Amster

KerberosNode

Realm Operations

Resource path:

/realm-config/authentication/authenticationtrees/nodes/product-KerberosNode

Resource version: 1.0

create

Usage

am> create KerberosNode --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "keytabFileName" : {
      "title" : "Key Tab File Path",
      "description" : "The absolute pathname of the AD keytab file.",
      "propertyOrder" : 200,
      "type" : "string",
      "exampleValue" : ""
    },
    "lookupUserInRealm" : {
      "title" : "Lookup User In Realm",
      "description" : "Validate that the user has a matched user profile configured in the data store.",
      "propertyOrder" : 700,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "kerberosServiceIsInitiator" : {
      "title" : "Is Initiator",
      "description" : "True, if initiator. False, if acceptor only. Default is True.",
      "propertyOrder" : 800,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "trustedKerberosRealms" : {
      "title" : "Trusted Kerberos realms",
      "description" : "List of Trusted Kerberos Realms for User Kerberos tickets.",
      "propertyOrder" : 500,
      "items" : {
        "type" : "string"
      },
      "minItems" : 1,
      "type" : "array",
      "exampleValue" : ""
    },
    "returnPrincipalWithDomainName" : {
      "title" : "Return Principal with Domain Name",
      "description" : "Returns the fully qualified name of the authenticated user rather than just the username.",
      "propertyOrder" : 600,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "principalName" : {
      "title" : "Service Principal",
      "description" : "The name of the Kerberos principal used during authentication. The format of the field is as follows:<br/><br/><code>HTTP/openam.forgerock.com@AD_DOMAIN.COM</code>",
      "propertyOrder" : 100,
      "type" : "string",
      "exampleValue" : ""
    },
    "kerberosRealm" : {
      "title" : "Kerberos Realm",
      "description" : "The name of the Kerberos (Active Directory) realm used for authentication.",
      "propertyOrder" : 300,
      "type" : "string",
      "exampleValue" : ""
    },
    "kerberosServerName" : {
      "title" : "Kerberos Server Name",
      "description" : "The hostname/IP address of the Kerberos (Active Directory) server.",
      "propertyOrder" : 400,
      "type" : "string",
      "exampleValue" : ""
    }
  },
  "required" : [ "principalName", "kerberosServiceIsInitiator", "kerberosServerName", "returnPrincipalWithDomainName", "keytabFileName", "lookupUserInRealm", "trustedKerberosRealms", "kerberosRealm" ]
}

delete

Usage

am> delete KerberosNode --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action KerberosNode --realm Realm --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action KerberosNode --realm Realm --actionName getCreatableTypes

listOutcomes

List the available outcomes for the node type.

Usage

am> action KerberosNode --realm Realm --body body --actionName listOutcomes

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "title" : "Some configuration of the node. This does not need to be complete against the configuration schema."
}

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action KerberosNode --realm Realm --actionName nextdescendents

query

Get the full list of instances of this collection. This query only supports _queryFilter=true filter.

Usage

am> query KerberosNode --realm Realm --filter filter

Parameters

--filter

A CREST formatted query filter, where "true" will query all.

read

Usage

am> read KerberosNode --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

update

Usage

am> update KerberosNode --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "keytabFileName" : {
      "title" : "Key Tab File Path",
      "description" : "The absolute pathname of the AD keytab file.",
      "propertyOrder" : 200,
      "type" : "string",
      "exampleValue" : ""
    },
    "lookupUserInRealm" : {
      "title" : "Lookup User In Realm",
      "description" : "Validate that the user has a matched user profile configured in the data store.",
      "propertyOrder" : 700,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "kerberosServiceIsInitiator" : {
      "title" : "Is Initiator",
      "description" : "True, if initiator. False, if acceptor only. Default is True.",
      "propertyOrder" : 800,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "trustedKerberosRealms" : {
      "title" : "Trusted Kerberos realms",
      "description" : "List of Trusted Kerberos Realms for User Kerberos tickets.",
      "propertyOrder" : 500,
      "items" : {
        "type" : "string"
      },
      "minItems" : 1,
      "type" : "array",
      "exampleValue" : ""
    },
    "returnPrincipalWithDomainName" : {
      "title" : "Return Principal with Domain Name",
      "description" : "Returns the fully qualified name of the authenticated user rather than just the username.",
      "propertyOrder" : 600,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "principalName" : {
      "title" : "Service Principal",
      "description" : "The name of the Kerberos principal used during authentication. The format of the field is as follows:<br/><br/><code>HTTP/openam.forgerock.com@AD_DOMAIN.COM</code>",
      "propertyOrder" : 100,
      "type" : "string",
      "exampleValue" : ""
    },
    "kerberosRealm" : {
      "title" : "Kerberos Realm",
      "description" : "The name of the Kerberos (Active Directory) realm used for authentication.",
      "propertyOrder" : 300,
      "type" : "string",
      "exampleValue" : ""
    },
    "kerberosServerName" : {
      "title" : "Kerberos Server Name",
      "description" : "The hostname/IP address of the Kerberos (Active Directory) server.",
      "propertyOrder" : 400,
      "type" : "string",
      "exampleValue" : ""
    }
  },
  "required" : [ "principalName", "kerberosServiceIsInitiator", "kerberosServerName", "returnPrincipalWithDomainName", "keytabFileName", "lookupUserInRealm", "trustedKerberosRealms", "kerberosRealm" ]
}
Copyright © 2010-2024 ForgeRock, all rights reserved.