J2EEAgentGroups
Realm Operations
Agent Groups handler that is responsible for managing agent groups
Resource path:
/realm-config/agents/groups/J2EEAgent
Resource version: 1.0
create
Usage
am> create J2EEAgentGroups --realm Realm --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "globalJ2EEAgentConfig" : { "type" : "object", "title" : "Global", "propertyOrder" : 0, "properties" : { "fqdnMapping" : { "title" : "FQDN Virtual Host Map", "description" : "Maps virtual, invalid, or partial hostnames, and IP addresses to the FQDN to access protected resources.<br> Examples: <br> To map the partial hostname myserver to myserver.mydomain.com: enter myserver in the Map Key field and myserver.mydomain.com in the Corresponding Map Value field. To map a virtual server rst.hostname.com that points to the actual server abc.hostname.com: enter valid1 in the Map Key field and rst.hostname.com in the Corresponding Map Value field. <br>Property: org.forgerock.agents.fqdn.map) <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 6600, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "auditLogLocation" : { "title" : "Audit Log Location", "description" : "LOCAL = audit information stored in files based locally to the Agent container <br>REMOTE = audit information logged via AM. <br>Property: org.forgerock.agents.audit.where <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 1600, "required" : false, "type" : "string", "exampleValue" : "" }, "userAttributeName" : { "title" : "User Attribute Name", "description" : "Name of the attribute which contains the user-ID.<br>Property: org.forgerock.agents.user.mapping.mode.attribute.name <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 700, "required" : false, "type" : "string", "exampleValue" : "" }, "lbCookieName" : { "title" : "Load Balancer Cookie Name", "description" : "The name of the load balancer cookies. This property is used only if \"org.forgerock.agents.load.balancer.cookies.enabled\" is true. To improve performance, make sure that this property has the same value as the AM property com.iplanet.amlbcookie.name. <br>Property: org.forgerock.agents.load.balancer.cookie.name <br>Introduced in Java Agent 5.8", "propertyOrder" : 12130, "required" : false, "type" : "string", "exampleValue" : "" }, "loginAttemptLimitCookieName" : { "title" : "Login Attempt Limit Cookie Name", "description" : "The name of the cookie used to record the number of login attempts.<br>Property: org.forgerock.agents.login.counter.cookie.name <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 4500, "required" : false, "type" : "string", "exampleValue" : "" }, "jwtName" : { "title" : "JWT Cookie Name", "description" : "The name used by the agent to set the OIDC JWT on the user's browser.<br>Property: org.forgerock.agents.jwt.cookie.name <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 11201, "required" : false, "type" : "string", "exampleValue" : "" }, "debugLevel" : { "title" : "Agent Debug Level", "description" : "Specifies type of agent debug messages to log.<br>Property: com.iplanet.services.debug.level <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 10000, "required" : false, "type" : "string", "exampleValue" : "" }, "debugLogfileSuffix" : { "title" : "Debug File Rotation Suffix", "description" : "This is a value appended onto the end of the debug file name when it is rotated. The user is free to define it as they want, but if it does not involve a timestamp that produces different file names when the rotation time is reached, log file rotation is unlikely to function correctly<br>Property: org.forgerock.agents.debug.suffix <br>Introduced in Java Agent 5.7", "propertyOrder" : 10020, "required" : false, "type" : "string", "exampleValue" : "" }, "localAuditRotationSize" : { "title" : "Local Audit Log Rotation Size", "description" : "Size limit when a local audit log file is rotated to a new file.<br>Property name: org.forgerock.agents.local.audit.log.rotation.bytes <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 1900, "required" : false, "type" : "integer", "exampleValue" : "" }, "customResponseHeader" : { "title" : "Custom Response Header Map", "description" : "Map specifies the custom headers that are set by the Agent on the client browser. The key is the header name and the value represents the header value.<br> Example: <br> To set the custom header Cache-Control to value no-cache: enter Cache-Control in Map Key field, and enter no-cache in Corresponding Map Value field. <br>Property: org.forgerock.agents.response.header.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 7000, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "preAuthCookieMaxAge" : { "title" : "Max Age of Pre-Authentication Cookie", "description" : "This is the amount of time in seconds before the pre-authn cookie will timeout.<br>Property: org.forgerock.agents.authn.cookie.max.age.seconds <br>Valid for Java Agent 5.6.3 onwards", "propertyOrder" : 11220, "required" : false, "type" : "integer", "exampleValue" : "" }, "localAuditLogfileRetentionCount" : { "title" : "Audit Logfile Retention Count", "description" : "The number of audit log files to retain after rotation has occurred.Property: org.forgerock.agents.local.audit.log.retention.count <br>Introduced in Java Agent 5.7", "propertyOrder" : 2100, "required" : false, "type" : "integer", "exampleValue" : "" }, "configurationReloadInterval" : { "title" : "Configuration Reload Interval", "description" : "Only used when websocket notifications are disabled, specifies interval in seconds after which config is reloaded automatically by the Agent. <br>Property: org.forgerock.agents.config.reload.seconds <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 1200, "required" : false, "type" : "integer", "exampleValue" : "" }, "userMappingMode" : { "title" : "User Mapping Mode", "description" : "Specifies mechanism agent uses to determine user-ID.<br>Property: org.forgerock.agents.user.mapping.mode <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 600, "required" : false, "type" : "string", "exampleValue" : "" }, "loginAttemptLimit" : { "title" : "Login Attempt Limit", "description" : "Limit of failed login attempts for a user's single browser session until triggering the blocking of the user request. Value of 0 disables this feature.Property: org.forgerock.agents.login.attempt.limit.count <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 4400, "required" : false, "type" : "integer", "exampleValue" : "" }, "filterMode" : { "title" : "Agent Filter Mode Map", "description" : "Specifies the mode of operation of the Filter.<br>Valid key: the web application name. <br>Valid values: ALL, URL_POLICY, SSO_ONLY, NONE <br>For this property, a global value can be set to apply to all the applications that don't have their own specific filter mode. <br>Examples: <br>To set ALL as the global filter mode: leave Map Key field empty, and enter ALL in Corresponding MapValue field. <br>To set URL_POLICY as the filter mode for application BankApp: enter BankApp in Map Key field, and enter URL_POLICY in Corresponding Map Value field. <br>Property: org.forgerock.agents.filter.mode.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 500, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "redirectAttemptLimitCookieName" : { "title" : "Redirect Attempt Cookie Name", "description" : "Agent tries to detect redirect loops while authenticating, which would normally indicate a cookie domain problem. The Agent does this by using a cookie to holds the current redirection count.<br>Property: org.forgerock.agents.redirect.cookie.name <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 7150, "required" : false, "type" : "string", "exampleValue" : "" }, "preAuthCookieName" : { "title" : "Pre-Authentication Cookie Name", "description" : "Specifies the name of the cookie the agent uses to track the progress of authentication with AM.<br>Property: org.forgerock.agents.authn.cookie.name <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 11210, "required" : false, "type" : "string", "exampleValue" : "" }, "fqdnCheck" : { "title" : "Enable FQDN Checking", "description" : "Enables checking of fqdn default value and fqdn map values.<br>Property: org.forgerock.agents.fqdn.check.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 6400, "required" : false, "type" : "boolean", "exampleValue" : "" }, "debugLogfileRetentionCount" : { "title" : "Debug File Rotation Retention Count", "description" : "This is the number of log files to retain after rotation, so for example, setting it to 10 would give you one current debug file and nine older (rotated) files.<br>Property: org.forgerock.agents.debug.retention.count <br>Introduced in Java Agent 5.7", "propertyOrder" : 10050, "required" : false, "type" : "integer", "exampleValue" : "" }, "agentConfigChangeNotificationsEnabled" : { "title" : "Enable Notifications of Agent Configuration Change", "description" : "Enable agent to receive notification messages (via websockets) from AM server for configuration changes.<br>Property: org.forgerock.agents.config.change.notifications.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 12100, "required" : false, "type" : "boolean", "exampleValue" : "" }, "userPrincipalFlag" : { "title" : "Enable User Principal Flag", "description" : "Use principal instead of just the user-ID for authenticating the user.<br>Property: org.forgerock.agents.userid.mapping.mode.use.dn.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 800, "required" : false, "type" : "boolean", "exampleValue" : "" }, "debugLogfilePrefix" : { "title" : "Debug File Rotation Prefix", "description" : "Prefix which can be added onto the front of the debug file name when it is rotated.<br>Property: org.forgerock.agents.debug.prefix <br>Introduced in Java Agent 5.7", "propertyOrder" : 10010, "required" : false, "type" : "string", "exampleValue" : "" }, "webSocketConnectionIntervalInMinutes" : { "title" : "WebSocket Connection Interval", "description" : "The time in minutes before WebSockets to AM are killed and reopened. This property helps ensure a balanced distribution of connections across the AM servers on the site. <br>Default: 30<br>Type: Integer<br>Hot-swap: Yes<br> Property: org.forgerock.agents.balance.websocket.interval.minutes <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 12120, "required" : false, "type" : "integer", "exampleValue" : "" }, "cdssoRootUrl" : { "title" : "Agent Root URL for CDSSO", "description" : "The list of agent root URLs for CDSSO. The valid value is in the format protocol://hostname:port/, where protocol represents the protocol used, such as http or https, hostname represents the host name of the system where the agent resides, and port represents the port number on which the agent is installed. The slash following the port number is required.<br> If your agent system also has virtual host names, add URLs with the virtual host names to this list as well. AM checks that goto URLs match one of the agent root URLs for CDSSO.<br>Property: sunIdentityServerDeviceKeyValue <br>Valid for Agent 5.0 onwards", "propertyOrder" : 22700, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "debugLogfileRotationMinutes" : { "title" : "Debug File Rotation Time", "description" : "This is the time in minutes after which log file rotation will occur.<br>Property: org.forgerock.agents.debug.rotation.time.minutes <br>Introduced in Java Agent 5.7", "propertyOrder" : 10040, "required" : false, "type" : "integer", "exampleValue" : "" }, "userTokenName" : { "title" : "User Session Name", "description" : "Session property name for user-ID of the authenticated user in session.<br>Property: org.forgerock.agents.userid.mapping.mode.use.session.property.name <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 900, "required" : false, "type" : "string", "exampleValue" : "" }, "httpSessionBinding" : { "title" : "HTTP Session Binding", "description" : "If true will invalidate the http session when login has failed, user has no SSO session, or principal user name does not match SSO user name.<br>Property: org.forgerock.agents.http.session.binding.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 3500, "required" : false, "type" : "boolean", "exampleValue" : "" }, "auditAccessType" : { "title" : "Audit Access Types", "description" : "Types of messages to log based on user URL access attempts.<br>Property name: org.forgerock.agents.audit.what <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 1500, "required" : false, "type" : "string", "exampleValue" : "" }, "recheckAmUnavailabilityInSeconds" : { "title" : "Recheck availability of AM", "description" : "The duration after which the agent rechecks AM availability, when Autonomous mode is false, and AM becomes unavailable at runtime. <br>Consider these points when you configure this property: <br> If the duration is too short, the agent checks AM availability too often, and agent performance can be reduced. <br> If the duration is zero, the agent checks AM availability for every call. Requests that match not-enforced rules can take longer. <br>Property: org.forgerock.agents.am.unavailability.recheck.window.in.seconds <br>Introduced in Java Agent 5.9", "propertyOrder" : 12115, "required" : false, "type" : "integer", "exampleValue" : "" }, "status" : { "title" : "Status", "description" : "Status of the agent configuration.", "propertyOrder" : 200, "required" : true, "type" : "string", "exampleValue" : "" }, "localAuditLogRotation" : { "title" : "Enable Local Audit Log Rotation", "description" : "Flag to indicate that audit log files should be rotated when reaching a certain size.<br>Property: org.forgerock.agents.local.audit.log.rotation.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 1800, "required" : false, "type" : "boolean", "exampleValue" : "" }, "redirectAttemptLimit" : { "title" : "Redirect Attempt Limit", "description" : "Number of successive single point redirects that a user can make using a single browser session which will trigger the blocking of the user request. Set to 0 to disable this feature.<br>Property: org.forgerock.agents.redirect.attempt.limit <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 7100, "required" : false, "type" : "integer", "exampleValue" : "" }, "lbCookieEnabled" : { "title" : "Enable Load Balancer Cookies", "description" : "When true, every policy evaluation call to AM is accompanied by a load balancer cookie. Use this property with \"org.forgerock.agents.load.balancer.cookie.name\" to improve performance. Load balancer cookies can reduce the number of calls that different AM instances make to the core token service. <br>Property: org.forgerock.agents.load.balancer.cookies.enabled <br>Introduced in Java Agent 5.8", "propertyOrder" : 12125, "required" : false, "type" : "boolean", "exampleValue" : "" }, "fqdnDefault" : { "title" : "Default FQDN", "description" : "Fully qualified hostname that the users should use in order to access resources.<br>Property: org.forgerock.agents.fqdn.default <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 6500, "required" : false, "type" : "string", "exampleValue" : "" }, "debugLogfileRotationSize" : { "title" : "Debug File Rotation Size", "description" : "This specifies the approximate size in bytes at which a log file will be rotated to a new log file.<br>Property: org.forgerock.agents.debug.rotation.size.bytes <br>Introduced in Java Agent 5.7", "propertyOrder" : 10030, "required" : false, "type" : "integer", "exampleValue" : "" } } }, "amServicesJ2EEAgent" : { "type" : "object", "title" : "AM Services", "propertyOrder" : 3, "properties" : { "policyEvaluationApplication" : { "title" : "Policy Set Map", "description" : "Which application contains the policies to evaluate with. <br>Property: org.forgerock.agents.policy.set.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 5500, "required" : false, "type" : "string", "exampleValue" : "" }, "customLoginEnabled" : { "title" : "Enable Custom Login Mode", "description" : "Flag to enable custom login. <br>Property: org.forgerock.agents.legacy.login.enabled <br>Introduced in Java Agent 5.0.1", "propertyOrder" : 3700, "required" : false, "type" : "boolean", "exampleValue" : "" }, "authServicePort" : { "title" : "AM Authentication Service Port", "description" : "Port to be used by the AM authentication service. This property need to be updated in Bootstrap.properties<br>Property: org.forgerock.agents.am.port <br>Valid for Java Agent 5.0 onwards <br>Requires Agent Restart", "propertyOrder" : 11100, "required" : false, "type" : "integer", "exampleValue" : "" }, "authServiceHost" : { "title" : "AM Authentication Service Host Name", "description" : "Host name to be used by the AM authentication service. This property need to be updated in Bootstrap.properties <br>Property: org.forgerock.agents.am.hostname <br>Valid for Java Agent 5.0 onwards <br>Requires Agent Restart", "propertyOrder" : 11000, "required" : false, "type" : "string", "exampleValue" : "" }, "legacyLoginUrlList" : { "title" : "Legacy Login URL List", "description" : "Conditionally redirect users based on the incoming request URL. If the incoming request URL matches a specified domain name, the Java agent redirects the request to a specific URL. Conditional redirects have the format [Domain/path]|[URL?realm=value&parameter1=value1...], with no spaces between values. <br>Example: myapp.domain.com|https://login.example.com/apps/login.jsp?realm=sales <br>Property: org.forgerock.agents.legacy.login.url.list <br>Introduced in Java Agent 5.0.1", "propertyOrder" : 3900, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "policyEvaluationRealm" : { "title" : "Policy Evaluation Realm Map", "description" : "Which realm to start evaluating from. <br>Property: org.forgerock.agents.policy.evaluation.realm.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 5400, "required" : false, "type" : "string", "exampleValue" : "" }, "policyNotifications" : { "title" : "Enable Policy Notifications", "description" : "Enable Notifications(via websockets) for remote policy client.<br>Property: org.forgerock.agents.policy.change.notifications.enabled <br>Valid for Java Agent 5.0 onwards <br>Requires Agent Restart", "propertyOrder" : 11200, "required" : false, "type" : "boolean", "exampleValue" : "" }, "authSuccessRedirectUrl" : { "title" : "Redirect to AM's Success URL", "description" : "When enabled, the Agent will redirect to the session's Success URL instead (defined in auth. chain) of the originally requested resource after successful authentication. <br>Property: org.forgerock.agents.authn.success.redirect.session.url.enabled <br>Introduced in Java Agent 5.6.3", "propertyOrder" : 4000, "required" : false, "type" : "boolean", "exampleValue" : "" }, "urlPolicyEnvPostParameters" : { "title" : "POST Parameter List for URL Policy Env", "description" : "List of HTTP POST request parameters whose names and values will be set in the environment map for URL policy evaluation at AM server. <br> Examples: <br> name <br> phonenumber <br>Property: org.forgerock.agents.continuous.security.post.list <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 11900, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "urlPolicyEnvJsessionParameters" : { "title" : "JSession Parameter List for URL Policy Env", "description" : "List of HTTP SESSION attributes whose names and values will be set in the environment map for URL policy evaluation at AM server. <br> Examples: <br> name <br> phonenumber <br>Property: org.forgerock.agents.continuous.security.http.session.list <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 12000, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "restrictToRealm" : { "title" : "Restrict to Realm Map", "description" : "A map keyed by application name which allows users from only the specified realms (each entry is a CSV) to access the specified application. If no restricted realm is set, any user from any realm will be allowed access. Keyed by application name, value is a comma separated list of realms from which users may request resources. <br>Property: org.forgerock.agents.restrict.to.realm.map <br>Introduced in Java Agent 5.6.2.1", "propertyOrder" : 13080, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "amLoginUrl" : { "title" : "AM Login URL List", "description" : "AM login page URL. <br> Example: <br> http://host:port/am/UI/Login <br>Property: com.sun.identity.agents.config.login.url <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 3710, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "conditionalLoginUrl" : { "title" : "OAuth Login URL List", "description" : "Examples: <br> match|url?param1=value1&ampparam2=value2 <br> match/path|?param1=value1&ampparam2=value2&ampparam3=value3 <br>Property: org.forgerock.agents.oauth.login.url.list <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 3800, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "agentAdviceEncode" : { "title" : "Composite Advice Encode", "description" : "This property is used to specify whether AM composite advices should be based64url encoded before sending to custom login endpoints. <br>Property: org.forgerock.agents.advice.b64.url.encode <br>Introduced in Java Agent 5.6.2", "propertyOrder" : 13050, "required" : false, "type" : "boolean", "exampleValue" : "" }, "overridePolicyEvaluationRealmEnabled" : { "title" : "Enable Policy Evaluation in User Authentication Realm", "description" : "When true, user authenticated realm will be used for policy evaluation and ignores the value in org.forgerock.agents.policy.evaluation.realm.map. <br>Default: false<br>Type: Boolean<br>Hot-swap: Yes<br> Property: org.forgerock.agents.user.realm.overrides.policy.evaluation.realm.enabled <br>Introduced in Java Agent 5.8", "propertyOrder" : 5410, "required" : false, "type" : "boolean", "exampleValue" : "" }, "urlPolicyEnvGetParameters" : { "title" : "GET Parameter List for URL Policy Env", "description" : "List of HTTP GET request parameters whose names and values will be set in the environment map for URL policy evaluation at AM server.<br> Examples: <br> name <br> phonenumber <br>Property: org.forgerock.agents.continuous.security.get.list <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 11800, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "authServiceProtocol" : { "title" : "AM Authentication Service Protocol", "description" : "Protocol to be used by the AM authentication service. This property need to be updated in AgentBootstrap.properties <br>Property: org.forgerock.agents.am.protocol <br>Valid for Java Agent 5.0 onwards <br>Requires Agent Restart", "propertyOrder" : 10900, "required" : false, "type" : "string", "exampleValue" : "" }, "conditionalLogoutUrl" : { "title" : "Conditional Logout URL List", "description" : "Examples: <br> match|url?param1=value1&param2=value2 <br>match/path|?param1=value1&param2=value2&param3=value3 <br>Property: org.forgerock.agents.conditional.logout.url.list <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 12550, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" } } }, "applicationJ2EEAgentConfig" : { "type" : "object", "title" : "Application", "propertyOrder" : 1, "properties" : { "continuousSecurityCookies" : { "title" : "Continuous Security Cookie Map", "description" : "The name of the cookies to be sent as part of the payload during policy evaluation, which can be accessed via the 'environment' variable in a policy script. The 'key' is the name of the cookie to be sent, and the 'value' is the name which it will appear as in the policy evaluation script. It is possible to map multiple cookies to the same name (they will simply appear as an array in the evaluation script). If the cookie doesn't exist, then the empty string will be sent. <br>Property: org.forgerock.agents.continuous.security.cookies.map <br>Valid for Agent 5.0 onwards", "propertyOrder" : 3210, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "continuousSecurityHeaders" : { "title" : "Continuous Security Header Map", "description" : "The name of the headers in the user's original request, that will be sent as part of the payload during policy evaluation, which can then be accessed via the 'environment' variable in a policy script. The 'key' is the name of the header to be sent, and the 'value' is the name which it will appear as in the policy evaluation script.It is possible to map multiple headers to the same name (they will simply appear as an array in the evaluation script). If the header doesn't exist, then the empty string will be sent. <br>Property: org.forgerock.agents.continuous.security.headers.map <br>Valid for Agent 5.0 onwards", "propertyOrder" : 3211, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "profileAttributeFetchMode" : { "title" : "Profile Attribute Fetch Mode", "description" : "The mode of fetching profile attributes.<br>Property: com.sun.identity.agents.config.profile.attribute.fetch.mode <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 8700, "required" : false, "type" : "string", "exampleValue" : "" }, "profileAttributeMap" : { "title" : "Profile Attribute Map", "description" : "Maps the profile attributes to be populated under specific names for the currently authenticated user.<br> Example: <br> To populate the value of profile attribute cn under name CUSTOM-Common-Name: enter cn in Map Key field, and enter CUSTOM-Common-Name in Corresponding Map Value field. <br> To populate the value of profile attribute mail under name CUSTOM-Email: enter mail in Map Key field, and enter CUSTOM-Email in Corresponding Map Value field. <br>Property: org.forgerock.agents.profile.attribute.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 8800, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "invertNotEnforcedUris" : { "title" : "Invert Not-Enforced URIs", "description" : "Inverts protection of URIs specified in Not-Enforced URIs list. When set to true, it indicates that the URIs specified should be enforced and all other URIs should be not enforced by the Agent.<br>Property: org.forgerock.agents.notenforced.uri.invert.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 7600, "required" : false, "type" : "boolean", "exampleValue" : "" }, "resourceAccessDeniedUri" : { "title" : "Access Denied URI Map", "description" : "An application-specific Map that identifies a URI of the customized access denied page.<br>Valid key: the web application name. <br>Valid value: the customized application access denied page URI. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific access denied page. <br> Examples: <br>To set a global access denied page: leave Map Key field empty, and enter the global access denied page URI /sample/accessdenied.html in Corresponding Map Value field. <br> To set the access denied page URI for application BankApp: enter BankApp in Map Key field, and enter the application access denied page URI /BankApp/accessdenied.html in Corresponding Map Value field. <br>Property: org.forgerock.agents.access.denied.uri.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 2700, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "sessionAttributeFetchMode" : { "title" : "Session Attribute Fetch Mode", "description" : "The mode of fetching session attributes.<br>Property: com.sun.identity.agents.config.session.attribute.fetch.mode <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 8900, "required" : false, "type" : "string", "exampleValue" : "" }, "cookieAttributeUrlEncoded" : { "title" : "Enable Attribute Encoding", "description" : "Indicates if the value of the attribute should be URL encoded before being set as a cookie.<br>Property: org.forgerock.agents.attribute.cookie.encode.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 8500, "required" : false, "type" : "boolean", "exampleValue" : "" }, "responseAttributeMap" : { "title" : "Response Attribute Map", "description" : "Maps the policy response attributes to be populated under specific names for the currently authenticated user. <br> Example: <br> To populate the value of response attribute uid under name CUSTOM-USER-NAME: enter uid in Map Key field, and enter CUSTOM-USER-NAME in Corresponding Map Value field. <br>Property: org.forgerock.agents.response.attribute.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 9200, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "headerAttributeDateFormat" : { "title" : "Fetch Attribute Date Format", "description" : "Format of date attribute values to be used when the attribute is being set as HTTP header. Format is based on java.text.SimpleDateFormat. <br>Property: org.forgerock.agents.attribute.date.format <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 8400, "required" : false, "type" : "string", "exampleValue" : "" }, "notEnforcedUrisCacheEnabled" : { "title" : "Enable Not-Enforced URIs Cache", "description" : "Enables the caching of the Not-Enforced URIs list evaluation results.<br>Property: org.forgerock.agents.notenforced.uri.cache.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 7700, "required" : false, "type" : "boolean", "exampleValue" : "" }, "notEnforcedFavicon" : { "title" : "Not-Enforced Favicon", "description" : "This flag, if enabled, automatically adds \"*/favicon.ico\" to the not enforced list. This can help to avoid odd situations in which a user is required to log in after logging out, just because favicon.ico has been requested by browser. <br>Property: org.forgerock.agents.auto.not.enforce.favicon.enabled <br>Introduced in Java Agent 5.7 <br>Requires Agent Restart", "propertyOrder" : 7650, "required" : false, "type" : "boolean", "exampleValue" : "" }, "notEnforcedUrisCacheSize" : { "title" : "Max Entries in Not-Enforced URI Cache", "description" : "Size of the cache to be used if caching of not enforced URI list evaluation results is enabled.<br>Property: org.forgerock.agents.notenforced.uri.cache.size <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 7800, "required" : false, "type" : "integer", "exampleValue" : "" }, "applicationLogoutUris" : { "title" : "Logout URI Map", "description" : "An application-specific Map that identifies a request URI which indicates a logout event.<br>Valid key: the web application name. <br>Valid value: the application logout URI. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific logout URI. <br> Examples: <br>To set a global application logout URI: leave Map Key field empty, and enter the global application logout URI /logout.jsp in Corresponding Map Value field. <br> To set the logout URI for application BankApp: enter BankApp in Map Key field, and enter the application logout URI /BankApp/logout.jsp in Corresponding Map Value field. <br>Property: org.forgerock.agents.logout.endpoint.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 6000, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "clientIpValidationRange" : { "title" : "Client IP Validation Address Range", "description" : "Comma separated list of IP addresses and/or ranges of IP addresses in CIDR format. Key = application(if empty for all applications) Requires \"Client IP Validation Mode\" property be DENY or LOGOUT.<br>Property: org.forgerock.agents.acceptable.ip.address.map <br>Introduced in Java Agent 5.8", "propertyOrder" : 8275, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "notEnforcedRuleCompoundSeparator" : { "title" : "Not Enforced Compound Rule Separator", "description" : "Specifies a separator for not enforced compound rules. The format for compound rules requires a list of IP rules, a separator (by default the | character), and a list of URI rules. <br>Example, GET 192.168.1.1-192.168.4.3 | /images/* <br>Configure a different separator (for example, &&) when working with the REGEX keyword to avoid invalid regular expressions. <br>Property: com.sun.identity.agents.config.notenforced.rule.compound.separator <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 7450, "required" : false, "type" : "string", "exampleValue" : "" }, "notEnforcedIpsCacheSize" : { "title" : "Max Entries in Not-Enforced IP Cache", "description" : "Size of the cache to be used if Not-Enforced IP Cache Flag is enabled.<br>Property: org.forgerock.agents.notenforced.ip.cache.size <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 8200, "required" : false, "type" : "integer", "exampleValue" : "" }, "logoutRequestParameters" : { "title" : "Logout Request Parameter Map", "description" : "An application-specific Map that identifies a parameter which when present in the HTTP request indicates a logout event. <br>Valid key: the web application name. <br>Valid value: the logout request parameter. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific logout request parameter. <br> Examples: <br>To set a global application logout request parameter: leave Map Key field empty, and enter the global application logout request parameter logoutparam in Corresponding Map Value field. <br> To set the logout request parameter for application BankApp: enter BankApp in Map Key field, and enter the logout request parameter logoutparam in Corresponding Map Value field. <br>Property: org.forgerock.agents.logout.request.param.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 6100, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "notEnforcedIpsCacheEnabled" : { "title" : "Enable Not-Enforced IP Cache", "description" : "Enable caching of not-enforced IP list evaluation results.<br>Property: org.forgerock.agents.notenforced.ip.cache.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 8100, "required" : false, "type" : "boolean", "exampleValue" : "" }, "invertNotEnforcedIps" : { "title" : "Invert Not-Enforced IPs", "description" : "Client IP Addresses to invert protection of IP addresses listed in the related Not-Enforced Client IP List.<br>Property: org.forgerock.agents.notenforced.ip.invert.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 8000, "required" : false, "type" : "boolean", "exampleValue" : "" }, "logoutIntrospection" : { "title" : "Enable Logout Introspection", "description" : "Allows the Agent to search HTTP request body to locate logout parameter.<br>Property: org.forgerock.agents.logout.introspection.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 6200, "required" : false, "type" : "boolean", "exampleValue" : "" }, "clientIpValidationMode" : { "title" : "Client IP Validation Mode", "description" : "Checks that that the request originates from the same IP address as used for first authentication, or that any change in IP address is in the \"approved\" list. <br>Key: Application name. If the application is not named, check the the IP address globally, for all applications. <br>Value:<br> OFF: Do not check the IP address. <br> DENY: If IP address is not approved, refuse the request and return an HTTP 403. <br> LOGOUT: If IP address is not approved, log out from AM to destroy the user session. <br>Property: org.forgerock.agents.original.ip.check.mode.map <br>Introduced in Java Agent 5.8", "propertyOrder" : 8250, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "cookieAttributeMultiValueSeparator" : { "title" : "Cookie Separator Character", "description" : "Character that will be used to separate multiple values of the same attribute when it is being set as a cookie. <br>Property: org.forgerock.agents.attribute.cookie.separator <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 8300, "required" : false, "type" : "string", "exampleValue" : "" }, "notEnforcedUris" : { "title" : "Not-Enforced URIs", "description" : "List of URIs for which protection is not enforced by the Agent. <br> Examples: <br> /BankApp/public/* <br> /BankApp/images/* <br>Property: org.forgerock.agents.notenforced.uri.list <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 7500, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "responseAttributeFetchMode" : { "title" : "Response Attribute Fetch Mode", "description" : "The mode of fetching policy response attributes.<br>Property: org.forgerock.agents.response.attribute.fetch.mode <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 9100, "required" : false, "type" : "string", "exampleValue" : "" }, "logoutEntryUri" : { "title" : "Logout Entry URI Map", "description" : "An application-specific Map that identifies a URI to be used as an entry point after successful logout and subsequent successful authentication if applicable. <br>Valid key: the web application name. <br>Valid value: the logout entry URI. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific logout entry URI. <br> Examples: <br>To set a global application logout entry URI: leave Map Key field empty, and enter the global application logout entry URI /welcome.html in Corresponding Map Value field. <br> To set the logout entry URI for application BankApp: enter BankApp in Map Key field, and enter the logout entry URI /BankApp/welcome.html in Corresponding Map Value field. <br>Property: org.forgerock.agents.logout.goto.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 6300, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "sessionAttributeMap" : { "title" : "Session Attribute Map", "description" : "Maps the session attributes to be populated under specific names for the currently authenticated user.<br> Example: <br> To populate the value of session attribute UserToken under name CUSTOM-userid: enter UserToken in Map Key field, and enter CUSTOM-userid in Corresponding Map Value field. <br>Property: org.forgerock.agents.session.attribute.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 9000, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "notEnforcedIps" : { "title" : "Not-Enforced Client IP List", "description" : "No authentication and authorization protection from agent are required for the requests coming from these client IP addresses. <br> Examples: <br> 192.18.145.* <br> 192.18.146.123 Property: org.forgerock.agents.notenforced.ip.list <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 7900, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" } } }, "advancedJ2EEAgentConfig" : { "type" : "object", "title" : "Advanced", "propertyOrder" : 5, "properties" : { "monitoringToCSV" : { "title" : "Export Monitoring Metrics to CSV", "description" : "When set to true, the Agent will write monitoring information to CSV files. <br>Property: org.forgerock.agents.monitoring.to.csv.enabled <br>Introduced in Java Agent 5.5", "propertyOrder" : 13085, "required" : false, "type" : "boolean", "exampleValue" : "" }, "alternativeAgentHostname" : { "title" : "Alternative Agent Host Name", "description" : "Host name identifying the Agent protected server to the client browsers if different from the actual host name. <br>Property: org.forgerock.agents.agent.hostname <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 4100, "required" : false, "type" : "string", "exampleValue" : "" }, "ssoExchangeCacheTTL" : { "title" : "Exchanged SSO Token Cache TTL", "description" : "This sets the time in minutes after which entries in the SSO token exchange cache will timeout and be purged. Since exchanging SSO tokens for JWTs is an expensive process, previously exchanged SSO tokens are cached so that the roundtrip to AM can be avoided in the case where an entity is unable to permanently store its JWT in a cookie. <br>Property: org.forgerock.agents.sso.exchange.cache.ttl.minutes <br>Introduced in Java Agent 5.6.2.1 <br>Requires Agent Restart", "propertyOrder" : 13900, "required" : false, "type" : "integer", "exampleValue" : "" }, "postDataStickySessionKeyValue" : { "title" : "POST Data Preservation Sticky Session Key Value", "description" : "The provided key-value pair will be used for adding to the URL or creating the cookie. <br>Example: <br>Set 'lb=server1' to append to the querystring or to have 'lb' cookie with 'server1' value. <br>Property: org.forgerock.agents.pdp.sticky.session.value <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 13500, "required" : false, "type" : "string", "exampleValue" : "" }, "expiredSessionCacheTTL" : { "title" : "Expired Session Cache Timeout", "description" : "The time in minutes after which entries in the expired session cache timeout and are purged.<br>The expired session cache records sessions that have been killed by AM.Use the cache to reduce network traffic and load on AM. When the Agent receives a request using an invalidated token, it rejects the request without needing to retrieve session information from AM.<br>Default: 20<br>Type: Integer<br>Hot swap: No<br> Property: org.forgerock.agents.sso.expired.session.cache.ttl.minutes <br>Introduced in Java Agent 5.8", "propertyOrder" : 13710, "required" : false, "type" : "integer", "exampleValue" : "" }, "customProperties" : { "title" : "Custom Properties", "description" : "Additional properties that allow users to augment the set of properties supported by agent.<br> Examples: <br> customproperty=custom-value1 <br> customlist[0]=customlist-value-0 <br> customlist[1]=customlist-value-1 <br> custommap[key1]=custommap-value-1 <br> custommap[key2]=custommap-value-2 <br>Property: com.sun.identity.agents.config.freeformproperties <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 20000, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "xssDetectionRedirectUri" : { "title" : "XSS Redirect URI Map", "description" : "An application-specific Map that identifies a URI of the customized page if XSS code has been detected.<br>Examples: <br>To set a redirect target for application BankApp: enter BankApp in Map Key field, and enter a redirect URI in Corresponding Map Value field. <br>Property: org.forgerock.agents.xss.redirect.uri.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 12900, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "alternativeAgentProtocol" : { "title" : "Alternative Agent Protocol", "description" : "Protocol being used (http/https) by the client browsers to communicate with the Agent protected server if different from the actual protocol used by the server.<br>Property name: org.forgerock.agents.agent.protocol <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 4300, "required" : false, "type" : "string", "exampleValue" : "" }, "ssoExchangeCacheSize" : { "title" : "Max Entries in SSO Exchange Cache", "description" : "The number of entries in the SSO Exchange cache. <br>Property: org.forgerock.agents.sso.exchange.cache.size <br>Introduced in Java Agent 5.6.2.1 <br>Requires Agent Restart", "propertyOrder" : 13910, "required" : false, "type" : "integer", "exampleValue" : "" }, "postDataPreserveCacheEntryMaxTotalSizeMb" : { "title" : "POST Data Preservation Storage Size", "description" : "The maximum number of megabytes allocated to store POST data. When the maximum is reached, old entries are discarded. <br>Property: org.forgerock.agents.pdp.cache.total.size.mb <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 13600, "required" : false, "type" : "integer", "exampleValue" : "" }, "clientHostnameHeader" : { "title" : "Client Hostname Header", "description" : "HTTP header name that holds the Hostname of the client. <br>Property: org.forgerock.agents.http.header.containing.remote.hostname <br>Valid for Agent 5.0 onwards", "propertyOrder" : 1100, "required" : false, "type" : "string", "exampleValue" : "" }, "postDataCacheTtlMin" : { "title" : "POST Data Preservation Cache TTL", "description" : "This sets the time in minutes after which entries in the Post Data Preservation cache will timeout and be purged. <br>Property: org.forgerock.agents.pdp.cache.ttl.minutes <br>Introduced in Java Agent 5.6 <br>Requires Agent Restart", "propertyOrder" : 13300, "required" : false, "type" : "integer", "exampleValue" : "" }, "missingPostDataPreservationEntryUri" : { "title" : "Missing POST Data Preservation Entry URI Map", "description" : "An application-specific URI Map that is used in case the referenced PDP entry cannot be found in the local cache (due to ttl). In such cases it will redirect to the specified URI, otherwise it will show a HTTP 403 Forbidden error. <br>Examples: <br>To set a redirect target for application BankApp: enter Bankapp in Map Key field and enter a redirect URI in corresponding Map Value field. <br>Property: org.forgerock.agents.pdp.noentry.url.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 13200, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "fragmentRelayUri" : { "title" : "Fragment Relay URI", "description" : "To enable unauthenticated fragment retention within incoming requests, set this property to a valid dummy URI within the Agent application.<br>Example: /agentapp/pre-authn-fragment-capture <br>Property: org.forgerock.agents.authn.fragment.relay.uri <br>Introduced in Java Agent 5.7", "propertyOrder" : 13090, "required" : false, "type" : "string", "exampleValue" : "" }, "policyCachePerUser" : { "title" : "Max Entries in Policy Cache per Session", "description" : "The number of distinct policy evaluation entries that each session (stored in the policy evaluation cache) can have. Thus the total number of policy evaluation results that can be stored is the \"Max Sessions in Policy Cache\" multiplied by the \"Max Entries in Policy Cache per Session\".<br>Property: org.forgerock.agents.policy.cache.per.session.size <br>Introduced in Java Agent 5.6 <br>Requires Agent Restart", "propertyOrder" : 14100, "required" : false, "type" : "integer", "exampleValue" : "" }, "possibleXssCodeElements" : { "title" : "XSS Code Element List", "description" : "If one of these strings occurs in the request, the client is redirected to an error page.<br>Property: org.forgerock.agents.xss.code.element.list <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 12800, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "expiredSessionCacheSize" : { "title" : "Max Entries in Expired Session Cache", "description" : "The maximum number of entries in the expired session cache. When the maximum is reached, the oldest records are overwritten.<br> The expired session cache records sessions that have been killed by AM. Use the cache to reduce network traffic and load on AM. When the Agent receives a request using a token in the expired session cache, it rejects the request without needing to retrieve session information from AM.<br>Default: 500<br>Type: Integer<br> Hot swap: No<br>Property: org.forgerock.agents.expired.session.cache.size <br>Introduced in Java Agent 5.8", "propertyOrder" : 13720, "required" : false, "type" : "integer", "exampleValue" : "" }, "sessionCacheTTL" : { "title" : "Session Cache TTL", "description" : "This sets the time in minutes after which entries in the session cache will timeout and be purged. If an entry is not cached, the Agent will need to retrieve session information from AM, hence by default the timeout is much longer than for the policy cache. <br>Property: org.forgerock.agents.session.cache.ttl.minutes<br>Introduced in Java Agent 5.6 <br>Requires Agent Restart", "propertyOrder" : 13700, "required" : false, "type" : "integer", "exampleValue" : "" }, "idleTimeRefreshWindow" : { "title" : "Idle Time Refresh Window", "description" : "Once every this number of minutes, the Agent will nudge AM so it knows a particular session is still in use, thereby resetting its idle time. <br>Property: org.forgerock.agents.idle.time.window.minutes <br>Introduced in Java Agent 5.6.2.1", "propertyOrder" : 14200, "required" : false, "type" : "integer", "exampleValue" : "" }, "postDataPreserveCacheEntryMaxEntries" : { "title" : "Max Entries in POST Data Preservation Storage", "description" : "Maximum number of entries to hold in the POST data preservation storage. <br>Property: org.forgerock.agents.pdp.cache.size <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 13550, "required" : false, "type" : "integer", "exampleValue" : "" }, "postDataPreservation" : { "title" : "Enable POST Data Preservation", "description" : "Post Data Preservation functionality basically stores any POST data before redirecting the user to the login screen and after successful login the agent will generate a page that autosubmits the same POST to the original URL.<br>Property: org.forgerock.agents.post.data.preservation.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 13100, "required" : false, "type" : "boolean", "exampleValue" : "" }, "alternativeAgentPort" : { "title" : "Alternative Agent Port Number", "description" : "Port number identifying the Agent protected server listening port to the client browsers if different from the actual listening port. <br>Property name: org.forgerock.agents.agent.port <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 4200, "required" : false, "type" : "string", "exampleValue" : "" }, "clientIpHeader" : { "title" : "Client IP Address Header", "description" : "HTTP header name that holds the IP address of the client. <br>Property: org.forgerock.agents.http.header.containing.ip.address <br>Valid for Agent 5.0 onwards", "propertyOrder" : 1000, "required" : false, "type" : "string", "exampleValue" : "" }, "postDataStickySessionMode" : { "title" : "POST Data Preservation Sticky Session Mode", "description" : "If the PDP mechanism needs sticky loadbalancing, the URL mode will append a querystring, while the Cookie mode will create a cookie. <br>Property: org.forgerock.agents.pdp.sticky.session.mode <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 13400, "required" : false, "type" : "string", "exampleValue" : "" }, "policyClientPollingInterval" : { "title" : "Policy Cache TTL", "description" : "This sets the time in minutes after which entries in the policy cache will timeout and be purged.<br>Property: org.forgerock.agents.policy.cache.ttl.minutes <br>Valid for Java Agent 5.0 onwards <br>Requires Agent Restart", "propertyOrder" : 13950, "required" : false, "type" : "integer", "exampleValue" : "" }, "jwtCacheTTL" : { "title" : "JWT Cache TTL", "description" : "This sets the time in minutes after which entries in the JWT cache will timeout and be purged. Since all JWTs in the cache have been parsed, and parsing is a CPU intensive process, having a large timeout on this cache is advantageous and will save CPU cycles reparsing already seen JWTs<br>Property: org.forgerock.agents.jwt.cache.ttl.minutes <br>Introduced in Java Agent 5.6 <br>Requires Agent Restart", "propertyOrder" : 13800, "required" : false, "type" : "integer", "exampleValue" : "" }, "jwtCacheSize" : { "title" : "Max Entries in JWT Cache", "description" : "The maximum number of entries in the JWT cache.Property: org.forgerock.agents.jwt.cache.size <br>Introduced in Java Agent 5.6 <br>Requires Agent Restart", "propertyOrder" : 13810, "required" : false, "type" : "integer", "exampleValue" : "" }, "policyCacheSize" : { "title" : "Max Sessions in Policy Cache", "description" : "The maximum number of sessions, i.e. distinct users, stored in the policy evaluation cache at any one time.<br>Property: org.forgerock.agents.policy.cache.session.size <br>Introduced in Java Agent 5.6 <br>Requires Agent Restart", "propertyOrder" : 14000, "required" : false, "type" : "integer", "exampleValue" : "" } } }, "ssoJ2EEAgentConfig" : { "type" : "object", "title" : "SSO", "propertyOrder" : 2, "properties" : { "httpOnly" : { "title" : "Enable HTTP Only Cookies", "description" : "Flag saying whether HTTP only cookies are enabled.<br>Property: com.sun.identity.cookie.httponly <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 5910, "required" : false, "type" : "boolean", "exampleValue" : "" }, "cookieResetPaths" : { "title" : "Reset Cookie Path Map", "description" : "Maps cookie names specified in Cookie Reset Name List to value being the path of this cookie to be used when a reset event occurs.<br>Property: org.forgerock.agents.cookie.reset.path.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 4900, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "cdssoDomainList" : { "title" : "JWT Cookie Domain List", "description" : "Domains for which cookies have to be set in a CDSSO scenario. <br> Example: <br> .forgerock.com <br>Property: org.forgerock.agents.jwt.cookie.domain.list <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 5800, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "setCookieAttributeMap" : { "title" : "Set-Cookie Attribute Map", "description" : "Text from this map will be added directly into the Set-Cookie header by the AttributeTaskHandler and its descendants when it creates cookies out of Profile Attributes, Session Info Attributes and/or Response Attributes. The key is the cookie name, the value is any arbitrary text suitable for the Set-Cookie header. Users should remember semicolons if they wish to add multiple values. Values inappropriate for the header will likely cause the Agent to fail to create the relevant cookie. <br>Property: org.forgerock.agents.set.cookie.attribute.map, <br>Introduced in Java Agent 5.6.3", "propertyOrder" : 5950, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "authExchangeUri" : { "title" : "Authentication Exchange URI", "description" : "This property allows the administrator to enable an endpoint that will facilitate the exchange of SSO tokens for OIDC JWTs. The value is empty by default and thus the endpoint is not accessible.<br>Property: org.forgerock.agents.authn.exchange.uri <br>Introduced in Java Agent 5.7", "propertyOrder" : 5901, "required" : false, "type" : "string", "exampleValue" : "" }, "excludedUserAgentsList" : { "title" : "Exclude Agents From Samesite Cookie Attributes", "description" : "Excluded User agents pattern list. List of incompatible user agents that will be prevented from receiving SameSite cookie attributes. <br>Property: org.forgerock.agents.samesite.excluded.user.agents.list <br>Introduced in Java Agent 5.6.3", "propertyOrder" : 5960, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "cookieResetDomains" : { "title" : "Reset Cookie Domain Map", "description" : "Maps cookie names specified in Cookie Reset Name List to value being the domain of this cookie to be used when a reset event occurs. <br>Property: org.forgerock.agents.cookie.reset.domain.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 4800, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "acceptSsoTokenDomainList" : { "title" : "SSO Cookie Domain List", "description" : "A list of domains in which the Agent attempts to create SSO cookies when \"Enable SSO Token Acceptance\" is true:<br> If the list is empty, the agent creates cookies only in its own domain.<br> If the agent is running behind a browser, it can create cookies only in its own domain.<br> If the agent is running behind a proxy, it should be able to create cookies in any required domains.<br> Default: Empty<br>Type: List of strings that represent domains<br>Hot-swap: Yes <br>Property: org.forgerock.agents.ipdp.cookie.domain.list <br>Introduced in Java Agent 5.8", "propertyOrder" : 5802, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "acceptSsoTokenEnabled" : { "title" : "Enable SSO Token Acceptance", "description" : "When true, the Agent does not attempt to convert SSO tokens to OIDC tokens. Use this option to continue to use SSO tokens, when the Agent and the token issuer are in the same domain.<br>When false, the Agent accepts SSO tokens and converts them to OIDC tokens. Use this option for better security, and in applications and APIs where the backend requires user information in form of an OIDC token.<br>Default: False<br>Type: Boolean<br> Hot-swap: Yes<br>Property: org.forgerock.agents.accept.sso.tokens.enabled <br>Introduced in Java Agent 5.8", "propertyOrder" : 5801, "required" : false, "type" : "boolean", "exampleValue" : "" }, "setCookieInternalMap" : { "title" : "Set-Cookie Internal Map", "description" : "Text from this map will be added directly into the Set-Cookie header when creating \"internal\" cookies (e.g. the am-auth-jwt and pre-auth cookies). This allows, among other things, the same-site value to be manipulated. The key is the cookie name, the value is any arbitrary text suitable for the Set-Cookie header. Users should remember semicolons if they wish to add multiple values. Values inappropriate for the header will likely cause the Agent to fail to create the relevant cookie. <br>Property: org.forgerock.agents.set.cookie.internal.map <br>Introduced in Java Agent 5.6.3", "propertyOrder" : 5940, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "cookieResetEnabled" : { "title" : "Cookie Reset", "description" : "Agent resets cookies in the response before redirecting to authentication.<br>Property: org.forgerock.agents.cookie.reset.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 4600, "required" : false, "type" : "boolean", "exampleValue" : "" }, "cookieResetNames" : { "title" : "Reset Cookie List", "description" : "Cookie names that will be reset by the Agent if Cookie Reset is enabled.<br>Property: org.forgerock.agents.cookie.reset.name.list <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 4700, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "cdssoRedirectUri" : { "title" : "Authentication Redirect URI", "description" : "An intermediate URI that is used by the Agent for processing CDSSO requests. <br>Property: org.forgerock.agents.authn.redirect.uri <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 5100, "required" : false, "type" : "string", "exampleValue" : "" }, "cdssoSecureCookies" : { "title" : "Transmit Cookies Securely", "description" : "When true, all cookies written by the Java Agent are secure. <br>Default: false.<br>Property: org.forgerock.agents.secure.cookies.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 5700, "required" : false, "type" : "boolean", "exampleValue" : "" }, "authExchangeCookieName" : { "title" : "Authentication Exchange Cookie Name", "description" : "This property allows the administrator to define a cooke name that will be used by the authn exchange endpoint. The value is empty by default and the endpoint will thus not be capable of examining cookie values <br>Property: org.forgerock.agents.authn.exchange.cookie.name <br>Introduced in Java Agent 5.7", "propertyOrder" : 5902, "required" : false, "type" : "string", "exampleValue" : "" }, "encodeCookies" : { "title" : "Enable Encoded Cookies", "description" : "Cookies are encoded, if set. <br>Property: com.iplanet.am.cookie.encode <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 5920, "required" : false, "type" : "boolean", "exampleValue" : "" }, "acceptIPDPCookie" : { "title" : "Convert SSO Tokens Into OIDC JWTs", "description" : "When this property is set to true, for each incoming request, when the user does not present a JWT in the designated cookie, the Agent will look for an SSO token in the iPlanetDirectoryPro cookie (configurable in AM). If this is found, the Agent invokes AM to exchange it for a JWT which is then used in further requests. The result is cached, so interaction with AM will not be needed, if the same SSO token is presented in the future (and the existing cache entry is still valid)<br>Property: org.forgerock.agents.accept.ipdp.cookie.enabled <br>Introduced in Java Agent 5.6.2.1", "propertyOrder" : 5900, "required" : false, "type" : "boolean", "exampleValue" : "" } } }, "miscJ2EEAgentConfig" : { "type" : "object", "title" : "Miscellaneous", "propertyOrder" : 4, "properties" : { "agent302RedirectEnabled" : { "title" : "Enable HTTP 302 Redirects", "description" : "Controls how the Agent handles redirects, as follows: <br> true: HTTP 302 Redirects are enabled. When an unauthenticated user attempts to access a resource, and not-enforced rules do not automatically grant access to the resource, the Agent returns an HTTP 302 to redirect the user to an authentication endpoint.<br>false: HTTP 302 Redirects are disabled. When an unauthenticated user attempts to access a resource, the Agent returns a block of configurable JSON that can be intercepted.<br> The returned HTTP code, content type, and data is configured by the properties <b>HTTP 302 Redirect Replacement HTTP Code, HTTP 302 Redirect Content Type, and HTTP 302 Redirect Data.</b><br> Lists of URLs in a not-enforced rule style, for which the data is produced are configured by the properties <b>\"HTTP 302 Redirect Not-Enforced List\" and HTTP 302 Redirect Invert Not Enforced List.</b><br>The following example JSON shows the request path as a URL and URI, and the target URL of the disabled redirect: <br> <pre>{\"redirect\": { \"requestUri\": \"examples/index.html#section_two\", \"requestUrl\": \"http://my.example.com:8020/examples/index.html#section_two\", \"targetUrl\": \"http://am.example.com:8010/am/oauth2/authorize?scope=openid&response_type=id_token&redirect_uri= . . . }}</pre><br> Use this option when it is difficult to handle 302, for example, when the Agent is accessed by a JavaScript application, or by something other than a browser.<br>Type: Boolean<br>Default: true<br>Hot-swap: Yes <br>Property: org.forgerock.agents.302.redirects.enabled <br>Introduced in Java Agent 5.8", "propertyOrder" : 19800, "required" : false, "type" : "boolean", "exampleValue" : "" }, "unwantedHttpUrlParams" : { "title" : "Remove Query Parameters List for Policy Evaluation", "description" : "Specifies a list of query parameters to be removed from a URL for policy decision and caching purposes. The property has the format [Domain/path] | parameter[,parameter...] with no spaces between values <br>Example: myapp.example.com/customers|location,lang <br>Property: org.forgerock.agents.unwanted.http.url.param.list <br>Introduced in Java Agent 5.5", "propertyOrder" : 19500, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "gotoParameterName" : { "title" : "Goto Parameter Name", "description" : "This is the name of the HTTP query \"goto\" parameter. It is not recommended to change it.<br>Property: com.sun.identity.agents.config.redirect.param <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 3600, "required" : false, "type" : "string", "exampleValue" : "" }, "authFailReasonUrl" : { "title" : "Authentication Fail URL", "description" : "This property allows administrators to set the URL/URI of a web page that says that authentication failed and which may, using the login fail reason parameter, explain why.<br>Property: org.forgerock.agents.authn.fail.url <br>Introduced in Java Agent 5.7", "propertyOrder" : 18900, "required" : false, "type" : "string", "exampleValue" : "" }, "legacyUserAgentSupport" : { "title" : "Enable Legacy Support Handlers", "description" : "Enables support for legacy user agents (browser).<br>Property: org.forgerock.agents.legacy.support.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 6700, "required" : false, "type" : "boolean", "exampleValue" : "" }, "localeLanguage" : { "title" : "Locale Language", "description" : "Property: org.forgerock.agents.locale.language <br>Valid for Java Agent 5.0 onwards <br>Requires Agent Restart", "propertyOrder" : 1300, "required" : false, "type" : "string", "exampleValue" : "" }, "loginReasonParameterName" : { "title" : "Login Reason Parameter Name", "description" : "Property to say why the user is being asked to login, the agent will (in custom login mode ONLY) pass the named parameter to the custom login endpoint, with an appropriate value. Note that this property is not enabled by default as this additional information represents an information leak. Default reasons: NO_TOKEN, JWT_INVALID, TOKEN_EXPIRED, EXCEPTION. <br>Property: org.forgerock.agents.login.reason.parameter.name <br>Introduced in Java Agent 5.7", "propertyOrder" : 18700, "required" : false, "type" : "string", "exampleValue" : "" }, "gotoUrl" : { "title" : "Goto Url", "description" : "This is a URL used in rare circumstances where the Agent has nowhere else to go. For instance if the user requests a resource, authenticates for the first time, then presses the back button and the administrator hasn't set up the authn fail URL. <br>Property: org.forgerock.agents.default.goto.url <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 19200, "required" : false, "type" : "string", "exampleValue" : "" }, "unwantedHttpUrlRegexParams" : { "title" : "Regex Remove Query Parameters List for Policy Evaluation", "description" : "Specifies a list of regular expressions the agent uses to match query parameters to be removed from a URL for policy decision and caching purposes. The property has the format [Domain/path] | regular_expression[,regular_expression...] with no spaces between values.<br>Property: org.forgerock.agents.unwanted.http.url.params.regex.list <br>Introduced in Java Agent 5.5", "propertyOrder" : 19600, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "agent302RedirectHttpData" : { "title" : "HTTP 302 Redirect Data", "description" : "When \"Enable HTTP 302 Redirects\" is false, this property specifies the data to return instead of an HTTP 302 Redirect.<br>The following values are substituted in the default example:<br>%REQUEST_URI% is substituted for the URI of the incoming request.<br>%REQUEST_URL% is substituted for full path of the incoming request.<br>%TARGET% is substituted for the URI of the full path of the intended redirection target, and includes parameters if appropriate.<br> Substituted values can each occur zero or more times in the text.<br> Type: String<br>Default:<br> <pre>{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}</pre><br> Hot-swap: Yes<br>Property: org.forgerock.agents.302.redirect.http.data <br>Introduced in Java Agent 5.8", "propertyOrder" : 20100, "required" : false, "type" : "string", "exampleValue" : "" }, "ignorePathInfo" : { "title" : "Ignore Path Info in Request URL", "description" : "The path info will be stripped from the request URL while doing Not Enforced List check and url policy evaluation if the value is set to true. <br>Property: com.sun.identity.agents.config.ignore.path.info <br>Valid for Agent 5.0 onwards", "propertyOrder" : 18600, "required" : false, "type" : "boolean", "exampleValue" : "" }, "wantedHttpUrlParams" : { "title" : "Query Parameter List for Policy Evaluation", "description" : "Specifies a list of query parameters to be retained (other parameters will be removed) from a URL for policy decision and caching purposes. The property has the format [Domain/path] | parameter[,parameter...] with no spaces between values.<br>Example: myapp.example.com/customers|location,lang <br>Property: org.forgerock.agents.wanted.http.url.param.list <br>Introduced in Java Agent 5.5", "propertyOrder" : 19300, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "authFailReasonParameterRemapper" : { "title" : "Authentication Fail Reason Parameter Value Map", "description" : "This map allows some of the possible reasons to be mapped to arbitrary values. When empty, will use default values. <br>Property: org.forgerock.agents.authn.fail.reason.remapper <br>Introduced in Java Agent 5.7", "propertyOrder" : 19100, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "agent302RedirectNerList" : { "title" : "HTTP 302 Redirect Not-Enforced List", "description" : "When \"Enable HTTP 302 Redirects\" is false, this property specifies a list of URLs for which HTTP 302 Redirect does not take place.<br>If a request does not match an entry in the list, or if the list is empty, an HTTP 302 Redirect takes place for all unauthenticated requests to access a resource, where other not-enforced rules do not automatically grant access to the resource.<br>If a request matches an entry in the list, HTTP 302 Redirect does not take place for that request, and the Agent returns a block of configurable JSON.<br> Type: List of not-enforced rules that comply with \"Conventions for Not-Enforced Rules\"<br>Default: Empty<br> Hot-swap: Yes<br>Property: org.forgerock.agents.302.redirect.ner.list <br>Introduced in Java Agent 5.8", "propertyOrder" : 20200, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "legacyRedirectUri" : { "title" : "Legacy User Agent Redirect URI", "description" : "An intermediate URI used by the Agent to redirect legacy user agent requests.<br>Property: org.forgerock.agents.legacy.redirect.uri <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 6900, "required" : false, "type" : "string", "exampleValue" : "" }, "portCheckFile" : { "title" : "Port Check Filename", "description" : "Name or complete path of a file that has the necessary content needed to handle requests that need port correction. <br>Property: org.forgerock.agents.port.check.file <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 7300, "required" : false, "type" : "string", "exampleValue" : "" }, "portCheckEnabled" : { "title" : "Enable Port Checking", "description" : "Indicates if port check functionality is enabled or disabled.<br>Property: org.forgerock.agents.port.check.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 7200, "required" : false, "type" : "boolean", "exampleValue" : "" }, "authFailReasonParameterName" : { "title" : "Authentication Fail Reason Parameter Name", "description" : "If this property is defined, the agent will pass the named parameter to a custom page (defined by \"Authentication Fail URL\") saying why authentication failed. The reason can be very detailed and users may want to use the \"Authentication Fail Reason Parameter Value Map\" to give custom detail, otherwise these default values will be used: AUTHN_BOOKKEEPING_COOKIE_MISSING, NONCE_MISSING, EXCEPTION <br>Property: org.forgerock.agents.authn.fail.reason.parameter.name <br>Introduced in Java Agent 5.7", "propertyOrder" : 19000, "required" : false, "type" : "string", "exampleValue" : "" }, "agent302RedirectContentType" : { "title" : "HTTP 302 Redirect Content Type", "description" : "When \"Enable HTTP 302 Redirects\" is false, this property specifies the content type of the data to return instead of an HTTP 302 Redirect.<br>Type: String<br>Default: application/json<br>Hot-swap: Yes<br>Property: org.forgerock.agents.302.redirect.http.content.type <br>Introduced in Java Agent 5.8", "propertyOrder" : 20000, "required" : false, "type" : "string", "exampleValue" : "" }, "wantedHttpUrlRegexParams" : { "title" : "Regular Expression Retain Query Parameters", "description" : "Specifies a list of regular expressions the agent uses to match query parameters to be retained for policy decision and caching purposes. The property has the format [Domain/path] | regular_expression[,regular_expression...] with no spaces between values. <br>Property: org.forgerock.agents.wanted.http.url.params.regex.list <br>Introduced in Java Agent 5.5", "propertyOrder" : 19400, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "loginReasonMap" : { "title" : "Login Reason Value Map", "description" : "This map allows some of the possible reasons to be mapped to arbitrary values, when empty will be used default values(see: \"Login Reason Parameter Name\" description). LOGIN REASON=CUSTOM VALUE e.g. [JWT_INVALID]=corrupted_token. <br>Property: org.forgerock.agents.login.reason.remapper <br>Introduced in Java Agent 5.7", "propertyOrder" : 18800, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "portCheckSetting" : { "title" : "Port Check Protocol Map", "description" : "Map of port versus protocol entries with the key being the listening port number and value being the listening protocol to be used by the Agent to identify requests with invalid port numbers.<br> Example: <br> To map port 80 to protocol http: enter 80 in Map Key field, and enter http in Corresponding Map Value field. <br>Property name: org.forgerock.agents.port.check.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 7400, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "agent302RedirectStatusCode" : { "title" : "HTTP 302 Redirect Replacement HTTP Status Code", "description" : "When \"Enable HTTP 302 Redirects\" is false, this property specifies the HTTP code to return instead of an HTTP 302 Redirect. <br>Type: Integer<br>Default: 200<br>Hot-swap: Yes<br> Property: org.forgerock.agents.302.redirect.http.status.code <br>Introduced in Java Agent 5.8", "propertyOrder" : 19900, "required" : false, "type" : "integer", "exampleValue" : "" }, "agent302RedirectInvertEnabled" : { "title" : "HTTP 302 Redirect Invert Not Enforced List", "description" : "When true, this property inverts the meaning of \"HTTP 302 Redirect Not-Enforced List\", so that it specifies a list of URLs for which HTTP 302 Redirect does take place.<br>Type: Boolean<br>Default: false<br>Hot-swap: Yes<br> Property: org.forgerock.agents.302.redirect.invert.enabled <br>Introduced in Java Agent 5.8", "propertyOrder" : 20300, "required" : false, "type" : "boolean", "exampleValue" : "" }, "legacyUserAgentList" : { "title" : "Legacy User Agent List", "description" : "List of user agent header values that identify legacy browsers. Entries in this list can have wild card character '*'. <br>Property: org.forgerock.agents.legacy.user.agent.list <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 6800, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "localeCountry" : { "title" : "Locale Country", "description" : "<br>Property: org.forgerock.agents.locale.country <br>Valid for Java Agent 5.0 onwards<br>Requires Agent Restart", "propertyOrder" : 1400, "required" : false, "type" : "string", "exampleValue" : "" } } } } }
delete
Usage
am> delete J2EEAgentGroups --realm Realm --id id
Parameters
- --id
-
The unique identifier for the resource.
getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
Usage
am> action J2EEAgentGroups --realm Realm --actionName getAllTypes
getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
Usage
am> action J2EEAgentGroups --realm Realm --actionName getCreatableTypes
nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
Usage
am> action J2EEAgentGroups --realm Realm --actionName nextdescendents
query
Querying the agent groups of a specific type
Usage
am> query J2EEAgentGroups --realm Realm --filter filter
Parameters
- --filter
-
A CREST formatted query filter, where "true" will query all.
read
Usage
am> read J2EEAgentGroups --realm Realm --id id
Parameters
- --id
-
The unique identifier for the resource.
update
Usage
am> update J2EEAgentGroups --realm Realm --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "globalJ2EEAgentConfig" : { "type" : "object", "title" : "Global", "propertyOrder" : 0, "properties" : { "fqdnMapping" : { "title" : "FQDN Virtual Host Map", "description" : "Maps virtual, invalid, or partial hostnames, and IP addresses to the FQDN to access protected resources.<br> Examples: <br> To map the partial hostname myserver to myserver.mydomain.com: enter myserver in the Map Key field and myserver.mydomain.com in the Corresponding Map Value field. To map a virtual server rst.hostname.com that points to the actual server abc.hostname.com: enter valid1 in the Map Key field and rst.hostname.com in the Corresponding Map Value field. <br>Property: org.forgerock.agents.fqdn.map) <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 6600, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "auditLogLocation" : { "title" : "Audit Log Location", "description" : "LOCAL = audit information stored in files based locally to the Agent container <br>REMOTE = audit information logged via AM. <br>Property: org.forgerock.agents.audit.where <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 1600, "required" : false, "type" : "string", "exampleValue" : "" }, "userAttributeName" : { "title" : "User Attribute Name", "description" : "Name of the attribute which contains the user-ID.<br>Property: org.forgerock.agents.user.mapping.mode.attribute.name <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 700, "required" : false, "type" : "string", "exampleValue" : "" }, "lbCookieName" : { "title" : "Load Balancer Cookie Name", "description" : "The name of the load balancer cookies. This property is used only if \"org.forgerock.agents.load.balancer.cookies.enabled\" is true. To improve performance, make sure that this property has the same value as the AM property com.iplanet.amlbcookie.name. <br>Property: org.forgerock.agents.load.balancer.cookie.name <br>Introduced in Java Agent 5.8", "propertyOrder" : 12130, "required" : false, "type" : "string", "exampleValue" : "" }, "loginAttemptLimitCookieName" : { "title" : "Login Attempt Limit Cookie Name", "description" : "The name of the cookie used to record the number of login attempts.<br>Property: org.forgerock.agents.login.counter.cookie.name <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 4500, "required" : false, "type" : "string", "exampleValue" : "" }, "jwtName" : { "title" : "JWT Cookie Name", "description" : "The name used by the agent to set the OIDC JWT on the user's browser.<br>Property: org.forgerock.agents.jwt.cookie.name <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 11201, "required" : false, "type" : "string", "exampleValue" : "" }, "debugLevel" : { "title" : "Agent Debug Level", "description" : "Specifies type of agent debug messages to log.<br>Property: com.iplanet.services.debug.level <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 10000, "required" : false, "type" : "string", "exampleValue" : "" }, "debugLogfileSuffix" : { "title" : "Debug File Rotation Suffix", "description" : "This is a value appended onto the end of the debug file name when it is rotated. The user is free to define it as they want, but if it does not involve a timestamp that produces different file names when the rotation time is reached, log file rotation is unlikely to function correctly<br>Property: org.forgerock.agents.debug.suffix <br>Introduced in Java Agent 5.7", "propertyOrder" : 10020, "required" : false, "type" : "string", "exampleValue" : "" }, "localAuditRotationSize" : { "title" : "Local Audit Log Rotation Size", "description" : "Size limit when a local audit log file is rotated to a new file.<br>Property name: org.forgerock.agents.local.audit.log.rotation.bytes <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 1900, "required" : false, "type" : "integer", "exampleValue" : "" }, "customResponseHeader" : { "title" : "Custom Response Header Map", "description" : "Map specifies the custom headers that are set by the Agent on the client browser. The key is the header name and the value represents the header value.<br> Example: <br> To set the custom header Cache-Control to value no-cache: enter Cache-Control in Map Key field, and enter no-cache in Corresponding Map Value field. <br>Property: org.forgerock.agents.response.header.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 7000, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "preAuthCookieMaxAge" : { "title" : "Max Age of Pre-Authentication Cookie", "description" : "This is the amount of time in seconds before the pre-authn cookie will timeout.<br>Property: org.forgerock.agents.authn.cookie.max.age.seconds <br>Valid for Java Agent 5.6.3 onwards", "propertyOrder" : 11220, "required" : false, "type" : "integer", "exampleValue" : "" }, "localAuditLogfileRetentionCount" : { "title" : "Audit Logfile Retention Count", "description" : "The number of audit log files to retain after rotation has occurred.Property: org.forgerock.agents.local.audit.log.retention.count <br>Introduced in Java Agent 5.7", "propertyOrder" : 2100, "required" : false, "type" : "integer", "exampleValue" : "" }, "configurationReloadInterval" : { "title" : "Configuration Reload Interval", "description" : "Only used when websocket notifications are disabled, specifies interval in seconds after which config is reloaded automatically by the Agent. <br>Property: org.forgerock.agents.config.reload.seconds <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 1200, "required" : false, "type" : "integer", "exampleValue" : "" }, "userMappingMode" : { "title" : "User Mapping Mode", "description" : "Specifies mechanism agent uses to determine user-ID.<br>Property: org.forgerock.agents.user.mapping.mode <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 600, "required" : false, "type" : "string", "exampleValue" : "" }, "loginAttemptLimit" : { "title" : "Login Attempt Limit", "description" : "Limit of failed login attempts for a user's single browser session until triggering the blocking of the user request. Value of 0 disables this feature.Property: org.forgerock.agents.login.attempt.limit.count <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 4400, "required" : false, "type" : "integer", "exampleValue" : "" }, "filterMode" : { "title" : "Agent Filter Mode Map", "description" : "Specifies the mode of operation of the Filter.<br>Valid key: the web application name. <br>Valid values: ALL, URL_POLICY, SSO_ONLY, NONE <br>For this property, a global value can be set to apply to all the applications that don't have their own specific filter mode. <br>Examples: <br>To set ALL as the global filter mode: leave Map Key field empty, and enter ALL in Corresponding MapValue field. <br>To set URL_POLICY as the filter mode for application BankApp: enter BankApp in Map Key field, and enter URL_POLICY in Corresponding Map Value field. <br>Property: org.forgerock.agents.filter.mode.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 500, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "redirectAttemptLimitCookieName" : { "title" : "Redirect Attempt Cookie Name", "description" : "Agent tries to detect redirect loops while authenticating, which would normally indicate a cookie domain problem. The Agent does this by using a cookie to holds the current redirection count.<br>Property: org.forgerock.agents.redirect.cookie.name <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 7150, "required" : false, "type" : "string", "exampleValue" : "" }, "preAuthCookieName" : { "title" : "Pre-Authentication Cookie Name", "description" : "Specifies the name of the cookie the agent uses to track the progress of authentication with AM.<br>Property: org.forgerock.agents.authn.cookie.name <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 11210, "required" : false, "type" : "string", "exampleValue" : "" }, "fqdnCheck" : { "title" : "Enable FQDN Checking", "description" : "Enables checking of fqdn default value and fqdn map values.<br>Property: org.forgerock.agents.fqdn.check.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 6400, "required" : false, "type" : "boolean", "exampleValue" : "" }, "debugLogfileRetentionCount" : { "title" : "Debug File Rotation Retention Count", "description" : "This is the number of log files to retain after rotation, so for example, setting it to 10 would give you one current debug file and nine older (rotated) files.<br>Property: org.forgerock.agents.debug.retention.count <br>Introduced in Java Agent 5.7", "propertyOrder" : 10050, "required" : false, "type" : "integer", "exampleValue" : "" }, "agentConfigChangeNotificationsEnabled" : { "title" : "Enable Notifications of Agent Configuration Change", "description" : "Enable agent to receive notification messages (via websockets) from AM server for configuration changes.<br>Property: org.forgerock.agents.config.change.notifications.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 12100, "required" : false, "type" : "boolean", "exampleValue" : "" }, "userPrincipalFlag" : { "title" : "Enable User Principal Flag", "description" : "Use principal instead of just the user-ID for authenticating the user.<br>Property: org.forgerock.agents.userid.mapping.mode.use.dn.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 800, "required" : false, "type" : "boolean", "exampleValue" : "" }, "debugLogfilePrefix" : { "title" : "Debug File Rotation Prefix", "description" : "Prefix which can be added onto the front of the debug file name when it is rotated.<br>Property: org.forgerock.agents.debug.prefix <br>Introduced in Java Agent 5.7", "propertyOrder" : 10010, "required" : false, "type" : "string", "exampleValue" : "" }, "webSocketConnectionIntervalInMinutes" : { "title" : "WebSocket Connection Interval", "description" : "The time in minutes before WebSockets to AM are killed and reopened. This property helps ensure a balanced distribution of connections across the AM servers on the site. <br>Default: 30<br>Type: Integer<br>Hot-swap: Yes<br> Property: org.forgerock.agents.balance.websocket.interval.minutes <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 12120, "required" : false, "type" : "integer", "exampleValue" : "" }, "cdssoRootUrl" : { "title" : "Agent Root URL for CDSSO", "description" : "The list of agent root URLs for CDSSO. The valid value is in the format protocol://hostname:port/, where protocol represents the protocol used, such as http or https, hostname represents the host name of the system where the agent resides, and port represents the port number on which the agent is installed. The slash following the port number is required.<br> If your agent system also has virtual host names, add URLs with the virtual host names to this list as well. AM checks that goto URLs match one of the agent root URLs for CDSSO.<br>Property: sunIdentityServerDeviceKeyValue <br>Valid for Agent 5.0 onwards", "propertyOrder" : 22700, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "debugLogfileRotationMinutes" : { "title" : "Debug File Rotation Time", "description" : "This is the time in minutes after which log file rotation will occur.<br>Property: org.forgerock.agents.debug.rotation.time.minutes <br>Introduced in Java Agent 5.7", "propertyOrder" : 10040, "required" : false, "type" : "integer", "exampleValue" : "" }, "userTokenName" : { "title" : "User Session Name", "description" : "Session property name for user-ID of the authenticated user in session.<br>Property: org.forgerock.agents.userid.mapping.mode.use.session.property.name <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 900, "required" : false, "type" : "string", "exampleValue" : "" }, "httpSessionBinding" : { "title" : "HTTP Session Binding", "description" : "If true will invalidate the http session when login has failed, user has no SSO session, or principal user name does not match SSO user name.<br>Property: org.forgerock.agents.http.session.binding.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 3500, "required" : false, "type" : "boolean", "exampleValue" : "" }, "auditAccessType" : { "title" : "Audit Access Types", "description" : "Types of messages to log based on user URL access attempts.<br>Property name: org.forgerock.agents.audit.what <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 1500, "required" : false, "type" : "string", "exampleValue" : "" }, "recheckAmUnavailabilityInSeconds" : { "title" : "Recheck availability of AM", "description" : "The duration after which the agent rechecks AM availability, when Autonomous mode is false, and AM becomes unavailable at runtime. <br>Consider these points when you configure this property: <br> If the duration is too short, the agent checks AM availability too often, and agent performance can be reduced. <br> If the duration is zero, the agent checks AM availability for every call. Requests that match not-enforced rules can take longer. <br>Property: org.forgerock.agents.am.unavailability.recheck.window.in.seconds <br>Introduced in Java Agent 5.9", "propertyOrder" : 12115, "required" : false, "type" : "integer", "exampleValue" : "" }, "status" : { "title" : "Status", "description" : "Status of the agent configuration.", "propertyOrder" : 200, "required" : true, "type" : "string", "exampleValue" : "" }, "localAuditLogRotation" : { "title" : "Enable Local Audit Log Rotation", "description" : "Flag to indicate that audit log files should be rotated when reaching a certain size.<br>Property: org.forgerock.agents.local.audit.log.rotation.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 1800, "required" : false, "type" : "boolean", "exampleValue" : "" }, "redirectAttemptLimit" : { "title" : "Redirect Attempt Limit", "description" : "Number of successive single point redirects that a user can make using a single browser session which will trigger the blocking of the user request. Set to 0 to disable this feature.<br>Property: org.forgerock.agents.redirect.attempt.limit <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 7100, "required" : false, "type" : "integer", "exampleValue" : "" }, "lbCookieEnabled" : { "title" : "Enable Load Balancer Cookies", "description" : "When true, every policy evaluation call to AM is accompanied by a load balancer cookie. Use this property with \"org.forgerock.agents.load.balancer.cookie.name\" to improve performance. Load balancer cookies can reduce the number of calls that different AM instances make to the core token service. <br>Property: org.forgerock.agents.load.balancer.cookies.enabled <br>Introduced in Java Agent 5.8", "propertyOrder" : 12125, "required" : false, "type" : "boolean", "exampleValue" : "" }, "fqdnDefault" : { "title" : "Default FQDN", "description" : "Fully qualified hostname that the users should use in order to access resources.<br>Property: org.forgerock.agents.fqdn.default <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 6500, "required" : false, "type" : "string", "exampleValue" : "" }, "debugLogfileRotationSize" : { "title" : "Debug File Rotation Size", "description" : "This specifies the approximate size in bytes at which a log file will be rotated to a new log file.<br>Property: org.forgerock.agents.debug.rotation.size.bytes <br>Introduced in Java Agent 5.7", "propertyOrder" : 10030, "required" : false, "type" : "integer", "exampleValue" : "" } } }, "amServicesJ2EEAgent" : { "type" : "object", "title" : "AM Services", "propertyOrder" : 3, "properties" : { "policyEvaluationApplication" : { "title" : "Policy Set Map", "description" : "Which application contains the policies to evaluate with. <br>Property: org.forgerock.agents.policy.set.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 5500, "required" : false, "type" : "string", "exampleValue" : "" }, "customLoginEnabled" : { "title" : "Enable Custom Login Mode", "description" : "Flag to enable custom login. <br>Property: org.forgerock.agents.legacy.login.enabled <br>Introduced in Java Agent 5.0.1", "propertyOrder" : 3700, "required" : false, "type" : "boolean", "exampleValue" : "" }, "authServicePort" : { "title" : "AM Authentication Service Port", "description" : "Port to be used by the AM authentication service. This property need to be updated in Bootstrap.properties<br>Property: org.forgerock.agents.am.port <br>Valid for Java Agent 5.0 onwards <br>Requires Agent Restart", "propertyOrder" : 11100, "required" : false, "type" : "integer", "exampleValue" : "" }, "authServiceHost" : { "title" : "AM Authentication Service Host Name", "description" : "Host name to be used by the AM authentication service. This property need to be updated in Bootstrap.properties <br>Property: org.forgerock.agents.am.hostname <br>Valid for Java Agent 5.0 onwards <br>Requires Agent Restart", "propertyOrder" : 11000, "required" : false, "type" : "string", "exampleValue" : "" }, "legacyLoginUrlList" : { "title" : "Legacy Login URL List", "description" : "Conditionally redirect users based on the incoming request URL. If the incoming request URL matches a specified domain name, the Java agent redirects the request to a specific URL. Conditional redirects have the format [Domain/path]|[URL?realm=value&parameter1=value1...], with no spaces between values. <br>Example: myapp.domain.com|https://login.example.com/apps/login.jsp?realm=sales <br>Property: org.forgerock.agents.legacy.login.url.list <br>Introduced in Java Agent 5.0.1", "propertyOrder" : 3900, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "policyEvaluationRealm" : { "title" : "Policy Evaluation Realm Map", "description" : "Which realm to start evaluating from. <br>Property: org.forgerock.agents.policy.evaluation.realm.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 5400, "required" : false, "type" : "string", "exampleValue" : "" }, "policyNotifications" : { "title" : "Enable Policy Notifications", "description" : "Enable Notifications(via websockets) for remote policy client.<br>Property: org.forgerock.agents.policy.change.notifications.enabled <br>Valid for Java Agent 5.0 onwards <br>Requires Agent Restart", "propertyOrder" : 11200, "required" : false, "type" : "boolean", "exampleValue" : "" }, "authSuccessRedirectUrl" : { "title" : "Redirect to AM's Success URL", "description" : "When enabled, the Agent will redirect to the session's Success URL instead (defined in auth. chain) of the originally requested resource after successful authentication. <br>Property: org.forgerock.agents.authn.success.redirect.session.url.enabled <br>Introduced in Java Agent 5.6.3", "propertyOrder" : 4000, "required" : false, "type" : "boolean", "exampleValue" : "" }, "urlPolicyEnvPostParameters" : { "title" : "POST Parameter List for URL Policy Env", "description" : "List of HTTP POST request parameters whose names and values will be set in the environment map for URL policy evaluation at AM server. <br> Examples: <br> name <br> phonenumber <br>Property: org.forgerock.agents.continuous.security.post.list <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 11900, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "urlPolicyEnvJsessionParameters" : { "title" : "JSession Parameter List for URL Policy Env", "description" : "List of HTTP SESSION attributes whose names and values will be set in the environment map for URL policy evaluation at AM server. <br> Examples: <br> name <br> phonenumber <br>Property: org.forgerock.agents.continuous.security.http.session.list <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 12000, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "restrictToRealm" : { "title" : "Restrict to Realm Map", "description" : "A map keyed by application name which allows users from only the specified realms (each entry is a CSV) to access the specified application. If no restricted realm is set, any user from any realm will be allowed access. Keyed by application name, value is a comma separated list of realms from which users may request resources. <br>Property: org.forgerock.agents.restrict.to.realm.map <br>Introduced in Java Agent 5.6.2.1", "propertyOrder" : 13080, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "amLoginUrl" : { "title" : "AM Login URL List", "description" : "AM login page URL. <br> Example: <br> http://host:port/am/UI/Login <br>Property: com.sun.identity.agents.config.login.url <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 3710, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "conditionalLoginUrl" : { "title" : "OAuth Login URL List", "description" : "Examples: <br> match|url?param1=value1&ampparam2=value2 <br> match/path|?param1=value1&ampparam2=value2&ampparam3=value3 <br>Property: org.forgerock.agents.oauth.login.url.list <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 3800, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "agentAdviceEncode" : { "title" : "Composite Advice Encode", "description" : "This property is used to specify whether AM composite advices should be based64url encoded before sending to custom login endpoints. <br>Property: org.forgerock.agents.advice.b64.url.encode <br>Introduced in Java Agent 5.6.2", "propertyOrder" : 13050, "required" : false, "type" : "boolean", "exampleValue" : "" }, "overridePolicyEvaluationRealmEnabled" : { "title" : "Enable Policy Evaluation in User Authentication Realm", "description" : "When true, user authenticated realm will be used for policy evaluation and ignores the value in org.forgerock.agents.policy.evaluation.realm.map. <br>Default: false<br>Type: Boolean<br>Hot-swap: Yes<br> Property: org.forgerock.agents.user.realm.overrides.policy.evaluation.realm.enabled <br>Introduced in Java Agent 5.8", "propertyOrder" : 5410, "required" : false, "type" : "boolean", "exampleValue" : "" }, "urlPolicyEnvGetParameters" : { "title" : "GET Parameter List for URL Policy Env", "description" : "List of HTTP GET request parameters whose names and values will be set in the environment map for URL policy evaluation at AM server.<br> Examples: <br> name <br> phonenumber <br>Property: org.forgerock.agents.continuous.security.get.list <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 11800, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "authServiceProtocol" : { "title" : "AM Authentication Service Protocol", "description" : "Protocol to be used by the AM authentication service. This property need to be updated in AgentBootstrap.properties <br>Property: org.forgerock.agents.am.protocol <br>Valid for Java Agent 5.0 onwards <br>Requires Agent Restart", "propertyOrder" : 10900, "required" : false, "type" : "string", "exampleValue" : "" }, "conditionalLogoutUrl" : { "title" : "Conditional Logout URL List", "description" : "Examples: <br> match|url?param1=value1&param2=value2 <br>match/path|?param1=value1&param2=value2&param3=value3 <br>Property: org.forgerock.agents.conditional.logout.url.list <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 12550, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" } } }, "applicationJ2EEAgentConfig" : { "type" : "object", "title" : "Application", "propertyOrder" : 1, "properties" : { "continuousSecurityCookies" : { "title" : "Continuous Security Cookie Map", "description" : "The name of the cookies to be sent as part of the payload during policy evaluation, which can be accessed via the 'environment' variable in a policy script. The 'key' is the name of the cookie to be sent, and the 'value' is the name which it will appear as in the policy evaluation script. It is possible to map multiple cookies to the same name (they will simply appear as an array in the evaluation script). If the cookie doesn't exist, then the empty string will be sent. <br>Property: org.forgerock.agents.continuous.security.cookies.map <br>Valid for Agent 5.0 onwards", "propertyOrder" : 3210, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "continuousSecurityHeaders" : { "title" : "Continuous Security Header Map", "description" : "The name of the headers in the user's original request, that will be sent as part of the payload during policy evaluation, which can then be accessed via the 'environment' variable in a policy script. The 'key' is the name of the header to be sent, and the 'value' is the name which it will appear as in the policy evaluation script.It is possible to map multiple headers to the same name (they will simply appear as an array in the evaluation script). If the header doesn't exist, then the empty string will be sent. <br>Property: org.forgerock.agents.continuous.security.headers.map <br>Valid for Agent 5.0 onwards", "propertyOrder" : 3211, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "profileAttributeFetchMode" : { "title" : "Profile Attribute Fetch Mode", "description" : "The mode of fetching profile attributes.<br>Property: com.sun.identity.agents.config.profile.attribute.fetch.mode <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 8700, "required" : false, "type" : "string", "exampleValue" : "" }, "profileAttributeMap" : { "title" : "Profile Attribute Map", "description" : "Maps the profile attributes to be populated under specific names for the currently authenticated user.<br> Example: <br> To populate the value of profile attribute cn under name CUSTOM-Common-Name: enter cn in Map Key field, and enter CUSTOM-Common-Name in Corresponding Map Value field. <br> To populate the value of profile attribute mail under name CUSTOM-Email: enter mail in Map Key field, and enter CUSTOM-Email in Corresponding Map Value field. <br>Property: org.forgerock.agents.profile.attribute.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 8800, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "invertNotEnforcedUris" : { "title" : "Invert Not-Enforced URIs", "description" : "Inverts protection of URIs specified in Not-Enforced URIs list. When set to true, it indicates that the URIs specified should be enforced and all other URIs should be not enforced by the Agent.<br>Property: org.forgerock.agents.notenforced.uri.invert.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 7600, "required" : false, "type" : "boolean", "exampleValue" : "" }, "resourceAccessDeniedUri" : { "title" : "Access Denied URI Map", "description" : "An application-specific Map that identifies a URI of the customized access denied page.<br>Valid key: the web application name. <br>Valid value: the customized application access denied page URI. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific access denied page. <br> Examples: <br>To set a global access denied page: leave Map Key field empty, and enter the global access denied page URI /sample/accessdenied.html in Corresponding Map Value field. <br> To set the access denied page URI for application BankApp: enter BankApp in Map Key field, and enter the application access denied page URI /BankApp/accessdenied.html in Corresponding Map Value field. <br>Property: org.forgerock.agents.access.denied.uri.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 2700, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "sessionAttributeFetchMode" : { "title" : "Session Attribute Fetch Mode", "description" : "The mode of fetching session attributes.<br>Property: com.sun.identity.agents.config.session.attribute.fetch.mode <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 8900, "required" : false, "type" : "string", "exampleValue" : "" }, "cookieAttributeUrlEncoded" : { "title" : "Enable Attribute Encoding", "description" : "Indicates if the value of the attribute should be URL encoded before being set as a cookie.<br>Property: org.forgerock.agents.attribute.cookie.encode.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 8500, "required" : false, "type" : "boolean", "exampleValue" : "" }, "responseAttributeMap" : { "title" : "Response Attribute Map", "description" : "Maps the policy response attributes to be populated under specific names for the currently authenticated user. <br> Example: <br> To populate the value of response attribute uid under name CUSTOM-USER-NAME: enter uid in Map Key field, and enter CUSTOM-USER-NAME in Corresponding Map Value field. <br>Property: org.forgerock.agents.response.attribute.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 9200, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "headerAttributeDateFormat" : { "title" : "Fetch Attribute Date Format", "description" : "Format of date attribute values to be used when the attribute is being set as HTTP header. Format is based on java.text.SimpleDateFormat. <br>Property: org.forgerock.agents.attribute.date.format <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 8400, "required" : false, "type" : "string", "exampleValue" : "" }, "notEnforcedUrisCacheEnabled" : { "title" : "Enable Not-Enforced URIs Cache", "description" : "Enables the caching of the Not-Enforced URIs list evaluation results.<br>Property: org.forgerock.agents.notenforced.uri.cache.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 7700, "required" : false, "type" : "boolean", "exampleValue" : "" }, "notEnforcedFavicon" : { "title" : "Not-Enforced Favicon", "description" : "This flag, if enabled, automatically adds \"*/favicon.ico\" to the not enforced list. This can help to avoid odd situations in which a user is required to log in after logging out, just because favicon.ico has been requested by browser. <br>Property: org.forgerock.agents.auto.not.enforce.favicon.enabled <br>Introduced in Java Agent 5.7 <br>Requires Agent Restart", "propertyOrder" : 7650, "required" : false, "type" : "boolean", "exampleValue" : "" }, "notEnforcedUrisCacheSize" : { "title" : "Max Entries in Not-Enforced URI Cache", "description" : "Size of the cache to be used if caching of not enforced URI list evaluation results is enabled.<br>Property: org.forgerock.agents.notenforced.uri.cache.size <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 7800, "required" : false, "type" : "integer", "exampleValue" : "" }, "applicationLogoutUris" : { "title" : "Logout URI Map", "description" : "An application-specific Map that identifies a request URI which indicates a logout event.<br>Valid key: the web application name. <br>Valid value: the application logout URI. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific logout URI. <br> Examples: <br>To set a global application logout URI: leave Map Key field empty, and enter the global application logout URI /logout.jsp in Corresponding Map Value field. <br> To set the logout URI for application BankApp: enter BankApp in Map Key field, and enter the application logout URI /BankApp/logout.jsp in Corresponding Map Value field. <br>Property: org.forgerock.agents.logout.endpoint.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 6000, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "clientIpValidationRange" : { "title" : "Client IP Validation Address Range", "description" : "Comma separated list of IP addresses and/or ranges of IP addresses in CIDR format. Key = application(if empty for all applications) Requires \"Client IP Validation Mode\" property be DENY or LOGOUT.<br>Property: org.forgerock.agents.acceptable.ip.address.map <br>Introduced in Java Agent 5.8", "propertyOrder" : 8275, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "notEnforcedRuleCompoundSeparator" : { "title" : "Not Enforced Compound Rule Separator", "description" : "Specifies a separator for not enforced compound rules. The format for compound rules requires a list of IP rules, a separator (by default the | character), and a list of URI rules. <br>Example, GET 192.168.1.1-192.168.4.3 | /images/* <br>Configure a different separator (for example, &&) when working with the REGEX keyword to avoid invalid regular expressions. <br>Property: com.sun.identity.agents.config.notenforced.rule.compound.separator <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 7450, "required" : false, "type" : "string", "exampleValue" : "" }, "notEnforcedIpsCacheSize" : { "title" : "Max Entries in Not-Enforced IP Cache", "description" : "Size of the cache to be used if Not-Enforced IP Cache Flag is enabled.<br>Property: org.forgerock.agents.notenforced.ip.cache.size <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 8200, "required" : false, "type" : "integer", "exampleValue" : "" }, "logoutRequestParameters" : { "title" : "Logout Request Parameter Map", "description" : "An application-specific Map that identifies a parameter which when present in the HTTP request indicates a logout event. <br>Valid key: the web application name. <br>Valid value: the logout request parameter. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific logout request parameter. <br> Examples: <br>To set a global application logout request parameter: leave Map Key field empty, and enter the global application logout request parameter logoutparam in Corresponding Map Value field. <br> To set the logout request parameter for application BankApp: enter BankApp in Map Key field, and enter the logout request parameter logoutparam in Corresponding Map Value field. <br>Property: org.forgerock.agents.logout.request.param.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 6100, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "notEnforcedIpsCacheEnabled" : { "title" : "Enable Not-Enforced IP Cache", "description" : "Enable caching of not-enforced IP list evaluation results.<br>Property: org.forgerock.agents.notenforced.ip.cache.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 8100, "required" : false, "type" : "boolean", "exampleValue" : "" }, "invertNotEnforcedIps" : { "title" : "Invert Not-Enforced IPs", "description" : "Client IP Addresses to invert protection of IP addresses listed in the related Not-Enforced Client IP List.<br>Property: org.forgerock.agents.notenforced.ip.invert.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 8000, "required" : false, "type" : "boolean", "exampleValue" : "" }, "logoutIntrospection" : { "title" : "Enable Logout Introspection", "description" : "Allows the Agent to search HTTP request body to locate logout parameter.<br>Property: org.forgerock.agents.logout.introspection.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 6200, "required" : false, "type" : "boolean", "exampleValue" : "" }, "clientIpValidationMode" : { "title" : "Client IP Validation Mode", "description" : "Checks that that the request originates from the same IP address as used for first authentication, or that any change in IP address is in the \"approved\" list. <br>Key: Application name. If the application is not named, check the the IP address globally, for all applications. <br>Value:<br> OFF: Do not check the IP address. <br> DENY: If IP address is not approved, refuse the request and return an HTTP 403. <br> LOGOUT: If IP address is not approved, log out from AM to destroy the user session. <br>Property: org.forgerock.agents.original.ip.check.mode.map <br>Introduced in Java Agent 5.8", "propertyOrder" : 8250, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "cookieAttributeMultiValueSeparator" : { "title" : "Cookie Separator Character", "description" : "Character that will be used to separate multiple values of the same attribute when it is being set as a cookie. <br>Property: org.forgerock.agents.attribute.cookie.separator <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 8300, "required" : false, "type" : "string", "exampleValue" : "" }, "notEnforcedUris" : { "title" : "Not-Enforced URIs", "description" : "List of URIs for which protection is not enforced by the Agent. <br> Examples: <br> /BankApp/public/* <br> /BankApp/images/* <br>Property: org.forgerock.agents.notenforced.uri.list <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 7500, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "responseAttributeFetchMode" : { "title" : "Response Attribute Fetch Mode", "description" : "The mode of fetching policy response attributes.<br>Property: org.forgerock.agents.response.attribute.fetch.mode <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 9100, "required" : false, "type" : "string", "exampleValue" : "" }, "logoutEntryUri" : { "title" : "Logout Entry URI Map", "description" : "An application-specific Map that identifies a URI to be used as an entry point after successful logout and subsequent successful authentication if applicable. <br>Valid key: the web application name. <br>Valid value: the logout entry URI. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific logout entry URI. <br> Examples: <br>To set a global application logout entry URI: leave Map Key field empty, and enter the global application logout entry URI /welcome.html in Corresponding Map Value field. <br> To set the logout entry URI for application BankApp: enter BankApp in Map Key field, and enter the logout entry URI /BankApp/welcome.html in Corresponding Map Value field. <br>Property: org.forgerock.agents.logout.goto.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 6300, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "sessionAttributeMap" : { "title" : "Session Attribute Map", "description" : "Maps the session attributes to be populated under specific names for the currently authenticated user.<br> Example: <br> To populate the value of session attribute UserToken under name CUSTOM-userid: enter UserToken in Map Key field, and enter CUSTOM-userid in Corresponding Map Value field. <br>Property: org.forgerock.agents.session.attribute.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 9000, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "notEnforcedIps" : { "title" : "Not-Enforced Client IP List", "description" : "No authentication and authorization protection from agent are required for the requests coming from these client IP addresses. <br> Examples: <br> 192.18.145.* <br> 192.18.146.123 Property: org.forgerock.agents.notenforced.ip.list <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 7900, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" } } }, "advancedJ2EEAgentConfig" : { "type" : "object", "title" : "Advanced", "propertyOrder" : 5, "properties" : { "monitoringToCSV" : { "title" : "Export Monitoring Metrics to CSV", "description" : "When set to true, the Agent will write monitoring information to CSV files. <br>Property: org.forgerock.agents.monitoring.to.csv.enabled <br>Introduced in Java Agent 5.5", "propertyOrder" : 13085, "required" : false, "type" : "boolean", "exampleValue" : "" }, "alternativeAgentHostname" : { "title" : "Alternative Agent Host Name", "description" : "Host name identifying the Agent protected server to the client browsers if different from the actual host name. <br>Property: org.forgerock.agents.agent.hostname <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 4100, "required" : false, "type" : "string", "exampleValue" : "" }, "ssoExchangeCacheTTL" : { "title" : "Exchanged SSO Token Cache TTL", "description" : "This sets the time in minutes after which entries in the SSO token exchange cache will timeout and be purged. Since exchanging SSO tokens for JWTs is an expensive process, previously exchanged SSO tokens are cached so that the roundtrip to AM can be avoided in the case where an entity is unable to permanently store its JWT in a cookie. <br>Property: org.forgerock.agents.sso.exchange.cache.ttl.minutes <br>Introduced in Java Agent 5.6.2.1 <br>Requires Agent Restart", "propertyOrder" : 13900, "required" : false, "type" : "integer", "exampleValue" : "" }, "postDataStickySessionKeyValue" : { "title" : "POST Data Preservation Sticky Session Key Value", "description" : "The provided key-value pair will be used for adding to the URL or creating the cookie. <br>Example: <br>Set 'lb=server1' to append to the querystring or to have 'lb' cookie with 'server1' value. <br>Property: org.forgerock.agents.pdp.sticky.session.value <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 13500, "required" : false, "type" : "string", "exampleValue" : "" }, "expiredSessionCacheTTL" : { "title" : "Expired Session Cache Timeout", "description" : "The time in minutes after which entries in the expired session cache timeout and are purged.<br>The expired session cache records sessions that have been killed by AM.Use the cache to reduce network traffic and load on AM. When the Agent receives a request using an invalidated token, it rejects the request without needing to retrieve session information from AM.<br>Default: 20<br>Type: Integer<br>Hot swap: No<br> Property: org.forgerock.agents.sso.expired.session.cache.ttl.minutes <br>Introduced in Java Agent 5.8", "propertyOrder" : 13710, "required" : false, "type" : "integer", "exampleValue" : "" }, "customProperties" : { "title" : "Custom Properties", "description" : "Additional properties that allow users to augment the set of properties supported by agent.<br> Examples: <br> customproperty=custom-value1 <br> customlist[0]=customlist-value-0 <br> customlist[1]=customlist-value-1 <br> custommap[key1]=custommap-value-1 <br> custommap[key2]=custommap-value-2 <br>Property: com.sun.identity.agents.config.freeformproperties <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 20000, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "xssDetectionRedirectUri" : { "title" : "XSS Redirect URI Map", "description" : "An application-specific Map that identifies a URI of the customized page if XSS code has been detected.<br>Examples: <br>To set a redirect target for application BankApp: enter BankApp in Map Key field, and enter a redirect URI in Corresponding Map Value field. <br>Property: org.forgerock.agents.xss.redirect.uri.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 12900, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "alternativeAgentProtocol" : { "title" : "Alternative Agent Protocol", "description" : "Protocol being used (http/https) by the client browsers to communicate with the Agent protected server if different from the actual protocol used by the server.<br>Property name: org.forgerock.agents.agent.protocol <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 4300, "required" : false, "type" : "string", "exampleValue" : "" }, "ssoExchangeCacheSize" : { "title" : "Max Entries in SSO Exchange Cache", "description" : "The number of entries in the SSO Exchange cache. <br>Property: org.forgerock.agents.sso.exchange.cache.size <br>Introduced in Java Agent 5.6.2.1 <br>Requires Agent Restart", "propertyOrder" : 13910, "required" : false, "type" : "integer", "exampleValue" : "" }, "postDataPreserveCacheEntryMaxTotalSizeMb" : { "title" : "POST Data Preservation Storage Size", "description" : "The maximum number of megabytes allocated to store POST data. When the maximum is reached, old entries are discarded. <br>Property: org.forgerock.agents.pdp.cache.total.size.mb <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 13600, "required" : false, "type" : "integer", "exampleValue" : "" }, "clientHostnameHeader" : { "title" : "Client Hostname Header", "description" : "HTTP header name that holds the Hostname of the client. <br>Property: org.forgerock.agents.http.header.containing.remote.hostname <br>Valid for Agent 5.0 onwards", "propertyOrder" : 1100, "required" : false, "type" : "string", "exampleValue" : "" }, "postDataCacheTtlMin" : { "title" : "POST Data Preservation Cache TTL", "description" : "This sets the time in minutes after which entries in the Post Data Preservation cache will timeout and be purged. <br>Property: org.forgerock.agents.pdp.cache.ttl.minutes <br>Introduced in Java Agent 5.6 <br>Requires Agent Restart", "propertyOrder" : 13300, "required" : false, "type" : "integer", "exampleValue" : "" }, "missingPostDataPreservationEntryUri" : { "title" : "Missing POST Data Preservation Entry URI Map", "description" : "An application-specific URI Map that is used in case the referenced PDP entry cannot be found in the local cache (due to ttl). In such cases it will redirect to the specified URI, otherwise it will show a HTTP 403 Forbidden error. <br>Examples: <br>To set a redirect target for application BankApp: enter Bankapp in Map Key field and enter a redirect URI in corresponding Map Value field. <br>Property: org.forgerock.agents.pdp.noentry.url.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 13200, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "fragmentRelayUri" : { "title" : "Fragment Relay URI", "description" : "To enable unauthenticated fragment retention within incoming requests, set this property to a valid dummy URI within the Agent application.<br>Example: /agentapp/pre-authn-fragment-capture <br>Property: org.forgerock.agents.authn.fragment.relay.uri <br>Introduced in Java Agent 5.7", "propertyOrder" : 13090, "required" : false, "type" : "string", "exampleValue" : "" }, "policyCachePerUser" : { "title" : "Max Entries in Policy Cache per Session", "description" : "The number of distinct policy evaluation entries that each session (stored in the policy evaluation cache) can have. Thus the total number of policy evaluation results that can be stored is the \"Max Sessions in Policy Cache\" multiplied by the \"Max Entries in Policy Cache per Session\".<br>Property: org.forgerock.agents.policy.cache.per.session.size <br>Introduced in Java Agent 5.6 <br>Requires Agent Restart", "propertyOrder" : 14100, "required" : false, "type" : "integer", "exampleValue" : "" }, "possibleXssCodeElements" : { "title" : "XSS Code Element List", "description" : "If one of these strings occurs in the request, the client is redirected to an error page.<br>Property: org.forgerock.agents.xss.code.element.list <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 12800, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "expiredSessionCacheSize" : { "title" : "Max Entries in Expired Session Cache", "description" : "The maximum number of entries in the expired session cache. When the maximum is reached, the oldest records are overwritten.<br> The expired session cache records sessions that have been killed by AM. Use the cache to reduce network traffic and load on AM. When the Agent receives a request using a token in the expired session cache, it rejects the request without needing to retrieve session information from AM.<br>Default: 500<br>Type: Integer<br> Hot swap: No<br>Property: org.forgerock.agents.expired.session.cache.size <br>Introduced in Java Agent 5.8", "propertyOrder" : 13720, "required" : false, "type" : "integer", "exampleValue" : "" }, "sessionCacheTTL" : { "title" : "Session Cache TTL", "description" : "This sets the time in minutes after which entries in the session cache will timeout and be purged. If an entry is not cached, the Agent will need to retrieve session information from AM, hence by default the timeout is much longer than for the policy cache. <br>Property: org.forgerock.agents.session.cache.ttl.minutes<br>Introduced in Java Agent 5.6 <br>Requires Agent Restart", "propertyOrder" : 13700, "required" : false, "type" : "integer", "exampleValue" : "" }, "idleTimeRefreshWindow" : { "title" : "Idle Time Refresh Window", "description" : "Once every this number of minutes, the Agent will nudge AM so it knows a particular session is still in use, thereby resetting its idle time. <br>Property: org.forgerock.agents.idle.time.window.minutes <br>Introduced in Java Agent 5.6.2.1", "propertyOrder" : 14200, "required" : false, "type" : "integer", "exampleValue" : "" }, "postDataPreserveCacheEntryMaxEntries" : { "title" : "Max Entries in POST Data Preservation Storage", "description" : "Maximum number of entries to hold in the POST data preservation storage. <br>Property: org.forgerock.agents.pdp.cache.size <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 13550, "required" : false, "type" : "integer", "exampleValue" : "" }, "postDataPreservation" : { "title" : "Enable POST Data Preservation", "description" : "Post Data Preservation functionality basically stores any POST data before redirecting the user to the login screen and after successful login the agent will generate a page that autosubmits the same POST to the original URL.<br>Property: org.forgerock.agents.post.data.preservation.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 13100, "required" : false, "type" : "boolean", "exampleValue" : "" }, "alternativeAgentPort" : { "title" : "Alternative Agent Port Number", "description" : "Port number identifying the Agent protected server listening port to the client browsers if different from the actual listening port. <br>Property name: org.forgerock.agents.agent.port <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 4200, "required" : false, "type" : "string", "exampleValue" : "" }, "clientIpHeader" : { "title" : "Client IP Address Header", "description" : "HTTP header name that holds the IP address of the client. <br>Property: org.forgerock.agents.http.header.containing.ip.address <br>Valid for Agent 5.0 onwards", "propertyOrder" : 1000, "required" : false, "type" : "string", "exampleValue" : "" }, "postDataStickySessionMode" : { "title" : "POST Data Preservation Sticky Session Mode", "description" : "If the PDP mechanism needs sticky loadbalancing, the URL mode will append a querystring, while the Cookie mode will create a cookie. <br>Property: org.forgerock.agents.pdp.sticky.session.mode <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 13400, "required" : false, "type" : "string", "exampleValue" : "" }, "policyClientPollingInterval" : { "title" : "Policy Cache TTL", "description" : "This sets the time in minutes after which entries in the policy cache will timeout and be purged.<br>Property: org.forgerock.agents.policy.cache.ttl.minutes <br>Valid for Java Agent 5.0 onwards <br>Requires Agent Restart", "propertyOrder" : 13950, "required" : false, "type" : "integer", "exampleValue" : "" }, "jwtCacheTTL" : { "title" : "JWT Cache TTL", "description" : "This sets the time in minutes after which entries in the JWT cache will timeout and be purged. Since all JWTs in the cache have been parsed, and parsing is a CPU intensive process, having a large timeout on this cache is advantageous and will save CPU cycles reparsing already seen JWTs<br>Property: org.forgerock.agents.jwt.cache.ttl.minutes <br>Introduced in Java Agent 5.6 <br>Requires Agent Restart", "propertyOrder" : 13800, "required" : false, "type" : "integer", "exampleValue" : "" }, "jwtCacheSize" : { "title" : "Max Entries in JWT Cache", "description" : "The maximum number of entries in the JWT cache.Property: org.forgerock.agents.jwt.cache.size <br>Introduced in Java Agent 5.6 <br>Requires Agent Restart", "propertyOrder" : 13810, "required" : false, "type" : "integer", "exampleValue" : "" }, "policyCacheSize" : { "title" : "Max Sessions in Policy Cache", "description" : "The maximum number of sessions, i.e. distinct users, stored in the policy evaluation cache at any one time.<br>Property: org.forgerock.agents.policy.cache.session.size <br>Introduced in Java Agent 5.6 <br>Requires Agent Restart", "propertyOrder" : 14000, "required" : false, "type" : "integer", "exampleValue" : "" } } }, "ssoJ2EEAgentConfig" : { "type" : "object", "title" : "SSO", "propertyOrder" : 2, "properties" : { "httpOnly" : { "title" : "Enable HTTP Only Cookies", "description" : "Flag saying whether HTTP only cookies are enabled.<br>Property: com.sun.identity.cookie.httponly <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 5910, "required" : false, "type" : "boolean", "exampleValue" : "" }, "cookieResetPaths" : { "title" : "Reset Cookie Path Map", "description" : "Maps cookie names specified in Cookie Reset Name List to value being the path of this cookie to be used when a reset event occurs.<br>Property: org.forgerock.agents.cookie.reset.path.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 4900, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "cdssoDomainList" : { "title" : "JWT Cookie Domain List", "description" : "Domains for which cookies have to be set in a CDSSO scenario. <br> Example: <br> .forgerock.com <br>Property: org.forgerock.agents.jwt.cookie.domain.list <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 5800, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "setCookieAttributeMap" : { "title" : "Set-Cookie Attribute Map", "description" : "Text from this map will be added directly into the Set-Cookie header by the AttributeTaskHandler and its descendants when it creates cookies out of Profile Attributes, Session Info Attributes and/or Response Attributes. The key is the cookie name, the value is any arbitrary text suitable for the Set-Cookie header. Users should remember semicolons if they wish to add multiple values. Values inappropriate for the header will likely cause the Agent to fail to create the relevant cookie. <br>Property: org.forgerock.agents.set.cookie.attribute.map, <br>Introduced in Java Agent 5.6.3", "propertyOrder" : 5950, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "authExchangeUri" : { "title" : "Authentication Exchange URI", "description" : "This property allows the administrator to enable an endpoint that will facilitate the exchange of SSO tokens for OIDC JWTs. The value is empty by default and thus the endpoint is not accessible.<br>Property: org.forgerock.agents.authn.exchange.uri <br>Introduced in Java Agent 5.7", "propertyOrder" : 5901, "required" : false, "type" : "string", "exampleValue" : "" }, "excludedUserAgentsList" : { "title" : "Exclude Agents From Samesite Cookie Attributes", "description" : "Excluded User agents pattern list. List of incompatible user agents that will be prevented from receiving SameSite cookie attributes. <br>Property: org.forgerock.agents.samesite.excluded.user.agents.list <br>Introduced in Java Agent 5.6.3", "propertyOrder" : 5960, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "cookieResetDomains" : { "title" : "Reset Cookie Domain Map", "description" : "Maps cookie names specified in Cookie Reset Name List to value being the domain of this cookie to be used when a reset event occurs. <br>Property: org.forgerock.agents.cookie.reset.domain.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 4800, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "acceptSsoTokenDomainList" : { "title" : "SSO Cookie Domain List", "description" : "A list of domains in which the Agent attempts to create SSO cookies when \"Enable SSO Token Acceptance\" is true:<br> If the list is empty, the agent creates cookies only in its own domain.<br> If the agent is running behind a browser, it can create cookies only in its own domain.<br> If the agent is running behind a proxy, it should be able to create cookies in any required domains.<br> Default: Empty<br>Type: List of strings that represent domains<br>Hot-swap: Yes <br>Property: org.forgerock.agents.ipdp.cookie.domain.list <br>Introduced in Java Agent 5.8", "propertyOrder" : 5802, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "acceptSsoTokenEnabled" : { "title" : "Enable SSO Token Acceptance", "description" : "When true, the Agent does not attempt to convert SSO tokens to OIDC tokens. Use this option to continue to use SSO tokens, when the Agent and the token issuer are in the same domain.<br>When false, the Agent accepts SSO tokens and converts them to OIDC tokens. Use this option for better security, and in applications and APIs where the backend requires user information in form of an OIDC token.<br>Default: False<br>Type: Boolean<br> Hot-swap: Yes<br>Property: org.forgerock.agents.accept.sso.tokens.enabled <br>Introduced in Java Agent 5.8", "propertyOrder" : 5801, "required" : false, "type" : "boolean", "exampleValue" : "" }, "setCookieInternalMap" : { "title" : "Set-Cookie Internal Map", "description" : "Text from this map will be added directly into the Set-Cookie header when creating \"internal\" cookies (e.g. the am-auth-jwt and pre-auth cookies). This allows, among other things, the same-site value to be manipulated. The key is the cookie name, the value is any arbitrary text suitable for the Set-Cookie header. Users should remember semicolons if they wish to add multiple values. Values inappropriate for the header will likely cause the Agent to fail to create the relevant cookie. <br>Property: org.forgerock.agents.set.cookie.internal.map <br>Introduced in Java Agent 5.6.3", "propertyOrder" : 5940, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "cookieResetEnabled" : { "title" : "Cookie Reset", "description" : "Agent resets cookies in the response before redirecting to authentication.<br>Property: org.forgerock.agents.cookie.reset.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 4600, "required" : false, "type" : "boolean", "exampleValue" : "" }, "cookieResetNames" : { "title" : "Reset Cookie List", "description" : "Cookie names that will be reset by the Agent if Cookie Reset is enabled.<br>Property: org.forgerock.agents.cookie.reset.name.list <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 4700, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "cdssoRedirectUri" : { "title" : "Authentication Redirect URI", "description" : "An intermediate URI that is used by the Agent for processing CDSSO requests. <br>Property: org.forgerock.agents.authn.redirect.uri <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 5100, "required" : false, "type" : "string", "exampleValue" : "" }, "cdssoSecureCookies" : { "title" : "Transmit Cookies Securely", "description" : "When true, all cookies written by the Java Agent are secure. <br>Default: false.<br>Property: org.forgerock.agents.secure.cookies.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 5700, "required" : false, "type" : "boolean", "exampleValue" : "" }, "authExchangeCookieName" : { "title" : "Authentication Exchange Cookie Name", "description" : "This property allows the administrator to define a cooke name that will be used by the authn exchange endpoint. The value is empty by default and the endpoint will thus not be capable of examining cookie values <br>Property: org.forgerock.agents.authn.exchange.cookie.name <br>Introduced in Java Agent 5.7", "propertyOrder" : 5902, "required" : false, "type" : "string", "exampleValue" : "" }, "encodeCookies" : { "title" : "Enable Encoded Cookies", "description" : "Cookies are encoded, if set. <br>Property: com.iplanet.am.cookie.encode <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 5920, "required" : false, "type" : "boolean", "exampleValue" : "" }, "acceptIPDPCookie" : { "title" : "Convert SSO Tokens Into OIDC JWTs", "description" : "When this property is set to true, for each incoming request, when the user does not present a JWT in the designated cookie, the Agent will look for an SSO token in the iPlanetDirectoryPro cookie (configurable in AM). If this is found, the Agent invokes AM to exchange it for a JWT which is then used in further requests. The result is cached, so interaction with AM will not be needed, if the same SSO token is presented in the future (and the existing cache entry is still valid)<br>Property: org.forgerock.agents.accept.ipdp.cookie.enabled <br>Introduced in Java Agent 5.6.2.1", "propertyOrder" : 5900, "required" : false, "type" : "boolean", "exampleValue" : "" } } }, "miscJ2EEAgentConfig" : { "type" : "object", "title" : "Miscellaneous", "propertyOrder" : 4, "properties" : { "agent302RedirectEnabled" : { "title" : "Enable HTTP 302 Redirects", "description" : "Controls how the Agent handles redirects, as follows: <br> true: HTTP 302 Redirects are enabled. When an unauthenticated user attempts to access a resource, and not-enforced rules do not automatically grant access to the resource, the Agent returns an HTTP 302 to redirect the user to an authentication endpoint.<br>false: HTTP 302 Redirects are disabled. When an unauthenticated user attempts to access a resource, the Agent returns a block of configurable JSON that can be intercepted.<br> The returned HTTP code, content type, and data is configured by the properties <b>HTTP 302 Redirect Replacement HTTP Code, HTTP 302 Redirect Content Type, and HTTP 302 Redirect Data.</b><br> Lists of URLs in a not-enforced rule style, for which the data is produced are configured by the properties <b>\"HTTP 302 Redirect Not-Enforced List\" and HTTP 302 Redirect Invert Not Enforced List.</b><br>The following example JSON shows the request path as a URL and URI, and the target URL of the disabled redirect: <br> <pre>{\"redirect\": { \"requestUri\": \"examples/index.html#section_two\", \"requestUrl\": \"http://my.example.com:8020/examples/index.html#section_two\", \"targetUrl\": \"http://am.example.com:8010/am/oauth2/authorize?scope=openid&response_type=id_token&redirect_uri= . . . }}</pre><br> Use this option when it is difficult to handle 302, for example, when the Agent is accessed by a JavaScript application, or by something other than a browser.<br>Type: Boolean<br>Default: true<br>Hot-swap: Yes <br>Property: org.forgerock.agents.302.redirects.enabled <br>Introduced in Java Agent 5.8", "propertyOrder" : 19800, "required" : false, "type" : "boolean", "exampleValue" : "" }, "unwantedHttpUrlParams" : { "title" : "Remove Query Parameters List for Policy Evaluation", "description" : "Specifies a list of query parameters to be removed from a URL for policy decision and caching purposes. The property has the format [Domain/path] | parameter[,parameter...] with no spaces between values <br>Example: myapp.example.com/customers|location,lang <br>Property: org.forgerock.agents.unwanted.http.url.param.list <br>Introduced in Java Agent 5.5", "propertyOrder" : 19500, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "gotoParameterName" : { "title" : "Goto Parameter Name", "description" : "This is the name of the HTTP query \"goto\" parameter. It is not recommended to change it.<br>Property: com.sun.identity.agents.config.redirect.param <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 3600, "required" : false, "type" : "string", "exampleValue" : "" }, "authFailReasonUrl" : { "title" : "Authentication Fail URL", "description" : "This property allows administrators to set the URL/URI of a web page that says that authentication failed and which may, using the login fail reason parameter, explain why.<br>Property: org.forgerock.agents.authn.fail.url <br>Introduced in Java Agent 5.7", "propertyOrder" : 18900, "required" : false, "type" : "string", "exampleValue" : "" }, "legacyUserAgentSupport" : { "title" : "Enable Legacy Support Handlers", "description" : "Enables support for legacy user agents (browser).<br>Property: org.forgerock.agents.legacy.support.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 6700, "required" : false, "type" : "boolean", "exampleValue" : "" }, "localeLanguage" : { "title" : "Locale Language", "description" : "Property: org.forgerock.agents.locale.language <br>Valid for Java Agent 5.0 onwards <br>Requires Agent Restart", "propertyOrder" : 1300, "required" : false, "type" : "string", "exampleValue" : "" }, "loginReasonParameterName" : { "title" : "Login Reason Parameter Name", "description" : "Property to say why the user is being asked to login, the agent will (in custom login mode ONLY) pass the named parameter to the custom login endpoint, with an appropriate value. Note that this property is not enabled by default as this additional information represents an information leak. Default reasons: NO_TOKEN, JWT_INVALID, TOKEN_EXPIRED, EXCEPTION. <br>Property: org.forgerock.agents.login.reason.parameter.name <br>Introduced in Java Agent 5.7", "propertyOrder" : 18700, "required" : false, "type" : "string", "exampleValue" : "" }, "gotoUrl" : { "title" : "Goto Url", "description" : "This is a URL used in rare circumstances where the Agent has nowhere else to go. For instance if the user requests a resource, authenticates for the first time, then presses the back button and the administrator hasn't set up the authn fail URL. <br>Property: org.forgerock.agents.default.goto.url <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 19200, "required" : false, "type" : "string", "exampleValue" : "" }, "unwantedHttpUrlRegexParams" : { "title" : "Regex Remove Query Parameters List for Policy Evaluation", "description" : "Specifies a list of regular expressions the agent uses to match query parameters to be removed from a URL for policy decision and caching purposes. The property has the format [Domain/path] | regular_expression[,regular_expression...] with no spaces between values.<br>Property: org.forgerock.agents.unwanted.http.url.params.regex.list <br>Introduced in Java Agent 5.5", "propertyOrder" : 19600, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "agent302RedirectHttpData" : { "title" : "HTTP 302 Redirect Data", "description" : "When \"Enable HTTP 302 Redirects\" is false, this property specifies the data to return instead of an HTTP 302 Redirect.<br>The following values are substituted in the default example:<br>%REQUEST_URI% is substituted for the URI of the incoming request.<br>%REQUEST_URL% is substituted for full path of the incoming request.<br>%TARGET% is substituted for the URI of the full path of the intended redirection target, and includes parameters if appropriate.<br> Substituted values can each occur zero or more times in the text.<br> Type: String<br>Default:<br> <pre>{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}</pre><br> Hot-swap: Yes<br>Property: org.forgerock.agents.302.redirect.http.data <br>Introduced in Java Agent 5.8", "propertyOrder" : 20100, "required" : false, "type" : "string", "exampleValue" : "" }, "ignorePathInfo" : { "title" : "Ignore Path Info in Request URL", "description" : "The path info will be stripped from the request URL while doing Not Enforced List check and url policy evaluation if the value is set to true. <br>Property: com.sun.identity.agents.config.ignore.path.info <br>Valid for Agent 5.0 onwards", "propertyOrder" : 18600, "required" : false, "type" : "boolean", "exampleValue" : "" }, "wantedHttpUrlParams" : { "title" : "Query Parameter List for Policy Evaluation", "description" : "Specifies a list of query parameters to be retained (other parameters will be removed) from a URL for policy decision and caching purposes. The property has the format [Domain/path] | parameter[,parameter...] with no spaces between values.<br>Example: myapp.example.com/customers|location,lang <br>Property: org.forgerock.agents.wanted.http.url.param.list <br>Introduced in Java Agent 5.5", "propertyOrder" : 19300, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "authFailReasonParameterRemapper" : { "title" : "Authentication Fail Reason Parameter Value Map", "description" : "This map allows some of the possible reasons to be mapped to arbitrary values. When empty, will use default values. <br>Property: org.forgerock.agents.authn.fail.reason.remapper <br>Introduced in Java Agent 5.7", "propertyOrder" : 19100, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "agent302RedirectNerList" : { "title" : "HTTP 302 Redirect Not-Enforced List", "description" : "When \"Enable HTTP 302 Redirects\" is false, this property specifies a list of URLs for which HTTP 302 Redirect does not take place.<br>If a request does not match an entry in the list, or if the list is empty, an HTTP 302 Redirect takes place for all unauthenticated requests to access a resource, where other not-enforced rules do not automatically grant access to the resource.<br>If a request matches an entry in the list, HTTP 302 Redirect does not take place for that request, and the Agent returns a block of configurable JSON.<br> Type: List of not-enforced rules that comply with \"Conventions for Not-Enforced Rules\"<br>Default: Empty<br> Hot-swap: Yes<br>Property: org.forgerock.agents.302.redirect.ner.list <br>Introduced in Java Agent 5.8", "propertyOrder" : 20200, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "legacyRedirectUri" : { "title" : "Legacy User Agent Redirect URI", "description" : "An intermediate URI used by the Agent to redirect legacy user agent requests.<br>Property: org.forgerock.agents.legacy.redirect.uri <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 6900, "required" : false, "type" : "string", "exampleValue" : "" }, "portCheckFile" : { "title" : "Port Check Filename", "description" : "Name or complete path of a file that has the necessary content needed to handle requests that need port correction. <br>Property: org.forgerock.agents.port.check.file <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 7300, "required" : false, "type" : "string", "exampleValue" : "" }, "portCheckEnabled" : { "title" : "Enable Port Checking", "description" : "Indicates if port check functionality is enabled or disabled.<br>Property: org.forgerock.agents.port.check.enabled <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 7200, "required" : false, "type" : "boolean", "exampleValue" : "" }, "authFailReasonParameterName" : { "title" : "Authentication Fail Reason Parameter Name", "description" : "If this property is defined, the agent will pass the named parameter to a custom page (defined by \"Authentication Fail URL\") saying why authentication failed. The reason can be very detailed and users may want to use the \"Authentication Fail Reason Parameter Value Map\" to give custom detail, otherwise these default values will be used: AUTHN_BOOKKEEPING_COOKIE_MISSING, NONCE_MISSING, EXCEPTION <br>Property: org.forgerock.agents.authn.fail.reason.parameter.name <br>Introduced in Java Agent 5.7", "propertyOrder" : 19000, "required" : false, "type" : "string", "exampleValue" : "" }, "agent302RedirectContentType" : { "title" : "HTTP 302 Redirect Content Type", "description" : "When \"Enable HTTP 302 Redirects\" is false, this property specifies the content type of the data to return instead of an HTTP 302 Redirect.<br>Type: String<br>Default: application/json<br>Hot-swap: Yes<br>Property: org.forgerock.agents.302.redirect.http.content.type <br>Introduced in Java Agent 5.8", "propertyOrder" : 20000, "required" : false, "type" : "string", "exampleValue" : "" }, "wantedHttpUrlRegexParams" : { "title" : "Regular Expression Retain Query Parameters", "description" : "Specifies a list of regular expressions the agent uses to match query parameters to be retained for policy decision and caching purposes. The property has the format [Domain/path] | regular_expression[,regular_expression...] with no spaces between values. <br>Property: org.forgerock.agents.wanted.http.url.params.regex.list <br>Introduced in Java Agent 5.5", "propertyOrder" : 19400, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "loginReasonMap" : { "title" : "Login Reason Value Map", "description" : "This map allows some of the possible reasons to be mapped to arbitrary values, when empty will be used default values(see: \"Login Reason Parameter Name\" description). LOGIN REASON=CUSTOM VALUE e.g. [JWT_INVALID]=corrupted_token. <br>Property: org.forgerock.agents.login.reason.remapper <br>Introduced in Java Agent 5.7", "propertyOrder" : 18800, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "portCheckSetting" : { "title" : "Port Check Protocol Map", "description" : "Map of port versus protocol entries with the key being the listening port number and value being the listening protocol to be used by the Agent to identify requests with invalid port numbers.<br> Example: <br> To map port 80 to protocol http: enter 80 in Map Key field, and enter http in Corresponding Map Value field. <br>Property name: org.forgerock.agents.port.check.map <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 7400, "required" : false, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "agent302RedirectStatusCode" : { "title" : "HTTP 302 Redirect Replacement HTTP Status Code", "description" : "When \"Enable HTTP 302 Redirects\" is false, this property specifies the HTTP code to return instead of an HTTP 302 Redirect. <br>Type: Integer<br>Default: 200<br>Hot-swap: Yes<br> Property: org.forgerock.agents.302.redirect.http.status.code <br>Introduced in Java Agent 5.8", "propertyOrder" : 19900, "required" : false, "type" : "integer", "exampleValue" : "" }, "agent302RedirectInvertEnabled" : { "title" : "HTTP 302 Redirect Invert Not Enforced List", "description" : "When true, this property inverts the meaning of \"HTTP 302 Redirect Not-Enforced List\", so that it specifies a list of URLs for which HTTP 302 Redirect does take place.<br>Type: Boolean<br>Default: false<br>Hot-swap: Yes<br> Property: org.forgerock.agents.302.redirect.invert.enabled <br>Introduced in Java Agent 5.8", "propertyOrder" : 20300, "required" : false, "type" : "boolean", "exampleValue" : "" }, "legacyUserAgentList" : { "title" : "Legacy User Agent List", "description" : "List of user agent header values that identify legacy browsers. Entries in this list can have wild card character '*'. <br>Property: org.forgerock.agents.legacy.user.agent.list <br>Valid for Java Agent 5.0 onwards", "propertyOrder" : 6800, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "localeCountry" : { "title" : "Locale Country", "description" : "<br>Property: org.forgerock.agents.locale.country <br>Valid for Java Agent 5.0 onwards<br>Requires Agent Restart", "propertyOrder" : 1400, "required" : false, "type" : "string", "exampleValue" : "" } } } } }