WindowsDesktopSsoModule
Realm Operations
Resource path:
/realm-config/authentication/modules/windowsdesktopsso
Resource version: 1.0
create
Usage
am> create WindowsDesktopSsoModule --realm Realm --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "trustedKerberosRealms" : { "title" : "Trusted Kerberos realms", "description" : "List of trusted Kerberos realms for User Kerberos tickets.<br><br>If realms are configured, then Kerberos tickets are only accepted if the realm part of the UserPrincipalName of the Users Kerberos ticket matches a realm from the list.", "propertyOrder" : 700, "required" : true, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "authenticationLevel" : { "title" : "Authentication Level", "description" : "The authentication level associated with this module.<br><br>Each authentication module has an authentication level that can be used to indicate the level of security associated with the module; 0 is the lowest (and the default).", "propertyOrder" : 600, "required" : true, "type" : "integer", "exampleValue" : "" }, "principalName" : { "title" : "Service Principal", "description" : "The name of the Kerberos principal used during authentication<br><br>This principal must match the name used in the keytab file created from the Active Directory server.<br/>The format of the field is as follows:<br/><br/><code>HTTP/openam.forgerock.com@AD_DOMAIN.COM</code>", "propertyOrder" : 100, "required" : true, "type" : "string", "exampleValue" : "" }, "kerberosRealm" : { "title" : "Kerberos Realm", "description" : "The name of the Kerberos (Active Directory) realm used for authentication", "propertyOrder" : 300, "required" : true, "type" : "string", "exampleValue" : "" }, "lookupUserInRealm" : { "title" : "Search for the user in the realm", "description" : "Validate that the user has a matched user profile configured in the data store.<br><br>If this option is enabled, the module validates whether the account corresponds to a user profile in the Data Store for the realm. The attributes to perform the search are configured under <i>Access Control > Realm Name > Authentication > All Core settings > Alias Search Attribute Name</i>.", "propertyOrder" : 800, "required" : true, "type" : "boolean", "exampleValue" : "" }, "keytabFileName" : { "title" : "Keytab File Name", "description" : "The path of the AD keytab file<br><br>This is the absolute pathname of the AD keytab file. The keytab file is generated by the Active Directory server.", "propertyOrder" : 200, "required" : true, "type" : "string", "exampleValue" : "" }, "kerberosServiceIsinitiator" : { "title" : "isInitiator", "description" : "Configuration used for JDK Kerbrose LoginModule. True, if initiator. False, if acceptor only. Default is true", "propertyOrder" : 900, "required" : true, "type" : "boolean", "exampleValue" : "" }, "returnPrincipalWithDomainName" : { "title" : "Return Principal with Domain Name", "description" : "Returns the fully qualified name of the authenticated user rather than just the username.", "propertyOrder" : 500, "required" : true, "type" : "boolean", "exampleValue" : "" }, "kerberosServerName" : { "title" : "Kerberos Server Name", "description" : "The hostname/IP address of the Kerberos (Active Directory) server.", "propertyOrder" : 400, "required" : true, "type" : "string", "exampleValue" : "" } } }
delete
Usage
am> delete WindowsDesktopSsoModule --realm Realm --id id
Parameters
- --id
-
The unique identifier for the resource.
getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
Usage
am> action WindowsDesktopSsoModule --realm Realm --actionName getAllTypes
getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
Usage
am> action WindowsDesktopSsoModule --realm Realm --actionName getCreatableTypes
nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
Usage
am> action WindowsDesktopSsoModule --realm Realm --actionName nextdescendents
query
Get the full list of instances of this collection. This query only supports _queryFilter=true
filter.
Usage
am> query WindowsDesktopSsoModule --realm Realm --filter filter
Parameters
- --filter
-
A CREST formatted query filter, where "true" will query all.
read
Usage
am> read WindowsDesktopSsoModule --realm Realm --id id
Parameters
- --id
-
The unique identifier for the resource.
update
Usage
am> update WindowsDesktopSsoModule --realm Realm --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "trustedKerberosRealms" : { "title" : "Trusted Kerberos realms", "description" : "List of trusted Kerberos realms for User Kerberos tickets.<br><br>If realms are configured, then Kerberos tickets are only accepted if the realm part of the UserPrincipalName of the Users Kerberos ticket matches a realm from the list.", "propertyOrder" : 700, "required" : true, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "authenticationLevel" : { "title" : "Authentication Level", "description" : "The authentication level associated with this module.<br><br>Each authentication module has an authentication level that can be used to indicate the level of security associated with the module; 0 is the lowest (and the default).", "propertyOrder" : 600, "required" : true, "type" : "integer", "exampleValue" : "" }, "principalName" : { "title" : "Service Principal", "description" : "The name of the Kerberos principal used during authentication<br><br>This principal must match the name used in the keytab file created from the Active Directory server.<br/>The format of the field is as follows:<br/><br/><code>HTTP/openam.forgerock.com@AD_DOMAIN.COM</code>", "propertyOrder" : 100, "required" : true, "type" : "string", "exampleValue" : "" }, "kerberosRealm" : { "title" : "Kerberos Realm", "description" : "The name of the Kerberos (Active Directory) realm used for authentication", "propertyOrder" : 300, "required" : true, "type" : "string", "exampleValue" : "" }, "lookupUserInRealm" : { "title" : "Search for the user in the realm", "description" : "Validate that the user has a matched user profile configured in the data store.<br><br>If this option is enabled, the module validates whether the account corresponds to a user profile in the Data Store for the realm. The attributes to perform the search are configured under <i>Access Control > Realm Name > Authentication > All Core settings > Alias Search Attribute Name</i>.", "propertyOrder" : 800, "required" : true, "type" : "boolean", "exampleValue" : "" }, "keytabFileName" : { "title" : "Keytab File Name", "description" : "The path of the AD keytab file<br><br>This is the absolute pathname of the AD keytab file. The keytab file is generated by the Active Directory server.", "propertyOrder" : 200, "required" : true, "type" : "string", "exampleValue" : "" }, "kerberosServiceIsinitiator" : { "title" : "isInitiator", "description" : "Configuration used for JDK Kerbrose LoginModule. True, if initiator. False, if acceptor only. Default is true", "propertyOrder" : 900, "required" : true, "type" : "boolean", "exampleValue" : "" }, "returnPrincipalWithDomainName" : { "title" : "Return Principal with Domain Name", "description" : "Returns the fully qualified name of the authenticated user rather than just the username.", "propertyOrder" : 500, "required" : true, "type" : "boolean", "exampleValue" : "" }, "kerberosServerName" : { "title" : "Kerberos Server Name", "description" : "The hostname/IP address of the Kerberos (Active Directory) server.", "propertyOrder" : 400, "required" : true, "type" : "string", "exampleValue" : "" } } }
Global Operations
Resource path:
/global-config/authentication/modules/windowsdesktopsso
Resource version: 1.0
getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
Usage
am> action WindowsDesktopSsoModule --global --actionName getAllTypes
getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
Usage
am> action WindowsDesktopSsoModule --global --actionName getCreatableTypes
nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
Usage
am> action WindowsDesktopSsoModule --global --actionName nextdescendents
update
Usage
am> update WindowsDesktopSsoModule --global --body body
Parameters
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "defaults" : { "properties" : { "keytabFileName" : { "title" : "Keytab File Name", "description" : "The path of the AD keytab file<br><br>This is the absolute pathname of the AD keytab file. The keytab file is generated by the Active Directory server.", "propertyOrder" : 200, "required" : true, "type" : "string", "exampleValue" : "" }, "kerberosRealm" : { "title" : "Kerberos Realm", "description" : "The name of the Kerberos (Active Directory) realm used for authentication", "propertyOrder" : 300, "required" : true, "type" : "string", "exampleValue" : "" }, "returnPrincipalWithDomainName" : { "title" : "Return Principal with Domain Name", "description" : "Returns the fully qualified name of the authenticated user rather than just the username.", "propertyOrder" : 500, "required" : true, "type" : "boolean", "exampleValue" : "" }, "trustedKerberosRealms" : { "title" : "Trusted Kerberos realms", "description" : "List of trusted Kerberos realms for User Kerberos tickets.<br><br>If realms are configured, then Kerberos tickets are only accepted if the realm part of the UserPrincipalName of the Users Kerberos ticket matches a realm from the list.", "propertyOrder" : 700, "required" : true, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "kerberosServiceIsinitiator" : { "title" : "isInitiator", "description" : "Configuration used for JDK Kerbrose LoginModule. True, if initiator. False, if acceptor only. Default is true", "propertyOrder" : 900, "required" : true, "type" : "boolean", "exampleValue" : "" }, "kerberosServerName" : { "title" : "Kerberos Server Name", "description" : "The hostname/IP address of the Kerberos (Active Directory) server.", "propertyOrder" : 400, "required" : true, "type" : "string", "exampleValue" : "" }, "authenticationLevel" : { "title" : "Authentication Level", "description" : "The authentication level associated with this module.<br><br>Each authentication module has an authentication level that can be used to indicate the level of security associated with the module; 0 is the lowest (and the default).", "propertyOrder" : 600, "required" : true, "type" : "integer", "exampleValue" : "" }, "lookupUserInRealm" : { "title" : "Search for the user in the realm", "description" : "Validate that the user has a matched user profile configured in the data store.<br><br>If this option is enabled, the module validates whether the account corresponds to a user profile in the Data Store for the realm. The attributes to perform the search are configured under <i>Access Control > Realm Name > Authentication > All Core settings > Alias Search Attribute Name</i>.", "propertyOrder" : 800, "required" : true, "type" : "boolean", "exampleValue" : "" }, "principalName" : { "title" : "Service Principal", "description" : "The name of the Kerberos principal used during authentication<br><br>This principal must match the name used in the keytab file created from the Active Directory server.<br/>The format of the field is as follows:<br/><br/><code>HTTP/openam.forgerock.com@AD_DOMAIN.COM</code>", "propertyOrder" : 100, "required" : true, "type" : "string", "exampleValue" : "" } }, "type" : "object", "title" : "Realm Defaults" } } }