title" : "Configuration Reload Interval",
          "description" : "Only used when websocket notifications are disabled, specifies interval in seconds after which config is reloaded automatically by the Agent. <br>Property: org.forgerock.agents.config.reload.seconds <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 1200,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "jwtName" : {
          "title" : "JWT Cookie Name",
          "description" : "The name used by the agent to set the OIDC JWT on the user's browser.<br>Property: org.forgerock.agents.jwt.cookie.name <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 11201,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "localAuditRotationSize" : {
          "title" : "Local Audit Log Rotation Size",
          "description" : "Size limit when a local audit log file is rotated to a new file.<br>Property name: com.sun.identity.agents.config.local.log.size <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 1900,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "httpSessionBinding" : {
          "title" : "HTTP Session Binding",
          "description" : "If true will invalidate the http session when login has failed, user has no SSO session, or principal user name does not match SSO user name.<br>Property: org.forgerock.agents.http.session.binding.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 3500,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "redirectAttemptLimitCookieName" : {
          "title" : "Redirect Attempt Cookie Name",
          "description" : "Agent tries to detect redirect loops while authenticating, which would normally indicate a cookie domain problem. The Agent does this by using a cookie to holds the current redirection count.<br>Property: org.forgerock.agents.redirect.cookie.name <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 7150,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "webSocketConnectionIntervalInMinutes" : {
          "title" : "WebSocket Connection Interval",
          "description" : "The time in minutes before WebSockets to AM are killed and reopened. This property helps ensure a balanced distribution of connections across the AM servers on the site. <br>Default: 30<br>Type: Integer<br>Hot-swap: Yes<br> Property: org.forgerock.agents.balance.websocket.interval.minutes <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 12120,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "auditAccessType" : {
          "title" : "Audit Access Types",
          "description" : "Types of messages to log based on user URL access attempts.<br>Property name: org.forgerock.agents.audit.what <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 1500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "lbCookieName" : {
          "title" : "Load Balancer Cookie Name",
          "description" : "The name of the load balancer cookies. This property is used only if \"org.forgerock.agents.load.balancer.cookies.enabled\" is true. To improve performance, make sure that this property has the same value as the AM property com.iplanet.amlbcookie.name.  <br>Property: org.forgerock.agents.load.balancer.cookie.name <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 12130,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "fqdnDefault" : {
          "title" : "FQDN Default",
          "description" : "Fully qualified hostname that the users should use in order to access resources.<br>Property: org.forgerock.agents.fqdn.default <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 6500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "fqdnMapping" : {
          "title" : "FQDN Virtual Host Map",
          "description" : "Maps virtual, invalid, or partial hostnames, and IP addresses to the FQDN to access protected resources.<br> Examples: <br>  To map the partial hostname myserver to myserver.mydomain.com: enter myserver in the Map Key field and myserver.mydomain.com in the Corresponding Map Value field. To map a virtual server rst.hostname.com that points to the actual server abc.hostname.com: enter valid1 in the Map Key field and rst.hostname.com in the Corresponding Map Value field. <br>Property: org.forgerock.agents.fqdn.map) <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 6600,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "fqdnCheck" : {
          "title" : "FQDN Check",
          "description" : "Enables checking of fqdn default value and fqdn map values.<br>Property: org.forgerock.agents.fqdn.check.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 6400,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "auditLogLocation" : {
          "title" : "Audit Log Location",
          "description" : "LOCAL = audit information stored in files based locally to the Agent container <br>REMOTE = audit information logged via AM. <br>Property: org.forgerock.agents.audit.where <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 1600,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "debugLogfilePrefix" : {
          "title" : "Debug File Rotation Prefix",
          "description" : "Prefix which can be added onto the front of the debug file name when it is rotated.<br>Property: org.forgerock.agents.debug.prefix <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 10010,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "preAuthCookieMaxAge" : {
          "title" : "Pre-Authenticated Cookie Max Age",
          "description" : "This is the amount of time in seconds before the pre-authn cookie will timeout.<br>Property: org.forgerock.agents.authn.cookie.max.age.seconds <br>Valid for Java Agent 5.6.3 onwards",
          "propertyOrder" : 11220,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "userAttributeName" : {
          "title" : "User Attribute Name",
          "description" : "Name of the attribute which contains the user-ID.<br>Property: org.forgerock.agents.user.mapping.mode.attribute.name <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "debugLogfileSuffix" : {
          "title" : "Debug File Rotation Suffix",
          "description" : "This is a value appended onto the end of the debug file name when it is rotated. The user is free to define it as they want, but if it does not involve a timestamp that produces different file names when the rotation time is reached, log file rotation is unlikely to function correctly<br>Property: org.forgerock.agents.debug.suffix <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 10020,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "debugLogfileRotationMinutes" : {
          "title" : "Debug File Rotation Time",
          "description" : "This is the time in minutes after which log file rotation will occur.<br>Property: org.forgerock.agents.debug.rotation.time.minutes <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 10040,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "debugLevel" : {
          "title" : "Agent Debug Level",
          "description" : "Specifies type of agent debug messages to log.<br>Property: com.iplanet.services.debug.level <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 10000,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "lbCookieEnabled" : {
          "title" : "Load Balancer Cookie Enabled",
          "description" : "When true, every policy evaluation call to AM is accompanied by a load balancer cookie. Use this property with \"org.forgerock.agents.load.balancer.cookie.name\" to improve performance. Load balancer cookies can reduce the number of calls that different AM instances make to the core token service. <br>Property: org.forgerock.agents.load.balancer.cookies.enabled <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 12125,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "customResponseHeader" : {
          "title" : "Custom Response Header",
          "description" : "Map specifies the custom headers that are set by the Agent on the client browser. The key is the header name and the value represents the header value.<br> Example: <br>  To set the custom header Cache-Control to value no-cache: enter Cache-Control in Map Key field, and enter no-cache in Corresponding Map Value field. <br>Property: org.forgerock.agents.response.header.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 7000,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "localAuditLogfileRetentionCount" : {
          "title" : "Audit Logfile Retention Count",
          "description" : "The number of audit log files to retain after rotation has occurred.Property: org.forgerock.agents.local.audit.log.retention.count <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 2100,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    },
    "advancedJ2EEAgentConfig" : {
      "type" : "object",
      "title" : "Advanced",
      "propertyOrder" : 5,
      "properties" : {
        "idleTimeRefreshWindow" : {
          "title" : "Idle Time Refresh Window",
          "description" : "Once every this number of minutes, the Agent will nudge AM so it knows a particular session is still in use, thereby resetting its idle time. <br>Property: org.forgerock.agents.idle.time.window.minutes <br>Introduced in Java Agent 5.6.2.1",
          "propertyOrder" : 14200,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "policyCacheSize" : {
          "title" : "Policy Cache Size",
          "description" : "The maximum number of sessions, i.e. distinct users, stored in the policy evaluation cache at any one time.<br>Property: org.forgerock.agents.policy.cache.session.size <br>Introduced in Java Agent 5.6 <br>Requires Agent Restart",
          "propertyOrder" : 14000,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "alternativeAgentPort" : {
          "title" : "Alternative Agent Port Number",
          "description" : "Port number identifying the Agent protected server listening port to the client browsers if different from the actual listening port. <br>Property name: org.forgerock.agents.agent.port <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 4200,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "alternativeAgentProtocol" : {
          "title" : "Alternative Agent Protocol",
          "description" : "Protocol being used (http/https) by the client browsers to communicate with the Agent protected server if different from the actual protocol used by the server.<br>Property name: org.forgerock.agents.agent.protocol <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 4300,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "postDataPreserveCacheEntryMaxEntries" : {
          "title" : "PDP Maximum Number of Cache Entries",
          "description" : "Maximum number of entries to hold in the PDP cache <br>Property: org.forgerock.agents.pdp.cache.size <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 13550,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "ssoExchangeCacheTTL" : {
          "title" : "Exchanged SSO Token Cache Time to Live",
          "description" : "This sets the time in minutes after which entries in the SSO token exchange cache will timeout and be purged. Since exchanging SSO tokens for JWTs is an expensive process, previously exchanged SSO tokens are cached so that the roundtrip to AM can be avoided in the case where an entity is unable to permanently store its JWT in a cookie. <br>Property: org.forgerock.agents.sso.exchange.cache.ttl.minutes <br>Introduced in Java Agent 5.6.2.1 <br>Requires Agent Restart",
          "propertyOrder" : 13900,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "policyClientPollingInterval" : {
          "title" : "Policy Cache TTL",
          "description" : "This sets the time in minutes after which entries in the policy cache will timeout and be purged.<br>Property: org.forgerock.agents.policy.cache.ttl.minutes <br>Valid for Java Agent 5.0 onwards <br>Requires Agent Restart",
          "propertyOrder" : 13950,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "postDataStickySessionKeyValue" : {
          "title" : "PDP Stickysession key-value",
          "description" : "The provided key-value pair will be used for adding to the URL or creating the cookie. <br>Example: <br>Set 'lb=server1' to append to the querystring or to have 'lb' cookie with 'server1' value. <br>Property: org.forgerock.agents.pdp.sticky.session.value <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 13500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "policyCachePerUser" : {
          "title" : "Policy Cache Per User",
          "description" : "This is the number of distinct policy evaluation entries that each session (stored in the policy evaluation cache) can have. Thus the total number of policy evaluation results that can be stored is the \"Policy Cache Size\" multiplied by the \"Policy Cache Per User\".<br>Property: org.forgerock.agents.policy.cache.per.session.size <br>Introduced in Java Agent 5.6 <br>Requires Agent Restart",
          "propertyOrder" : 14100,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "postDataPreservation" : {
          "title" : "Post Data Preservation enabled",
          "description" : "Post Data Preservation functionality basically stores any POST data before redirecting the user to the login screen and after successful login the agent will generate a page that autosubmits the same POST to the original URL.<br>Property: org.forgerock.agents.post.data.preservation.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 13100,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "clientHostnameHeader" : {
          "title" : "Client Hostname Header",
          "description" : "HTTP header name that holds the Hostname of the client. <br>Property: org.forgerock.agents.http.header.containing.remote.hostname <br>Valid for Agent 5.0 onwards",
          "propertyOrder" : 1100,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "jwtCacheSize" : {
          "title" : "JWT Cache Size",
          "description" : "The maximum number of entries in the JWT cache.Property: org.forgerock.agents.jwt.cache.size <br>Introduced in Java Agent 5.6 <br>Requires Agent Restart",
          "propertyOrder" : 13810,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "clientIpHeader" : {
          "title" : "Client IP Address Header",
          "description" : "HTTP header name that holds the IP address of the client. <br>Property: org.forgerock.agents.http.header.containing.ip.address <br>Valid for Agent 5.0 onwards",
          "propertyOrder" : 1000,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "alternativeAgentHostname" : {
          "title" : "Alternative Agent Host Name",
          "description" : "Host name identifying the Agent protected server to the client browsers if different from the actual host name. <br>Property: org.forgerock.agents.agent.hostname <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 4100,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "postDataCacheTtlMin" : {
          "title" : "PDP Cache TTL in Minutes",
          "description" : "This sets the time in minutes after which entries in the Post Data Preservation cache will timeout and be purged. <br>Property: org.forgerock.agents.pdp.cache.ttl.minutes <br>Introduced in Java Agent 5.6 <br>Requires Agent Restart",
          "propertyOrder" : 13300,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "fragmentRelayUri" : {
          "title" : "Fragment Relay URI",
          "description" : "To enable unauthenticated fragment retention within incoming requests, set this property to a valid dummy URI within the Agent application.<br>Example: /agentapp/pre-authn-fragment-capture <br>Property: org.forgerock.agents.authn.fragment.relay.uri <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 13090,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "jwtCacheTTL" : {
          "title" : "JWT Cache TTL",
          "description" : "This sets the time in minutes after which entries in the JWT cache will timeout and be purged. Since all JWTs in the cache have been parsed, and parsing is a CPU intensive process, having a large timeout on this cache is advantageous and will save CPU cycles reparsing already seen JWTs<br>Property: org.forgerock.agents.jwt.cache.ttl.minutes <br>Introduced in Java Agent 5.6 <br>Requires Agent Restart",
          "propertyOrder" : 13800,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "xssDetectionRedirectUri" : {
          "title" : "XSS detection redirect URI",
          "description" : "An application-specific Map that identifies a URI of the customized page if XSS code has been detected.<br>Examples: <br>To set a redirect target for application BankApp: enter BankApp in Map Key field, and enter a redirect URI in Corresponding Map Value field. <br>Property: org.forgerock.agents.xss.redirect.uri.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 12900,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "postDataPreserveCacheEntryMaxTotalSizeMb" : {
          "title" : "PDP Maximum Cache Size",
          "description" : "Maximum size of the PDP cache, in megabytes<br>Property: org.forgerock.agents.pdp.cache.total.size.mb <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 13600,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "customProperties" : {
          "title" : "Custom Properties",
          "description" : "Additional properties that allow users to augment the set of properties supported by agent.<br> Examples: <br> customproperty=custom-value1 <br> customlist[0]=customlist-value-0 <br> customlist[1]=customlist-value-1 <br> custommap[key1]=custommap-value-1 <br> custommap[key2]=custommap-value-2 <br>Property: com.sun.identity.agents.config.freeformproperties <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 20000,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "missingPostDataPreservationEntryUri" : {
          "title" : "Missing PDP entry URI",
          "description" : "An application-specific URI Map that is used in case the referenced PDP entry cannot be found in the local cache (due to ttl). In such cases it will redirect to the specified URI, otherwise it will show a HTTP 403 Forbidden error. <br>Examples: <br>To set a redirect target for application BankApp: enter Bankapp in Map Key field and enter a redirect URI in corresponding Map Value field. <br>Property: org.forgerock.agents.pdp.noentry.url.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 13200,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "expiredSessionCacheTTL" : {
          "title" : "Expired Session Cache Timeout",
          "description" : "The time in minutes after which entries in the expired session cache timeout and are purged.<br>The expired session cache records sessions that have been killed by AM.Use the cache to reduce network traffic and load on AM. When the Agent receives a request using an invalidated token, it rejects the request without needing to retrieve session information from AM.<br>Default: 20<br>Type: Integer<br>Hot swap: No<br> Property: org.forgerock.agents.sso.expired.session.cache.ttl.minutes <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 13710,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "monitoringToCSV" : {
          "title" : "Export Monitoring Metrics to CSV",
          "description" : "When set to true, the Agent will write monitoring information to CSV files. <br>Property: org.forgerock.agents.monitoring.to.csv.enabled <br>Introduced in Java Agent 5.5",
          "propertyOrder" : 13085,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "expiredSessionCacheSize" : {
          "title" : "Expired Session Cache Max Records",
          "description" : "The maximum number of entries in the expired session cache. When the maximum is reached, the oldest records are overwritten.<br> The expired session cache records sessions that have been killed by AM. Use the cache to reduce network traffic and load on AM. When the Agent receives a request using a token in the expired session cache, it rejects the request without needing to retrieve session information from AM.<br>Default: 500<br>Type: Integer<br> Hot swap: No<br>Property: org.forgerock.agents.expired.session.cache.size <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 13720,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "postDataCacheTtl" : {
          "title" : "PDP Cache TTL in Milliseconds",
          "description" : "This value tells how long a given POST entry should be stored in the local cache (in milliseconds), default value is 300000. DEPRECATED: use \"PDP Cache TTL in Minutes\" instead <br>Property: com.sun.identity.agents.config.postdata.preserve.cache.entry.ttl <br>Valid for Java Agent 5.0 onwards<br>Requires Agent Restart",
          "propertyOrder" : 13310,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "ssoExchangeCacheSize" : {
          "title" : "Exchanged SSO Token Cache Size",
          "description" : "The number of entries in the SSO Exchange cache. <br>Property: org.forgerock.agents.sso.exchange.cache.size <br>Introduced in Java Agent 5.6.2.1 <br>Requires Agent Restart",
          "propertyOrder" : 13910,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "possibleXssCodeElements" : {
          "title" : "Possible XSS code elements",
          "description" : "If one of these strings occurs in the request, the client is redirected to an error page.<br>Property: org.forgerock.agents.xss.code.element.list <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 12800,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sessionCacheTTL" : {
          "title" : "Session Cache TTL",
          "description" : "This sets the time in minutes after which entries in the session cache will timeout and be purged. If an entry is not cached, the Agent will need to retrieve session information from AM, hence by default the timeout is much longer than for the policy cache. <br>Property: org.forgerock.agents.session.cache.ttl.minutes<br>Introduced in Java Agent 5.6 <br>Requires Agent Restart",
          "propertyOrder" : 13700,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "postDataStickySessionMode" : {
          "title" : "PDP Stickysession mode",
          "description" : "If the PDP mechanism needs sticky loadbalancing, the URL mode will append a querystring, while the Cookie mode will create a cookie. <br>Property: org.forgerock.agents.pdp.sticky.session.mode <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 13400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "applicationJ2EEAgentConfig" : {
      "type" : "object",
      "title" : "Application",
      "propertyOrder" : 1,
      "properties" : {
        "notEnforcedIps" : {
          "title" : "Not Enforced Client IP List",
          "description" : "No authentication and authorization protection from agent are required for the requests coming from these client IP addresses. <br> Examples: <br> 192.18.145.* <br> 192.18.146.123 Property: org.forgerock.agents.notenforced.ip.list <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 7900,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sessionAttributeMap" : {
          "title" : "Session Attribute Mapping",
          "description" : "Maps the session attributes to be populated under specific names for the currently authenticated user.<br> Example: <br>  To populate the value of session attribute UserToken under name CUSTOM-userid: enter UserToken in Map Key field, and enter CUSTOM-userid in Corresponding Map Value field. <br>Property: org.forgerock.agents.session.attribute.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 9000,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "profileAttributeMap" : {
          "title" : "Profile Attribute Mapping",
          "description" : "Maps the profile attributes to be populated under specific names for the currently authenticated user.<br> Example: <br> To populate the value of profile attribute cn under name CUSTOM-Common-Name: enter cn in Map Key field, and enter CUSTOM-Common-Name in Corresponding Map Value field. <br> To populate the value of profile attribute mail under name CUSTOM-Email: enter mail in Map Key field, and enter CUSTOM-Email in Corresponding Map Value field. <br>Property: org.forgerock.agents.profile.attribute.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 8800,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "responseAttributeFetchMode" : {
          "title" : "Response Attribute Fetch Mode",
          "description" : "The mode of fetching policy response attributes.<br>Property: com.sun.identity.agents.config.response.attribute.fetch.mode <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 9100,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "logoutEntryUri" : {
          "title" : "Logout Entry URI",
          "description" : "An application-specific Map that identifies a URI to be used as an entry point after successful logout and subsequent successful authentication if applicable. <br>Valid key: the web application name. <br>Valid value: the logout entry URI. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific logout entry URI. <br> Examples: <br>To set a global application logout entry URI: leave Map Key field empty, and enter the global application logout entry URI /welcome.html in Corresponding Map Value field. <br> To set the logout entry URI for application BankApp: enter BankApp in Map Key field, and enter the logout entry URI /BankApp/welcome.html in Corresponding Map Value field. <br>Property: org.forgerock.agents.logout.goto.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 6300,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "logoutRequestParameters" : {
          "title" : "Logout Request Parameter",
          "description" : "An application-specific Map that identifies a parameter which when present in the HTTP request indicates a logout event. <br>Valid key: the web application name. <br>Valid value: the logout request parameter. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific logout request parameter. <br> Examples: <br>To set a global application logout request parameter: leave Map Key field empty, and enter the global application logout request parameter logoutparam in Corresponding Map Value field. <br> To set the logout request parameter for application BankApp: enter BankApp in Map Key field, and enter the logout request parameter logoutparam in Corresponding Map Value field. <br>Property: org.forgerock.agents.logout.request.param.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 6100,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "resourceAccessDeniedUri" : {
          "title" : "Resource Access Denied URI",
          "description" : "An application-specific Map that identifies a URI of the customized access denied page.<br>Valid key: the web application name. <br>Valid value: the customized application access denied page URI. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific access denied page.  <br> Examples: <br>To set a global access denied page: leave Map Key field empty, and enter the global access denied page URI /sample/accessdenied.html in Corresponding Map Value field. <br> To set the access denied page URI for application BankApp: enter BankApp in Map Key field, and enter the application access denied page URI /BankApp/accessdenied.html in Corresponding Map Value field. <br>Property: org.forgerock.agents.access.denied.uri.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 2700,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "cookieAttributeUrlEncoded" : {
          "title" : "Attribute Cookie Encode",
          "description" : "Indicates if the value of the attribute should be URL encoded before being set as a cookie.<br>Property: org.forgerock.agents.attribute.cookie.encode.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 8500,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "notEnforcedUrisCacheEnabled" : {
          "title" : "Not Enforced URIs Cache Enabled",
          "description" : "Enables the caching of the Not Enforced URIs list evaluation results.<br>Property: org.forgerock.agents.notenforced.uri.cache.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 7700,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "responseAttributeMap" : {
          "title" : "Response Attribute Mapping",
          "description" : "Maps the policy response attributes to be populated under specific names for the currently authenticated user. <br> Example: <br> To populate the value of response attribute uid under name CUSTOM-USER-NAME: enter uid in Map Key field, and enter CUSTOM-USER-NAME in Corresponding Map Value field. <br>Property: org.forgerock.agents.response.attribute.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 9200,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "notEnforcedFavicon" : {
          "title" : "Not Enforced Favicon",
          "description" : "This flag, if enabled, automatically adds \"*/favicon.ico\" to the not enforced list.  This can help to avoid odd situations in which a user is required to log in after logging out, just because favicon.ico has been requested by browser. <br>Property: org.forgerock.agents.auto.not.enforce.favicon.enabled <br>Introduced in Java Agent 5.7 <br>Requires Agent Restart",
          "propertyOrder" : 7650,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "loginFormUri" : {
          "title" : "Login Form URI",
          "description" : "List of absolute URIs corresponding to an application's web.xml form-login-page element.<br> Example: <br> /BankApp/jsp/login.jsp<br>Property: com.sun.identity.agents.config.login.form <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 2800,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "invertNotEnforcedUris" : {
          "title" : "Invert Not Enforced URIs",
          "description" : "Inverts protection of  URIs specified in Not Enforced URIs list. When set to true, it indicates that the URIs specified should be enforced and all other URIs should be not enforced by the Agent.<br>Property: org.forgerock.agents.notenforced.uri.invert.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 7600,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "clientIpValidationMode" : {
          "title" : "Client IP Validation Mode",
          "description" : "Checks that that the request originates from the same IP address as used for first authentication, or that any change in IP address is in the \"approved\" list. <br>Key: Application name. If the application is not named, check the the IP address globally, for all applications. <br>Value:<br> OFF: Do not check the IP address. <br> DENY: If IP address is not approved, refuse the request and return an HTTP 403. <br> LOGOUT: If IP address is not approved, log out from AM to destroy the user session. <br>Property: org.forgerock.agents.original.ip.check.mode.map <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 8250,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "notEnforcedUris" : {
          "title" : "Not Enforced URIs",
          "description" : "List of URIs for which protection is not enforced by the Agent. <br> Examples: <br> /BankApp/public/* <br> /BankApp/images/* <br>Property: org.forgerock.agents.notenforced.uri.list <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 7500,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "notEnforcedIpsCacheSize" : {
          "title" : "Not Enforced IP Cache Size",
          "description" : "Size of the cache to be used if Not Enforced IP Cache Flag is enabled.<br>Property: org.forgerock.agents.notenforced.ip.cache.size <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 8200,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "notEnforcedIpsCacheEnabled" : {
          "title" : "Not Enforced IP Cache Flag",
          "description" : "Enable caching of not-enforced IP list evaluation results.<br>Property: org.forgerock.agents.notenforced.ip.cache.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 8100,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "profileAttributeFetchMode" : {
          "title" : "Profile Attribute Fetch Mode",
          "description" : "The mode of fetching profile attributes.<br>Property: com.sun.identity.agents.config.profile.attribute.fetch.mode <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 8700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "cookieAttributeMultiValueSeparator" : {
          "title" : "Cookie Separator Character",
          "description" : "Character that will be used to separate multiple values of the same attribute when it is being set as a cookie. <br>Property: org.forgerock.agents.attribute.cookie.separator <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 8300,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "invertNotEnforcedIps" : {
          "title" : "Invert Not Enforced IPs",
          "description" : "Client IP Addresses to invert protection of IP addresses listed in the related Not Enforced Client IP List.<br>Property: org.forgerock.agents.notenforced.ip.invert.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 8000,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "notEnforcedRuleCompoundSeparator" : {
          "title" : "Not Enforced Compound Rule Separator",
          "description" : "Specifies a separator for not enforced compound rules. The format for compound rules requires a list of IP rules, a separator (by default the | character), and a list of URI rules. <br>Example, GET 192.168.1.1-192.168.4.3 | /images/* <br>Configure a different separator (for example, &&) when working with the REGEX keyword to avoid invalid regular expressions. <br>Property: com.sun.identity.agents.config.notenforced.rule.compound.separator <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 7450,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sessionAttributeFetchMode" : {
          "title" : "Session Attribute Fetch Mode",
          "description" : "The mode of fetching session attributes.<br>Property: com.sun.identity.agents.config.session.attribute.fetch.mode <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 8900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "continuousSecurityCookies" : {
          "title" : "Continuous Security Cookies",
          "description" : "The name of the cookies to be sent as part of the payload during policy evaluation, which can be accessed via the 'environment' variable in a policy script. The 'key' is the name of the cookie to be sent, and the 'value' is the name which it will appear as in the policy evaluation script. It is possible to map multiple cookies to the same name (they will simply appear as an array in the evaluation script). If the cookie doesn't exist, then the empty string will be sent. <br>Property: org.forgerock.openam.agents.config.continuous.security.cookies <br>Valid for Agent 5.0 onwards",
          "propertyOrder" : 3210,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "logoutIntrospection" : {
          "title" : "Logout Introspect Enabled",
          "description" : "Allows the Agent to search HTTP request body to locate logout parameter.<br>Property: org.forgerock.agents.logout.introspection.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 6200,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "clientIpValidationRange" : {
          "title" : "Client IP Validation Address Range",
          "description" : "Comma separated list of IP addresses and/or ranges of IP addresses in CIDR format. Key = application(if empty for all applications) Requires \"Client IP Validation Mode\" property be DENY or LOGOUT.<br>Property: org.forgerock.agents.acceptable.ip.address.map <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 8275,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "notEnforcedUrisCacheSize" : {
          "title" : "Not Enforced URIs Cache Size",
          "description" : "Size of the cache to be used if caching of not enforced URI list evaluation results is enabled.<br>Property: org.forgerock.agents.notenforced.uri.cache.size <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 7800,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "continuousSecurityHeaders" : {
          "title" : "Continuous Security Headers",
          "description" : "The name of the headers in the user's original request, that will be sent as part of the payload during policy evaluation, which can then be accessed via the 'environment' variable in a policy script. The 'key' is the name of the header to be sent, and the 'value' is the name which it will appear as in the policy evaluation script.It is possible to map multiple headers to the same name (they will simply appear as an array in the evaluation script). If the header doesn't exist, then the empty string will be sent. <br>Property: org.forgerock.openam.agents.config.continuous.security.headers <br>Valid for Agent 5.0 onwards",
          "propertyOrder" : 3211,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "applicationLogoutUris" : {
          "title" : "Application Logout URI",
          "description" : "An application-specific Map that identifies a request URI which indicates a logout event.<br>Valid key: the web application name. <br>Valid value: the application logout URI. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific logout URI.  <br> Examples: <br>To set a global application logout URI: leave Map Key field empty, and enter the global application logout URI /logout.jsp in Corresponding Map Value field. <br> To set the logout URI for application BankApp: enter BankApp in Map Key field, and enter the application logout URI /BankApp/logout.jsp in Corresponding Map Value field. <br>Property: org.forgerock.agents.logout.endpoint.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 6000,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "headerAttributeDateFormat" : {
          "title" : "Fetch Attribute Date Format",
          "description" : "Format of date attribute values to be used when the attribute is being set as HTTP header. Format is based on java.text.SimpleDateFormat. <br>Property: org.forgerock.agents.attribute.date.format <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 8400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "amServicesJ2EEAgent" : {
      "type" : "object",
      "title" : "AM Services",
      "propertyOrder" : 3,
      "properties" : {
        "conditionalLogoutUrl" : {
          "title" : "AM Conditional Logout URL",
          "description" : "Examples: <br> match|url?param1=value1&amp;param2=value2 <br>match/path|?param1=value1&amp;param2=value2&amp;param3=value3 <br>Property: org.forgerock.agents.conditional.logout.url.list <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 12550,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "customLoginEnabled" : {
          "title" : "Allow Custom Login Mode",
          "description" : "Flag to enable custom login. <br>Property: org.forgerock.agents.legacy.login.enabled <br>Introduced in Java Agent 5.0.1",
          "propertyOrder" : 3700,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "overridePolicyEvaluationRealmEnabled" : {
          "title" : "Perform Policy Evaluation in User Authenticated Realm",
          "description" : "When true, user authenticated realm will be used for policy evaluation and ignores the value in org.forgerock.agents.policy.evaluation.realm.map. <br>Default: false<br>Type: Boolean<br>Hot-swap: Yes<br> Property: org.forgerock.agents.user.realm.overrides.policy.evaluation.realm.enabled <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 5410,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "agentAdviceEncode" : {
          "title" : "Composite Advice Encode",
          "description" : "This property is used to specify whether AM composite advices should be based64url encoded before sending to custom login endpoints. <br>Property: org.forgerock.agents.advice.b64.url.encode <br>Introduced in Java Agent 5.6.2",
          "propertyOrder" : 13050,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "amLoginUrl" : {
          "title" : "AM Login URL",
          "description" : "AM login page URL. <br> Example: <br> http://host:port/am/UI/Login <br>Property: com.sun.identity.agents.config.login.url <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 3710,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "authSuccessRedirectUrl" : {
          "title" : "Redirect to AM's Success URL",
          "description" : "When enabled, the Agent will redirect to the session's Success URL instead (defined in auth. chain) of the originally requested resource after successful authentication. <br>Property: org.forgerock.agents.authn.success.redirect.session.url.enabled <br>Introduced in Java Agent 5.6.3",
          "propertyOrder" : 4000,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "authServiceHost" : {
          "title" : "AM Authentication Service Host Name",
          "description" : "Host name to be used by the AM authentication service. This property need to be updated in Bootstrap.properties <br>Property: org.forgerock.agents.am.hostname <br>Valid for Java Agent 5.0 onwards <br>Requires Agent Restart",
          "propertyOrder" : 11000,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "urlPolicyEnvGetParameters" : {
          "title" : "URL Policy Env GET Parameters",
          "description" : "List of HTTP GET request parameters whose names and values will be set in the environment map for URL policy evaluation at AM server.<br> Examples: <br> name <br> phonenumber <br>Property: org.forgerock.agents.continuous.security.get.list <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 11800,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "policyEvaluationApplication" : {
          "title" : "Policy Set",
          "description" : "Which application contains the policies to evaluate with. <br>Property: org.forgerock.agents.policy.set.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 5500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "authServiceProtocol" : {
          "title" : "AM Authentication Service Protocol",
          "description" : "Protocol to be used by the AM authentication service. This property need to be updated in AgentBootstrap.properties <br>Property: org.forgerock.agents.am.protocol <br>Valid for Java Agent 5.0 onwards <br>Requires Agent Restart",
          "propertyOrder" : 10900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "authServicePort" : {
          "title" : "AM Authentication Service Port",
          "description" : "Port to be used by the AM authentication service. This property need to be updated in Bootstrap.properties<br>Property: org.forgerock.agents.am.port <br>Valid for Java Agent 5.0 onwards <br>Requires Agent Restart",
          "propertyOrder" : 11100,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "conditionalLoginUrl" : {
          "title" : "AM Conditional Login URL",
          "description" : "Examples: <br> match|url?param1=value1&amp;ampparam2=value2 <br> match/path|?param1=value1&amp;ampparam2=value2&amp;ampparam3=value3 <br>Property: org.forgerock.openam.agents.config.conditional.login.url <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 3800,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "urlPolicyEnvJsessionParameters" : {
          "title" : "URL Policy Env jsession Parameters",
          "description" : "List of HTTP SESSION attributes whose names and values will be set in the environment map for URL policy evaluation at AM server. <br> Examples: <br> name <br> phonenumber <br>Property: org.forgerock.agents.continuous.security.http.session.list <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 12000,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "legacyLoginUrlList" : {
          "title" : "Custom Conditional Login URL",
          "description" : "Conditionally redirect users based on the incoming request URL. If the incoming request URL matches a specified domain name, the Java agent redirects the request to a specific URL. Conditional redirects have the format [Domain/path]|[URL?realm=value&amp;parameter1=value1...], with no spaces between values. <br>Example: myapp.domain.com|https://login.example.com/apps/login.jsp?realm=sales  <br>Property: org.forgerock.openam.agents.config.conditional.custom.login.url <br>Introduced in Java Agent 5.0.1",
          "propertyOrder" : 3900,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "policyNotifications" : {
          "title" : "Enable Policy Notifications",
          "description" : "Enable Notifications(via websockets) for remote policy client.<br>Property: org.forgerock.agents.policy.change.notifications.enabled <br>Valid for Java Agent 5.0 onwards <br>Requires Agent Restart",
          "propertyOrder" : 11200,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "restrictToRealm" : {
          "title" : "Restrict To Realm",
          "description" : "A map keyed by application name which allows users from only the specified realms (each entry is a CSV) to access the specified application. If no restricted realm is set, any user from any realm will be allowed access. Keyed by application name, value is a comma separated list of realms from which users may request resources. <br>Property: org.forgerock.agents.restrict.to.realm.map <br>Introduced in Java Agent 5.6.2.1",
          "propertyOrder" : 13080,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "policyEvaluationRealm" : {
          "title" : "Policy Evaluation Realm",
          "description" : "Which realm to start evaluating from. <br>Property: org.forgerock.agents.policy.evaluation.realm.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 5400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "urlPolicyEnvPostParameters" : {
          "title" : "URL Policy Env POST Parameters",
          "description" : "List of HTTP POST request parameters whose names and values will be set in the environment map for URL policy evaluation at AM server. <br> Examples: <br> name <br> phonenumber <br>Property: org.forgerock.agents.continuous.security.post.list <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 11900,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        }
      }
    },
    "ssoJ2EEAgentConfig" : {
      "type" : "object",
      "title" : "SSO",
      "propertyOrder" : 2,
      "properties" : {
        "cookieResetDomains" : {
          "title" : "Cookies Reset Domain Map",
          "description" : "Maps cookie names specified in Cookie Reset Name List to value being the domain of this cookie to be used when a reset event occurs. <br>Property: org.forgerock.agents.cookie.reset.domain.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 4800,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "httpOnly" : {
          "title" : "Http Only",
          "description" : "Flag saying whether HTTP only cookies are enabled.<br>Property: com.sun.identity.cookie.httponly <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 5910,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "cookieResetEnabled" : {
          "title" : "Cookie Reset",
          "description" : "Agent resets cookies in the response before redirecting to authentication.<br>Property: org.forgerock.agents.cookie.reset.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 4600,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "acceptIPDPCookie" : {
          "title" : "Convert SSO Tokens into OpenID Connect JWTs",
          "description" : "When this property is set to true, for each incoming request, when the user does not present a JWT in the designated cookie, the Agent will look for an SSO token in the iPlanetDirectoryPro cookie (configurable in AM). If this is found, the Agent invokes AM to exchange it for a JWT which is then used in further requests. The result is cached, so interaction with AM will not be needed, if the same SSO token is presented in the future (and the existing cache entry is still valid)<br>Property: org.forgerock.agents.accept.ipdp.cookie.enabled <br>Introduced in Java Agent 5.6.2.1",
          "propertyOrder" : 5900,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "acceptSsoTokenDomainList" : {
          "title" : "SSO Cookie Domain List",
          "description" : "A list of domains in which the Agent attempts to create SSO cookies when Accept SSO Tokens is true:<br> If the list is empty, the agent creates cookies only in its own domain.<br> If the agent is running behind a browser, it can create cookies only in its own domain.<br> If the agent is running behind a proxy, it should be able to create cookies in any required domains.<br> Default: Empty<br>Type: List of strings that represent domains<br>Hot-swap: Yes <br>Property: org.forgerock.agents.ipdp.cookie.domain.list <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 5802,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "encodeCookies" : {
          "title" : "Encode Cookies",
          "description" : "Cookies are encoded, if set. <br>Property: com.iplanet.am.cookie.encode <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 5920,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "setCookieAttributeMap" : {
          "title" : "Set-Cookie Attribute Map",
          "description" : "Text from this map will be added directly into the Set-Cookie header by the AttributeTaskHandler and its descendants when it creates cookies out of Profile Attributes, Session Info Attributes and/or Response Attributes. The key is the cookie name, the value is any arbitrary text suitable for the Set-Cookie header. Users should remember semicolons if they wish to add multiple values. Values inappropriate for the header will likely cause the Agent to fail to create the relevant cookie. <br>Property: org.forgerock.agents.set.cookie.attribute.map, <br>Introduced in Java Agent 5.6.3",
          "propertyOrder" : 5950,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "authExchangeUri" : {
          "title" : "Authentication Exchange URI",
          "description" : "This property allows the administrator to enable an endpoint that will facilitate the exchange of SSO tokens for OIDC JWTs. The value is empty by default and thus the endpoint is not accessible.<br>Property: org.forgerock.agents.authn.exchange.uri <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 5901,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "cookieResetPaths" : {
          "title" : "Cookies Reset Path Map",
          "description" : "Maps cookie names specified in Cookie Reset Name List to value being the path of this cookie to be used when a reset event occurs.<br>Property: org.forgerock.agents.cookie.reset.path.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 4900,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "authExchangeCookieName" : {
          "title" : "Authentication Exchange Cookie Name",
          "description" : "This property allows the administrator to define a cooke name that will be used by the authn exchange endpoint. The value is empty by default and the endpoint will thus not be capable of examining cookie values <br>Property: org.forgerock.agents.authn.exchange.cookie.name <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 5902,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "excludedUserAgentsList" : {
          "title" : "Samesite Cookie Attributes Excluded User Agents Pattern List",
          "description" : "Excluded User agents pattern list. List of incompatible user agents that will be prevented from receiving SameSite cookie attributes. <br>Property: org.forgerock.agents.samesite.excluded.user.agents.list <br>Introduced in Java Agent 5.6.3",
          "propertyOrder" : 5960,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "cdssoDomainList" : {
          "title" : "CDSSO Domain List",
          "description" : "Domains for which cookies have to be set in a CDSSO scenario. <br> Example: <br> .forgerock.com <br>Property: org.forgerock.agents.jwt.cookie.domain.list <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 5800,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "cookieResetNames" : {
          "title" : "Cookies Reset Name List",
          "description" : "Cookie names that will be reset by the Agent if Cookie Reset is enabled.<br>Property: org.forgerock.agents.cookie.reset.name.list <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 4700,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "acceptSsoTokenEnabled" : {
          "title" : "Accept SSO Tokens",
          "description" : "When true, the Agent does not attempt to convert SSO tokens to OIDC tokens. Use this option to continue to use SSO tokens, when the Agent and the token issuer are in the same domain.<br>When false, the Agent accepts SSO tokens and converts them to OIDC tokens. Use this option for better security, and in applications and APIs where the backend requires user information in form of an OIDC token.<br>Default: False<br>Type: Boolean<br> Hot-swap: Yes<br>Property: org.forgerock.agents.accept.sso.tokens.enabled <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 5801,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "cdssoSecureCookies" : {
          "title" : "Transmit Cookies Securely",
          "description" : "When true, all cookies written by the Java Agent are secure. <br>Default: false.<br>Property: org.forgerock.agents.secure.cookies.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 5700,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "cdssoRedirectUri" : {
          "title" : "CDSSO Redirect URI",
          "description" : "An intermediate URI that is used by the Agent for processing CDSSO requests. <br>Property: org.forgerock.agents.authn.redirect.uri <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 5100,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "setCookieInternalMap" : {
          "title" : "Set-Cookie Internal Map",
          "description" : "Text from this map will be added directly into the Set-Cookie header when creating \"internal\" cookies (e.g. the am-auth-jwt and pre-auth cookies). This allows, among other things, the same-site value to be manipulated. The key is the cookie name, the value is any arbitrary text suitable for the Set-Cookie header. Users should remember semicolons if they wish to add multiple values.  Values inappropriate for the header will likely cause the Agent to fail to create the relevant cookie. <br>Property: org.forgerock.agents.set.cookie.internal.map <br>Introduced in Java Agent 5.6.3",
          "propertyOrder" : 5940,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        }
      }
    }
  }
}

delete

Usage

am> delete J2EEAgentGroups --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action J2EEAgentGroups --realm Realm --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action J2EEAgentGroups --realm Realm --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action J2EEAgentGroups --realm Realm --actionName nextdescendents

query

Querying the agent groups of a specific type

Usage

am> query J2EEAgentGroups --realm Realm --filter filter

Parameters

--filter

A CREST formatted query filter, where "true" will query all.

read

Usage

am> read J2EEAgentGroups --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

update

Usage

am> update J2EEAgentGroups --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "miscJ2EEAgentConfig" : {
      "type" : "object",
      "title" : "Miscellaneous",
      "propertyOrder" : 4,
      "properties" : {
        "agent302RedirectContentType" : {
          "title" : "HTTP 302 Redirect Content Type",
          "description" : "When HTTP 302 Redirects Enabled is false, this property specifies the content type of the data to return instead of an HTTP 302 Redirect.<br>Type: String<br>Default: application/json<br>Hot-swap: Yes<br>Property: org.forgerock.agents.302.redirect.http.content.type <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 20000,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "portCheckEnabled" : {
          "title" : "Port Check Enable",
          "description" : "Indicates if port check functionality is enabled or disabled.<br>Property: org.forgerock.agents.port.check.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 7200,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "agent302RedirectStatusCode" : {
          "title" : "HTTP 302 Redirect Replacement HTTP Code",
          "description" : "When HTTP 302 Redirects Enabled is false, this property specifies the HTTP code to return instead of an HTTP 302 Redirect. <br>Type: Integer<br>Default: 200<br>Hot-swap: Yes<br> Property: org.forgerock.agents.302.redirect.http.status.code <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 19900,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "portCheckSetting" : {
          "title" : "Port Check Setting",
          "description" : "Map of port versus protocol entries with the key being the listening port number and value being the listening protocol to be used by the Agent to identify requests with invalid port numbers.<br> Example: <br> To map port 80 to protocol http: enter 80 in Map Key field, and enter http in Corresponding Map Value field. <br>Property name: org.forgerock.agents.port.check.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 7400,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "unwantedHttpUrlRegexParams" : {
          "title" : "Regular Expression Remove Query Parameters",
          "description" : "Specifies a list of regular expressions the agent uses to match query parameters to be removed from a URL for policy decision and caching purposes. The property has the format [Domain/path] | regular_expression[,regular_expression...] with no spaces between values.<br>Property: org.forgerock.agents.unwanted.http.url.params.regex.list <br>Introduced in Java Agent 5.5",
          "propertyOrder" : 19600,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "authFailReasonParameterName" : {
          "title" : "Authentication Fail Reason Parameter Name",
          "description" : "If this property is defined, the agent will pass the named parameter to a custom page (defined by \"Authentication Fail Reason Url\") saying why authentication failed. The reason can be very detailed and users may want to use the \"Authentication Fail Reason Parameter Value Map\" to give custom detail, otherwise these default values will be used: AUTHN_BOOKKEEPING_COOKIE_MISSING, NONCE_MISSING, EXCEPTION <br>Property: org.forgerock.agents.authn.fail.reason.parameter.name <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 19000,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "portCheckFile" : {
          "title" : "Port Check File",
          "description" : "Name or complete path of a file that has the necessary content needed to handle requests that need port correction. <br>Property: org.forgerock.agents.port.check.file <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 7300,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "loginReasonParameterName" : {
          "title" : "Login Reason Parameter Name",
          "description" : "Property to say why the user is being asked to login, the agent will (in custom login mode ONLY) pass the named parameter to the custom login endpoint, with an appropriate value. Note that this property is not enabled by default as this additional information represents an information leak. Default reasons: NO_TOKEN, JWT_INVALID, TOKEN_EXPIRED, EXCEPTION. <br>Property: org.forgerock.agents.login.reason.parameter.name <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 18700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "authFailReasonUrl" : {
          "title" : "Authentication Fail Reason Url",
          "description" : "This property allows administrators to set the URL/URI of a web page that says that authentication failed and which may, using the login fail reason parameter, explain why.<br>Property: org.forgerock.agents.authn.fail.url <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 18900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "wantedHttpUrlRegexParams" : {
          "title" : "Regular Expression Retain Query Parameters",
          "description" : "Specifies a list of regular expressions the agent uses to match query parameters to be retained for policy decision and caching purposes. The property has the format [Domain/path] | regular_expression[,regular_expression...] with no spaces between values. <br>Property: org.forgerock.agents.wanted.http.url.params.regex.list <br>Introduced in Java Agent 5.5",
          "propertyOrder" : 19400,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "localeCountry" : {
          "title" : "Locale Country",
          "description" : "<br>Property: org.forgerock.agents.locale.country <br>Valid for Java Agent 5.0 onwards<br>Requires Agent Restart",
          "propertyOrder" : 1400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "loginReasonMap" : {
          "title" : "Login Reason Value Map",
          "description" : "This map allows some of the possible reasons to be mapped to arbitrary values, when empty will be used default values(see: \"Login Reason Parameter Name\" description). LOGIN REASON=CUSTOM VALUE e.g. [JWT_INVALID]=corrupted_token. <br>Property: org.forgerock.agents.login.reason.remapper <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 18800,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "legacyRedirectUri" : {
          "title" : "Legacy User Agent Redirect URI",
          "description" : "An intermediate URI used by the Agent to redirect legacy user agent requests.<br>Property: org.forgerock.agents.legacy.redirect.uri <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 6900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "agent302RedirectHttpData" : {
          "title" : "HTTP 302 Redirect Data",
          "description" : "When HTTP 302 Redirects Enabled is false, this property specifies the data to return instead of an HTTP 302 Redirect.<br>The following values are substituted in the default example:<br>%REQUEST_URI% is substituted for the URI of the incoming request.<br>%REQUEST_URL% is substituted for full path of the incoming request.<br>%TARGET% is substituted for the URI of the full path of the intended redirection target, and includes parameters if appropriate.<br> Substituted values can each occur zero or more times in the text.<br> Type: String<br>Default:<br> <pre>{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}</pre><br> Hot-swap: Yes<br>Property: org.forgerock.agents.302.redirect.http.data <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 20100,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "wantedHttpUrlParams" : {
          "title" : "Retain Query Parameters",
          "description" : "Specifies a list of query parameters to be retained (other parameters will be removed) from a URL for policy decision and caching purposes. The property has the format [Domain/path] | parameter[,parameter...] with no spaces between values.<br>Example: myapp.example.com/customers|location,lang <br>Property: org.forgerock.agents.wanted.http.url.param.list <br>Introduced in Java Agent 5.5",
          "propertyOrder" : 19300,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "gotoUrl" : {
          "title" : "Goto Url",
          "description" : "This is a URL used in rare circumstances where the Agent has nowhere else to go. For instance if the user requests a resource, authenticates for the first time, then presses the back button and the administrator hasn't set up the authn fail URL. <br>Property: org.forgerock.agents.default.goto.url <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 19200,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "gotoParameterName" : {
          "title" : "Goto Parameter Name",
          "description" : "This is the name of the HTTP query \"goto\" parameter. It is not recommended to change it.<br>Property: com.sun.identity.agents.config.redirect.param <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 3600,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "legacyUserAgentSupport" : {
          "title" : "Legacy User Agent Support Enable",
          "description" : "Enables support for legacy user agents (browser).<br>Property: org.forgerock.agents.legacy.support.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 6700,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "agent302RedirectEnabled" : {
          "title" : "HTTP 302 Redirects Enabled",
          "description" : "Controls how the Agent handles redirects, as follows: <br> true: HTTP 302 Redirects are enabled. When an unauthenticated user attempts to access a resource, and not-enforced rules do not automatically grant access to the resource, the Agent returns an HTTP 302 to redirect the user to an authentication endpoint.<br>false: HTTP 302 Redirects are disabled. When an unauthenticated user attempts to access a resource, the Agent returns a block of configurable JSON that can be intercepted.<br> The returned HTTP code, content type, and data is configured by the properties <b>HTTP 302 Redirect Replacement HTTP Code, HTTP 302 Redirect Content Type, and HTTP 302 Redirect Data.</b><br> Lists of URLs in a not-enforced rule style, for which the data is produced are configured by the properties <b>HTTP 302 Redirect Not Enforced List and HTTP 302 Redirect Invert Not Enforced List.</b><br>The following example JSON shows the request path as a URL and URI, and the target URL of the disabled redirect: <br> <pre>{\"redirect\": { \"requestUri\": \"examples/index.html#section_two\", \"requestUrl\": \"http://my.example.com:8020/examples/index.html#section_two\", \"targetUrl\": \"http://openam.example.com:8010/openam/oauth2/authorize?scope=openid&response_type=id_token&redirect_uri= . . . }}</pre><br> Use this option when it is difficult to handle 302, for example, when the Agent is accessed by a JavaScript application, or by something other than a browser.<br>Type: Boolean<br>Default: true<br>Hot-swap: Yes <br>Property: org.forgerock.agents.302.redirects.enabled <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 19800,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "agent302RedirectInvertEnabled" : {
          "title" : "HTTP 302 Redirect Invert Not Enforced List",
          "description" : "When true, this property inverts the meaning of HTTP 302 Redirect Not Enforced List, so that it specifies a list of URLs for which HTTP 302 Redirect does take place.<br>Type: Boolean<br>Default: false<br>Hot-swap: Yes<br> Property: org.forgerock.agents.302.redirect.invert.enabled <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 20300,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "agent302RedirectNerList" : {
          "title" : "HTTP 302 Redirect Not Enforced List",
          "description" : "When HTTP 302 Redirects Enabled is false, this property specifies a list of URLs for which HTTP 302 Redirect does not take place.<br>If a request does not match an entry in the list, or if the list is empty, an HTTP 302 Redirect takes place for all unauthenticated requests to access a resource, where other not-enforced rules do not automatically grant access to the resource.<br>If a request matches an entry in the list, HTTP 302 Redirect does not take place for that request, and the Agent returns a block of configurable JSON.<br> Type: List of not-enforced rules that comply with \"Conventions for Not-Enforced Rules\"<br>Default: Empty<br> Hot-swap: Yes<br>Property: org.forgerock.agents.302.redirect.ner.list <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 20200,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "unwantedHttpUrlParams" : {
          "title" : "Remove Query Parameters",
          "description" : "Specifies a list of query parameters to be removed from a URL for policy decision and caching purposes. The property has the format [Domain/path] | parameter[,parameter...] with no spaces between values <br>Example: myapp.example.com/customers|location,lang <br>Property: org.forgerock.agents.unwanted.http.url.param.list <br>Introduced in Java Agent 5.5",
          "propertyOrder" : 19500,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "authFailReasonParameterRemapper" : {
          "title" : "Authentication Fail Reason Parameter Value Map",
          "description" : "This map allows some of the possible reasons to be mapped to arbitrary values. When empty, will use default values. <br>Property: org.forgerock.agents.authn.fail.reason.remapper <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 19100,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "ignorePathInfo" : {
          "title" : "Ignore Path Info in Request URL",
          "description" : "The path info will be stripped from the request URL while doing Not Enforced List check and url policy evaluation if the value is set to true. <br>Property: com.sun.identity.agents.config.ignore.path.info <br>Valid for Agent 5.0 onwards",
          "propertyOrder" : 18600,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "localeLanguage" : {
          "title" : "Locale Language",
          "description" : "Property: org.forgerock.agents.locale.language <br>Valid for Java Agent 5.0 onwards <br>Requires Agent Restart",
          "propertyOrder" : 1300,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "legacyUserAgentList" : {
          "title" : "Legacy User Agent List",
          "description" : "List of user agent header values that identify legacy browsers. Entries in this list can have wild card character '*'. <br>Property: org.forgerock.agents.legacy.user.agent.list <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 6800,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        }
      }
    },
    "globalJ2EEAgentConfig" : {
      "type" : "object",
      "title" : "Global",
      "propertyOrder" : 0,
      "properties" : {
        "loginAttemptLimitCookieName" : {
          "title" : "Login Attempt Limit Cookie Name",
          "description" : "The name of the cookie used to record the number of login attempts.<br>Property: org.forgerock.agents.login.counter.cookie.name <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 4500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "filterMode" : {
          "title" : "Agent Filter Mode",
          "description" : "Specifies the mode of operation of the Filter.<br>Valid key: the web application name. <br>Valid values: ALL, URL_POLICY, SSO_ONLY, NONE <br>For this property, a global value can be set to apply to all the applications that don't have their own specific filter mode. <br>Examples: <br>To set ALL as the global filter mode: leave Map Key field empty, and enter ALL in Corresponding MapValue field. <br>To set URL_POLICY as the filter mode for application BankApp: enter BankApp in Map Key field, and enter URL_POLICY in Corresponding Map Value field. <br>Property: org.forgerock.agents.filter.mode.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 500,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "redirectAttemptLimit" : {
          "title" : "Redirect Attempt Limit",
          "description" : "Number of successive single point redirects that a user can make using a single browser session which will trigger the blocking of the user request. Set to 0 to disable this feature.<br>Property: org.forgerock.agents.redirect.attempt.limit <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 7100,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "agentConfigChangeNotificationsEnabled" : {
          "title" : "Agent Configuration Change Notification",
          "description" : "Enable agent to receive notification messages (via websockets) from AM server for configuration changes.<br>Property: org.forgerock.agents.config.change.notifications.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 12100,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "preAuthCookieName" : {
          "title" : "Pre-Authenticated Cookie Name",
          "description" : "Specifies the name of the cookie the agent uses to track the progress of authentication with AM.<br>Property: org.forgerock.agents.authn.cookie.name <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 11210,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "localAuditLogRotation" : {
          "title" : "Rotate Local Audit Log",
          "description" : "Flag to indicate that audit log files should be rotated when reaching a certain size.<br>Property: org.forgerock.agents.local.audit.log.rotation.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 1800,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "debugLogfileRotationSize" : {
          "title" : "Debug File Rotation Size",
          "description" : "This specifies the approximate size in bytes at which a log file will be rotated to a new log file.<br>Property: org.forgerock.agents.debug.rotation.size.bytes <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 10030,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "fallforwardModeEnabled" : {
          "title" : "Fall-Forward Mode",
          "description" : "Determines how the Agent behaves when AM is unavailable, and when org.forgerock.agents.fallback.mode.enabled is NOT enabled (default behavior):<br>false: The Agent denies every incoming request for a resource, with an HTTP 403, even if the resource matched a not enforced rule at the time that AM became unavailable. <br>true: The Agent allows every incoming request for a resource matched by a not enforced rule, until AM is available, and a config change notification tells the agent to reload the not enforced rules. <br>Default: false<br>Type: Boolean<br>Hot-swap: Yes<br>Bootstrap property: No <br>Property: org.forgerock.agents.fallforward.mode.enabled <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 12115,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "status" : {
          "title" : "Status",
          "description" : "Status of the agent configuration.",
          "propertyOrder" : 200,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "loginAttemptLimit" : {
          "title" : "Login Attempt Limit",
          "description" : "Limit of failed login attempts for a user's single browser session until triggering the blocking of the user request. Value of 0 disables this feature.Property: org.forgerock.agents.login.attempt.limit.count <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 4400,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "cdssoRootUrl" : {
          "title" : "Agent Root URL for CDSSO",
          "description" : "The list of agent root URLs for CDSSO. The valid value is in the format protocol://hostname:port/, where protocol represents the protocol used, such as http or https, hostname represents the host name of the system where the agent resides, and port represents the port number on which the agent is installed. The slash following the port number is required.<br> If your agent system also has virtual host names, add URLs with the virtual host names to this list as well. AM checks that goto URLs match one of the agent root URLs for CDSSO.<br>Property: sunIdentityServerDeviceKeyValue <br>Valid for Agent 5.0 onwards",
          "propertyOrder" : 22700,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "userPrincipalFlag" : {
          "title" : "User Principal Flag",
          "description" : "Use principal instead of just the user-ID for authenticating the user.<br>Property: org.forgerock.agents.userid.mapping.mode.use.dn.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 800,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "debugLogfileRetentionCount" : {
          "title" : "Debug File Rotation Retention Count",
          "description" : "This is the number of log files to retain after rotation, so for example, setting it to 10 would give you one current debug file and nine older (rotated) files.<br>Property: org.forgerock.agents.debug.retention.count <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 10050,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "userMappingMode" : {
          "title" : "User Mapping Mode",
          "description" : "Specifies mechanism agent uses to determine user-ID.<br>Property: org.forgerock.agents.user.mapping.mode <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 600,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "userTokenName" : {
          "title" : "User Token Name",
          "description" : "Session property name for user-ID of the authenticated user in session.<br>Property: org.forgerock.agents.userid.mapping.mode.use.session.property.name <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "configurationReloadInterval" : {
          "title" : "Configuration Reload Interval",
          "description" : "Only used when websocket notifications are disabled, specifies interval in seconds after which config is reloaded automatically by the Agent. <br>Property: org.forgerock.agents.config.reload.seconds <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 1200,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "jwtName" : {
          "title" : "JWT Cookie Name",
          "description" : "The name used by the agent to set the OIDC JWT on the user's browser.<br>Property: org.forgerock.agents.jwt.cookie.name <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 11201,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "localAuditRotationSize" : {
          "title" : "Local Audit Log Rotation Size",
          "description" : "Size limit when a local audit log file is rotated to a new file.<br>Property name: com.sun.identity.agents.config.local.log.size <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 1900,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "httpSessionBinding" : {
          "title" : "HTTP Session Binding",
          "description" : "If true will invalidate the http session when login has failed, user has no SSO session, or principal user name does not match SSO user name.<br>Property: org.forgerock.agents.http.session.binding.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 3500,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "redirectAttemptLimitCookieName" : {
          "title" : "Redirect Attempt Cookie Name",
          "description" : "Agent tries to detect redirect loops while authenticating, which would normally indicate a cookie domain problem. The Agent does this by using a cookie to holds the current redirection count.<br>Property: org.forgerock.agents.redirect.cookie.name <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 7150,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "webSocketConnectionIntervalInMinutes" : {
          "title" : "WebSocket Connection Interval",
          "description" : "The time in minutes before WebSockets to AM are killed and reopened. This property helps ensure a balanced distribution of connections across the AM servers on the site. <br>Default: 30<br>Type: Integer<br>Hot-swap: Yes<br> Property: org.forgerock.agents.balance.websocket.interval.minutes <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 12120,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "auditAccessType" : {
          "title" : "Audit Access Types",
          "description" : "Types of messages to log based on user URL access attempts.<br>Property name: org.forgerock.agents.audit.what <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 1500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "lbCookieName" : {
          "title" : "Load Balancer Cookie Name",
          "description" : "The name of the load balancer cookies. This property is used only if \"org.forgerock.agents.load.balancer.cookies.enabled\" is true. To improve performance, make sure that this property has the same value as the AM property com.iplanet.amlbcookie.name.  <br>Property: org.forgerock.agents.load.balancer.cookie.name <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 12130,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "fqdnDefault" : {
          "title" : "FQDN Default",
          "description" : "Fully qualified hostname that the users should use in order to access resources.<br>Property: org.forgerock.agents.fqdn.default <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 6500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "fqdnMapping" : {
          "title" : "FQDN Virtual Host Map",
          "description" : "Maps virtual, invalid, or partial hostnames, and IP addresses to the FQDN to access protected resources.<br> Examples: <br>  To map the partial hostname myserver to myserver.mydomain.com: enter myserver in the Map Key field and myserver.mydomain.com in the Corresponding Map Value field. To map a virtual server rst.hostname.com that points to the actual server abc.hostname.com: enter valid1 in the Map Key field and rst.hostname.com in the Corresponding Map Value field. <br>Property: org.forgerock.agents.fqdn.map) <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 6600,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "fqdnCheck" : {
          "title" : "FQDN Check",
          "description" : "Enables checking of fqdn default value and fqdn map values.<br>Property: org.forgerock.agents.fqdn.check.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 6400,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "auditLogLocation" : {
          "title" : "Audit Log Location",
          "description" : "LOCAL = audit information stored in files based locally to the Agent container <br>REMOTE = audit information logged via AM. <br>Property: org.forgerock.agents.audit.where <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 1600,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "debugLogfilePrefix" : {
          "title" : "Debug File Rotation Prefix",
          "description" : "Prefix which can be added onto the front of the debug file name when it is rotated.<br>Property: org.forgerock.agents.debug.prefix <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 10010,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "preAuthCookieMaxAge" : {
          "title" : "Pre-Authenticated Cookie Max Age",
          "description" : "This is the amount of time in seconds before the pre-authn cookie will timeout.<br>Property: org.forgerock.agents.authn.cookie.max.age.seconds <br>Valid for Java Agent 5.6.3 onwards",
          "propertyOrder" : 11220,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "userAttributeName" : {
          "title" : "User Attribute Name",
          "description" : "Name of the attribute which contains the user-ID.<br>Property: org.forgerock.agents.user.mapping.mode.attribute.name <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "debugLogfileSuffix" : {
          "title" : "Debug File Rotation Suffix",
          "description" : "This is a value appended onto the end of the debug file name when it is rotated. The user is free to define it as they want, but if it does not involve a timestamp that produces different file names when the rotation time is reached, log file rotation is unlikely to function correctly<br>Property: org.forgerock.agents.debug.suffix <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 10020,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "debugLogfileRotationMinutes" : {
          "title" : "Debug File Rotation Time",
          "description" : "This is the time in minutes after which log file rotation will occur.<br>Property: org.forgerock.agents.debug.rotation.time.minutes <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 10040,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "debugLevel" : {
          "title" : "Agent Debug Level",
          "description" : "Specifies type of agent debug messages to log.<br>Property: com.iplanet.services.debug.level <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 10000,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "lbCookieEnabled" : {
          "title" : "Load Balancer Cookie Enabled",
          "description" : "When true, every policy evaluation call to AM is accompanied by a load balancer cookie. Use this property with \"org.forgerock.agents.load.balancer.cookie.name\" to improve performance. Load balancer cookies can reduce the number of calls that different AM instances make to the core token service. <br>Property: org.forgerock.agents.load.balancer.cookies.enabled <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 12125,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "customResponseHeader" : {
          "title" : "Custom Response Header",
          "description" : "Map specifies the custom headers that are set by the Agent on the client browser. The key is the header name and the value represents the header value.<br> Example: <br>  To set the custom header Cache-Control to value no-cache: enter Cache-Control in Map Key field, and enter no-cache in Corresponding Map Value field. <br>Property: org.forgerock.agents.response.header.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 7000,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "localAuditLogfileRetentionCount" : {
          "title" : "Audit Logfile Retention Count",
          "description" : "The number of audit log files to retain after rotation has occurred.Property: org.forgerock.agents.local.audit.log.retention.count <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 2100,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    },
    "advancedJ2EEAgentConfig" : {
      "type" : "object",
      "title" : "Advanced",
      "propertyOrder" : 5,
      "properties" : {
        "idleTimeRefreshWindow" : {
          "title" : "Idle Time Refresh Window",
          "description" : "Once every this number of minutes, the Agent will nudge AM so it knows a particular session is still in use, thereby resetting its idle time. <br>Property: org.forgerock.agents.idle.time.window.minutes <br>Introduced in Java Agent 5.6.2.1",
          "propertyOrder" : 14200,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "policyCacheSize" : {
          "title" : "Policy Cache Size",
          "description" : "The maximum number of sessions, i.e. distinct users, stored in the policy evaluation cache at any one time.<br>Property: org.forgerock.agents.policy.cache.session.size <br>Introduced in Java Agent 5.6 <br>Requires Agent Restart",
          "propertyOrder" : 14000,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "alternativeAgentPort" : {
          "title" : "Alternative Agent Port Number",
          "description" : "Port number identifying the Agent protected server listening port to the client browsers if different from the actual listening port. <br>Property name: org.forgerock.agents.agent.port <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 4200,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "alternativeAgentProtocol" : {
          "title" : "Alternative Agent Protocol",
          "description" : "Protocol being used (http/https) by the client browsers to communicate with the Agent protected server if different from the actual protocol used by the server.<br>Property name: org.forgerock.agents.agent.protocol <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 4300,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "postDataPreserveCacheEntryMaxEntries" : {
          "title" : "PDP Maximum Number of Cache Entries",
          "description" : "Maximum number of entries to hold in the PDP cache <br>Property: org.forgerock.agents.pdp.cache.size <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 13550,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "ssoExchangeCacheTTL" : {
          "title" : "Exchanged SSO Token Cache Time to Live",
          "description" : "This sets the time in minutes after which entries in the SSO token exchange cache will timeout and be purged. Since exchanging SSO tokens for JWTs is an expensive process, previously exchanged SSO tokens are cached so that the roundtrip to AM can be avoided in the case where an entity is unable to permanently store its JWT in a cookie. <br>Property: org.forgerock.agents.sso.exchange.cache.ttl.minutes <br>Introduced in Java Agent 5.6.2.1 <br>Requires Agent Restart",
          "propertyOrder" : 13900,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "policyClientPollingInterval" : {
          "title" : "Policy Cache TTL",
          "description" : "This sets the time in minutes after which entries in the policy cache will timeout and be purged.<br>Property: org.forgerock.agents.policy.cache.ttl.minutes <br>Valid for Java Agent 5.0 onwards <br>Requires Agent Restart",
          "propertyOrder" : 13950,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "postDataStickySessionKeyValue" : {
          "title" : "PDP Stickysession key-value",
          "description" : "The provided key-value pair will be used for adding to the URL or creating the cookie. <br>Example: <br>Set 'lb=server1' to append to the querystring or to have 'lb' cookie with 'server1' value. <br>Property: org.forgerock.agents.pdp.sticky.session.value <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 13500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "policyCachePerUser" : {
          "title" : "Policy Cache Per User",
          "description" : "This is the number of distinct policy evaluation entries that each session (stored in the policy evaluation cache) can have. Thus the total number of policy evaluation results that can be stored is the \"Policy Cache Size\" multiplied by the \"Policy Cache Per User\".<br>Property: org.forgerock.agents.policy.cache.per.session.size <br>Introduced in Java Agent 5.6 <br>Requires Agent Restart",
          "propertyOrder" : 14100,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "postDataPreservation" : {
          "title" : "Post Data Preservation enabled",
          "description" : "Post Data Preservation functionality basically stores any POST data before redirecting the user to the login screen and after successful login the agent will generate a page that autosubmits the same POST to the original URL.<br>Property: org.forgerock.agents.post.data.preservation.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 13100,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "clientHostnameHeader" : {
          "title" : "Client Hostname Header",
          "description" : "HTTP header name that holds the Hostname of the client. <br>Property: org.forgerock.agents.http.header.containing.remote.hostname <br>Valid for Agent 5.0 onwards",
          "propertyOrder" : 1100,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "jwtCacheSize" : {
          "title" : "JWT Cache Size",
          "description" : "The maximum number of entries in the JWT cache.Property: org.forgerock.agents.jwt.cache.size <br>Introduced in Java Agent 5.6 <br>Requires Agent Restart",
          "propertyOrder" : 13810,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "clientIpHeader" : {
          "title" : "Client IP Address Header",
          "description" : "HTTP header name that holds the IP address of the client. <br>Property: org.forgerock.agents.http.header.containing.ip.address <br>Valid for Agent 5.0 onwards",
          "propertyOrder" : 1000,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "alternativeAgentHostname" : {
          "title" : "Alternative Agent Host Name",
          "description" : "Host name identifying the Agent protected server to the client browsers if different from the actual host name. <br>Property: org.forgerock.agents.agent.hostname <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 4100,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "postDataCacheTtlMin" : {
          "title" : "PDP Cache TTL in Minutes",
          "description" : "This sets the time in minutes after which entries in the Post Data Preservation cache will timeout and be purged. <br>Property: org.forgerock.agents.pdp.cache.ttl.minutes <br>Introduced in Java Agent 5.6 <br>Requires Agent Restart",
          "propertyOrder" : 13300,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "fragmentRelayUri" : {
          "title" : "Fragment Relay URI",
          "description" : "To enable unauthenticated fragment retention within incoming requests, set this property to a valid dummy URI within the Agent application.<br>Example: /agentapp/pre-authn-fragment-capture <br>Property: org.forgerock.agents.authn.fragment.relay.uri <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 13090,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "jwtCacheTTL" : {
          "title" : "JWT Cache TTL",
          "description" : "This sets the time in minutes after which entries in the JWT cache will timeout and be purged. Since all JWTs in the cache have been parsed, and parsing is a CPU intensive process, having a large timeout on this cache is advantageous and will save CPU cycles reparsing already seen JWTs<br>Property: org.forgerock.agents.jwt.cache.ttl.minutes <br>Introduced in Java Agent 5.6 <br>Requires Agent Restart",
          "propertyOrder" : 13800,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "xssDetectionRedirectUri" : {
          "title" : "XSS detection redirect URI",
          "description" : "An application-specific Map that identifies a URI of the customized page if XSS code has been detected.<br>Examples: <br>To set a redirect target for application BankApp: enter BankApp in Map Key field, and enter a redirect URI in Corresponding Map Value field. <br>Property: org.forgerock.agents.xss.redirect.uri.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 12900,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "postDataPreserveCacheEntryMaxTotalSizeMb" : {
          "title" : "PDP Maximum Cache Size",
          "description" : "Maximum size of the PDP cache, in megabytes<br>Property: org.forgerock.agents.pdp.cache.total.size.mb <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 13600,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "customProperties" : {
          "title" : "Custom Properties",
          "description" : "Additional properties that allow users to augment the set of properties supported by agent.<br> Examples: <br> customproperty=custom-value1 <br> customlist[0]=customlist-value-0 <br> customlist[1]=customlist-value-1 <br> custommap[key1]=custommap-value-1 <br> custommap[key2]=custommap-value-2 <br>Property: com.sun.identity.agents.config.freeformproperties <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 20000,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "missingPostDataPreservationEntryUri" : {
          "title" : "Missing PDP entry URI",
          "description" : "An application-specific URI Map that is used in case the referenced PDP entry cannot be found in the local cache (due to ttl). In such cases it will redirect to the specified URI, otherwise it will show a HTTP 403 Forbidden error. <br>Examples: <br>To set a redirect target for application BankApp: enter Bankapp in Map Key field and enter a redirect URI in corresponding Map Value field. <br>Property: org.forgerock.agents.pdp.noentry.url.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 13200,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "expiredSessionCacheTTL" : {
          "title" : "Expired Session Cache Timeout",
          "description" : "The time in minutes after which entries in the expired session cache timeout and are purged.<br>The expired session cache records sessions that have been killed by AM.Use the cache to reduce network traffic and load on AM. When the Agent receives a request using an invalidated token, it rejects the request without needing to retrieve session information from AM.<br>Default: 20<br>Type: Integer<br>Hot swap: No<br> Property: org.forgerock.agents.sso.expired.session.cache.ttl.minutes <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 13710,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "monitoringToCSV" : {
          "title" : "Export Monitoring Metrics to CSV",
          "description" : "When set to true, the Agent will write monitoring information to CSV files. <br>Property: org.forgerock.agents.monitoring.to.csv.enabled <br>Introduced in Java Agent 5.5",
          "propertyOrder" : 13085,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "expiredSessionCacheSize" : {
          "title" : "Expired Session Cache Max Records",
          "description" : "The maximum number of entries in the expired session cache. When the maximum is reached, the oldest records are overwritten.<br> The expired session cache records sessions that have been killed by AM. Use the cache to reduce network traffic and load on AM. When the Agent receives a request using a token in the expired session cache, it rejects the request without needing to retrieve session information from AM.<br>Default: 500<br>Type: Integer<br> Hot swap: No<br>Property: org.forgerock.agents.expired.session.cache.size <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 13720,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "postDataCacheTtl" : {
          "title" : "PDP Cache TTL in Milliseconds",
          "description" : "This value tells how long a given POST entry should be stored in the local cache (in milliseconds), default value is 300000. DEPRECATED: use \"PDP Cache TTL in Minutes\" instead <br>Property: com.sun.identity.agents.config.postdata.preserve.cache.entry.ttl <br>Valid for Java Agent 5.0 onwards<br>Requires Agent Restart",
          "propertyOrder" : 13310,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "ssoExchangeCacheSize" : {
          "title" : "Exchanged SSO Token Cache Size",
          "description" : "The number of entries in the SSO Exchange cache. <br>Property: org.forgerock.agents.sso.exchange.cache.size <br>Introduced in Java Agent 5.6.2.1 <br>Requires Agent Restart",
          "propertyOrder" : 13910,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "possibleXssCodeElements" : {
          "title" : "Possible XSS code elements",
          "description" : "If one of these strings occurs in the request, the client is redirected to an error page.<br>Property: org.forgerock.agents.xss.code.element.list <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 12800,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sessionCacheTTL" : {
          "title" : "Session Cache TTL",
          "description" : "This sets the time in minutes after which entries in the session cache will timeout and be purged. If an entry is not cached, the Agent will need to retrieve session information from AM, hence by default the timeout is much longer than for the policy cache. <br>Property: org.forgerock.agents.session.cache.ttl.minutes<br>Introduced in Java Agent 5.6 <br>Requires Agent Restart",
          "propertyOrder" : 13700,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "postDataStickySessionMode" : {
          "title" : "PDP Stickysession mode",
          "description" : "If the PDP mechanism needs sticky loadbalancing, the URL mode will append a querystring, while the Cookie mode will create a cookie. <br>Property: org.forgerock.agents.pdp.sticky.session.mode <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 13400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "applicationJ2EEAgentConfig" : {
      "type" : "object",
      "title" : "Application",
      "propertyOrder" : 1,
      "properties" : {
        "notEnforcedIps" : {
          "title" : "Not Enforced Client IP List",
          "description" : "No authentication and authorization protection from agent are required for the requests coming from these client IP addresses. <br> Examples: <br> 192.18.145.* <br> 192.18.146.123 Property: org.forgerock.agents.notenforced.ip.list <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 7900,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sessionAttributeMap" : {
          "title" : "Session Attribute Mapping",
          "description" : "Maps the session attributes to be populated under specific names for the currently authenticated user.<br> Example: <br>  To populate the value of session attribute UserToken under name CUSTOM-userid: enter UserToken in Map Key field, and enter CUSTOM-userid in Corresponding Map Value field. <br>Property: org.forgerock.agents.session.attribute.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 9000,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "profileAttributeMap" : {
          "title" : "Profile Attribute Mapping",
          "description" : "Maps the profile attributes to be populated under specific names for the currently authenticated user.<br> Example: <br> To populate the value of profile attribute cn under name CUSTOM-Common-Name: enter cn in Map Key field, and enter CUSTOM-Common-Name in Corresponding Map Value field. <br> To populate the value of profile attribute mail under name CUSTOM-Email: enter mail in Map Key field, and enter CUSTOM-Email in Corresponding Map Value field. <br>Property: org.forgerock.agents.profile.attribute.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 8800,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "responseAttributeFetchMode" : {
          "title" : "Response Attribute Fetch Mode",
          "description" : "The mode of fetching policy response attributes.<br>Property: com.sun.identity.agents.config.response.attribute.fetch.mode <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 9100,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "logoutEntryUri" : {
          "title" : "Logout Entry URI",
          "description" : "An application-specific Map that identifies a URI to be used as an entry point after successful logout and subsequent successful authentication if applicable. <br>Valid key: the web application name. <br>Valid value: the logout entry URI. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific logout entry URI. <br> Examples: <br>To set a global application logout entry URI: leave Map Key field empty, and enter the global application logout entry URI /welcome.html in Corresponding Map Value field. <br> To set the logout entry URI for application BankApp: enter BankApp in Map Key field, and enter the logout entry URI /BankApp/welcome.html in Corresponding Map Value field. <br>Property: org.forgerock.agents.logout.goto.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 6300,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "logoutRequestParameters" : {
          "title" : "Logout Request Parameter",
          "description" : "An application-specific Map that identifies a parameter which when present in the HTTP request indicates a logout event. <br>Valid key: the web application name. <br>Valid value: the logout request parameter. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific logout request parameter. <br> Examples: <br>To set a global application logout request parameter: leave Map Key field empty, and enter the global application logout request parameter logoutparam in Corresponding Map Value field. <br> To set the logout request parameter for application BankApp: enter BankApp in Map Key field, and enter the logout request parameter logoutparam in Corresponding Map Value field. <br>Property: org.forgerock.agents.logout.request.param.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 6100,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "resourceAccessDeniedUri" : {
          "title" : "Resource Access Denied URI",
          "description" : "An application-specific Map that identifies a URI of the customized access denied page.<br>Valid key: the web application name. <br>Valid value: the customized application access denied page URI. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific access denied page.  <br> Examples: <br>To set a global access denied page: leave Map Key field empty, and enter the global access denied page URI /sample/accessdenied.html in Corresponding Map Value field. <br> To set the access denied page URI for application BankApp: enter BankApp in Map Key field, and enter the application access denied page URI /BankApp/accessdenied.html in Corresponding Map Value field. <br>Property: org.forgerock.agents.access.denied.uri.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 2700,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "cookieAttributeUrlEncoded" : {
          "title" : "Attribute Cookie Encode",
          "description" : "Indicates if the value of the attribute should be URL encoded before being set as a cookie.<br>Property: org.forgerock.agents.attribute.cookie.encode.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 8500,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "notEnforcedUrisCacheEnabled" : {
          "title" : "Not Enforced URIs Cache Enabled",
          "description" : "Enables the caching of the Not Enforced URIs list evaluation results.<br>Property: org.forgerock.agents.notenforced.uri.cache.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 7700,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "responseAttributeMap" : {
          "title" : "Response Attribute Mapping",
          "description" : "Maps the policy response attributes to be populated under specific names for the currently authenticated user. <br> Example: <br> To populate the value of response attribute uid under name CUSTOM-USER-NAME: enter uid in Map Key field, and enter CUSTOM-USER-NAME in Corresponding Map Value field. <br>Property: org.forgerock.agents.response.attribute.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 9200,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "notEnforcedFavicon" : {
          "title" : "Not Enforced Favicon",
          "description" : "This flag, if enabled, automatically adds \"*/favicon.ico\" to the not enforced list.  This can help to avoid odd situations in which a user is required to log in after logging out, just because favicon.ico has been requested by browser. <br>Property: org.forgerock.agents.auto.not.enforce.favicon.enabled <br>Introduced in Java Agent 5.7 <br>Requires Agent Restart",
          "propertyOrder" : 7650,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "loginFormUri" : {
          "title" : "Login Form URI",
          "description" : "List of absolute URIs corresponding to an application's web.xml form-login-page element.<br> Example: <br> /BankApp/jsp/login.jsp<br>Property: com.sun.identity.agents.config.login.form <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 2800,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "invertNotEnforcedUris" : {
          "title" : "Invert Not Enforced URIs",
          "description" : "Inverts protection of  URIs specified in Not Enforced URIs list. When set to true, it indicates that the URIs specified should be enforced and all other URIs should be not enforced by the Agent.<br>Property: org.forgerock.agents.notenforced.uri.invert.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 7600,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "clientIpValidationMode" : {
          "title" : "Client IP Validation Mode",
          "description" : "Checks that that the request originates from the same IP address as used for first authentication, or that any change in IP address is in the \"approved\" list. <br>Key: Application name. If the application is not named, check the the IP address globally, for all applications. <br>Value:<br> OFF: Do not check the IP address. <br> DENY: If IP address is not approved, refuse the request and return an HTTP 403. <br> LOGOUT: If IP address is not approved, log out from AM to destroy the user session. <br>Property: org.forgerock.agents.original.ip.check.mode.map <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 8250,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "notEnforcedUris" : {
          "title" : "Not Enforced URIs",
          "description" : "List of URIs for which protection is not enforced by the Agent. <br> Examples: <br> /BankApp/public/* <br> /BankApp/images/* <br>Property: org.forgerock.agents.notenforced.uri.list <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 7500,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "notEnforcedIpsCacheSize" : {
          "title" : "Not Enforced IP Cache Size",
          "description" : "Size of the cache to be used if Not Enforced IP Cache Flag is enabled.<br>Property: org.forgerock.agents.notenforced.ip.cache.size <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 8200,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "notEnforcedIpsCacheEnabled" : {
          "title" : "Not Enforced IP Cache Flag",
          "description" : "Enable caching of not-enforced IP list evaluation results.<br>Property: org.forgerock.agents.notenforced.ip.cache.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 8100,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "profileAttributeFetchMode" : {
          "title" : "Profile Attribute Fetch Mode",
          "description" : "The mode of fetching profile attributes.<br>Property: com.sun.identity.agents.config.profile.attribute.fetch.mode <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 8700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "cookieAttributeMultiValueSeparator" : {
          "title" : "Cookie Separator Character",
          "description" : "Character that will be used to separate multiple values of the same attribute when it is being set as a cookie. <br>Property: org.forgerock.agents.attribute.cookie.separator <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 8300,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "invertNotEnforcedIps" : {
          "title" : "Invert Not Enforced IPs",
          "description" : "Client IP Addresses to invert protection of IP addresses listed in the related Not Enforced Client IP List.<br>Property: org.forgerock.agents.notenforced.ip.invert.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 8000,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "notEnforcedRuleCompoundSeparator" : {
          "title" : "Not Enforced Compound Rule Separator",
          "description" : "Specifies a separator for not enforced compound rules. The format for compound rules requires a list of IP rules, a separator (by default the | character), and a list of URI rules. <br>Example, GET 192.168.1.1-192.168.4.3 | /images/* <br>Configure a different separator (for example, &&) when working with the REGEX keyword to avoid invalid regular expressions. <br>Property: com.sun.identity.agents.config.notenforced.rule.compound.separator <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 7450,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sessionAttributeFetchMode" : {
          "title" : "Session Attribute Fetch Mode",
          "description" : "The mode of fetching session attributes.<br>Property: com.sun.identity.agents.config.session.attribute.fetch.mode <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 8900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "continuousSecurityCookies" : {
          "title" : "Continuous Security Cookies",
          "description" : "The name of the cookies to be sent as part of the payload during policy evaluation, which can be accessed via the 'environment' variable in a policy script. The 'key' is the name of the cookie to be sent, and the 'value' is the name which it will appear as in the policy evaluation script. It is possible to map multiple cookies to the same name (they will simply appear as an array in the evaluation script). If the cookie doesn't exist, then the empty string will be sent. <br>Property: org.forgerock.openam.agents.config.continuous.security.cookies <br>Valid for Agent 5.0 onwards",
          "propertyOrder" : 3210,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "logoutIntrospection" : {
          "title" : "Logout Introspect Enabled",
          "description" : "Allows the Agent to search HTTP request body to locate logout parameter.<br>Property: org.forgerock.agents.logout.introspection.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 6200,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "clientIpValidationRange" : {
          "title" : "Client IP Validation Address Range",
          "description" : "Comma separated list of IP addresses and/or ranges of IP addresses in CIDR format. Key = application(if empty for all applications) Requires \"Client IP Validation Mode\" property be DENY or LOGOUT.<br>Property: org.forgerock.agents.acceptable.ip.address.map <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 8275,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "notEnforcedUrisCacheSize" : {
          "title" : "Not Enforced URIs Cache Size",
          "description" : "Size of the cache to be used if caching of not enforced URI list evaluation results is enabled.<br>Property: org.forgerock.agents.notenforced.uri.cache.size <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 7800,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "continuousSecurityHeaders" : {
          "title" : "Continuous Security Headers",
          "description" : "The name of the headers in the user's original request, that will be sent as part of the payload during policy evaluation, which can then be accessed via the 'environment' variable in a policy script. The 'key' is the name of the header to be sent, and the 'value' is the name which it will appear as in the policy evaluation script.It is possible to map multiple headers to the same name (they will simply appear as an array in the evaluation script). If the header doesn't exist, then the empty string will be sent. <br>Property: org.forgerock.openam.agents.config.continuous.security.headers <br>Valid for Agent 5.0 onwards",
          "propertyOrder" : 3211,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "applicationLogoutUris" : {
          "title" : "Application Logout URI",
          "description" : "An application-specific Map that identifies a request URI which indicates a logout event.<br>Valid key: the web application name. <br>Valid value: the application logout URI. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific logout URI.  <br> Examples: <br>To set a global application logout URI: leave Map Key field empty, and enter the global application logout URI /logout.jsp in Corresponding Map Value field. <br> To set the logout URI for application BankApp: enter BankApp in Map Key field, and enter the application logout URI /BankApp/logout.jsp in Corresponding Map Value field. <br>Property: org.forgerock.agents.logout.endpoint.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 6000,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "headerAttributeDateFormat" : {
          "title" : "Fetch Attribute Date Format",
          "description" : "Format of date attribute values to be used when the attribute is being set as HTTP header. Format is based on java.text.SimpleDateFormat. <br>Property: org.forgerock.agents.attribute.date.format <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 8400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "amServicesJ2EEAgent" : {
      "type" : "object",
      "title" : "AM Services",
      "propertyOrder" : 3,
      "properties" : {
        "conditionalLogoutUrl" : {
          "title" : "AM Conditional Logout URL",
          "description" : "Examples: <br> match|url?param1=value1&amp;param2=value2 <br>match/path|?param1=value1&amp;param2=value2&amp;param3=value3 <br>Property: org.forgerock.agents.conditional.logout.url.list <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 12550,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "customLoginEnabled" : {
          "title" : "Allow Custom Login Mode",
          "description" : "Flag to enable custom login. <br>Property: org.forgerock.agents.legacy.login.enabled <br>Introduced in Java Agent 5.0.1",
          "propertyOrder" : 3700,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "overridePolicyEvaluationRealmEnabled" : {
          "title" : "Perform Policy Evaluation in User Authenticated Realm",
          "description" : "When true, user authenticated realm will be used for policy evaluation and ignores the value in org.forgerock.agents.policy.evaluation.realm.map. <br>Default: false<br>Type: Boolean<br>Hot-swap: Yes<br> Property: org.forgerock.agents.user.realm.overrides.policy.evaluation.realm.enabled <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 5410,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "agentAdviceEncode" : {
          "title" : "Composite Advice Encode",
          "description" : "This property is used to specify whether AM composite advices should be based64url encoded before sending to custom login endpoints. <br>Property: org.forgerock.agents.advice.b64.url.encode <br>Introduced in Java Agent 5.6.2",
          "propertyOrder" : 13050,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "amLoginUrl" : {
          "title" : "AM Login URL",
          "description" : "AM login page URL. <br> Example: <br> http://host:port/am/UI/Login <br>Property: com.sun.identity.agents.config.login.url <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 3710,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "authSuccessRedirectUrl" : {
          "title" : "Redirect to AM's Success URL",
          "description" : "When enabled, the Agent will redirect to the session's Success URL instead (defined in auth. chain) of the originally requested resource after successful authentication. <br>Property: org.forgerock.agents.authn.success.redirect.session.url.enabled <br>Introduced in Java Agent 5.6.3",
          "propertyOrder" : 4000,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "authServiceHost" : {
          "title" : "AM Authentication Service Host Name",
          "description" : "Host name to be used by the AM authentication service. This property need to be updated in Bootstrap.properties <br>Property: org.forgerock.agents.am.hostname <br>Valid for Java Agent 5.0 onwards <br>Requires Agent Restart",
          "propertyOrder" : 11000,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "urlPolicyEnvGetParameters" : {
          "title" : "URL Policy Env GET Parameters",
          "description" : "List of HTTP GET request parameters whose names and values will be set in the environment map for URL policy evaluation at AM server.<br> Examples: <br> name <br> phonenumber <br>Property: org.forgerock.agents.continuous.security.get.list <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 11800,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "policyEvaluationApplication" : {
          "title" : "Policy Set",
          "description" : "Which application contains the policies to evaluate with. <br>Property: org.forgerock.agents.policy.set.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 5500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "authServiceProtocol" : {
          "title" : "AM Authentication Service Protocol",
          "description" : "Protocol to be used by the AM authentication service. This property need to be updated in AgentBootstrap.properties <br>Property: org.forgerock.agents.am.protocol <br>Valid for Java Agent 5.0 onwards <br>Requires Agent Restart",
          "propertyOrder" : 10900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "authServicePort" : {
          "title" : "AM Authentication Service Port",
          "description" : "Port to be used by the AM authentication service. This property need to be updated in Bootstrap.properties<br>Property: org.forgerock.agents.am.port <br>Valid for Java Agent 5.0 onwards <br>Requires Agent Restart",
          "propertyOrder" : 11100,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "conditionalLoginUrl" : {
          "title" : "AM Conditional Login URL",
          "description" : "Examples: <br> match|url?param1=value1&amp;ampparam2=value2 <br> match/path|?param1=value1&amp;ampparam2=value2&amp;ampparam3=value3 <br>Property: org.forgerock.openam.agents.config.conditional.login.url <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 3800,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "urlPolicyEnvJsessionParameters" : {
          "title" : "URL Policy Env jsession Parameters",
          "description" : "List of HTTP SESSION attributes whose names and values will be set in the environment map for URL policy evaluation at AM server. <br> Examples: <br> name <br> phonenumber <br>Property: org.forgerock.agents.continuous.security.http.session.list <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 12000,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "legacyLoginUrlList" : {
          "title" : "Custom Conditional Login URL",
          "description" : "Conditionally redirect users based on the incoming request URL. If the incoming request URL matches a specified domain name, the Java agent redirects the request to a specific URL. Conditional redirects have the format [Domain/path]|[URL?realm=value&amp;parameter1=value1...], with no spaces between values. <br>Example: myapp.domain.com|https://login.example.com/apps/login.jsp?realm=sales  <br>Property: org.forgerock.openam.agents.config.conditional.custom.login.url <br>Introduced in Java Agent 5.0.1",
          "propertyOrder" : 3900,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "policyNotifications" : {
          "title" : "Enable Policy Notifications",
          "description" : "Enable Notifications(via websockets) for remote policy client.<br>Property: org.forgerock.agents.policy.change.notifications.enabled <br>Valid for Java Agent 5.0 onwards <br>Requires Agent Restart",
          "propertyOrder" : 11200,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "restrictToRealm" : {
          "title" : "Restrict To Realm",
          "description" : "A map keyed by application name which allows users from only the specified realms (each entry is a CSV) to access the specified application. If no restricted realm is set, any user from any realm will be allowed access. Keyed by application name, value is a comma separated list of realms from which users may request resources. <br>Property: org.forgerock.agents.restrict.to.realm.map <br>Introduced in Java Agent 5.6.2.1",
          "propertyOrder" : 13080,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "policyEvaluationRealm" : {
          "title" : "Policy Evaluation Realm",
          "description" : "Which realm to start evaluating from. <br>Property: org.forgerock.agents.policy.evaluation.realm.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 5400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "urlPolicyEnvPostParameters" : {
          "title" : "URL Policy Env POST Parameters",
          "description" : "List of HTTP POST request parameters whose names and values will be set in the environment map for URL policy evaluation at AM server. <br> Examples: <br> name <br> phonenumber <br>Property: org.forgerock.agents.continuous.security.post.list <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 11900,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        }
      }
    },
    "ssoJ2EEAgentConfig" : {
      "type" : "object",
      "title" : "SSO",
      "propertyOrder" : 2,
      "properties" : {
        "cookieResetDomains" : {
          "title" : "Cookies Reset Domain Map",
          "description" : "Maps cookie names specified in Cookie Reset Name List to value being the domain of this cookie to be used when a reset event occurs. <br>Property: org.forgerock.agents.cookie.reset.domain.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 4800,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "httpOnly" : {
          "title" : "Http Only",
          "description" : "Flag saying whether HTTP only cookies are enabled.<br>Property: com.sun.identity.cookie.httponly <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 5910,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "cookieResetEnabled" : {
          "title" : "Cookie Reset",
          "description" : "Agent resets cookies in the response before redirecting to authentication.<br>Property: org.forgerock.agents.cookie.reset.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 4600,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "acceptIPDPCookie" : {
          "title" : "Convert SSO Tokens into OpenID Connect JWTs",
          "description" : "When this property is set to true, for each incoming request, when the user does not present a JWT in the designated cookie, the Agent will look for an SSO token in the iPlanetDirectoryPro cookie (configurable in AM). If this is found, the Agent invokes AM to exchange it for a JWT which is then used in further requests. The result is cached, so interaction with AM will not be needed, if the same SSO token is presented in the future (and the existing cache entry is still valid)<br>Property: org.forgerock.agents.accept.ipdp.cookie.enabled <br>Introduced in Java Agent 5.6.2.1",
          "propertyOrder" : 5900,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "acceptSsoTokenDomainList" : {
          "title" : "SSO Cookie Domain List",
          "description" : "A list of domains in which the Agent attempts to create SSO cookies when Accept SSO Tokens is true:<br> If the list is empty, the agent creates cookies only in its own domain.<br> If the agent is running behind a browser, it can create cookies only in its own domain.<br> If the agent is running behind a proxy, it should be able to create cookies in any required domains.<br> Default: Empty<br>Type: List of strings that represent domains<br>Hot-swap: Yes <br>Property: org.forgerock.agents.ipdp.cookie.domain.list <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 5802,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "encodeCookies" : {
          "title" : "Encode Cookies",
          "description" : "Cookies are encoded, if set. <br>Property: com.iplanet.am.cookie.encode <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 5920,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "setCookieAttributeMap" : {
          "title" : "Set-Cookie Attribute Map",
          "description" : "Text from this map will be added directly into the Set-Cookie header by the AttributeTaskHandler and its descendants when it creates cookies out of Profile Attributes, Session Info Attributes and/or Response Attributes. The key is the cookie name, the value is any arbitrary text suitable for the Set-Cookie header. Users should remember semicolons if they wish to add multiple values. Values inappropriate for the header will likely cause the Agent to fail to create the relevant cookie. <br>Property: org.forgerock.agents.set.cookie.attribute.map, <br>Introduced in Java Agent 5.6.3",
          "propertyOrder" : 5950,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "authExchangeUri" : {
          "title" : "Authentication Exchange URI",
          "description" : "This property allows the administrator to enable an endpoint that will facilitate the exchange of SSO tokens for OIDC JWTs. The value is empty by default and thus the endpoint is not accessible.<br>Property: org.forgerock.agents.authn.exchange.uri <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 5901,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "cookieResetPaths" : {
          "title" : "Cookies Reset Path Map",
          "description" : "Maps cookie names specified in Cookie Reset Name List to value being the path of this cookie to be used when a reset event occurs.<br>Property: org.forgerock.agents.cookie.reset.path.map <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 4900,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "authExchangeCookieName" : {
          "title" : "Authentication Exchange Cookie Name",
          "description" : "This property allows the administrator to define a cooke name that will be used by the authn exchange endpoint. The value is empty by default and the endpoint will thus not be capable of examining cookie values <br>Property: org.forgerock.agents.authn.exchange.cookie.name <br>Introduced in Java Agent 5.7",
          "propertyOrder" : 5902,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "excludedUserAgentsList" : {
          "title" : "Samesite Cookie Attributes Excluded User Agents Pattern List",
          "description" : "Excluded User agents pattern list. List of incompatible user agents that will be prevented from receiving SameSite cookie attributes. <br>Property: org.forgerock.agents.samesite.excluded.user.agents.list <br>Introduced in Java Agent 5.6.3",
          "propertyOrder" : 5960,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "cdssoDomainList" : {
          "title" : "CDSSO Domain List",
          "description" : "Domains for which cookies have to be set in a CDSSO scenario. <br> Example: <br> .forgerock.com <br>Property: org.forgerock.agents.jwt.cookie.domain.list <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 5800,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "cookieResetNames" : {
          "title" : "Cookies Reset Name List",
          "description" : "Cookie names that will be reset by the Agent if Cookie Reset is enabled.<br>Property: org.forgerock.agents.cookie.reset.name.list <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 4700,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "acceptSsoTokenEnabled" : {
          "title" : "Accept SSO Tokens",
          "description" : "When true, the Agent does not attempt to convert SSO tokens to OIDC tokens. Use this option to continue to use SSO tokens, when the Agent and the token issuer are in the same domain.<br>When false, the Agent accepts SSO tokens and converts them to OIDC tokens. Use this option for better security, and in applications and APIs where the backend requires user information in form of an OIDC token.<br>Default: False<br>Type: Boolean<br> Hot-swap: Yes<br>Property: org.forgerock.agents.accept.sso.tokens.enabled <br>Introduced in Java Agent 5.8",
          "propertyOrder" : 5801,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "cdssoSecureCookies" : {
          "title" : "Transmit Cookies Securely",
          "description" : "When true, all cookies written by the Java Agent are secure. <br>Default: false.<br>Property: org.forgerock.agents.secure.cookies.enabled <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 5700,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "cdssoRedirectUri" : {
          "title" : "CDSSO Redirect URI",
          "description" : "An intermediate URI that is used by the Agent for processing CDSSO requests. <br>Property: org.forgerock.agents.authn.redirect.uri <br>Valid for Java Agent 5.0 onwards",
          "propertyOrder" : 5100,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "setCookieInternalMap" : {
          "title" : "Set-Cookie Internal Map",
          "description" : "Text from this map will be added directly into the Set-Cookie header when creating \"internal\" cookies (e.g. the am-auth-jwt and pre-auth cookies). This allows, among other things, the same-site value to be manipulated. The key is the cookie name, the value is any arbitrary text suitable for the Set-Cookie header. Users should remember semicolons if they wish to add multiple values.  Values inappropriate for the header will likely cause the Agent to fail to create the relevant cookie. <br>Property: org.forgerock.agents.set.cookie.internal.map <br>Introduced in Java Agent 5.6.3",
          "propertyOrder" : 5940,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        }
      }
    }
  }
}