Amster

RemoteSaml2EntityProvider

Realm Operations

Allows the management of remote SAML2 entity providers.

Resource path:

/realm-config/saml2/remote

Resource version: 1.0

delete

Removes the SAML2 entity provider from the configuration including all of its associated roles.

Usage

am> delete RemoteSaml2EntityProvider --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

importEntity

Import the standard metadata of a remote entity provider.

Usage

am> action RemoteSaml2EntityProvider --realm Realm --body body --actionName importEntity

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "$schema" : "http://json-schema.org/draft-04/schema#",
  "description" : "The JSON schema for importEntity action requests.",
  "type" : "object",
  "title" : "Import remote entity provider request",
  "properties" : {
    "standardMetadata" : {
      "type" : "string",
      "title" : "Standard Metadata",
      "description" : "The standard SAML metadata for the remote entity provider. The value should be Base64url encoded."
    }
  },
  "required" : [ "standardMetadata" ]
}

read

Returns the roles of the SAML2 entity provider.

Usage

am> read RemoteSaml2EntityProvider --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

update

Updates details of the SAML2 entity provider role.

Usage

am> update RemoteSaml2EntityProvider --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "$schema" : "http://json-schema.org/draft-07/schema#",
  "ignoredProperties" : [ "_id", "_rev" ],
  "description" : "This schema describes a remote SAML2 entity provider.",
  "title" : "SAML2 Remote Entity Provider",
  "type" : "object",
  "properties" : {
    "entityId" : {
      "type" : "string"
    },
    "identityProvider" : {
      "title" : "Remote Identity Provider",
      "description" : "This schema describes a SAML2 remote identity provider.",
      "type" : "object",
      "traverseObject" : true,
      "properties" : {
        "assertionContent" : {
          "propertyOrder" : 0,
          "traverseObject" : true,
          "title" : "Assertion Content",
          "type" : "object",
          "properties" : {
            "signingAndEncryption" : {
              "traverseObject" : true,
              "title" : "Signing And Encryption",
              "type" : "object",
              "properties" : {
                "requestResponseSigning" : {
                  "traverseObject" : true,
                  "title" : "Request/Response Signing",
                  "description" : "Select the checkbox for each request/response that should be signed",
                  "type" : "object",
                  "properties" : {
                    "authenticationRequest" : {
                      "attributePath" : {
                        "value" : "/wantAuthnRequestsSigned"
                      },
                      "title" : "Authentication Request",
                      "type" : "boolean"
                    },
                    "artifactResolve" : {
                      "attributeKey" : "wantArtifactResolveSigned",
                      "title" : "Artifact Resolve",
                      "type" : "boolean"
                    },
                    "logoutRequest" : {
                      "attributeKey" : "wantLogoutRequestSigned",
                      "title" : "Logout Request",
                      "type" : "boolean"
                    },
                    "logoutResponse" : {
                      "attributeKey" : "wantLogoutResponseSigned",
                      "title" : "Logout Response",
                      "type" : "boolean"
                    },
                    "manageNameIdRequest" : {
                      "attributeKey" : "wantMNIRequestSigned",
                      "title" : "Manage NameID Request",
                      "type" : "boolean"
                    },
                    "manageNameIdResponse" : {
                      "attributeKey" : "wantMNIResponseSigned",
                      "title" : "Manage NameID Response",
                      "type" : "boolean"
                    }
                  },
                  "required" : [ "authenticationRequest", "artifactResolve", "logoutRequest", "logoutResponse", "manageNameIdRequest", "manageNameIdResponse" ]
                },
                "encryption" : {
                  "traverseObject" : true,
                  "title" : "Encryption",
                  "type" : "object",
                  "properties" : {
                    "nameIdEncryption" : {
                      "attributeKey" : "wantNameIDEncrypted",
                      "title" : "NameID Encryption",
                      "type" : "boolean"
                    }
                  },
                  "required" : [ "nameIdEncryption" ]
                },
                "secretIdAndAlgorithms" : {
                  "traverseObject" : true,
                  "title" : "Algorithms",
                  "type" : "object",
                  "properties" : {
                    "signingAlgorithm" : {
                      "title" : "Signing Algorithm",
                      "type" : "array",
                      "attributePath" : {
                        "value" : "extensions",
                        "mapper" : "org.forgerock.openam.federation.rest.schema.mappers.SigningAlgorithmMapper"
                      },
                      "items" : {
                        "type" : "string",
                        "enum" : [ "http://www.w3.org/2000/09/xmldsig#rsa-sha1", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512", "http://www.w3.org/2009/xmldsig11#dsa-sha256" ],
                        "enumNames" : [ "http://www.w3.org/2000/09/xmldsig#rsa-sha1", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512", "http://www.w3.org/2009/xmldsig11#dsa-sha256" ]
                      }
                    },
                    "digestAlgorithm" : {
                      "title" : "Digest Algorithm",
                      "type" : "array",
                      "attributePath" : {
                        "value" : "extensions",
                        "mapper" : "org.forgerock.openam.federation.rest.schema.mappers.DigestAlgorithmMapper"
                      },
                      "items" : {
                        "type" : "string",
                        "enum" : [ "http://www.w3.org/2000/09/xmldsig#sha1", "http://www.w3.org/2001/04/xmldsig-more#sha384", "http://www.w3.org/2001/04/xmlenc#sha256", "http://www.w3.org/2001/04/xmlenc#sha512", "http://www.w3.org/2007/05/xmldsig-more#sha3-256", "http://www.w3.org/2007/05/xmldsig-more#sha3-384", "http://www.w3.org/2007/05/xmldsig-more#sha3-512" ],
                        "enumNames" : [ "http://www.w3.org/2000/09/xmldsig#sha1", "http://www.w3.org/2001/04/xmldsig-more#sha384", "http://www.w3.org/2001/04/xmlenc#sha256", "http://www.w3.org/2001/04/xmlenc#sha512", "http://www.w3.org/2007/05/xmldsig-more#sha3-256", "http://www.w3.org/2007/05/xmldsig-more#sha3-384", "http://www.w3.org/2007/05/xmldsig-more#sha3-512" ]
                      }
                    },
                    "encryptionAlgorithm" : {
                      "title" : "Encryption Algorithm",
                      "type" : "array",
                      "attributeKey" : {
                        "value" : "encryptionAlgorithms",
                        "mapper" : "org.forgerock.openam.federation.rest.schema.mappers.EncryptionAlgorithmMapper"
                      },
                      "items" : {
                        "type" : "string",
                        "enum" : [ "http://www.w3.org/2009/xmlenc11#aes128-gcm", "http://www.w3.org/2009/xmlenc11#aes192-gcm", "http://www.w3.org/2009/xmlenc11#aes256-gcm", "http://www.w3.org/2001/04/xmlenc#aes128-cbc", "http://www.w3.org/2001/04/xmlenc#aes192-cbc", "http://www.w3.org/2001/04/xmlenc#aes256-cbc", "http://www.w3.org/2001/04/xmlenc#rsa-1_5", "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", "http://www.w3.org/2009/xmlenc11#rsa-oaep" ],
                        "enumNames" : [ "http://www.w3.org/2009/xmlenc11#aes128-gcm", "http://www.w3.org/2009/xmlenc11#aes192-gcm", "http://www.w3.org/2009/xmlenc11#aes256-gcm", "http://www.w3.org/2001/04/xmlenc#aes128-cbc", "http://www.w3.org/2001/04/xmlenc#aes192-cbc", "http://www.w3.org/2001/04/xmlenc#aes256-cbc", "http://www.w3.org/2001/04/xmlenc#rsa-1_5", "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", "http://www.w3.org/2009/xmlenc11#rsa-oaep" ]
                      }
                    }
                  }
                }
              }
            },
            "nameIdFormat" : {
              "traverseObject" : true,
              "title" : "NameID Format",
              "type" : "object",
              "properties" : {
                "nameIdFormatList" : {
                  "description" : "List of NameID formats the requestor will use to contact. Order listed shows the order of preference",
                  "title" : "NameID Format List",
                  "attributePath" : {
                    "value" : "/nameIDFormat"
                  },
                  "type" : "array",
                  "items" : {
                    "type" : "string"
                  },
                  "default" : [ "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName" ]
                }
              }
            },
            "basicAuthentication" : {
              "traverseObject" : true,
              "description" : "Configure basic authentication setting for Soap based binding",
              "title" : "Basic Authentication",
              "type" : "object",
              "properties" : {
                "enabled" : {
                  "attributeKey" : "basicAuthOn",
                  "title" : "Enabled",
                  "type" : "boolean",
                  "default" : false
                },
                "userName" : {
                  "attributeKey" : "basicAuthUser",
                  "title" : "User Name",
                  "type" : "string"
                },
                "password" : {
                  "title" : "Password",
                  "attributeKey" : {
                    "value" : "basicAuthPassword",
                    "mapper" : "org.forgerock.openam.federation.rest.schema.mappers.PasswordMapper"
                  },
                  "type" : "string",
                  "format" : "password"
                }
              }
            }
          }
        },
        "services" : {
          "propertyOrder" : 1,
          "traverseObject" : true,
          "title" : "Services",
          "type" : "object",
          "properties" : {
            "serviceAttributes" : {
              "type" : "object",
              "title" : "IDP Service Attributes",
              "traverseObject" : true,
              "properties" : {
                "artifactResolutionService" : {
                  "title" : "Artifact Resolution Service",
                  "type" : "array",
                  "attributePath" : {
                    "value" : "artifactResolutionService",
                    "mapper" : "org.forgerock.openam.federation.rest.schema.mappers.IndexedEndpointMapper"
                  },
                  "items" : {
                    "type" : "object",
                    "properties" : {
                      "binding" : {
                        "title" : "Binding",
                        "anyOf" : [ {
                          "title" : "Predefined Binding",
                          "type" : "string",
                          "enum" : [ "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", "urn:oasis:names:tc:SAML:2.0:bindings:PAOS" ],
                          "enumNames" : [ "HTTP-REDIRECT", "HTTP-POST", "SOAP", "PAOS" ]
                        }, {
                          "title" : "Custom Binding",
                          "type" : "string"
                        } ]
                      },
                      "location" : {
                        "title" : "Location",
                        "type" : "string"
                      },
                      "responseLocation" : {
                        "title" : "Response Location",
                        "type" : "string"
                      }
                    },
                    "required" : [ "location" ]
                  }
                },
                "singleLogoutService" : {
                  "title" : "Single Logout Service",
                  "type" : "array",
                  "attributePath" : {
                    "value" : "singleLogoutService",
                    "mapper" : "org.forgerock.openam.federation.rest.schema.mappers.EndpointMapper"
                  },
                  "items" : {
                    "type" : "object",
                    "properties" : {
                      "binding" : {
                        "title" : "Binding",
                        "anyOf" : [ {
                          "title" : "Predefined Binding",
                          "type" : "string",
                          "enum" : [ "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", "urn:oasis:names:tc:SAML:2.0:bindings:PAOS" ],
                          "enumNames" : [ "HTTP-REDIRECT", "HTTP-POST", "SOAP", "PAOS" ]
                        }, {
                          "title" : "Custom Binding",
                          "type" : "string"
                        } ]
                      },
                      "location" : {
                        "title" : "Location",
                        "type" : "string"
                      },
                      "responseLocation" : {
                        "title" : "Response Location",
                        "type" : "string"
                      }
                    },
                    "required" : [ "location" ]
                  }
                },
                "nameIdService" : {
                  "title" : "Manage NameID Service",
                  "type" : "array",
                  "attributePath" : {
                    "value" : "manageNameIDService",
                    "mapper" : "org.forgerock.openam.federation.rest.schema.mappers.EndpointMapper"
                  },
                  "items" : {
                    "type" : "object",
                    "properties" : {
                      "binding" : {
                        "title" : "Binding",
                        "anyOf" : [ {
                          "title" : "Predefined Binding",
                          "type" : "string",
                          "enum" : [ "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", "urn:oasis:names:tc:SAML:2.0:bindings:PAOS" ],
                          "enumNames" : [ "HTTP-REDIRECT", "HTTP-POST", "SOAP", "PAOS" ]
                        }, {
                          "title" : "Custom Binding",
                          "type" : "string"
                        } ]
                      },
                      "location" : {
                        "title" : "Location",
                        "type" : "string"
                      },
                      "responseLocation" : {
                        "title" : "Response Location",
                        "type" : "string"
                      }
                    },
                    "required" : [ "location" ]
                  }
                },
                "singleSignOnService" : {
                  "title" : "Single SignOn Service",
                  "type" : "array",
                  "attributePath" : {
                    "value" : "singleSignOnService",
                    "mapper" : "org.forgerock.openam.federation.rest.schema.mappers.EndpointMapper"
                  },
                  "items" : {
                    "type" : "object",
                    "properties" : {
                      "binding" : {
                        "title" : "Binding",
                        "anyOf" : [ {
                          "title" : "Predefined Binding",
                          "type" : "string",
                          "enum" : [ "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", "urn:oasis:names:tc:SAML:2.0:bindings:PAOS" ],
                          "enumNames" : [ "HTTP-REDIRECT", "HTTP-POST", "SOAP", "PAOS" ]
                        }, {
                          "title" : "Custom Binding",
                          "type" : "string"
                        } ]
                      },
                      "location" : {
                        "title" : "Location",
                        "type" : "string"
                      },
                      "responseLocation" : {
                        "title" : "Response Location",
                        "type" : "string"
                      }
                    },
                    "required" : [ "location" ]
                  }
                }
              }
            },
            "nameIdMapping" : {
              "title" : "NameID Mapping",
              "type" : "array",
              "attributePath" : {
                "value" : "nameIDMappingService",
                "mapper" : "org.forgerock.openam.federation.rest.schema.mappers.EndpointMapper"
              },
              "items" : {
                "type" : "object",
                "properties" : {
                  "binding" : {
                    "title" : "Binding",
                    "anyOf" : [ {
                      "title" : "Predefined Binding",
                      "type" : "string",
                      "enum" : [ "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", "urn:oasis:names:tc:SAML:2.0:bindings:PAOS" ],
                      "enumNames" : [ "HTTP-REDIRECT", "HTTP-POST", "SOAP", "PAOS" ]
                    }, {
                      "title" : "Custom Binding",
                      "type" : "string"
                    } ]
                  },
                  "location" : {
                    "title" : "Location",
                    "type" : "string"
                  },
                  "responseLocation" : {
                    "title" : "Response Location",
                    "type" : "string"
                  }
                },
                "required" : [ "location" ]
              }
            }
          }
        }
      }
    },
    "serviceProvider" : {
      "title" : "Remote Service Provider",
      "description" : "This schema describes a SAML2 remote service provider.",
      "type" : "object",
      "traverseObject" : true,
      "properties" : {
        "assertionContent" : {
          "propertyOrder" : 0,
          "traverseObject" : true,
          "title" : "Assertion Content",
          "type" : "object",
          "properties" : {
            "signingAndEncryption" : {
              "traverseObject" : true,
              "title" : "Signing And Encryption",
              "type" : "object",
              "properties" : {
                "requestResponseSigning" : {
                  "traverseObject" : true,
                  "description" : "Select the checkbox for each request/response that should be signed",
                  "title" : "Request/Response Signing",
                  "type" : "object",
                  "properties" : {
                    "authenticationRequest" : {
                      "attributePath" : {
                        "value" : "/authnRequestsSigned"
                      },
                      "title" : "Authentication Requests Signed",
                      "type" : "boolean"
                    },
                    "assertion" : {
                      "attributePath" : "/wantAssertionsSigned",
                      "title" : "Assertions Signed",
                      "type" : "boolean"
                    },
                    "postResponse" : {
                      "attributeKey" : "wantPOSTResponseSigned",
                      "title" : "POST Response Signed",
                      "type" : "boolean"
                    },
                    "artifactResponse" : {
                      "attributeKey" : "wantArtifactResponseSigned",
                      "title" : "Artifact Response Signed",
                      "type" : "boolean"
                    },
                    "logoutRequest" : {
                      "attributeKey" : "wantLogoutRequestSigned",
                      "title" : "Logout Request Signed",
                      "type" : "boolean"
                    },
                    "logoutResponse" : {
                      "attributeKey" : "wantLogoutResponseSigned",
                      "title" : "Logout Response Signed",
                      "type" : "boolean"
                    },
                    "manageNameIdRequest" : {
                      "attributeKey" : "wantMNIRequestSigned",
                      "title" : "Manage NameID Request Signed",
                      "type" : "boolean"
                    },
                    "manageNameIdResponse" : {
                      "attributeKey" : "wantMNIResponseSigned",
                      "title" : "Manage NameID Response Signed",
                      "type" : "boolean"
                    }
                  }
                },
                "encryption" : {
                  "traverseObject" : true,
                  "title" : "Encryption",
                  "type" : "object",
                  "properties" : {
                    "attributeEncryption" : {
                      "attributeKey" : "wantAttributeEncrypted",
                      "title" : "Attribute Encryption",
                      "type" : "boolean"
                    },
                    "assertionEncryption" : {
                      "attributeKey" : "wantAssertionEncrypted",
                      "title" : "Assertion Encryption",
                      "type" : "boolean"
                    },
                    "nameIdEncryption" : {
                      "attributeKey" : "wantNameIDEncrypted",
                      "title" : "NameID Encryption",
                      "type" : "boolean"
                    }
                  }
                },
                "secretIdAndAlgorithms" : {
                  "traverseObject" : true,
                  "title" : "Algorithms",
                  "type" : "object",
                  "properties" : {
                    "signingAlgorithm" : {
                      "title" : "Signing Algorithm",
                      "type" : "array",
                      "attributePath" : {
                        "value" : "extensions",
                        "mapper" : "org.forgerock.openam.federation.rest.schema.mappers.SigningAlgorithmMapper"
                      },
                      "items" : {
                        "type" : "string",
                        "enum" : [ "http://www.w3.org/2000/09/xmldsig#rsa-sha1", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512", "http://www.w3.org/2009/xmldsig11#dsa-sha256" ],
                        "enumNames" : [ "http://www.w3.org/2000/09/xmldsig#rsa-sha1", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512", "http://www.w3.org/2009/xmldsig11#dsa-sha256" ]
                      }
                    },
                    "digestAlgorithm" : {
                      "title" : "Digest Algorithm",
                      "type" : "array",
                      "attributePath" : {
                        "value" : "extensions",
                        "mapper" : "org.forgerock.openam.federation.rest.schema.mappers.DigestAlgorithmMapper"
                      },
                      "items" : {
                        "type" : "string",
                        "enum" : [ "http://www.w3.org/2000/09/xmldsig#sha1", "http://www.w3.org/2001/04/xmldsig-more#sha384", "http://www.w3.org/2001/04/xmlenc#sha256", "http://www.w3.org/2001/04/xmlenc#sha512", "http://www.w3.org/2007/05/xmldsig-more#sha3-256", "http://www.w3.org/2007/05/xmldsig-more#sha3-384", "http://www.w3.org/2007/05/xmldsig-more#sha3-512" ],
                        "enumNames" : [ "http://www.w3.org/2000/09/xmldsig#sha1", "http://www.w3.org/2001/04/xmldsig-more#sha384", "http://www.w3.org/2001/04/xmlenc#sha256", "http://www.w3.org/2001/04/xmlenc#sha512", "http://www.w3.org/2007/05/xmldsig-more#sha3-256", "http://www.w3.org/2007/05/xmldsig-more#sha3-384", "http://www.w3.org/2007/05/xmldsig-more#sha3-512" ]
                      }
                    },
                    "encryptionAlgorithm" : {
                      "title" : "Encryption Algorithm",
                      "type" : "array",
                      "attributeKey" : {
                        "value" : "encryptionAlgorithms",
                        "mapper" : "org.forgerock.openam.federation.rest.schema.mappers.EncryptionAlgorithmMapper"
                      },
                      "items" : {
                        "type" : "string",
                        "enum" : [ "http://www.w3.org/2009/xmlenc11#aes128-gcm", "http://www.w3.org/2009/xmlenc11#aes192-gcm", "http://www.w3.org/2009/xmlenc11#aes256-gcm", "http://www.w3.org/2001/04/xmlenc#aes128-cbc", "http://www.w3.org/2001/04/xmlenc#aes192-cbc", "http://www.w3.org/2001/04/xmlenc#aes256-cbc", "http://www.w3.org/2001/04/xmlenc#rsa-1_5", "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", "http://www.w3.org/2009/xmlenc11#rsa-oaep" ],
                        "enumNames" : [ "http://www.w3.org/2009/xmlenc11#aes128-gcm", "http://www.w3.org/2009/xmlenc11#aes192-gcm", "http://www.w3.org/2009/xmlenc11#aes256-gcm", "http://www.w3.org/2001/04/xmlenc#aes128-cbc", "http://www.w3.org/2001/04/xmlenc#aes192-cbc", "http://www.w3.org/2001/04/xmlenc#aes256-cbc", "http://www.w3.org/2001/04/xmlenc#rsa-1_5", "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", "http://www.w3.org/2009/xmlenc11#rsa-oaep" ]
                      }
                    }
                  }
                }
              }
            },
            "nameIdFormat" : {
              "traverseObject" : true,
              "title" : "NameID Format",
              "type" : "object",
              "properties" : {
                "nameIdFormatList" : {
                  "description" : "List of NameID formats the requestor will use to contact. Order listed shows the order of preference",
                  "title" : "NameID Format List",
                  "attributePath" : {
                    "value" : "/nameIDFormat"
                  },
                  "type" : "array",
                  "items" : {
                    "type" : "string"
                  },
                  "default" : [ "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName" ]
                },
                "disableNameIdPersistence" : {
                  "attributeKey" : "spDoNotWriteFederationInfo",
                  "title" : "Disable NameID persistence",
                  "description" : "Instructs the hosted IdP to not persist the NameID into the User Data Store even if the NameID Format is urn:oasis:names:tc:SAML:2.0:nameid-format:persistent in the Assertion.",
                  "type" : "boolean"
                }
              }
            },
            "basicAuthentication" : {
              "traverseObject" : true,
              "description" : "Configure basic authentication setting for Soap based binding",
              "title" : "Basic Authentication",
              "type" : "object",
              "properties" : {
                "enabled" : {
                  "attributeKey" : "basicAuthOn",
                  "title" : "Enabled",
                  "type" : "boolean",
                  "default" : false
                },
                "userName" : {
                  "attributeKey" : "basicAuthUser",
                  "title" : "User Name",
                  "type" : "string"
                },
                "password" : {
                  "title" : "Password",
                  "attributeKey" : {
                    "value" : "basicAuthPassword",
                    "mapper" : "org.forgerock.openam.federation.rest.schema.mappers.PasswordMapper"
                  },
                  "type" : "string",
                  "format" : "password"
                }
              }
            }
          }
        },
        "assertionProcessing" : {
          "propertyOrder" : 1,
          "traverseObject" : true,
          "title" : "Assertion Processing",
          "type" : "object",
          "properties" : {
            "attributeMapper" : {
              "traverseObject" : true,
              "title" : "Attribute Mapper",
              "type" : "object",
              "properties" : {
                "attributeMap" : {
                  "title" : "Attribute Map",
                  "description" : "This mapping is the configuration used by the Attribue Mapper. Mapping should be defined as SAML ATTRIBUTE NAME=PROFILE ATTRIBUTE NAME in assertion. Example: EmailAddress=mail, Address=postaladdress.",
                  "type" : "array",
                  "attributeKey" : {
                    "value" : "attributeMap",
                    "mapper" : "org.forgerock.openam.federation.rest.schema.mappers.AttributeMapMapper"
                  },
                  "items" : {
                    "type" : "object",
                    "properties" : {
                      "nameFormatUri" : {
                        "title" : "Name Format Uri",
                        "propertyOrder" : 0,
                        "type" : "string"
                      },
                      "samlAttribute" : {
                        "title" : "SAML Attribute",
                        "propertyOrder" : 1,
                        "type" : "string"
                      },
                      "localAttribute" : {
                        "title" : "Local Attribute",
                        "propertyOrder" : 2,
                        "type" : "string"
                      },
                      "binary" : {
                        "title" : "Binary",
                        "propertyOrder" : 3,
                        "type" : "boolean"
                      }
                    },
                    "required" : [ "samlAttribute", "localAttribute" ]
                  }
                }
              }
            },
            "responseArtifactMessageEncoding" : {
              "traverseObject" : true,
              "title" : "Artifact Message Encoding",
              "type" : "object",
              "properties" : {
                "encoding" : {
                  "attributeKey" : {
                    "value" : "responseArtifactMessageEncoding",
                    "mapper" : "org.forgerock.openam.federation.rest.schema.mappers.MessageEncodingMapper"
                  },
                  "title" : "Artifact Message Encoding",
                  "type" : "string",
                  "enum" : [ "URI", "FORM" ],
                  "default" : "URI"
                }
              }
            }
          }
        },
        "services" : {
          "propertyOrder" : 2,
          "traverseObject" : true,
          "title" : "Services",
          "type" : "object",
          "properties" : {
            "serviceAttributes" : {
              "traverseObject" : true,
              "title" : "SP Service Attributes",
              "type" : "object",
              "properties" : {
                "singleLogoutService" : {
                  "title" : "Single Logout Service",
                  "type" : "array",
                  "attributePath" : {
                    "value" : "singleLogoutService",
                    "mapper" : "org.forgerock.openam.federation.rest.schema.mappers.EndpointMapper"
                  },
                  "items" : {
                    "type" : "object",
                    "properties" : {
                      "binding" : {
                        "title" : "Binding",
                        "anyOf" : [ {
                          "title" : "Predefined Binding",
                          "type" : "string",
                          "enum" : [ "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", "urn:oasis:names:tc:SAML:2.0:bindings:PAOS" ],
                          "enumNames" : [ "HTTP-REDIRECT", "HTTP-POST", "SOAP", "PAOS" ]
                        }, {
                          "title" : "Custom Binding",
                          "type" : "string"
                        } ]
                      },
                      "location" : {
                        "title" : "Location",
                        "type" : "string"
                      },
                      "responseLocation" : {
                        "title" : "Response Location",
                        "type" : "string"
                      }
                    },
                    "required" : [ "location" ]
                  },
                  "post" : {
                    "type" : "object",
                    "properties" : {
                      "binding" : {
                        "title" : "Binding",
                        "anyOf" : [ {
                          "title" : "Predefined Binding",
                          "type" : "string",
                          "enum" : [ "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", "urn:oasis:names:tc:SAML:2.0:bindings:PAOS" ],
                          "enumNames" : [ "HTTP-REDIRECT", "HTTP-POST", "SOAP", "PAOS" ]
                        }, {
                          "title" : "Custom Binding",
                          "type" : "string"
                        } ]
                      },
                      "location" : {
                        "title" : "Location",
                        "type" : "string"
                      },
                      "responseLocation" : {
                        "title" : "Response Location",
                        "type" : "string"
                      }
                    },
                    "required" : [ "location" ]
                  },
                  "soap" : {
                    "type" : "object",
                    "properties" : {
                      "location" : {
                        "type" : "string"
                      }
                    },
                    "required" : [ "location" ]
                  }
                },
                "nameIdService" : {
                  "title" : "Manage NameID Service",
                  "type" : "array",
                  "attributePath" : {
                    "value" : "manageNameIDService",
                    "mapper" : "org.forgerock.openam.federation.rest.schema.mappers.EndpointMapper"
                  },
                  "items" : {
                    "type" : "object",
                    "properties" : {
                      "binding" : {
                        "title" : "Binding",
                        "anyOf" : [ {
                          "title" : "Predefined Binding",
                          "type" : "string",
                          "enum" : [ "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", "urn:oasis:names:tc:SAML:2.0:bindings:PAOS" ],
                          "enumNames" : [ "HTTP-REDIRECT", "HTTP-POST", "SOAP", "PAOS" ]
                        }, {
                          "title" : "Custom Binding",
                          "type" : "string"
                        } ]
                      },
                      "location" : {
                        "title" : "Location",
                        "type" : "string"
                      },
                      "responseLocation" : {
                        "title" : "Response Location",
                        "type" : "string"
                      }
                    },
                    "required" : [ "location" ]
                  },
                  "soap" : {
                    "type" : "object",
                    "properties" : {
                      "location" : {
                        "type" : "string"
                      }
                    },
                    "required" : [ "location" ]
                  }
                },
                "assertionConsumerService" : {
                  "attributePath" : {
                    "value" : "assertionConsumerService",
                    "mapper" : "org.forgerock.openam.federation.rest.schema.mappers.ExtendedIndexedEndpointMapper"
                  },
                  "title" : "Assertion Consumer Service",
                  "description" : "Location denotes the URL to accept the respective request type. Index denotes the index of the URL in the standard metadata",
                  "type" : "array",
                  "items" : {
                    "type" : "object",
                    "properties" : {
                      "isDefault" : {
                        "type" : "boolean"
                      },
                      "binding" : {
                        "title" : "Binding",
                        "anyOf" : [ {
                          "title" : "Predefined Binding",
                          "type" : "string",
                          "enum" : [ "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", "urn:oasis:names:tc:SAML:2.0:bindings:PAOS" ],
                          "enumNames" : [ "HTTP-Artifact", "HTTP-POST", "PAOS" ]
                        }, {
                          "title" : "Custom Binding",
                          "type" : "string"
                        } ]
                      },
                      "location" : {
                        "title" : "Location",
                        "type" : "string"
                      },
                      "index" : {
                        "type" : "integer"
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "advanced" : {
          "propertyOrder" : 3,
          "traverseObject" : true,
          "title" : "Advanced",
          "type" : "object",
          "properties" : {
            "skipEndpointValidationWhenSigned" : {
              "title" : "Skip Endpoint Validation For Signed Requests",
              "description" : "When enabled, AM will not attempt to verify the AssertionConsumerServiceURL value provided in the SAML AuthnRequest. This SP MUST also be configured to sign authentication requests",
              "type" : "boolean",
              "attributeKey" : "skipEndpointValidationWhenSigned"
            },
            "saeConfiguration" : {
              "traverseObject" : true,
              "title" : "SAE Configuration",
              "type" : "object",
              "properties" : {
                "spUrl" : {
                  "attributeKey" : "saeSPUrl",
                  "title" : "SP URL",
                  "description" : "URL endpoint on Service Provider that can handle SAE requests. If this URL is empty (not configured), SAE single sign-on will not be enabled. Normal samlv2 single sign-on response will be sent to SP",
                  "type" : "string"
                },
                "spLogoutUrl" : {
                  "attributeKey" : "saeSPLogoutUrl",
                  "title" : "SP Logout URL",
                  "description" : "URL endpoint on the Service Provider that can handle SAE global logout requests",
                  "type" : "string"
                }
              }
            },
            "idpProxy" : {
              "traverseObject" : true,
              "title" : "IDP Proxy",
              "type" : "object",
              "properties" : {
                "enableIdpProxy" : {
                  "attributeKey" : "enableIDPProxy",
                  "title" : "IDP Proxy enabled",
                  "description" : "Enable IDP Proxy if not enabled",
                  "type" : "boolean"
                },
                "alwaysIdpProxy" : {
                  "attributeKey" : "alwaysIdpProxy",
                  "title" : "Proxy all requests",
                  "description" : "When this option is enabled, the IdP will proxy every single authentication request no matter it contains the Scoping element or not.",
                  "type" : "boolean"
                },
                "useIntroductionForIdpProxy" : {
                  "attributeKey" : "useIntroductionForIDPProxy",
                  "title" : "Introduction enabled",
                  "type" : "boolean"
                },
                "useIDPFinder" : {
                  "attributeKey" : "useIDPFinder",
                  "title" : "Use IDP Finder",
                  "type" : "boolean"
                },
                "idpProxyCount" : {
                  "attributeKey" : "idpProxyCount",
                  "title" : "Proxy Count",
                  "description" : "Number of IDP proxies that the SP can have",
                  "type" : "integer",
                  "default" : 0
                },
                "idpProxyList" : {
                  "attributeKey" : "idpProxyList",
                  "description" : "A list of preferred IDPs that the SP would proxy to",
                  "title" : "IDP Proxy List",
                  "type" : "array",
                  "items" : {
                    "type" : "string"
                  }
                }
              }
            }
          }
        }
      }
    }
  },
  "required" : [ "entityId" ],
  "$id" : "https://www.forgerock.com/remoteSaml2EntityProvider.schema.json"
}
Copyright © 2010-2024 ForgeRock, all rights reserved.