CombinedMFARegistration
Realm Operations
Resource path:
/realm-config/authentication/authenticationtrees/nodes/CombinedMultiFactorRegistrationNode
Resource version: 1.0
create
Usage
am> create CombinedMFARegistration --realm Realm --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "policiesJson" : { "title" : "JSON Authenticator Policies", "description" : "The Authenticator Policies in a JSON format containing the rules to be applied to Authenticator app. For more details consult the SDK documentation. Example: {\"biometricAvailable\": { },\"deviceTampering\": {\"score\": 0.8}}", "propertyOrder" : 150, "type" : "string", "exampleValue" : "" }, "passwordLength" : { "title" : "One Time Password Length", "description" : "The length of the generated OTP in digits, must be at least 6 and compatible with the hardware/software OTP generators you expect your end-users to use. For example, Google and ForgeRock authenticators support values of 6 and 8.", "propertyOrder" : 80, "type" : "string", "exampleValue" : "" }, "bgColor" : { "title" : "Background Color", "description" : "The background color in hex notation to display behind the issuer's logo within the ForgeRock Authenticator app.", "propertyOrder" : 30, "type" : "string", "exampleValue" : "" }, "generateRecoveryCodes" : { "title" : "Generate Recovery Codes", "description" : "If enabled, the success outcome's transient state will contain a set of recovery codes. If this success outcome is passed into a Recovery Code Display Node, these codes will be presented to the user. A user may use recovery codes to bypass the Push authentication node in the event they have lost their authenticator.", "propertyOrder" : 50, "type" : "boolean", "exampleValue" : "" }, "truncationOffset" : { "title" : "HOTP Truncation Offset", "description" : "This is an option used by the HOTP algorithm that not all devices support. This should be left default unless you know your device uses an offset.", "propertyOrder" : 140, "type" : "integer", "exampleValue" : "" }, "algorithm" : { "title" : "OATH Algorithm", "description" : "", "propertyOrder" : 100, "type" : "string", "exampleValue" : "" }, "totpHashAlgorithm" : { "title" : "TOTP Hash Algorithm", "description" : "The Hmac hash algorithm to be used on generating the OTP codes.", "propertyOrder" : 120, "type" : "string", "exampleValue" : "" }, "timeout" : { "title" : "Registration Response Timeout", "description" : "The period of time (in seconds) to wait for a response to the registration QR code. If no response is received during this time the QR code times out and the registration process fails.", "propertyOrder" : 70, "type" : "integer", "exampleValue" : "" }, "scanQRCodeMessage" : { "title" : "QR code message", "description" : "The message with instructions to scan the QR code for registering the device.", "propertyOrder" : 60, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "accountName" : { "title" : "Account Name", "description" : "This field allows selection of the user attribute to be used as the user's Account Name. It is used when the user's Push account is stored in the device. If left blank or the selected attribute is empty on user's profile, the account name will be set to the user's username.", "propertyOrder" : 20, "type" : "string", "exampleValue" : "" }, "totpTimeInterval" : { "title" : "TOTP Time Step Interval", "description" : "This is the time interval that one OTP is valid for. For example, if the time step is 30 seconds, then a new OTP will be generated every 30 seconds. This makes a single OTP valid for only 30 seconds.", "propertyOrder" : 110, "type" : "integer", "exampleValue" : "" }, "imgUrl" : { "title" : "Logo Image URL", "description" : "The location of an image to download and display as the issuer's logo within the ForgeRock Authenticator app.", "propertyOrder" : 40, "type" : "string", "exampleValue" : "" }, "issuer" : { "title" : "Issuer", "description" : "A value that appears as an identifier on the user's device. Common choices are a company name, a website, or an AM realm.", "propertyOrder" : 10, "type" : "string", "exampleValue" : "" }, "minSharedSecretLength" : { "title" : "Minimum Secret Key Length", "description" : "Minimum number of hexadecimal characters allowed for the Secret Key.", "propertyOrder" : 90, "type" : "integer", "exampleValue" : "" }, "addChecksum" : { "title" : "HOTP Checksum Digit", "description" : "This adds a digit to the end of the OTP generated to be used as a checksum to verify the OTP was generated correctly. This is in addition to the actual password length. You should only set this if your device supports it.", "propertyOrder" : 130, "type" : "boolean", "exampleValue" : "" } }, "required" : [ "totpHashAlgorithm", "accountName", "imgUrl", "bgColor", "generateRecoveryCodes", "truncationOffset", "issuer", "algorithm", "passwordLength", "policiesJson", "scanQRCodeMessage", "addChecksum", "minSharedSecretLength", "totpTimeInterval", "timeout" ] }
delete
Usage
am> delete CombinedMFARegistration --realm Realm --id id
Parameters
- --id
-
The unique identifier for the resource.
getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
Usage
am> action CombinedMFARegistration --realm Realm --actionName getAllTypes
getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
Usage
am> action CombinedMFARegistration --realm Realm --actionName getCreatableTypes
listOutcomes
List the available outcomes for the node type.
Usage
am> action CombinedMFARegistration --realm Realm --body body --actionName listOutcomes
Parameters
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "title" : "Some configuration of the node. This does not need to be complete against the configuration schema." }
nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
Usage
am> action CombinedMFARegistration --realm Realm --actionName nextdescendents
query
Get the full list of instances of this collection. This query only supports _queryFilter=true filter.
Usage
am> query CombinedMFARegistration --realm Realm --filter filter
Parameters
- --filter
-
A CREST formatted query filter, where "true" will query all.
read
Usage
am> read CombinedMFARegistration --realm Realm --id id
Parameters
- --id
-
The unique identifier for the resource.
update
Usage
am> update CombinedMFARegistration --realm Realm --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "policiesJson" : { "title" : "JSON Authenticator Policies", "description" : "The Authenticator Policies in a JSON format containing the rules to be applied to Authenticator app. For more details consult the SDK documentation. Example: {\"biometricAvailable\": { },\"deviceTampering\": {\"score\": 0.8}}", "propertyOrder" : 150, "type" : "string", "exampleValue" : "" }, "passwordLength" : { "title" : "One Time Password Length", "description" : "The length of the generated OTP in digits, must be at least 6 and compatible with the hardware/software OTP generators you expect your end-users to use. For example, Google and ForgeRock authenticators support values of 6 and 8.", "propertyOrder" : 80, "type" : "string", "exampleValue" : "" }, "bgColor" : { "title" : "Background Color", "description" : "The background color in hex notation to display behind the issuer's logo within the ForgeRock Authenticator app.", "propertyOrder" : 30, "type" : "string", "exampleValue" : "" }, "generateRecoveryCodes" : { "title" : "Generate Recovery Codes", "description" : "If enabled, the success outcome's transient state will contain a set of recovery codes. If this success outcome is passed into a Recovery Code Display Node, these codes will be presented to the user. A user may use recovery codes to bypass the Push authentication node in the event they have lost their authenticator.", "propertyOrder" : 50, "type" : "boolean", "exampleValue" : "" }, "truncationOffset" : { "title" : "HOTP Truncation Offset", "description" : "This is an option used by the HOTP algorithm that not all devices support. This should be left default unless you know your device uses an offset.", "propertyOrder" : 140, "type" : "integer", "exampleValue" : "" }, "algorithm" : { "title" : "OATH Algorithm", "description" : "", "propertyOrder" : 100, "type" : "string", "exampleValue" : "" }, "totpHashAlgorithm" : { "title" : "TOTP Hash Algorithm", "description" : "The Hmac hash algorithm to be used on generating the OTP codes.", "propertyOrder" : 120, "type" : "string", "exampleValue" : "" }, "timeout" : { "title" : "Registration Response Timeout", "description" : "The period of time (in seconds) to wait for a response to the registration QR code. If no response is received during this time the QR code times out and the registration process fails.", "propertyOrder" : 70, "type" : "integer", "exampleValue" : "" }, "scanQRCodeMessage" : { "title" : "QR code message", "description" : "The message with instructions to scan the QR code for registering the device.", "propertyOrder" : 60, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "accountName" : { "title" : "Account Name", "description" : "This field allows selection of the user attribute to be used as the user's Account Name. It is used when the user's Push account is stored in the device. If left blank or the selected attribute is empty on user's profile, the account name will be set to the user's username.", "propertyOrder" : 20, "type" : "string", "exampleValue" : "" }, "totpTimeInterval" : { "title" : "TOTP Time Step Interval", "description" : "This is the time interval that one OTP is valid for. For example, if the time step is 30 seconds, then a new OTP will be generated every 30 seconds. This makes a single OTP valid for only 30 seconds.", "propertyOrder" : 110, "type" : "integer", "exampleValue" : "" }, "imgUrl" : { "title" : "Logo Image URL", "description" : "The location of an image to download and display as the issuer's logo within the ForgeRock Authenticator app.", "propertyOrder" : 40, "type" : "string", "exampleValue" : "" }, "issuer" : { "title" : "Issuer", "description" : "A value that appears as an identifier on the user's device. Common choices are a company name, a website, or an AM realm.", "propertyOrder" : 10, "type" : "string", "exampleValue" : "" }, "minSharedSecretLength" : { "title" : "Minimum Secret Key Length", "description" : "Minimum number of hexadecimal characters allowed for the Secret Key.", "propertyOrder" : 90, "type" : "integer", "exampleValue" : "" }, "addChecksum" : { "title" : "HOTP Checksum Digit", "description" : "This adds a digit to the end of the OTP generated to be used as a checksum to verify the OTP was generated correctly. This is in addition to the actual password length. You should only set this if your device supports it.", "propertyOrder" : 130, "type" : "boolean", "exampleValue" : "" } }, "required" : [ "totpHashAlgorithm", "accountName", "imgUrl", "bgColor", "generateRecoveryCodes", "truncationOffset", "issuer", "algorithm", "passwordLength", "policiesJson", "scanQRCodeMessage", "addChecksum", "minSharedSecretLength", "totpTimeInterval", "timeout" ] }