KerberosNode
Realm Operations
Resource path:
/realm-config/authentication/authenticationtrees/nodes/product-KerberosNode
Resource version: 1.0
create
Usage
am> create KerberosNode --realm Realm --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "keytabFileName" : { "title" : "Key Tab File Path", "description" : "The absolute pathname of the AD keytab file.", "propertyOrder" : 200, "type" : "string", "exampleValue" : "" }, "lookupUserInRealm" : { "title" : "Lookup User In Realm", "description" : "Validate that the user has a matched user profile configured in the data store.", "propertyOrder" : 700, "type" : "boolean", "exampleValue" : "" }, "kerberosServiceIsInitiator" : { "title" : "Is Initiator", "description" : "True, if initiator. False, if acceptor only. Default is True.", "propertyOrder" : 800, "type" : "boolean", "exampleValue" : "" }, "trustedKerberosRealms" : { "title" : "Trusted Kerberos realms", "description" : "List of Trusted Kerberos Realms for User Kerberos tickets.", "propertyOrder" : 500, "items" : { "type" : "string" }, "minItems" : 1, "type" : "array", "exampleValue" : "" }, "returnPrincipalWithDomainName" : { "title" : "Return Principal with Domain Name", "description" : "Returns the fully qualified name of the authenticated user rather than just the username.", "propertyOrder" : 600, "type" : "boolean", "exampleValue" : "" }, "principalName" : { "title" : "Service Principal", "description" : "The name of the Kerberos principal used during authentication. The format of the field is as follows:<br/><br/><code>HTTP/openam.forgerock.com@AD_DOMAIN.COM</code>", "propertyOrder" : 100, "type" : "string", "exampleValue" : "" }, "kerberosRealm" : { "title" : "Kerberos Realm", "description" : "The name of the Kerberos (Active Directory) realm used for authentication.", "propertyOrder" : 300, "type" : "string", "exampleValue" : "" }, "kerberosServerName" : { "title" : "Kerberos Server Name", "description" : "The hostname/IP address of the Kerberos (Active Directory) server.", "propertyOrder" : 400, "type" : "string", "exampleValue" : "" } }, "required" : [ "principalName", "kerberosServiceIsInitiator", "kerberosServerName", "returnPrincipalWithDomainName", "keytabFileName", "lookupUserInRealm", "trustedKerberosRealms", "kerberosRealm" ] }
delete
Usage
am> delete KerberosNode --realm Realm --id id
Parameters
- --id
-
The unique identifier for the resource.
getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
Usage
am> action KerberosNode --realm Realm --actionName getAllTypes
getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
Usage
am> action KerberosNode --realm Realm --actionName getCreatableTypes
listOutcomes
List the available outcomes for the node type.
Usage
am> action KerberosNode --realm Realm --body body --actionName listOutcomes
Parameters
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "title" : "Some configuration of the node. This does not need to be complete against the configuration schema." }
nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
Usage
am> action KerberosNode --realm Realm --actionName nextdescendents
query
Get the full list of instances of this collection. This query only supports _queryFilter=true
filter.
Usage
am> query KerberosNode --realm Realm --filter filter
Parameters
- --filter
-
A CREST formatted query filter, where "true" will query all.
read
Usage
am> read KerberosNode --realm Realm --id id
Parameters
- --id
-
The unique identifier for the resource.
update
Usage
am> update KerberosNode --realm Realm --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "keytabFileName" : { "title" : "Key Tab File Path", "description" : "The absolute pathname of the AD keytab file.", "propertyOrder" : 200, "type" : "string", "exampleValue" : "" }, "lookupUserInRealm" : { "title" : "Lookup User In Realm", "description" : "Validate that the user has a matched user profile configured in the data store.", "propertyOrder" : 700, "type" : "boolean", "exampleValue" : "" }, "kerberosServiceIsInitiator" : { "title" : "Is Initiator", "description" : "True, if initiator. False, if acceptor only. Default is True.", "propertyOrder" : 800, "type" : "boolean", "exampleValue" : "" }, "trustedKerberosRealms" : { "title" : "Trusted Kerberos realms", "description" : "List of Trusted Kerberos Realms for User Kerberos tickets.", "propertyOrder" : 500, "items" : { "type" : "string" }, "minItems" : 1, "type" : "array", "exampleValue" : "" }, "returnPrincipalWithDomainName" : { "title" : "Return Principal with Domain Name", "description" : "Returns the fully qualified name of the authenticated user rather than just the username.", "propertyOrder" : 600, "type" : "boolean", "exampleValue" : "" }, "principalName" : { "title" : "Service Principal", "description" : "The name of the Kerberos principal used during authentication. The format of the field is as follows:<br/><br/><code>HTTP/openam.forgerock.com@AD_DOMAIN.COM</code>", "propertyOrder" : 100, "type" : "string", "exampleValue" : "" }, "kerberosRealm" : { "title" : "Kerberos Realm", "description" : "The name of the Kerberos (Active Directory) realm used for authentication.", "propertyOrder" : 300, "type" : "string", "exampleValue" : "" }, "kerberosServerName" : { "title" : "Kerberos Server Name", "description" : "The hostname/IP address of the Kerberos (Active Directory) server.", "propertyOrder" : 400, "type" : "string", "exampleValue" : "" } }, "required" : [ "principalName", "kerberosServiceIsInitiator", "kerberosServerName", "returnPrincipalWithDomainName", "keytabFileName", "lookupUserInRealm", "trustedKerberosRealms", "kerberosRealm" ] }