Amster

TrustedJwtIssuer

Realm Operations

Agents handler that is responsible for managing agents

Resource path:

/realm-config/agents/TrustedJwtIssuer

Resource version: 2.0

create

Usage

am> create TrustedJwtIssuer --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "issuer" : {
      "title" : "JWT Issuer",
      "description" : "Expected 'iss' claim identifier for this JWT issuer.",
      "propertyOrder" : 10,
      "type" : "object",
      "exampleValue" : "",
      "properties" : {
        "inherited" : {
          "type" : "boolean",
          "required" : true
        },
        "value" : {
          "type" : "string",
          "required" : true
        }
      }
    },
    "jwkStoreCacheMissCacheTime" : {
      "title" : "JWKs URI content cache miss cache time",
      "description" : "To avoid loading the JWKS URI content for every operation, especially when the kid is not in the jwks content already cached, the JWKS content will be cached for a minimum period of time. This cache miss cache time defines the minimum amount of time the JWKS URI content is cached.",
      "propertyOrder" : 80,
      "type" : "object",
      "exampleValue" : "",
      "properties" : {
        "inherited" : {
          "type" : "boolean",
          "required" : true
        },
        "value" : {
          "type" : "integer",
          "required" : false
        }
      }
    },
    "agentgroup" : {
      "title" : "Group",
      "description" : "Add the agent to a group to allow inheritance of property values from the group. <br>Changing the group will update inherited property values. <br>Inherited property values are copied to the agent.",
      "propertyOrder" : 5,
      "required" : false,
      "type" : "string",
      "exampleValue" : ""
    },
    "consentedScopesClaim" : {
      "title" : "Consented Scopes Claim",
      "description" : "Optional claim within the JWT that lists the scopes that the user has consented to. The scopes can be represented either as a JSON array of strings, or as a single space-separated string.",
      "propertyOrder" : 40,
      "type" : "object",
      "exampleValue" : "",
      "properties" : {
        "inherited" : {
          "type" : "boolean",
          "required" : true
        },
        "value" : {
          "type" : "string",
          "required" : false
        }
      }
    },
    "resourceOwnerIdentityClaim" : {
      "title" : "Resource Owner Identity Claim",
      "description" : "Claim in the JWT that identifies the resource owner account in AM. Defaults to \"sub\".",
      "propertyOrder" : 50,
      "type" : "object",
      "exampleValue" : "",
      "properties" : {
        "inherited" : {
          "type" : "boolean",
          "required" : true
        },
        "value" : {
          "type" : "string",
          "required" : false
        }
      }
    },
    "allowedSubjects" : {
      "title" : "Allowed Subjects",
      "description" : "List of subjects which this provider is allowed to provide consent for. If blank then the provider can provide consent for any user in this realm.",
      "propertyOrder" : 60,
      "items" : {
        "type" : "string"
      },
      "type" : "object",
      "exampleValue" : "",
      "properties" : {
        "inherited" : {
          "type" : "boolean",
          "required" : true
        },
        "value" : {
          "type" : "array",
          "required" : false
        }
      }
    },
    "jwksCacheTimeout" : {
      "title" : "JWKs URI content cache timeout in ms",
      "description" : "To avoid loading the JWKS URI content for every operation, the JWKS content is cached. This timeout defines the maximum amount of time the JWKS URI content can be cached before being refreshed.",
      "propertyOrder" : 70,
      "type" : "object",
      "exampleValue" : "",
      "properties" : {
        "inherited" : {
          "type" : "boolean",
          "required" : true
        },
        "value" : {
          "type" : "integer",
          "required" : false
        }
      }
    },
    "jwksUri" : {
      "title" : "JWKs URI",
      "description" : "URI to retrieve JWK verification keys from to validate the JWT signature.",
      "propertyOrder" : 20,
      "type" : "object",
      "exampleValue" : "",
      "properties" : {
        "inherited" : {
          "type" : "boolean",
          "required" : true
        },
        "value" : {
          "type" : "string",
          "required" : false
        }
      }
    },
    "jwkSet" : {
      "title" : "JWK Set",
      "description" : "Manually entered JWK Set of verification keys to validate the JWT signature.",
      "propertyOrder" : 30,
      "type" : "object",
      "exampleValue" : "",
      "properties" : {
        "inherited" : {
          "type" : "boolean",
          "required" : true
        },
        "value" : {
          "type" : "string",
          "required" : false
        }
      }
    }
  }
}

delete

Usage

am> delete TrustedJwtIssuer --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action TrustedJwtIssuer --realm Realm --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action TrustedJwtIssuer --realm Realm --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action TrustedJwtIssuer --realm Realm --actionName nextdescendents

query

Querying the agents of a specific type

Usage

am> query TrustedJwtIssuer --realm Realm --filter filter

Parameters

--filter

A CREST formatted query filter, where "true" will query all.

read

Usage

am> read TrustedJwtIssuer --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

update

Usage

am> update TrustedJwtIssuer --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "issuer" : {
      "title" : "JWT Issuer",
      "description" : "Expected 'iss' claim identifier for this JWT issuer.",
      "propertyOrder" : 10,
      "type" : "object",
      "exampleValue" : "",
      "properties" : {
        "inherited" : {
          "type" : "boolean",
          "required" : true
        },
        "value" : {
          "type" : "string",
          "required" : true
        }
      }
    },
    "jwkStoreCacheMissCacheTime" : {
      "title" : "JWKs URI content cache miss cache time",
      "description" : "To avoid loading the JWKS URI content for every operation, especially when the kid is not in the jwks content already cached, the JWKS content will be cached for a minimum period of time. This cache miss cache time defines the minimum amount of time the JWKS URI content is cached.",
      "propertyOrder" : 80,
      "type" : "object",
      "exampleValue" : "",
      "properties" : {
        "inherited" : {
          "type" : "boolean",
          "required" : true
        },
        "value" : {
          "type" : "integer",
          "required" : false
        }
      }
    },
    "agentgroup" : {
      "title" : "Group",
      "description" : "Add the agent to a group to allow inheritance of property values from the group. <br>Changing the group will update inherited property values. <br>Inherited property values are copied to the agent.",
      "propertyOrder" : 5,
      "required" : false,
      "type" : "string",
      "exampleValue" : ""
    },
    "consentedScopesClaim" : {
      "title" : "Consented Scopes Claim",
      "description" : "Optional claim within the JWT that lists the scopes that the user has consented to. The scopes can be represented either as a JSON array of strings, or as a single space-separated string.",
      "propertyOrder" : 40,
      "type" : "object",
      "exampleValue" : "",
      "properties" : {
        "inherited" : {
          "type" : "boolean",
          "required" : true
        },
        "value" : {
          "type" : "string",
          "required" : false
        }
      }
    },
    "resourceOwnerIdentityClaim" : {
      "title" : "Resource Owner Identity Claim",
      "description" : "Claim in the JWT that identifies the resource owner account in AM. Defaults to \"sub\".",
      "propertyOrder" : 50,
      "type" : "object",
      "exampleValue" : "",
      "properties" : {
        "inherited" : {
          "type" : "boolean",
          "required" : true
        },
        "value" : {
          "type" : "string",
          "required" : false
        }
      }
    },
    "allowedSubjects" : {
      "title" : "Allowed Subjects",
      "description" : "List of subjects which this provider is allowed to provide consent for. If blank then the provider can provide consent for any user in this realm.",
      "propertyOrder" : 60,
      "items" : {
        "type" : "string"
      },
      "type" : "object",
      "exampleValue" : "",
      "properties" : {
        "inherited" : {
          "type" : "boolean",
          "required" : true
        },
        "value" : {
          "type" : "array",
          "required" : false
        }
      }
    },
    "jwksCacheTimeout" : {
      "title" : "JWKs URI content cache timeout in ms",
      "description" : "To avoid loading the JWKS URI content for every operation, the JWKS content is cached. This timeout defines the maximum amount of time the JWKS URI content can be cached before being refreshed.",
      "propertyOrder" : 70,
      "type" : "object",
      "exampleValue" : "",
      "properties" : {
        "inherited" : {
          "type" : "boolean",
          "required" : true
        },
        "value" : {
          "type" : "integer",
          "required" : false
        }
      }
    },
    "jwksUri" : {
      "title" : "JWKs URI",
      "description" : "URI to retrieve JWK verification keys from to validate the JWT signature.",
      "propertyOrder" : 20,
      "type" : "object",
      "exampleValue" : "",
      "properties" : {
        "inherited" : {
          "type" : "boolean",
          "required" : true
        },
        "value" : {
          "type" : "string",
          "required" : false
        }
      }
    },
    "jwkSet" : {
      "title" : "JWK Set",
      "description" : "Manually entered JWK Set of verification keys to validate the JWT signature.",
      "propertyOrder" : 30,
      "type" : "object",
      "exampleValue" : "",
      "properties" : {
        "inherited" : {
          "type" : "boolean",
          "required" : true
        },
        "value" : {
          "type" : "string",
          "required" : false
        }
      }
    }
  }
}
Copyright © 2010-2024 ForgeRock, all rights reserved.