SAML2Authentication

Realm Operations

Resource path:

/realm-config/authentication/authenticationtrees/nodes/product-Saml2Node

Resource version: 1.0

create

Usage

am> create SAML2Authentication --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "authnContextDeclRef" : {
      "title" : "Authentication Context Declaration Reference",
      "description" : "(Optional) Use this parameter to specify authentication context declaration references.",
      "propertyOrder" : 600,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    },
    "isPassive" : {
      "title" : "Passive Authentication",
      "description" : "Use this parameter to indicate whether the identity provider should authenticate passively (true) or not (false).",
      "propertyOrder" : 1000,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "allowCreate" : {
      "title" : "Allow IdP to Create NameID",
      "description" : "Use this parameter to indicate whether the identity provider can create a new identifier for the principal if none exists (true) or not (false).",
      "propertyOrder" : 300,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "binding" : {
      "title" : "Response Binding",
      "description" : "Use this parameter to indicate what binding the IdP should use when communicating with this SP.",
      "propertyOrder" : 800,
      "type" : "string",
      "exampleValue" : ""
    },
    "nameIdFormat" : {
      "title" : "NameID Format",
      "description" : "(Optional) Use this parameter to specify a SAML Name Identifier format identifier such as <pre>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</pre> <pre>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</pre> <pre>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</pre>",
      "propertyOrder" : 1100,
      "type" : "string",
      "exampleValue" : ""
    },
    "requestBinding" : {
      "title" : "Request Binding",
      "description" : "Use this parameter to indicate what binding the SP should use when communicating with the IdP.",
      "propertyOrder" : 700,
      "type" : "string",
      "exampleValue" : ""
    },
    "idpEntityId" : {
      "title" : "IdP Entity ID",
      "description" : "The entity name of the SAML2 IdP Service to use for this module (must be configured).",
      "propertyOrder" : 100,
      "type" : "string",
      "exampleValue" : ""
    },
    "forceAuthn" : {
      "title" : "Force IdP Authentication",
      "description" : "Use this parameter to indicate whether the identity provider should force authentication (true) or can reuse existing security contexts (false).",
      "propertyOrder" : 900,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "metaAlias" : {
      "title" : "SP MetaAlias",
      "description" : "MetaAlias for Service Provider. The format of this parameter is <pre>/realm_name/SP</pre>",
      "propertyOrder" : 200,
      "type" : "string",
      "exampleValue" : ""
    },
    "authComparison" : {
      "title" : "Comparison Type",
      "description" : "(Optional) Use this parameter to specify a comparison method to evaluate the requested context classes or statements. OpenAM accepts the following values: <pre>better</pre>, <pre>exact</pre>, <pre>maximum</pre>, and <pre>minimum</pre>.",
      "propertyOrder" : 400,
      "type" : "string",
      "exampleValue" : ""
    },
    "authnContextClassRef" : {
      "title" : "Authentication Context Class Reference",
      "description" : "(Optional) Use this parameter to specify authentication context class references.",
      "propertyOrder" : 500,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    }
  },
  "required" : [ "authnContextDeclRef", "isPassive", "allowCreate", "binding", "nameIdFormat", "requestBinding", "idpEntityId", "forceAuthn", "metaAlias", "authComparison", "authnContextClassRef" ]
}

delete

Usage

am> delete SAML2Authentication --realm Realm --id id

Parameters

--id: The unique identifier for the resource.

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action SAML2Authentication --realm Realm --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action SAML2Authentication --realm Realm --actionName getCreatableTypes

listOutcomes

List the available outcomes for the node type.

Usage

am> action SAML2Authentication --realm Realm --body body --actionName listOutcomes

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "title" : "Some configuration of the node. This does not need to be complete against the configuration schema."
}

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action SAML2Authentication --realm Realm --actionName nextdescendents

query

Get the full list of instances of this collection. This query only supports _queryFilter=true filter.

Usage

am> query SAML2Authentication --realm Realm --filter filter

Parameters

--filter: A CREST formatted query filter, where "true" will query all.

read

Usage

am> read SAML2Authentication --realm Realm --id id

Parameters

--id: The unique identifier for the resource.

update

Usage

am> update SAML2Authentication --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "authnContextDeclRef" : {
      "title" : "Authentication Context Declaration Reference",
      "description" : "(Optional) Use this parameter to specify authentication context declaration references.",
      "propertyOrder" : 600,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    },
    "isPassive" : {
      "title" : "Passive Authentication",
      "description" : "Use this parameter to indicate whether the identity provider should authenticate passively (true) or not (false).",
      "propertyOrder" : 1000,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "allowCreate" : {
      "title" : "Allow IdP to Create NameID",
      "description" : "Use this parameter to indicate whether the identity provider can create a new identifier for the principal if none exists (true) or not (false).",
      "propertyOrder" : 300,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "binding" : {
      "title" : "Response Binding",
      "description" : "Use this parameter to indicate what binding the IdP should use when communicating with this SP.",
      "propertyOrder" : 800,
      "type" : "string",
      "exampleValue" : ""
    },
    "nameIdFormat" : {
      "title" : "NameID Format",
      "description" : "(Optional) Use this parameter to specify a SAML Name Identifier format identifier such as <pre>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</pre> <pre>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</pre> <pre>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</pre>",
      "propertyOrder" : 1100,
      "type" : "string",
      "exampleValue" : ""
    },
    "requestBinding" : {
      "title" : "Request Binding",
      "description" : "Use this parameter to indicate what binding the SP should use when communicating with the IdP.",
      "propertyOrder" : 700,
      "type" : "string",
      "exampleValue" : ""
    },
    "idpEntityId" : {
      "title" : "IdP Entity ID",
      "description" : "The entity name of the SAML2 IdP Service to use for this module (must be configured).",
      "propertyOrder" : 100,
      "type" : "string",
      "exampleValue" : ""
    },
    "forceAuthn" : {
      "title" : "Force IdP Authentication",
      "description" : "Use this parameter to indicate whether the identity provider should force authentication (true) or can reuse existing security contexts (false).",
      "propertyOrder" : 900,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "metaAlias" : {
      "title" : "SP MetaAlias",
      "description" : "MetaAlias for Service Provider. The format of this parameter is <pre>/realm_name/SP</pre>",
      "propertyOrder" : 200,
      "type" : "string",
      "exampleValue" : ""
    },
    "authComparison" : {
      "title" : "Comparison Type",
      "description" : "(Optional) Use this parameter to specify a comparison method to evaluate the requested context classes or statements. OpenAM accepts the following values: <pre>better</pre>, <pre>exact</pre>, <pre>maximum</pre>, and <pre>minimum</pre>.",
      "propertyOrder" : 400,
      "type" : "string",
      "exampleValue" : ""
    },
    "authnContextClassRef" : {
      "title" : "Authentication Context Class Reference",
      "description" : "(Optional) Use this parameter to specify authentication context class references.",
      "propertyOrder" : 500,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    }
  },
  "required" : [ "authnContextDeclRef", "isPassive", "allowCreate", "binding", "nameIdFormat", "requestBinding", "idpEntityId", "forceAuthn", "metaAlias", "authComparison", "authnContextClassRef" ]
}

Amster

SAML2Authentication

Realm Operations

create

delete

getAllTypes

getCreatableTypes

listOutcomes

nextdescendents

query

read

update