AuthenticatorWebAuthn
Realm Operations
Resource path:
/realm-config/services/authenticatorWebAuthnService
Resource version: 1.0
create
Usage
am> create AuthenticatorWebAuthn --realm Realm --body body
Parameters
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "authenticatorWebAuthnDeviceSettingsEncryptionKeystore" : { "title" : "Encryption Key Store", "description" : "Path to the key store from which to load encryption keys.", "propertyOrder" : 300, "required" : true, "type" : "string", "exampleValue" : "" }, "authenticatorWebAuthnDeviceSettingsEncryptionKeystoreType" : { "title" : "Key Store Type", "description" : "Type of key store to load.<br><br><i>Note:</i> PKCS#11 key stores require hardware support such as a security device or smart card and is not available by default in most JVM installations.<p><p>See the <a href=\"https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html\" target=\"_blank\">JDK 8 PKCS#11 Reference Guide</a> for more details.", "propertyOrder" : 400, "required" : true, "type" : "string", "exampleValue" : "" }, "authenticatorWebAuthnDeviceSettingsEncryptionScheme" : { "title" : "Device Profile Encryption Scheme", "description" : "Encryption scheme to use to secure device profiles stored on the server.<br><br>If enabled, each device profile is encrypted using a unique random secret key using the given strength of AES encryption in CBC mode with PKCS#5 padding. An HMAC-SHA of the given strength (truncated to half-size) is used to ensure integrity protection and authenticated encryption. The unique random key is encrypted with the given RSA key pair and stored with the device profile.<p><p><i>Note:</i> AES-256 may require installation of the JCE Unlimited Strength policy files.", "propertyOrder" : 200, "required" : true, "type" : "string", "exampleValue" : "" }, "authenticatorWebAuthnDeviceSettingsEncryptionKeystoreKeyPairAlias" : { "title" : "Key-Pair Alias", "description" : "Alias of the certificate and private key in the key store. The private key is used to encrypt and decrypt device profiles.", "propertyOrder" : 600, "required" : true, "type" : "string", "exampleValue" : "" }, "authenticatorWebAuthnDeviceSettingsEncryptionKeystorePassword" : { "title" : "Key Store Password", "description" : "Password to unlock the key store. This password is encrypted when it is saved in the OpenAM configuration. You should modify the default value.", "propertyOrder" : 500, "required" : true, "type" : "string", "format" : "password", "exampleValue" : "" }, "webauthnAttrName" : { "title" : "Profile Storage Attribute", "description" : "The user's attribute in which to store WebAuthn profiles.<br><br>The default attribute is added to the schema when you prepare a user store for use with AM. If you want to use a different attribute, you must make sure to add it to your user store schema prior to deploying webauthn with AM. AM must be able to write to the attribute.", "propertyOrder" : 100, "required" : true, "type" : "string", "exampleValue" : "" }, "authenticatorWebAuthnDeviceSettingsEncryptionKeystorePrivateKeyPassword" : { "title" : "Private Key Password", "description" : "Password to unlock the private key.", "propertyOrder" : 700, "required" : true, "type" : "string", "format" : "password", "exampleValue" : "" } } }
getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
Usage
am> action AuthenticatorWebAuthn --realm Realm --actionName getAllTypes
getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
Usage
am> action AuthenticatorWebAuthn --realm Realm --actionName getCreatableTypes
nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
Usage
am> action AuthenticatorWebAuthn --realm Realm --actionName nextdescendents
update
Usage
am> update AuthenticatorWebAuthn --realm Realm --body body
Parameters
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "authenticatorWebAuthnDeviceSettingsEncryptionKeystore" : { "title" : "Encryption Key Store", "description" : "Path to the key store from which to load encryption keys.", "propertyOrder" : 300, "required" : true, "type" : "string", "exampleValue" : "" }, "authenticatorWebAuthnDeviceSettingsEncryptionKeystoreType" : { "title" : "Key Store Type", "description" : "Type of key store to load.<br><br><i>Note:</i> PKCS#11 key stores require hardware support such as a security device or smart card and is not available by default in most JVM installations.<p><p>See the <a href=\"https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html\" target=\"_blank\">JDK 8 PKCS#11 Reference Guide</a> for more details.", "propertyOrder" : 400, "required" : true, "type" : "string", "exampleValue" : "" }, "authenticatorWebAuthnDeviceSettingsEncryptionScheme" : { "title" : "Device Profile Encryption Scheme", "description" : "Encryption scheme to use to secure device profiles stored on the server.<br><br>If enabled, each device profile is encrypted using a unique random secret key using the given strength of AES encryption in CBC mode with PKCS#5 padding. An HMAC-SHA of the given strength (truncated to half-size) is used to ensure integrity protection and authenticated encryption. The unique random key is encrypted with the given RSA key pair and stored with the device profile.<p><p><i>Note:</i> AES-256 may require installation of the JCE Unlimited Strength policy files.", "propertyOrder" : 200, "required" : true, "type" : "string", "exampleValue" : "" }, "authenticatorWebAuthnDeviceSettingsEncryptionKeystoreKeyPairAlias" : { "title" : "Key-Pair Alias", "description" : "Alias of the certificate and private key in the key store. The private key is used to encrypt and decrypt device profiles.", "propertyOrder" : 600, "required" : true, "type" : "string", "exampleValue" : "" }, "authenticatorWebAuthnDeviceSettingsEncryptionKeystorePassword" : { "title" : "Key Store Password", "description" : "Password to unlock the key store. This password is encrypted when it is saved in the OpenAM configuration. You should modify the default value.", "propertyOrder" : 500, "required" : true, "type" : "string", "format" : "password", "exampleValue" : "" }, "webauthnAttrName" : { "title" : "Profile Storage Attribute", "description" : "The user's attribute in which to store WebAuthn profiles.<br><br>The default attribute is added to the schema when you prepare a user store for use with AM. If you want to use a different attribute, you must make sure to add it to your user store schema prior to deploying webauthn with AM. AM must be able to write to the attribute.", "propertyOrder" : 100, "required" : true, "type" : "string", "exampleValue" : "" }, "authenticatorWebAuthnDeviceSettingsEncryptionKeystorePrivateKeyPassword" : { "title" : "Private Key Password", "description" : "Password to unlock the private key.", "propertyOrder" : 700, "required" : true, "type" : "string", "format" : "password", "exampleValue" : "" } } }
Global Operations
Resource path:
/global-config/services/authenticatorWebAuthnService
Resource version: 1.0
getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
Usage
am> action AuthenticatorWebAuthn --global --actionName getAllTypes
getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
Usage
am> action AuthenticatorWebAuthn --global --actionName getCreatableTypes
nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
Usage
am> action AuthenticatorWebAuthn --global --actionName nextdescendents
update
Usage
am> update AuthenticatorWebAuthn --global --body body
Parameters
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "defaults" : { "properties" : { "webauthnAttrName" : { "title" : "Profile Storage Attribute", "description" : "The user's attribute in which to store WebAuthn profiles.<br><br>The default attribute is added to the schema when you prepare a user store for use with AM. If you want to use a different attribute, you must make sure to add it to your user store schema prior to deploying webauthn with AM. AM must be able to write to the attribute.", "propertyOrder" : 100, "required" : true, "type" : "string", "exampleValue" : "" }, "authenticatorWebAuthnDeviceSettingsEncryptionScheme" : { "title" : "Device Profile Encryption Scheme", "description" : "Encryption scheme to use to secure device profiles stored on the server.<br><br>If enabled, each device profile is encrypted using a unique random secret key using the given strength of AES encryption in CBC mode with PKCS#5 padding. An HMAC-SHA of the given strength (truncated to half-size) is used to ensure integrity protection and authenticated encryption. The unique random key is encrypted with the given RSA key pair and stored with the device profile.<p><p><i>Note:</i> AES-256 may require installation of the JCE Unlimited Strength policy files.", "propertyOrder" : 200, "required" : true, "type" : "string", "exampleValue" : "" }, "authenticatorWebAuthnDeviceSettingsEncryptionKeystoreKeyPairAlias" : { "title" : "Key-Pair Alias", "description" : "Alias of the certificate and private key in the key store. The private key is used to encrypt and decrypt device profiles.", "propertyOrder" : 600, "required" : true, "type" : "string", "exampleValue" : "" }, "authenticatorWebAuthnDeviceSettingsEncryptionKeystorePassword" : { "title" : "Key Store Password", "description" : "Password to unlock the key store. This password is encrypted when it is saved in the OpenAM configuration. You should modify the default value.", "propertyOrder" : 500, "required" : true, "type" : "string", "format" : "password", "exampleValue" : "" }, "authenticatorWebAuthnDeviceSettingsEncryptionKeystore" : { "title" : "Encryption Key Store", "description" : "Path to the key store from which to load encryption keys.", "propertyOrder" : 300, "required" : true, "type" : "string", "exampleValue" : "" }, "authenticatorWebAuthnDeviceSettingsEncryptionKeystoreType" : { "title" : "Key Store Type", "description" : "Type of key store to load.<br><br><i>Note:</i> PKCS#11 key stores require hardware support such as a security device or smart card and is not available by default in most JVM installations.<p><p>See the <a href=\"https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html\" target=\"_blank\">JDK 8 PKCS#11 Reference Guide</a> for more details.", "propertyOrder" : 400, "required" : true, "type" : "string", "exampleValue" : "" }, "authenticatorWebAuthnDeviceSettingsEncryptionKeystorePrivateKeyPassword" : { "title" : "Private Key Password", "description" : "Password to unlock the private key.", "propertyOrder" : 700, "required" : true, "type" : "string", "format" : "password", "exampleValue" : "" } }, "type" : "object", "title" : "Realm Defaults" } } }