WindowsDesktopSsoModule

Realm Operations

Resource path:

/realm-config/authentication/modules/windowsdesktopsso

Resource version: 1.0

create

Usage

am> create WindowsDesktopSsoModule --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "principalName" : {
      "title" : "Service Principal",
      "description" : "The name of the Kerberos principal used during authentication<br><br>This principal must match the name used in the keytab file created from the Active Directory server.<br/>The format of the field is as follows:<br/><br/><code>HTTP/openam.forgerock.com@AD_DOMAIN.COM</code>",
      "propertyOrder" : 100,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "lookupUserInRealm" : {
      "title" : "Search for the user in the realm",
      "description" : "Validate that the user has a matched user profile configured in the data store.<br><br>If this option is enabled, the module validates whether the account corresponds to a user profile in the Data Store for the realm. The attributes to perform the search are configured under <i>Access Control > Realm Name > Authentication > All Core settings > Alias Search Attribute Name</i>.",
      "propertyOrder" : 800,
      "required" : true,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "returnPrincipalWithDomainName" : {
      "title" : "Return Principal with Domain Name",
      "description" : "Returns the fully qualified name of the authenticated user rather than just the username.",
      "propertyOrder" : 500,
      "required" : true,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "keytabFileName" : {
      "title" : "Keytab File Name",
      "description" : "The path of the AD keytab file<br><br>This is the absolute pathname of the AD keytab file. The keytab file is generated by the Active Directory server.",
      "propertyOrder" : 200,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "kerberosServiceIsinitiator" : {
      "title" : "isInitiator",
      "description" : "Configuration used for JDK Kerbrose LoginModule. True, if initiator. False, if acceptor only. Default is true",
      "propertyOrder" : 900,
      "required" : true,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "kerberosRealm" : {
      "title" : "Kerberos Realm",
      "description" : "The name of the Kerberos (Active Directory) realm used for authentication",
      "propertyOrder" : 300,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "trustedKerberosRealms" : {
      "title" : "Trusted Kerberos realms",
      "description" : "List of trusted Kerberos realms for User Kerberos tickets.<br><br>If realms are configured, then Kerberos tickets are only accepted if the realm part of the UserPrincipalName of the Users Kerberos ticket matches a realm from the list.",
      "propertyOrder" : 700,
      "required" : true,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    },
    "kerberosServerName" : {
      "title" : "Kerberos Server Name",
      "description" : "The hostname/IP address of the Kerberos (Active Directory) server.",
      "propertyOrder" : 400,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "authenticationLevel" : {
      "title" : "Authentication Level",
      "description" : "The authentication level associated with this module.<br><br>Each authentication module has an authentication level that can be used to indicate the level of security associated with the module; 0 is the lowest (and the default).",
      "propertyOrder" : 600,
      "required" : true,
      "type" : "integer",
      "exampleValue" : ""
    }
  }
}

delete

Usage

am> delete WindowsDesktopSsoModule --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action WindowsDesktopSsoModule --realm Realm --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action WindowsDesktopSsoModule --realm Realm --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action WindowsDesktopSsoModule --realm Realm --actionName nextdescendents

query

Get the full list of instances of this collection. This query only supports _queryFilter=true filter.

Usage

am> query WindowsDesktopSsoModule --realm Realm --filter filter

Parameters

--filter

A CREST formatted query filter, where "true" will query all.

read

Usage

am> read WindowsDesktopSsoModule --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

update

Usage

am> update WindowsDesktopSsoModule --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "principalName" : {
      "title" : "Service Principal",
      "description" : "The name of the Kerberos principal used during authentication<br><br>This principal must match the name used in the keytab file created from the Active Directory server.<br/>The format of the field is as follows:<br/><br/><code>HTTP/openam.forgerock.com@AD_DOMAIN.COM</code>",
      "propertyOrder" : 100,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "lookupUserInRealm" : {
      "title" : "Search for the user in the realm",
      "description" : "Validate that the user has a matched user profile configured in the data store.<br><br>If this option is enabled, the module validates whether the account corresponds to a user profile in the Data Store for the realm. The attributes to perform the search are configured under <i>Access Control > Realm Name > Authentication > All Core settings > Alias Search Attribute Name</i>.",
      "propertyOrder" : 800,
      "required" : true,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "returnPrincipalWithDomainName" : {
      "title" : "Return Principal with Domain Name",
      "description" : "Returns the fully qualified name of the authenticated user rather than just the username.",
      "propertyOrder" : 500,
      "required" : true,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "keytabFileName" : {
      "title" : "Keytab File Name",
      "description" : "The path of the AD keytab file<br><br>This is the absolute pathname of the AD keytab file. The keytab file is generated by the Active Directory server.",
      "propertyOrder" : 200,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "kerberosServiceIsinitiator" : {
      "title" : "isInitiator",
      "description" : "Configuration used for JDK Kerbrose LoginModule. True, if initiator. False, if acceptor only. Default is true",
      "propertyOrder" : 900,
      "required" : true,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "kerberosRealm" : {
      "title" : "Kerberos Realm",
      "description" : "The name of the Kerberos (Active Directory) realm used for authentication",
      "propertyOrder" : 300,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "trustedKerberosRealms" : {
      "title" : "Trusted Kerberos realms",
      "description" : "List of trusted Kerberos realms for User Kerberos tickets.<br><br>If realms are configured, then Kerberos tickets are only accepted if the realm part of the UserPrincipalName of the Users Kerberos ticket matches a realm from the list.",
      "propertyOrder" : 700,
      "required" : true,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    },
    "kerberosServerName" : {
      "title" : "Kerberos Server Name",
      "description" : "The hostname/IP address of the Kerberos (Active Directory) server.",
      "propertyOrder" : 400,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "authenticationLevel" : {
      "title" : "Authentication Level",
      "description" : "The authentication level associated with this module.<br><br>Each authentication module has an authentication level that can be used to indicate the level of security associated with the module; 0 is the lowest (and the default).",
      "propertyOrder" : 600,
      "required" : true,
      "type" : "integer",
      "exampleValue" : ""
    }
  }
}

Global Operations

Resource path:

/global-config/authentication/modules/windowsdesktopsso

Resource version: 1.0

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action WindowsDesktopSsoModule --global --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action WindowsDesktopSsoModule --global --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action WindowsDesktopSsoModule --global --actionName nextdescendents

read

Usage

am> read WindowsDesktopSsoModule --global

update

Usage

am> update WindowsDesktopSsoModule --global --body body

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "defaults" : {
      "properties" : {
        "trustedKerberosRealms" : {
          "title" : "Trusted Kerberos realms",
          "description" : "List of trusted Kerberos realms for User Kerberos tickets.<br><br>If realms are configured, then Kerberos tickets are only accepted if the realm part of the UserPrincipalName of the Users Kerberos ticket matches a realm from the list.",
          "propertyOrder" : 700,
          "required" : true,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "authenticationLevel" : {
          "title" : "Authentication Level",
          "description" : "The authentication level associated with this module.<br><br>Each authentication module has an authentication level that can be used to indicate the level of security associated with the module; 0 is the lowest (and the default).",
          "propertyOrder" : 600,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "lookupUserInRealm" : {
          "title" : "Search for the user in the realm",
          "description" : "Validate that the user has a matched user profile configured in the data store.<br><br>If this option is enabled, the module validates whether the account corresponds to a user profile in the Data Store for the realm. The attributes to perform the search are configured under <i>Access Control > Realm Name > Authentication > All Core settings > Alias Search Attribute Name</i>.",
          "propertyOrder" : 800,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "kerberosRealm" : {
          "title" : "Kerberos Realm",
          "description" : "The name of the Kerberos (Active Directory) realm used for authentication",
          "propertyOrder" : 300,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "kerberosServiceIsinitiator" : {
          "title" : "isInitiator",
          "description" : "Configuration used for JDK Kerbrose LoginModule. True, if initiator. False, if acceptor only. Default is true",
          "propertyOrder" : 900,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "returnPrincipalWithDomainName" : {
          "title" : "Return Principal with Domain Name",
          "description" : "Returns the fully qualified name of the authenticated user rather than just the username.",
          "propertyOrder" : 500,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "principalName" : {
          "title" : "Service Principal",
          "description" : "The name of the Kerberos principal used during authentication<br><br>This principal must match the name used in the keytab file created from the Active Directory server.<br/>The format of the field is as follows:<br/><br/><code>HTTP/openam.forgerock.com@AD_DOMAIN.COM</code>",
          "propertyOrder" : 100,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "keytabFileName" : {
          "title" : "Keytab File Name",
          "description" : "The path of the AD keytab file<br><br>This is the absolute pathname of the AD keytab file. The keytab file is generated by the Active Directory server.",
          "propertyOrder" : 200,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "kerberosServerName" : {
          "title" : "Kerberos Server Name",
          "description" : "The hostname/IP address of the Kerberos (Active Directory) server.",
          "propertyOrder" : 400,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        }
      },
      "type" : "object",
      "title" : "Realm Defaults"
    }
  }
}