UserSelfService
Realm Operations
Resource path:
/realm-config/services/selfService
Resource version: 1.0
create
Usage
am> create UserSelfService --realm Realm --body body
Parameters
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "userRegistration" : { "type" : "object", "title" : "User Registration", "propertyOrder" : 1, "properties" : { "userRegistrationEnabled" : { "title" : "User Registration", "description" : "If enabled, new users can sign up for an account.", "propertyOrder" : 90, "required" : true, "type" : "boolean", "exampleValue" : "" }, "userRegisteredDestination" : { "title" : "Destination After Successful Self-Registration", "description" : "Specifies the action to be taken after a user successfully registers a new account. Choose from:<ul><li><code>default</code>. User is sent to a success page without being logged in.</li><li><code>login</code>. User is sent to the login page to authenticate.</li><li><code>autologin</code>. User is automatically logged in and sent to the appropriate page.</li></ul>", "propertyOrder" : 161, "required" : true, "type" : "string", "exampleValue" : "" }, "userRegistrationEmailSubject" : { "title" : "Outgoing Email Subject", "description" : "Customize the User Self-Registration verification email subject text. Format is <code>locale|subject text</code>.", "propertyOrder" : 140, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "userRegistrationValidUserAttributes" : { "title" : "Valid Creation Attributes", "description" : "Specifies a whitelist of user attributes that can be set during user creation.", "propertyOrder" : 160, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "userRegistrationEmailVerificationFirstEnabled" : { "title" : "Verify Email before User Detail", "description" : "If enabled, email address verification will be performed first before user details screen is displayed. This will take effect only if Verify Email is enabled.", "propertyOrder" : 110, "required" : false, "type" : "boolean", "exampleValue" : "" }, "userRegistrationTokenTTL" : { "title" : "Token Lifetime (seconds)", "description" : "Maximum lifetime of the token allowing User Self-Registration, in seconds.", "propertyOrder" : 130, "required" : false, "type" : "integer", "exampleValue" : "" }, "userRegistrationEmailBody" : { "title" : "Outgoing Email Body", "description" : "Customize the User Self-Registration verification email body text. Format is: <code>locale|body text</code>.", "propertyOrder" : 150, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "userRegistrationKbaEnabled" : { "title" : "Security Questions", "description" : "If enabled, users must set up their security questions during the self-registration process.", "propertyOrder" : 120, "required" : false, "type" : "boolean", "exampleValue" : "" }, "userRegistrationCaptchaEnabled" : { "title" : "Captcha", "description" : "If enabled, users must pass a Google reCAPTCHA challenge during user self-registration to mitigate against software bots.", "propertyOrder" : 100, "required" : false, "type" : "boolean", "exampleValue" : "" }, "userRegistrationEmailVerificationEnabled" : { "title" : "Email Verification", "description" : "If enabled, users who self-register must perform email address verification.", "propertyOrder" : 110, "required" : false, "type" : "boolean", "exampleValue" : "" } } }, "advancedConfig" : { "type" : "object", "title" : "Advanced Configuration", "propertyOrder" : 5, "properties" : { "forgottenPasswordServiceConfigClass" : { "title" : "Forgotten Password Service Config Provider Class", "description" : "Specifies the provider class to configure any custom plugins.", "propertyOrder" : 360, "required" : false, "type" : "string", "exampleValue" : "" }, "forgottenPasswordConfirmationUrl" : { "title" : "Forgotten Password Confirmation Email URL", "description" : "Specifies the confirmation URL that the user receives after confirming their identity during the forgotten password process. The <code>${realm}</code> string is replaced with the current realm.", "propertyOrder" : 340, "required" : false, "type" : "string", "exampleValue" : "" }, "userRegistrationConfirmationUrl" : { "title" : "User Registration Confirmation Email URL", "description" : "Specifies the confirmation URL that the user receives during the self-registration process. The <code>${realm}</code> string is replaced with the current realm.", "propertyOrder" : 330, "required" : false, "type" : "string", "exampleValue" : "" }, "userRegistrationServiceConfigClass" : { "title" : "User Registration Service Config Provider Class", "description" : "Specifies the provider class to configure any custom plugins.", "propertyOrder" : 350, "required" : false, "type" : "string", "exampleValue" : "" }, "forgottenUsernameServiceConfigClass" : { "title" : "Forgotten Username Service Config Provider Class", "description" : "Specifies the provider class to configure any custom plugins.", "propertyOrder" : 370, "required" : false, "type" : "string", "exampleValue" : "" } } }, "generalConfig" : { "type" : "object", "title" : "General Configuration", "propertyOrder" : 0, "properties" : { "minimumAnswersToDefine" : { "title" : "Minimum Answers to Define", "description" : "Specifies the minimum number of KBA answers that users must define.", "propertyOrder" : 60, "required" : false, "type" : "integer", "exampleValue" : "" }, "signingSecretKeyAlias" : { "title" : "Signing Secret Key Alias", "description" : "A signing secret key alias in the OpenAM server's JCEKS keystore. Used to sign the JWT token that OpenAM uses to track end users during User Self-Service operations.", "propertyOrder" : 10, "required" : true, "type" : "string", "exampleValue" : "selfservicesigntest" }, "captchaVerificationUrl" : { "title" : "Google Re-captcha Verification URL", "description" : "Google reCAPTCHA plugin verification URL.", "propertyOrder" : 40, "required" : false, "type" : "string", "exampleValue" : "" }, "encryptionKeyPairAlias" : { "title" : "Encryption Key Pair Alias", "description" : "An encryption key alias in the OpenAM server's JCEKS keystore. Used to encrypt the JWT token that OpenAM uses to track end users during User Self-Service operations.", "propertyOrder" : 0, "required" : true, "type" : "string", "exampleValue" : "selfserviceenctest" }, "kbaQuestions" : { "title" : "Security Questions", "description" : "Specifies the default set of knowledge-based authentication (KBA) security questions. The security questions can be set for the User Self-Registration, forgotten password reset, and forgotten username services, respectively.<p><p>Format is <code>unique key|locale|question</code>.", "propertyOrder" : 50, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "captchaSiteKey" : { "title" : "Google reCAPTCHA Site Key", "description" : "Google reCAPTCHA plugin site key.", "propertyOrder" : 20, "required" : false, "type" : "string", "exampleValue" : "" }, "validQueryAttributes" : { "title" : "Valid Query Attributes", "description" : "Specifies the valid query attributes used to search for the user. This is a list of attributes used to identify your account for forgotten password and forgotten username.", "propertyOrder" : 80, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "captchaSecretKey" : { "title" : "Google reCAPTCHA Secret Key", "description" : "Google reCAPTCHA plugin secret key.", "propertyOrder" : 30, "required" : false, "type" : "string", "exampleValue" : "" }, "minimumAnswersToVerify" : { "title" : "Minimum Answers to Verify", "description" : "Specifies the minimum number of KBA questions that users need to answer to be granted the privilege to carry out an action, such as registering for an account, resetting a password, or retrieving a username. Specify a value from <code>0</code> to <code>50</code>.", "propertyOrder" : 70, "required" : false, "type" : "integer", "exampleValue" : "" } } }, "forgottenUsername" : { "type" : "object", "title" : "Forgotten Username", "propertyOrder" : 3, "properties" : { "forgottenUsernameEmailSubject" : { "title" : "Outgoing Email Subject", "description" : "Customizes the forgotten username email subject text. Format is <code>locale|subject text</code>.", "propertyOrder" : 300, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "forgottenUsernameKbaEnabled" : { "title" : "Security Questions", "description" : "If enabled, users must answer their security questions during the forgotten username process.", "propertyOrder" : 260, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenUsernameCaptchaEnabled" : { "title" : "Captcha", "description" : "If enabled, users must pass a Google reCAPTCHA challenge during the forgotten username retrieval process to mitigate against software bots.", "propertyOrder" : 250, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenUsernameTokenTTL" : { "title" : "Token LifeTime (seconds)", "description" : "Maximum lifetime for the token allowing forgotten username, in seconds.", "propertyOrder" : 290, "required" : false, "type" : "integer", "exampleValue" : "" }, "forgottenUsernameShowUsernameEnabled" : { "title" : "Show Username", "description" : "If enabled, users see their forgotten username on the browser page.", "propertyOrder" : 280, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenUsernameEmailBody" : { "title" : "Outgoing Email Body", "description" : "Customizes the forgotten username email body text. Format is <code>locale|body text</code>.", "propertyOrder" : 310, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "forgottenUsernameEmailUsernameEnabled" : { "title" : "Email Username", "description" : "If enabled, users receive their forgotten username by email.", "propertyOrder" : 270, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenUsernameEnabled" : { "title" : "Forgotten Username", "description" : "If enabled, users can retrieve their forgotten username.", "propertyOrder" : 240, "required" : true, "type" : "boolean", "exampleValue" : "" } } }, "forgottenPassword" : { "type" : "object", "title" : "Forgotten Password", "propertyOrder" : 2, "properties" : { "forgottenPasswordEmailSubject" : { "title" : "Outgoing Email Subject", "description" : "Customize the forgotten password email subject text. Format is <code>locale|subject text</code>.", "propertyOrder" : 220, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "forgottenPasswordCaptchaEnabled" : { "title" : "Captcha", "description" : "If enabled, users must pass a Google reCAPTCHA challenge during password reset to mitigate against software bots.", "propertyOrder" : 180, "required" : false, "type" : "boolean", "exampleValue" : "" }, "numberOfAllowedAttempts" : { "title" : "Lock Out After number of attempts", "description" : "Can be set to 1 or more attempts for a user to correctly answer all their security questions. After the number of configured attempts the user has not correctly answered them the password reset feature will be disabled.", "propertyOrder" : 202, "required" : false, "type" : "integer", "exampleValue" : "" }, "forgottenPasswordEmailBody" : { "title" : "Outgoing Email Body", "description" : "Customize the forgotten password email body text. Format is <code>locale|body text</code>.", "propertyOrder" : 230, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "forgottenPasswordEnabled" : { "title" : "Forgotten Password", "description" : "If enabled, users can reset their forgotten password.", "propertyOrder" : 170, "required" : true, "type" : "boolean", "exampleValue" : "" }, "numberOfAttemptsEnforced" : { "title" : "Enforce password reset lockout", "description" : "If enabled, users will be prevented from resetting their password after the configured number of failed attempts.", "propertyOrder" : 201, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenPasswordTokenTTL" : { "title" : "Token Lifetime (seconds)", "description" : "Maximum lifetime for the token allowing forgotten password reset, in seconds.<p><p>Specify a value from <code>0</code> to <code>2147483647</code>.", "propertyOrder" : 210, "required" : false, "type" : "integer", "exampleValue" : "" }, "forgottenPasswordEmailVerificationEnabled" : { "title" : "Email Verification", "description" : "If enabled, users who reset passwords must perform email address verification.", "propertyOrder" : 190, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenPasswordTokenPaddingLength" : { "title" : "Token Padding Length (bytes)", "description" : "Desired length of the 'state' parameter in the JWT after padding. This should be greater than the highest possible sum of lengths for a username + userId + email to avoid the possibility of account enumeration based on the JWT length.", "propertyOrder" : 215, "required" : false, "type" : "integer", "exampleValue" : "" }, "forgottenPasswordKbaEnabled" : { "title" : "Security Questions", "description" : "If enabled, users must answer their security questions during the forgotten password process.", "propertyOrder" : 200, "required" : false, "type" : "boolean", "exampleValue" : "" } } }, "profileManagement" : { "type" : "object", "title" : "Profile Management", "propertyOrder" : 4, "properties" : { "profileAttributeWhitelist" : { "title" : "Self readable attributes", "description" : "Specifies the list of attributes that users can view when accessing their user profile.", "propertyOrder" : 325, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "profileProtectedUserAttributes" : { "title" : "Protected Update Attributes", "description" : "Specifies a profile's protected user attributes, which causes re-authentication when the user attempts to modify these attributes.", "propertyOrder" : 320, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" } } } } }
getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
Usage
am> action UserSelfService --realm Realm --actionName getAllTypes
getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
Usage
am> action UserSelfService --realm Realm --actionName getCreatableTypes
nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
Usage
am> action UserSelfService --realm Realm --actionName nextdescendents
update
Usage
am> update UserSelfService --realm Realm --body body
Parameters
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "userRegistration" : { "type" : "object", "title" : "User Registration", "propertyOrder" : 1, "properties" : { "userRegistrationEnabled" : { "title" : "User Registration", "description" : "If enabled, new users can sign up for an account.", "propertyOrder" : 90, "required" : true, "type" : "boolean", "exampleValue" : "" }, "userRegisteredDestination" : { "title" : "Destination After Successful Self-Registration", "description" : "Specifies the action to be taken after a user successfully registers a new account. Choose from:<ul><li><code>default</code>. User is sent to a success page without being logged in.</li><li><code>login</code>. User is sent to the login page to authenticate.</li><li><code>autologin</code>. User is automatically logged in and sent to the appropriate page.</li></ul>", "propertyOrder" : 161, "required" : true, "type" : "string", "exampleValue" : "" }, "userRegistrationEmailSubject" : { "title" : "Outgoing Email Subject", "description" : "Customize the User Self-Registration verification email subject text. Format is <code>locale|subject text</code>.", "propertyOrder" : 140, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "userRegistrationValidUserAttributes" : { "title" : "Valid Creation Attributes", "description" : "Specifies a whitelist of user attributes that can be set during user creation.", "propertyOrder" : 160, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "userRegistrationEmailVerificationFirstEnabled" : { "title" : "Verify Email before User Detail", "description" : "If enabled, email address verification will be performed first before user details screen is displayed. This will take effect only if Verify Email is enabled.", "propertyOrder" : 110, "required" : false, "type" : "boolean", "exampleValue" : "" }, "userRegistrationTokenTTL" : { "title" : "Token Lifetime (seconds)", "description" : "Maximum lifetime of the token allowing User Self-Registration, in seconds.", "propertyOrder" : 130, "required" : false, "type" : "integer", "exampleValue" : "" }, "userRegistrationEmailBody" : { "title" : "Outgoing Email Body", "description" : "Customize the User Self-Registration verification email body text. Format is: <code>locale|body text</code>.", "propertyOrder" : 150, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "userRegistrationKbaEnabled" : { "title" : "Security Questions", "description" : "If enabled, users must set up their security questions during the self-registration process.", "propertyOrder" : 120, "required" : false, "type" : "boolean", "exampleValue" : "" }, "userRegistrationCaptchaEnabled" : { "title" : "Captcha", "description" : "If enabled, users must pass a Google reCAPTCHA challenge during user self-registration to mitigate against software bots.", "propertyOrder" : 100, "required" : false, "type" : "boolean", "exampleValue" : "" }, "userRegistrationEmailVerificationEnabled" : { "title" : "Email Verification", "description" : "If enabled, users who self-register must perform email address verification.", "propertyOrder" : 110, "required" : false, "type" : "boolean", "exampleValue" : "" } } }, "advancedConfig" : { "type" : "object", "title" : "Advanced Configuration", "propertyOrder" : 5, "properties" : { "forgottenPasswordServiceConfigClass" : { "title" : "Forgotten Password Service Config Provider Class", "description" : "Specifies the provider class to configure any custom plugins.", "propertyOrder" : 360, "required" : false, "type" : "string", "exampleValue" : "" }, "forgottenPasswordConfirmationUrl" : { "title" : "Forgotten Password Confirmation Email URL", "description" : "Specifies the confirmation URL that the user receives after confirming their identity during the forgotten password process. The <code>${realm}</code> string is replaced with the current realm.", "propertyOrder" : 340, "required" : false, "type" : "string", "exampleValue" : "" }, "userRegistrationConfirmationUrl" : { "title" : "User Registration Confirmation Email URL", "description" : "Specifies the confirmation URL that the user receives during the self-registration process. The <code>${realm}</code> string is replaced with the current realm.", "propertyOrder" : 330, "required" : false, "type" : "string", "exampleValue" : "" }, "userRegistrationServiceConfigClass" : { "title" : "User Registration Service Config Provider Class", "description" : "Specifies the provider class to configure any custom plugins.", "propertyOrder" : 350, "required" : false, "type" : "string", "exampleValue" : "" }, "forgottenUsernameServiceConfigClass" : { "title" : "Forgotten Username Service Config Provider Class", "description" : "Specifies the provider class to configure any custom plugins.", "propertyOrder" : 370, "required" : false, "type" : "string", "exampleValue" : "" } } }, "generalConfig" : { "type" : "object", "title" : "General Configuration", "propertyOrder" : 0, "properties" : { "minimumAnswersToDefine" : { "title" : "Minimum Answers to Define", "description" : "Specifies the minimum number of KBA answers that users must define.", "propertyOrder" : 60, "required" : false, "type" : "integer", "exampleValue" : "" }, "signingSecretKeyAlias" : { "title" : "Signing Secret Key Alias", "description" : "A signing secret key alias in the OpenAM server's JCEKS keystore. Used to sign the JWT token that OpenAM uses to track end users during User Self-Service operations.", "propertyOrder" : 10, "required" : true, "type" : "string", "exampleValue" : "selfservicesigntest" }, "captchaVerificationUrl" : { "title" : "Google Re-captcha Verification URL", "description" : "Google reCAPTCHA plugin verification URL.", "propertyOrder" : 40, "required" : false, "type" : "string", "exampleValue" : "" }, "encryptionKeyPairAlias" : { "title" : "Encryption Key Pair Alias", "description" : "An encryption key alias in the OpenAM server's JCEKS keystore. Used to encrypt the JWT token that OpenAM uses to track end users during User Self-Service operations.", "propertyOrder" : 0, "required" : true, "type" : "string", "exampleValue" : "selfserviceenctest" }, "kbaQuestions" : { "title" : "Security Questions", "description" : "Specifies the default set of knowledge-based authentication (KBA) security questions. The security questions can be set for the User Self-Registration, forgotten password reset, and forgotten username services, respectively.<p><p>Format is <code>unique key|locale|question</code>.", "propertyOrder" : 50, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "captchaSiteKey" : { "title" : "Google reCAPTCHA Site Key", "description" : "Google reCAPTCHA plugin site key.", "propertyOrder" : 20, "required" : false, "type" : "string", "exampleValue" : "" }, "validQueryAttributes" : { "title" : "Valid Query Attributes", "description" : "Specifies the valid query attributes used to search for the user. This is a list of attributes used to identify your account for forgotten password and forgotten username.", "propertyOrder" : 80, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "captchaSecretKey" : { "title" : "Google reCAPTCHA Secret Key", "description" : "Google reCAPTCHA plugin secret key.", "propertyOrder" : 30, "required" : false, "type" : "string", "exampleValue" : "" }, "minimumAnswersToVerify" : { "title" : "Minimum Answers to Verify", "description" : "Specifies the minimum number of KBA questions that users need to answer to be granted the privilege to carry out an action, such as registering for an account, resetting a password, or retrieving a username. Specify a value from <code>0</code> to <code>50</code>.", "propertyOrder" : 70, "required" : false, "type" : "integer", "exampleValue" : "" } } }, "forgottenUsername" : { "type" : "object", "title" : "Forgotten Username", "propertyOrder" : 3, "properties" : { "forgottenUsernameEmailSubject" : { "title" : "Outgoing Email Subject", "description" : "Customizes the forgotten username email subject text. Format is <code>locale|subject text</code>.", "propertyOrder" : 300, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "forgottenUsernameKbaEnabled" : { "title" : "Security Questions", "description" : "If enabled, users must answer their security questions during the forgotten username process.", "propertyOrder" : 260, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenUsernameCaptchaEnabled" : { "title" : "Captcha", "description" : "If enabled, users must pass a Google reCAPTCHA challenge during the forgotten username retrieval process to mitigate against software bots.", "propertyOrder" : 250, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenUsernameTokenTTL" : { "title" : "Token LifeTime (seconds)", "description" : "Maximum lifetime for the token allowing forgotten username, in seconds.", "propertyOrder" : 290, "required" : false, "type" : "integer", "exampleValue" : "" }, "forgottenUsernameShowUsernameEnabled" : { "title" : "Show Username", "description" : "If enabled, users see their forgotten username on the browser page.", "propertyOrder" : 280, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenUsernameEmailBody" : { "title" : "Outgoing Email Body", "description" : "Customizes the forgotten username email body text. Format is <code>locale|body text</code>.", "propertyOrder" : 310, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "forgottenUsernameEmailUsernameEnabled" : { "title" : "Email Username", "description" : "If enabled, users receive their forgotten username by email.", "propertyOrder" : 270, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenUsernameEnabled" : { "title" : "Forgotten Username", "description" : "If enabled, users can retrieve their forgotten username.", "propertyOrder" : 240, "required" : true, "type" : "boolean", "exampleValue" : "" } } }, "forgottenPassword" : { "type" : "object", "title" : "Forgotten Password", "propertyOrder" : 2, "properties" : { "forgottenPasswordEmailSubject" : { "title" : "Outgoing Email Subject", "description" : "Customize the forgotten password email subject text. Format is <code>locale|subject text</code>.", "propertyOrder" : 220, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "forgottenPasswordCaptchaEnabled" : { "title" : "Captcha", "description" : "If enabled, users must pass a Google reCAPTCHA challenge during password reset to mitigate against software bots.", "propertyOrder" : 180, "required" : false, "type" : "boolean", "exampleValue" : "" }, "numberOfAllowedAttempts" : { "title" : "Lock Out After number of attempts", "description" : "Can be set to 1 or more attempts for a user to correctly answer all their security questions. After the number of configured attempts the user has not correctly answered them the password reset feature will be disabled.", "propertyOrder" : 202, "required" : false, "type" : "integer", "exampleValue" : "" }, "forgottenPasswordEmailBody" : { "title" : "Outgoing Email Body", "description" : "Customize the forgotten password email body text. Format is <code>locale|body text</code>.", "propertyOrder" : 230, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "forgottenPasswordEnabled" : { "title" : "Forgotten Password", "description" : "If enabled, users can reset their forgotten password.", "propertyOrder" : 170, "required" : true, "type" : "boolean", "exampleValue" : "" }, "numberOfAttemptsEnforced" : { "title" : "Enforce password reset lockout", "description" : "If enabled, users will be prevented from resetting their password after the configured number of failed attempts.", "propertyOrder" : 201, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenPasswordTokenTTL" : { "title" : "Token Lifetime (seconds)", "description" : "Maximum lifetime for the token allowing forgotten password reset, in seconds.<p><p>Specify a value from <code>0</code> to <code>2147483647</code>.", "propertyOrder" : 210, "required" : false, "type" : "integer", "exampleValue" : "" }, "forgottenPasswordEmailVerificationEnabled" : { "title" : "Email Verification", "description" : "If enabled, users who reset passwords must perform email address verification.", "propertyOrder" : 190, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenPasswordTokenPaddingLength" : { "title" : "Token Padding Length (bytes)", "description" : "Desired length of the 'state' parameter in the JWT after padding. This should be greater than the highest possible sum of lengths for a username + userId + email to avoid the possibility of account enumeration based on the JWT length.", "propertyOrder" : 215, "required" : false, "type" : "integer", "exampleValue" : "" }, "forgottenPasswordKbaEnabled" : { "title" : "Security Questions", "description" : "If enabled, users must answer their security questions during the forgotten password process.", "propertyOrder" : 200, "required" : false, "type" : "boolean", "exampleValue" : "" } } }, "profileManagement" : { "type" : "object", "title" : "Profile Management", "propertyOrder" : 4, "properties" : { "profileAttributeWhitelist" : { "title" : "Self readable attributes", "description" : "Specifies the list of attributes that users can view when accessing their user profile.", "propertyOrder" : 325, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "profileProtectedUserAttributes" : { "title" : "Protected Update Attributes", "description" : "Specifies a profile's protected user attributes, which causes re-authentication when the user attempts to modify these attributes.", "propertyOrder" : 320, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" } } } } }
Global Operations
Resource path:
/global-config/services/selfService
Resource version: 1.0
getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
Usage
am> action UserSelfService --global --actionName getAllTypes
getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
Usage
am> action UserSelfService --global --actionName getCreatableTypes
nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
Usage
am> action UserSelfService --global --actionName nextdescendents
update
Usage
am> update UserSelfService --global --body body
Parameters
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "defaults" : { "properties" : { "forgottenUsername" : { "type" : "object", "title" : "Forgotten Username", "propertyOrder" : 3, "properties" : { "forgottenUsernameEmailSubject" : { "title" : "Outgoing Email Subject", "description" : "Customizes the forgotten username email subject text. Format is <code>locale|subject text</code>.", "propertyOrder" : 300, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "forgottenUsernameKbaEnabled" : { "title" : "Security Questions", "description" : "If enabled, users must answer their security questions during the forgotten username process.", "propertyOrder" : 260, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenUsernameCaptchaEnabled" : { "title" : "Captcha", "description" : "If enabled, users must pass a Google reCAPTCHA challenge during the forgotten username retrieval process to mitigate against software bots.", "propertyOrder" : 250, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenUsernameEmailBody" : { "title" : "Outgoing Email Body", "description" : "Customizes the forgotten username email body text. Format is <code>locale|body text</code>.", "propertyOrder" : 310, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "forgottenUsernameEnabled" : { "title" : "Forgotten Username", "description" : "If enabled, users can retrieve their forgotten username.", "propertyOrder" : 240, "required" : true, "type" : "boolean", "exampleValue" : "" }, "forgottenUsernameEmailUsernameEnabled" : { "title" : "Email Username", "description" : "If enabled, users receive their forgotten username by email.", "propertyOrder" : 270, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenUsernameTokenTTL" : { "title" : "Token LifeTime (seconds)", "description" : "Maximum lifetime for the token allowing forgotten username, in seconds.", "propertyOrder" : 290, "required" : false, "type" : "integer", "exampleValue" : "" }, "forgottenUsernameShowUsernameEnabled" : { "title" : "Show Username", "description" : "If enabled, users see their forgotten username on the browser page.", "propertyOrder" : 280, "required" : false, "type" : "boolean", "exampleValue" : "" } } }, "forgottenPassword" : { "type" : "object", "title" : "Forgotten Password", "propertyOrder" : 2, "properties" : { "forgottenPasswordEnabled" : { "title" : "Forgotten Password", "description" : "If enabled, users can reset their forgotten password.", "propertyOrder" : 170, "required" : true, "type" : "boolean", "exampleValue" : "" }, "forgottenPasswordTokenTTL" : { "title" : "Token Lifetime (seconds)", "description" : "Maximum lifetime for the token allowing forgotten password reset, in seconds.<p><p>Specify a value from <code>0</code> to <code>2147483647</code>.", "propertyOrder" : 210, "required" : false, "type" : "integer", "exampleValue" : "" }, "numberOfAttemptsEnforced" : { "title" : "Enforce password reset lockout", "description" : "If enabled, users will be prevented from resetting their password after the configured number of failed attempts.", "propertyOrder" : 201, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenPasswordEmailVerificationEnabled" : { "title" : "Email Verification", "description" : "If enabled, users who reset passwords must perform email address verification.", "propertyOrder" : 190, "required" : false, "type" : "boolean", "exampleValue" : "" }, "numberOfAllowedAttempts" : { "title" : "Lock Out After number of attempts", "description" : "Can be set to 1 or more attempts for a user to correctly answer all their security questions. After the number of configured attempts the user has not correctly answered them the password reset feature will be disabled.", "propertyOrder" : 202, "required" : false, "type" : "integer", "exampleValue" : "" }, "forgottenPasswordTokenPaddingLength" : { "title" : "Token Padding Length (bytes)", "description" : "Desired length of the 'state' parameter in the JWT after padding. This should be greater than the highest possible sum of lengths for a username + userId + email to avoid the possibility of account enumeration based on the JWT length.", "propertyOrder" : 215, "required" : false, "type" : "integer", "exampleValue" : "" }, "forgottenPasswordEmailBody" : { "title" : "Outgoing Email Body", "description" : "Customize the forgotten password email body text. Format is <code>locale|body text</code>.", "propertyOrder" : 230, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "forgottenPasswordCaptchaEnabled" : { "title" : "Captcha", "description" : "If enabled, users must pass a Google reCAPTCHA challenge during password reset to mitigate against software bots.", "propertyOrder" : 180, "required" : false, "type" : "boolean", "exampleValue" : "" }, "forgottenPasswordEmailSubject" : { "title" : "Outgoing Email Subject", "description" : "Customize the forgotten password email subject text. Format is <code>locale|subject text</code>.", "propertyOrder" : 220, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "forgottenPasswordKbaEnabled" : { "title" : "Security Questions", "description" : "If enabled, users must answer their security questions during the forgotten password process.", "propertyOrder" : 200, "required" : false, "type" : "boolean", "exampleValue" : "" } } }, "generalConfig" : { "type" : "object", "title" : "General Configuration", "propertyOrder" : 0, "properties" : { "captchaVerificationUrl" : { "title" : "Google Re-captcha Verification URL", "description" : "Google reCAPTCHA plugin verification URL.", "propertyOrder" : 40, "required" : false, "type" : "string", "exampleValue" : "" }, "validQueryAttributes" : { "title" : "Valid Query Attributes", "description" : "Specifies the valid query attributes used to search for the user. This is a list of attributes used to identify your account for forgotten password and forgotten username.", "propertyOrder" : 80, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "minimumAnswersToDefine" : { "title" : "Minimum Answers to Define", "description" : "Specifies the minimum number of KBA answers that users must define.", "propertyOrder" : 60, "required" : false, "type" : "integer", "exampleValue" : "" }, "captchaSiteKey" : { "title" : "Google reCAPTCHA Site Key", "description" : "Google reCAPTCHA plugin site key.", "propertyOrder" : 20, "required" : false, "type" : "string", "exampleValue" : "" }, "minimumAnswersToVerify" : { "title" : "Minimum Answers to Verify", "description" : "Specifies the minimum number of KBA questions that users need to answer to be granted the privilege to carry out an action, such as registering for an account, resetting a password, or retrieving a username. Specify a value from <code>0</code> to <code>50</code>.", "propertyOrder" : 70, "required" : false, "type" : "integer", "exampleValue" : "" }, "kbaQuestions" : { "title" : "Security Questions", "description" : "Specifies the default set of knowledge-based authentication (KBA) security questions. The security questions can be set for the User Self-Registration, forgotten password reset, and forgotten username services, respectively.<p><p>Format is <code>unique key|locale|question</code>.", "propertyOrder" : 50, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "encryptionKeyPairAlias" : { "title" : "Encryption Key Pair Alias", "description" : "An encryption key alias in the OpenAM server's JCEKS keystore. Used to encrypt the JWT token that OpenAM uses to track end users during User Self-Service operations.", "propertyOrder" : 0, "required" : true, "type" : "string", "exampleValue" : "selfserviceenctest" }, "captchaSecretKey" : { "title" : "Google reCAPTCHA Secret Key", "description" : "Google reCAPTCHA plugin secret key.", "propertyOrder" : 30, "required" : false, "type" : "string", "exampleValue" : "" }, "signingSecretKeyAlias" : { "title" : "Signing Secret Key Alias", "description" : "A signing secret key alias in the OpenAM server's JCEKS keystore. Used to sign the JWT token that OpenAM uses to track end users during User Self-Service operations.", "propertyOrder" : 10, "required" : true, "type" : "string", "exampleValue" : "selfservicesigntest" } } }, "profileManagement" : { "type" : "object", "title" : "Profile Management", "propertyOrder" : 4, "properties" : { "profileProtectedUserAttributes" : { "title" : "Protected Update Attributes", "description" : "Specifies a profile's protected user attributes, which causes re-authentication when the user attempts to modify these attributes.", "propertyOrder" : 320, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "profileAttributeWhitelist" : { "title" : "Self readable attributes", "description" : "Specifies the list of attributes that users can view when accessing their user profile.", "propertyOrder" : 325, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" } } }, "advancedConfig" : { "type" : "object", "title" : "Advanced Configuration", "propertyOrder" : 5, "properties" : { "forgottenPasswordConfirmationUrl" : { "title" : "Forgotten Password Confirmation Email URL", "description" : "Specifies the confirmation URL that the user receives after confirming their identity during the forgotten password process. The <code>${realm}</code> string is replaced with the current realm.", "propertyOrder" : 340, "required" : false, "type" : "string", "exampleValue" : "" }, "forgottenUsernameServiceConfigClass" : { "title" : "Forgotten Username Service Config Provider Class", "description" : "Specifies the provider class to configure any custom plugins.", "propertyOrder" : 370, "required" : false, "type" : "string", "exampleValue" : "" }, "userRegistrationConfirmationUrl" : { "title" : "User Registration Confirmation Email URL", "description" : "Specifies the confirmation URL that the user receives during the self-registration process. The <code>${realm}</code> string is replaced with the current realm.", "propertyOrder" : 330, "required" : false, "type" : "string", "exampleValue" : "" }, "forgottenPasswordServiceConfigClass" : { "title" : "Forgotten Password Service Config Provider Class", "description" : "Specifies the provider class to configure any custom plugins.", "propertyOrder" : 360, "required" : false, "type" : "string", "exampleValue" : "" }, "userRegistrationServiceConfigClass" : { "title" : "User Registration Service Config Provider Class", "description" : "Specifies the provider class to configure any custom plugins.", "propertyOrder" : 350, "required" : false, "type" : "string", "exampleValue" : "" } } }, "userRegistration" : { "type" : "object", "title" : "User Registration", "propertyOrder" : 1, "properties" : { "userRegistrationEmailBody" : { "title" : "Outgoing Email Body", "description" : "Customize the User Self-Registration verification email body text. Format is: <code>locale|body text</code>.", "propertyOrder" : 150, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "userRegistrationValidUserAttributes" : { "title" : "Valid Creation Attributes", "description" : "Specifies a whitelist of user attributes that can be set during user creation.", "propertyOrder" : 160, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "userRegistrationEmailVerificationFirstEnabled" : { "title" : "Verify Email before User Detail", "description" : "If enabled, email address verification will be performed first before user details screen is displayed. This will take effect only if Verify Email is enabled.", "propertyOrder" : 110, "required" : false, "type" : "boolean", "exampleValue" : "" }, "userRegistrationCaptchaEnabled" : { "title" : "Captcha", "description" : "If enabled, users must pass a Google reCAPTCHA challenge during user self-registration to mitigate against software bots.", "propertyOrder" : 100, "required" : false, "type" : "boolean", "exampleValue" : "" }, "userRegistrationKbaEnabled" : { "title" : "Security Questions", "description" : "If enabled, users must set up their security questions during the self-registration process.", "propertyOrder" : 120, "required" : false, "type" : "boolean", "exampleValue" : "" }, "userRegisteredDestination" : { "title" : "Destination After Successful Self-Registration", "description" : "Specifies the action to be taken after a user successfully registers a new account. Choose from:<ul><li><code>default</code>. User is sent to a success page without being logged in.</li><li><code>login</code>. User is sent to the login page to authenticate.</li><li><code>autologin</code>. User is automatically logged in and sent to the appropriate page.</li></ul>", "propertyOrder" : 161, "required" : true, "type" : "string", "exampleValue" : "" }, "userRegistrationTokenTTL" : { "title" : "Token Lifetime (seconds)", "description" : "Maximum lifetime of the token allowing User Self-Registration, in seconds.", "propertyOrder" : 130, "required" : false, "type" : "integer", "exampleValue" : "" }, "userRegistrationEmailVerificationEnabled" : { "title" : "Email Verification", "description" : "If enabled, users who self-register must perform email address verification.", "propertyOrder" : 110, "required" : false, "type" : "boolean", "exampleValue" : "" }, "userRegistrationEmailSubject" : { "title" : "Outgoing Email Subject", "description" : "Customize the User Self-Registration verification email subject text. Format is <code>locale|subject text</code>.", "propertyOrder" : 140, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "userRegistrationEnabled" : { "title" : "User Registration", "description" : "If enabled, new users can sign up for an account.", "propertyOrder" : 90, "required" : true, "type" : "boolean", "exampleValue" : "" } } } }, "type" : "object", "title" : "Realm Defaults" } } }