Amster

JwtProofOfPossessionModule

Realm Operations

Resource path:

/realm-config/authentication/modules/authJwtPoP

Resource version: 1.0

create

Usage

am> create JwtProofOfPossessionModule --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "responseEncryptionCipher" : {
      "title" : "Response Encryption Cipher",
      "description" : "The authenticated encryption (AEAD) scheme to use for the response.",
      "propertyOrder" : 350,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "enableTlsSessionBinding" : {
      "title" : "Use TLS Session Binding",
      "description" : "If enabled the response must arrive in the same TLS (HTTPS) session as the challenge was issued.",
      "propertyOrder" : 400,
      "required" : true,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "subjectJwkSetAttr" : {
      "title" : "Subject JWK Set Attribute",
      "description" : "Subject profile attribute that contains a JWK Set of confirmation and encryption keys.",
      "propertyOrder" : 100,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "authenticationLevel" : {
      "title" : "Authentication Level",
      "description" : "The authentication level associated with this module.",
      "propertyOrder" : 10000,
      "required" : true,
      "type" : "integer",
      "exampleValue" : ""
    },
    "responseEncryptionMethod" : {
      "title" : "Response Encryption Scheme",
      "description" : "Key exchange method to use for responses: ephemeral elliptic curve Diffie-Hellman (ECDHE)key agreement or using a pre-shared key (PSK) from the subject's JWK Set.",
      "propertyOrder" : 300,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "challengeSigningKey" : {
      "title" : "Challenge Signing Key",
      "description" : "Name of the key (in the AM keystore) to use to sign challenges.",
      "propertyOrder" : 200,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    }
  }
}

delete

Usage

am> delete JwtProofOfPossessionModule --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action JwtProofOfPossessionModule --realm Realm --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action JwtProofOfPossessionModule --realm Realm --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action JwtProofOfPossessionModule --realm Realm --actionName nextdescendents

query

Get the full list of instances of this collection. This query only supports _queryFilter=true filter.

Usage

am> query JwtProofOfPossessionModule --realm Realm --filter filter

Parameters

--filter

A CREST formatted query filter, where "true" will query all.

read

Usage

am> read JwtProofOfPossessionModule --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

update

Usage

am> update JwtProofOfPossessionModule --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "responseEncryptionCipher" : {
      "title" : "Response Encryption Cipher",
      "description" : "The authenticated encryption (AEAD) scheme to use for the response.",
      "propertyOrder" : 350,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "enableTlsSessionBinding" : {
      "title" : "Use TLS Session Binding",
      "description" : "If enabled the response must arrive in the same TLS (HTTPS) session as the challenge was issued.",
      "propertyOrder" : 400,
      "required" : true,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "subjectJwkSetAttr" : {
      "title" : "Subject JWK Set Attribute",
      "description" : "Subject profile attribute that contains a JWK Set of confirmation and encryption keys.",
      "propertyOrder" : 100,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "authenticationLevel" : {
      "title" : "Authentication Level",
      "description" : "The authentication level associated with this module.",
      "propertyOrder" : 10000,
      "required" : true,
      "type" : "integer",
      "exampleValue" : ""
    },
    "responseEncryptionMethod" : {
      "title" : "Response Encryption Scheme",
      "description" : "Key exchange method to use for responses: ephemeral elliptic curve Diffie-Hellman (ECDHE)key agreement or using a pre-shared key (PSK) from the subject's JWK Set.",
      "propertyOrder" : 300,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "challengeSigningKey" : {
      "title" : "Challenge Signing Key",
      "description" : "Name of the key (in the AM keystore) to use to sign challenges.",
      "propertyOrder" : 200,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    }
  }
}

Global Operations

Resource path:

/global-config/authentication/modules/authJwtPoP

Resource version: 1.0

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action JwtProofOfPossessionModule --global --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action JwtProofOfPossessionModule --global --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action JwtProofOfPossessionModule --global --actionName nextdescendents

read

Usage

am> read JwtProofOfPossessionModule --global

update

Usage

am> update JwtProofOfPossessionModule --global --body body

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "defaults" : {
      "properties" : {
        "enableTlsSessionBinding" : {
          "title" : "Use TLS Session Binding",
          "description" : "If enabled the response must arrive in the same TLS (HTTPS) session as the challenge was issued.",
          "propertyOrder" : 400,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "subjectJwkSetAttr" : {
          "title" : "Subject JWK Set Attribute",
          "description" : "Subject profile attribute that contains a JWK Set of confirmation and encryption keys.",
          "propertyOrder" : 100,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "authenticationLevel" : {
          "title" : "Authentication Level",
          "description" : "The authentication level associated with this module.",
          "propertyOrder" : 10000,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "responseEncryptionMethod" : {
          "title" : "Response Encryption Scheme",
          "description" : "Key exchange method to use for responses: ephemeral elliptic curve Diffie-Hellman (ECDHE)key agreement or using a pre-shared key (PSK) from the subject's JWK Set.",
          "propertyOrder" : 300,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "challengeSigningKey" : {
          "title" : "Challenge Signing Key",
          "description" : "Name of the key (in the AM keystore) to use to sign challenges.",
          "propertyOrder" : 200,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "responseEncryptionCipher" : {
          "title" : "Response Encryption Cipher",
          "description" : "The authenticated encryption (AEAD) scheme to use for the response.",
          "propertyOrder" : 350,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        }
      },
      "type" : "object",
      "title" : "Realm Defaults"
    }
  }
}
Copyright © 2010-2023 ForgeRock, all rights reserved.