CommonFederationConfiguration
Global Operations
Resource path:
/global-config/services/federation/common
Resource version: 1.0
getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
Usage
am> action CommonFederationConfiguration --global --actionName getAllTypes
getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
Usage
am> action CommonFederationConfiguration --global --actionName getCreatableTypes
nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
Usage
am> action CommonFederationConfiguration --global --actionName nextdescendents
update
Usage
am> update CommonFederationConfiguration --global --body body
Parameters
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "implementationClasses" : { "type" : "object", "title" : "Implementation Classes", "propertyOrder" : 1, "properties" : { "rootUrlProviderClass" : { "title" : "Root URL provider SPI implementation class", "description" : "The Federation system uses this class to get the root URL of the AM deployment.<br><br>The default implementation uses the Root URL APIs to access the OpenAM instance root url. A custom implementation must implement the <code>org.forgerock.openam.federation.plugin.rooturl.RootUrlProvider</code> interface.", "propertyOrder" : 105, "required" : true, "type" : "string", "exampleValue" : "" }, "keyProviderClass" : { "title" : "KeyProvider SPI implementation class", "description" : "The Federation system uses this class to provide access to the underlying Java keystore.<br><br>The default implementation uses the Java Cryptographic Engine to provide access to the Java keystore. A custom implementation must implement the <code>com.sun.identity.saml.xmlsig.KeyProvider</code> interface.", "propertyOrder" : 800, "required" : true, "type" : "string", "exampleValue" : "" }, "signatureProviderClass" : { "title" : "SignatureProvider SPI implementation class", "description" : "The Federation system uses this class to digitally sign SAML documents.<br><br>The default implementation uses the XERCES APIs to sign the documents. A custom implementation must implement the <code>com.sun.identity.saml.xmlsig.SignatureProvider</code> interface.", "propertyOrder" : 700, "required" : true, "type" : "string", "exampleValue" : "" }, "loggerClass" : { "title" : "Logger SPI implementation class", "description" : "The Federation system uses this class to record log entries.<br><br>The default implementation uses the Logging APIs to record log entries. A custom implementation must implement the <code>com.sun.identity.plugin.log.Logger</code> interface.", "propertyOrder" : 300, "required" : true, "type" : "string", "exampleValue" : "" }, "datastoreClass" : { "title" : "Datastore SPI implementation class", "description" : "The Federation system uses this class to get/set user profile attributes.<br><br>The default implementation uses the Identity repository APIs to access user profile attributes. A custom implementation must implement the <code>com.sun.identity.plugin.datastore.DataStoreProvider</code> interface.", "propertyOrder" : 100, "required" : true, "type" : "string", "exampleValue" : "" }, "passwordDecoderClass" : { "title" : "PasswordDecoder SPI implementation class", "description" : "The Federation system uses this class to decode password encoded by OpenAM.<br><br>The default implementation uses the internal OpenAM decryption API to decode passwords. A custom implementation must implement the <code>com.sun.identity.saml.xmlsig.PasswordDecoder</code> interface.", "propertyOrder" : 600, "required" : true, "type" : "string", "exampleValue" : "" }, "configurationClass" : { "title" : "ConfigurationInstance SPI implementation class", "description" : "The Federation system uses this class to fetch service configuration.<br><br>The default implementation uses the SMS APIs to access service configuration. A custom implementation must implement the <code>com.sun.identity.plugin.configuration.ConfigurationInstance</code> interface.", "propertyOrder" : 200, "required" : true, "type" : "string", "exampleValue" : "" }, "sessionProviderClass" : { "title" : "SessionProvider SPI implementation class", "description" : "The Federation system uses this class to interface with the session service.<br><br>The default implementation uses the standard authentication and SSO APIs to access the session service. A custom implementation must implement the <code>com.sun.identity.plugin.session.SessionProvider</code> interface.", "propertyOrder" : 400, "required" : true, "type" : "string", "exampleValue" : "" } } }, "algorithms" : { "type" : "object", "title" : "Algorithms", "propertyOrder" : 2, "properties" : { "canonicalizationAlgorithm" : { "title" : "XML canonicalization algorithm", "description" : "The algorithm used to canonicalize XML documents.", "propertyOrder" : 1000, "required" : true, "type" : "string", "exampleValue" : "" }, "QuerySignatureAlgorithmDSA" : { "title" : "Query String signature algorithm (DSA)", "description" : "The default signature algorithm to use in case of DSA keys.", "propertyOrder" : 1400, "required" : true, "type" : "string", "exampleValue" : "" }, "signatureAlgorithm" : { "title" : "XML signature algorithm", "description" : "The algorithm used to sign XML documents.", "propertyOrder" : 1100, "required" : true, "type" : "string", "exampleValue" : "" }, "maskGenerationFunction" : { "title" : "Mask Generation Function Algorithm", "description" : "Which MGF algorithm to use when encrypting the symmetric encryption key using RSA OAEP algorithm.", "propertyOrder" : 1650, "required" : true, "type" : "string", "exampleValue" : "" }, "aesKeyWrapAlgorithm" : { "title" : "AES Key Wrap Algorithm", "description" : "Which AES key wrap algorithm to use when the remote entity provider does not specify which key wrap algorithm it supports.", "propertyOrder" : 1700, "required" : true, "type" : "string", "exampleValue" : "" }, "transformationAlgorithm" : { "title" : "XML transformation algorithm", "description" : "The algorithm used to transform XML documents.", "propertyOrder" : 1600, "required" : true, "type" : "string", "exampleValue" : "" }, "QuerySignatureAlgorithmRSA" : { "title" : "Query String signature algorithm (RSA)", "description" : "The default signature algorithm to use in case of RSA keys.", "propertyOrder" : 1300, "required" : true, "type" : "string", "exampleValue" : "" }, "QuerySignatureAlgorithmEC" : { "title" : "Query String signature algorithm (EC)", "description" : "The default signature algorithm to use in case of EC keys.", "propertyOrder" : 1500, "required" : true, "type" : "string", "exampleValue" : "" }, "DigestAlgorithm" : { "title" : "XML digest algorithm", "description" : "The default digest algorithm to use in signing XML.", "propertyOrder" : 1200, "required" : true, "type" : "string", "exampleValue" : "" }, "rsaKeyTransportAlgorithm" : { "title" : "RSA Key Transport Algorithm", "description" : "", "propertyOrder" : 1750, "required" : true, "type" : "string", "exampleValue" : "" } } }, "montoring" : { "type" : "object", "title" : "Monitoring", "propertyOrder" : 3, "properties" : { "monitoringAgentClass" : { "title" : "Monitoring Agent Provider Class", "description" : "The Federation system uses this class to gain access to the monitoring system.<br><br>The default implementation uses the built-in OpenAM monitoring system. A custom implementation must implement the <code>com.sun.identity.plugin.monitoring.FedMonAgent</code> interface.", "propertyOrder" : 1900, "required" : true, "type" : "string", "exampleValue" : "" }, "monitoringSaml2Class" : { "title" : "Monitoring Provider Class for SAML2", "description" : "The SAML2 engine uses this class to gain access to the monitoring system.<br><br>The default implementation uses the built-in OpenAM monitoring system. A custom implementation must implement the <code>com.sun.identity.plugin.monitoring.FedMonSAML2Svc</code> interface.", "propertyOrder" : 2100, "required" : true, "type" : "string", "exampleValue" : "" } } }, "generalConfig" : { "type" : "object", "title" : "General Configuration", "propertyOrder" : 0, "properties" : { "samlErrorPageUrl" : { "title" : "SAML Error Page URL", "description" : "OpenAM redirects users here when an error occurs in the SAML2 engine.<br><br>Both relative and absolute URLs are supported. Users are redirected to an absolute URL using the configured HTTP Binding whereas relative URLs are displayed within the request.", "propertyOrder" : 1700, "required" : true, "type" : "string", "exampleValue" : "" }, "maxContentLength" : { "title" : "Maximum allowed content length", "description" : "The maximum content length allowed in federation communications, in bytes.", "propertyOrder" : 500, "required" : true, "type" : "integer", "exampleValue" : "" }, "samlErrorPageHttpBinding" : { "title" : "SAML Error Page HTTP Binding", "description" : "The possible values are HTTP-Redirect or HTTP-POST.", "propertyOrder" : 1800, "required" : true, "type" : "string", "exampleValue" : "" }, "certificateChecking" : { "title" : "Check presence of certificates", "description" : "Enable checking of certificates against local copy<br><br>Whether to verify that the partner's signing certificate included in the Federation XML document is the same as the one stored in the said partner's meta data.", "propertyOrder" : 900, "required" : true, "type" : "string", "exampleValue" : "" } } } } }