RadiusClient
Global Operations
Resource path:
/global-config/services/RadiusServerService/radiusClient
Resource version: 1.0
create
Usage
am> create RadiusClient --global --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "handlerClass" : { "title" : "Handler Class", "description" : "The fully qualified name of a class to handle incoming RADIUS Access-Requests for this client.<br><br>This class must implement the <code>com.sun.identity.authentication.modules.radius.server.spi.AccessRequestHandler</code> interface to handle incoming Access-Request packets and provide a suitable response. An instance of this class is created when configuration is first loaded to validate the class and then once for each new request. The configuration properties will only be passed for the request handling instances and not when validating the class.", "propertyOrder" : 700, "required" : true, "type" : "string", "exampleValue" : "" }, "clientSecret" : { "title" : "Client Secret", "description" : "This secret shared between server and client for encryption of the user password.<br><br>This secret must be conveyed to the RADIUS client and entered into its configuration before the User-Password field of incoming Access-Request packets can be decrypted to validate the password for the represented by that packet.", "propertyOrder" : 300, "required" : true, "type" : "string", "format" : "password", "exampleValue" : "" }, "clientIpAddress" : { "title" : "Client IP Address", "description" : "The IP Address of the client.<br><br><a href=\"http://tools.ietf.org/html/rfc2865#section-5.4\" target=\"_blank\">Section 5.4 of the RADIUS Authentication Specification, RFC 2865</a>, indicates that the source IP address of the Access-Request packet <em>MUST</em> be used to identify a configured client and hence determine the shared secret to use for decrypting the User-Password field.<p><p>This property should hold the source IP address of the client. This should match the value obtained from Java's <code>InetSocketAddress.getAddress().toString()</code> function.<p><p>To verify the value, send an Access-Request packet to OpenAM's RADIUS port and watch for a message stating: <code>\"No Defined RADIUS Client matches IP address '/127.0.0.1'. Dropping request.\"</code>. The value used in this property should match the IP address returned in the single quotes.", "propertyOrder" : 100, "required" : true, "type" : "string", "exampleValue" : "" }, "handlerConfig" : { "title" : "Handler Class Configuration Properties", "description" : "Properties needed by the handler class for its configuration.<br><br>These properties are provided to the handler via its <code>init</code> method prior to the call to handle the request packet. If these values are changed the next handler instance created for an incoming request will receive the updated values. Each entry assumes that the first '<code>=</code>' character incurred separates a key from its value. All entries are placed in a properties file handed to each handler instance.", "propertyOrder" : 900, "required" : true, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "clientPacketsLogged" : { "title" : "Log Packet Contents for this Client", "description" : "Indicates if full packet contents should be dumped to the log.<br><br>When troubleshooting issues with RADIUS it is helpful to know what was received in a given packet. Enabling this feature will cause packet contents to be logged in a human consumable format. The only caveat is that the USER_PASSWORD field will be obfiscated by replacing with asterisks. This should only be enabled for troubleshooting as it adds significant content to logs and slows processing.", "propertyOrder" : 500, "required" : true, "type" : "string", "exampleValue" : "" } } }
delete
Usage
am> delete RadiusClient --global --id id
Parameters
- --id
-
The unique identifier for the resource.
getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
Usage
am> action RadiusClient --global --actionName getAllTypes
getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
Usage
am> action RadiusClient --global --actionName getCreatableTypes
nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
Usage
am> action RadiusClient --global --actionName nextdescendents
query
Get the full list of instances of this collection. This query only supports _queryFilter=true
filter.
Usage
am> query RadiusClient --global --filter filter
Parameters
- --filter
-
A CREST formatted query filter, where "true" will query all.
read
Usage
am> read RadiusClient --global --id id
Parameters
- --id
-
The unique identifier for the resource.
update
Usage
am> update RadiusClient --global --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "handlerClass" : { "title" : "Handler Class", "description" : "The fully qualified name of a class to handle incoming RADIUS Access-Requests for this client.<br><br>This class must implement the <code>com.sun.identity.authentication.modules.radius.server.spi.AccessRequestHandler</code> interface to handle incoming Access-Request packets and provide a suitable response. An instance of this class is created when configuration is first loaded to validate the class and then once for each new request. The configuration properties will only be passed for the request handling instances and not when validating the class.", "propertyOrder" : 700, "required" : true, "type" : "string", "exampleValue" : "" }, "clientSecret" : { "title" : "Client Secret", "description" : "This secret shared between server and client for encryption of the user password.<br><br>This secret must be conveyed to the RADIUS client and entered into its configuration before the User-Password field of incoming Access-Request packets can be decrypted to validate the password for the represented by that packet.", "propertyOrder" : 300, "required" : true, "type" : "string", "format" : "password", "exampleValue" : "" }, "clientIpAddress" : { "title" : "Client IP Address", "description" : "The IP Address of the client.<br><br><a href=\"http://tools.ietf.org/html/rfc2865#section-5.4\" target=\"_blank\">Section 5.4 of the RADIUS Authentication Specification, RFC 2865</a>, indicates that the source IP address of the Access-Request packet <em>MUST</em> be used to identify a configured client and hence determine the shared secret to use for decrypting the User-Password field.<p><p>This property should hold the source IP address of the client. This should match the value obtained from Java's <code>InetSocketAddress.getAddress().toString()</code> function.<p><p>To verify the value, send an Access-Request packet to OpenAM's RADIUS port and watch for a message stating: <code>\"No Defined RADIUS Client matches IP address '/127.0.0.1'. Dropping request.\"</code>. The value used in this property should match the IP address returned in the single quotes.", "propertyOrder" : 100, "required" : true, "type" : "string", "exampleValue" : "" }, "handlerConfig" : { "title" : "Handler Class Configuration Properties", "description" : "Properties needed by the handler class for its configuration.<br><br>These properties are provided to the handler via its <code>init</code> method prior to the call to handle the request packet. If these values are changed the next handler instance created for an incoming request will receive the updated values. Each entry assumes that the first '<code>=</code>' character incurred separates a key from its value. All entries are placed in a properties file handed to each handler instance.", "propertyOrder" : 900, "required" : true, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "clientPacketsLogged" : { "title" : "Log Packet Contents for this Client", "description" : "Indicates if full packet contents should be dumped to the log.<br><br>When troubleshooting issues with RADIUS it is helpful to know what was received in a given packet. Enabling this feature will cause packet contents to be logged in a human consumable format. The only caveat is that the USER_PASSWORD field will be obfiscated by replacing with asterisks. This should only be enabled for troubleshooting as it adds significant content to logs and slows processing.", "propertyOrder" : 500, "required" : true, "type" : "string", "exampleValue" : "" } } }