AdaptiveRiskModule

Realm Operations

Resource path: /realm-config/authentication/modules/adaptiverisk

Resource version: 1.0

create

Usage:

am> create AdaptiveRiskModule --realm Realm --id id --body body

Parameters:

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "attributecheck" : {
      "type" : "object",
      "title" : "Profile Attribute",
      "propertyOrder" : 7,
      "properties" : {
        "profileRiskAttributeCheckEnabled" : {
          "title" : "Profile Risk Attribute check",
          "description" : "Enables the checking of the user profile for a matching attribute and value.<br><br>If this check is enabled, the check will pass if the users profile contains the required risk attribute and value.",
          "propertyOrder" : 2800,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "profileRiskAttributeName" : {
          "title" : "Attribute Name",
          "description" : "The name of the attribute to retrieve from the user profile in the data store.",
          "propertyOrder" : 2900,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "profileRiskAttributeScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 3100,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "invertProfileRiskAttributeScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 3200,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "profileRiskAttributeValue" : {
          "title" : "Attribute Value",
          "description" : "The required value of the named attribute.",
          "propertyOrder" : 3000,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "iphistory" : {
      "type" : "object",
      "title" : "IP Address History",
      "propertyOrder" : 3,
      "properties" : {
        "ipHistoryScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 1400,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "invertIPHistoryScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 1500,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "ipHistoryCheckEnabled" : {
          "title" : "IP History Check",
          "description" : "Enables the checking of client IP address against a list of past IP addresses.<br><br>If this check is enabled; a set number of past IP addresses used by the client to access OpenAM is recorded in the user profile. This check passes if the current client IP address is present in the history list. If the IP address is not present, the check fails and the IP address is added to list if the overall authentication is successful (causing the oldest IP address to be removed).",
          "propertyOrder" : 1000,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "ipHistoryProfileAttribute" : {
          "title" : "Profile Attribute Name",
          "description" : "The name of the attribute used to store the IP history list in the data store.<br><br>IP history list is stored in the Data Store meaning your Data Store should be able to store values under the configured attribute name. If you're using a directory server as backend, make sure your Data Store configuration contains the necessary objectclass and attribute related settings.",
          "propertyOrder" : 1200,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "saveSuccessfulIP" : {
          "title" : "Save Successful IP Address",
          "description" : "The IP History list will be updated in the data store<br><br>The Adaptive Risk Post Authentication Plug-in will update the IP history list if the overall authentication is successful.",
          "propertyOrder" : 1300,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "ipHistoryCount" : {
          "title" : "History size",
          "description" : "The number of client IP addresses to save in the history list.",
          "propertyOrder" : 1100,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    },
    "knowncookie" : {
      "type" : "object",
      "title" : "Known Cookie",
      "propertyOrder" : 4,
      "properties" : {
        "knownCookieCheckEnabled" : {
          "title" : "Cookie Value Check",
          "description" : "Enables the checking of a known cookie value in the client request<br><br>If this check is enabled, the check looks for a known cookie in the client request. If the cookie exists and has the correct value then the check will pass. ",
          "propertyOrder" : 1600,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "knownCookieScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 2000,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "createKnownCookieOnSuccessfulLogin" : {
          "title" : "Save Cookie Value on Successful Login",
          "description" : "The cookie will be created on the client after successful login<br><br>The Adaptive Risk Post Authentication Plug-in will set the cookie on the client response",
          "propertyOrder" : 1900,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "knownCookieName" : {
          "title" : "Cookie Name",
          "description" : "The name of the cookie to set on the client.",
          "propertyOrder" : 1700,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "invertKnownCookieScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 2100,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "knownCookieValue" : {
          "title" : "Cookie Value",
          "description" : "The value to be set on the cookie.",
          "propertyOrder" : 1800,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "iprange" : {
      "type" : "object",
      "title" : "IP Address Range",
      "propertyOrder" : 2,
      "properties" : {
        "ipRangeCheckEnabled" : {
          "title" : "IP Range Check",
          "description" : "Enables the checking of the client IP address against a list of IP addresses.<br><br>The IP range check compares the IP of the client against a list of IP addresses, if the client IP is found within said list the check is successful.",
          "propertyOrder" : 600,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "ipRange" : {
          "title" : "IP Range",
          "description" : "The list of IP address to compare against the client IP address.<br><br>The format of the IP address is as follows:<br/><br/><ul><li>Single IP address: <code>172.16.90.1</code></li><li>CIDR notation: <code>172.16.90.0/24</code></li><li>IP net-block with netmask: <code>172.16.90.0:255.255.255.0</code></li></ul>",
          "propertyOrder" : 700,
          "required" : true,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "ipRangeScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 800,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "invertIPRangeScoreEnabled" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 900,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "requestheader" : {
      "type" : "object",
      "title" : "Request Header",
      "propertyOrder" : 9,
      "properties" : {
        "requestHeaderValue" : {
          "title" : "Request Header Value",
          "description" : "The required value of the named HTTP header.",
          "propertyOrder" : 4500,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "invertRequestHeaderScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 4700,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "requestHeaderScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 4600,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "requestHeaderCheckEnabled" : {
          "title" : "Request Header Check",
          "description" : "Enables the checking of the client request for a known header name and value.<br><br>The request header check will pass if the client request contains the required named header and value.",
          "propertyOrder" : 4300,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "requestHeaderName" : {
          "title" : "Request Header Name",
          "description" : "The name of the required HTTP header ",
          "propertyOrder" : 4400,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "lastlogin" : {
      "type" : "object",
      "title" : "Time Since Last Login",
      "propertyOrder" : 6,
      "properties" : {
        "timeSinceLastLoginCookieName" : {
          "title" : "Cookie Name",
          "description" : "The name of the cookie used to store the time of the last successful authentication.",
          "propertyOrder" : 2300,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "maxTimeSinceLastLogin" : {
          "title" : "Max Time since Last login",
          "description" : "The maximum number of days that can elapse before this test.",
          "propertyOrder" : 2400,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "saveLastLoginTimeOnSuccessfulLogin" : {
          "title" : "Save time of Successful Login",
          "description" : "The last login time will be saved in a client cookie<br><br>The Adaptive Risk Post Authentication Plug-in will update the last login time",
          "propertyOrder" : 2500,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "invertTimeSinceLastLoginScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 2700,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "timeSinceLastLoginScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 2600,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "timeSinceLastLoginCheckEnabled" : {
          "title" : "Time since Last login Check",
          "description" : "Enables the checking of the last time the user successfully authenticated.<br><br>If this check is enabled, the check ensures the user has successfully authenticated within a given interval. If the interval has been exceeded the check will fail. The last authentication for the user is stored in a client cookie.",
          "propertyOrder" : 2200,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "devicecookie" : {
      "type" : "object",
      "title" : "Device Cookie",
      "propertyOrder" : 5,
      "properties" : {
        "invertDeviceCookieScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 3700,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "saveDeviceCookieValueOnSuccessfulLogin" : {
          "title" : "Save Device Registration on Successful Login",
          "description" : "Set the device cookie on the client response<br><br>The Adaptive Risk Post Authentication Plug-in will set the device cookie on the client response",
          "propertyOrder" : 3500,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "deviceCookieName" : {
          "title" : "Cookie Name",
          "description" : "The name of the cookie to be checked for (and optionally set) on the client request",
          "propertyOrder" : 3400,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "deviceCookieCheckEnabled" : {
          "title" : "Device Registration Cookie Check",
          "description" : "Enables the checking of the client request for a known cookie.<br><br>If this check is enabled, the check will pass if the client request contains the named cookie.",
          "propertyOrder" : 3300,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "deviceCookieScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 3600,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    },
    "geolocation" : {
      "type" : "object",
      "title" : "Geo Location",
      "propertyOrder" : 8,
      "properties" : {
        "geolocationValidCountryCodes" : {
          "title" : "Valid Country Codes",
          "description" : "The list of country codes that are considered as valid locations for client IPs.<br><br>The list is made up of country codes separated by a | character; for example:<br/><br/><code>gb|us|no|fr</code>",
          "propertyOrder" : 4000,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "geolocationCheckEnabled" : {
          "title" : "Geolocation Country Code Check",
          "description" : "Enables the checking of the client IP address against the geolocation database.<br><br>The geolocation database associates IP addresses against their known location. This check passes if the country associated with the client IP address is matched against the list of valid country codes.<br/><br/>The geolocation database is available in binary format at <a href=\"http://www.maxmind.com/app/country\" target=\"_blank\">MaxMind</a>.",
          "propertyOrder" : 3800,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "geolocationScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 4100,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "invertGeolocationScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 4200,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "geolocationDatabaseLocation" : {
          "title" : "Geolocation Database location",
          "description" : "The path to the location of the GEO location database.<br><br>The Geolocation database is not distributed with OpenAM, you can get it in binary format from <a href=\"http://www.maxmind.com/app/country\" target=\"_blank\">MaxMind</a>.",
          "propertyOrder" : 3900,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "general" : {
      "type" : "object",
      "title" : "General",
      "propertyOrder" : 0,
      "properties" : {
        "authenticationLevel" : {
          "title" : "Authentication Level",
          "description" : "The authentication level associated with this module.<br><br>Each authentication module has an authentication level that can be used to indicate the level of security associated with the module; 0 is the lowest (and the default).",
          "propertyOrder" : 100,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "riskThreshold" : {
          "title" : "Risk Threshold",
          "description" : "If the risk threshold value is not reached after executing the different tests, the authentication is considered to be successful.<br><br>Associated with many of the adaptive risk checks is a score; if a check does not passes then the score is added to the current running total. The final score is then compared with the <i>Risk Threshold</i>, if the score is lesser than said threshold the module will be successful. ",
          "propertyOrder" : 200,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    },
    "authfailed" : {
      "type" : "object",
      "title" : "Failed Authentications",
      "propertyOrder" : 1,
      "properties" : {
        "failureScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 400,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "invertFailureScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 500,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "failedAuthenticationCheckEnabled" : {
          "title" : "Failed Authentication Check",
          "description" : "Checks if the user has past authentication failures.<br><br>Check if the OpenAM account lockout mechanism has recorded past authentication failures for the user.<br/><br/><i>NB </i>For this check to function, Account Lockout must be enabled.",
          "propertyOrder" : 300,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    }
  }
}

delete

Usage:

am> delete AdaptiveRiskModule --realm Realm --id id

Parameters:

--id

The unique identifier for the resource.

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage:

am> action AdaptiveRiskModule --realm Realm --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage:

am> action AdaptiveRiskModule --realm Realm --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage:

am> action AdaptiveRiskModule --realm Realm --actionName nextdescendents

query

Get the full list of instances of this collection. This query only supports `_queryFilter=true` filter.

Usage:

am> query AdaptiveRiskModule --realm Realm --filter filter

Parameters:

--filter

A CREST formatted query filter, where "true" will query all.

read

Usage:

am> read AdaptiveRiskModule --realm Realm --id id

Parameters:

--id

The unique identifier for the resource.

update

Usage:

am> update AdaptiveRiskModule --realm Realm --id id --body body

Parameters:

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "attributecheck" : {
      "type" : "object",
      "title" : "Profile Attribute",
      "propertyOrder" : 7,
      "properties" : {
        "profileRiskAttributeCheckEnabled" : {
          "title" : "Profile Risk Attribute check",
          "description" : "Enables the checking of the user profile for a matching attribute and value.<br><br>If this check is enabled, the check will pass if the users profile contains the required risk attribute and value.",
          "propertyOrder" : 2800,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "profileRiskAttributeName" : {
          "title" : "Attribute Name",
          "description" : "The name of the attribute to retrieve from the user profile in the data store.",
          "propertyOrder" : 2900,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "profileRiskAttributeScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 3100,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "invertProfileRiskAttributeScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 3200,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "profileRiskAttributeValue" : {
          "title" : "Attribute Value",
          "description" : "The required value of the named attribute.",
          "propertyOrder" : 3000,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "iphistory" : {
      "type" : "object",
      "title" : "IP Address History",
      "propertyOrder" : 3,
      "properties" : {
        "ipHistoryScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 1400,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "invertIPHistoryScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 1500,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "ipHistoryCheckEnabled" : {
          "title" : "IP History Check",
          "description" : "Enables the checking of client IP address against a list of past IP addresses.<br><br>If this check is enabled; a set number of past IP addresses used by the client to access OpenAM is recorded in the user profile. This check passes if the current client IP address is present in the history list. If the IP address is not present, the check fails and the IP address is added to list if the overall authentication is successful (causing the oldest IP address to be removed).",
          "propertyOrder" : 1000,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "ipHistoryProfileAttribute" : {
          "title" : "Profile Attribute Name",
          "description" : "The name of the attribute used to store the IP history list in the data store.<br><br>IP history list is stored in the Data Store meaning your Data Store should be able to store values under the configured attribute name. If you're using a directory server as backend, make sure your Data Store configuration contains the necessary objectclass and attribute related settings.",
          "propertyOrder" : 1200,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "saveSuccessfulIP" : {
          "title" : "Save Successful IP Address",
          "description" : "The IP History list will be updated in the data store<br><br>The Adaptive Risk Post Authentication Plug-in will update the IP history list if the overall authentication is successful.",
          "propertyOrder" : 1300,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "ipHistoryCount" : {
          "title" : "History size",
          "description" : "The number of client IP addresses to save in the history list.",
          "propertyOrder" : 1100,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    },
    "knowncookie" : {
      "type" : "object",
      "title" : "Known Cookie",
      "propertyOrder" : 4,
      "properties" : {
        "knownCookieCheckEnabled" : {
          "title" : "Cookie Value Check",
          "description" : "Enables the checking of a known cookie value in the client request<br><br>If this check is enabled, the check looks for a known cookie in the client request. If the cookie exists and has the correct value then the check will pass. ",
          "propertyOrder" : 1600,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "knownCookieScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 2000,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "createKnownCookieOnSuccessfulLogin" : {
          "title" : "Save Cookie Value on Successful Login",
          "description" : "The cookie will be created on the client after successful login<br><br>The Adaptive Risk Post Authentication Plug-in will set the cookie on the client response",
          "propertyOrder" : 1900,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "knownCookieName" : {
          "title" : "Cookie Name",
          "description" : "The name of the cookie to set on the client.",
          "propertyOrder" : 1700,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "invertKnownCookieScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 2100,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "knownCookieValue" : {
          "title" : "Cookie Value",
          "description" : "The value to be set on the cookie.",
          "propertyOrder" : 1800,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "iprange" : {
      "type" : "object",
      "title" : "IP Address Range",
      "propertyOrder" : 2,
      "properties" : {
        "ipRangeCheckEnabled" : {
          "title" : "IP Range Check",
          "description" : "Enables the checking of the client IP address against a list of IP addresses.<br><br>The IP range check compares the IP of the client against a list of IP addresses, if the client IP is found within said list the check is successful.",
          "propertyOrder" : 600,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "ipRange" : {
          "title" : "IP Range",
          "description" : "The list of IP address to compare against the client IP address.<br><br>The format of the IP address is as follows:<br/><br/><ul><li>Single IP address: <code>172.16.90.1</code></li><li>CIDR notation: <code>172.16.90.0/24</code></li><li>IP net-block with netmask: <code>172.16.90.0:255.255.255.0</code></li></ul>",
          "propertyOrder" : 700,
          "required" : true,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "ipRangeScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 800,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "invertIPRangeScoreEnabled" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 900,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "requestheader" : {
      "type" : "object",
      "title" : "Request Header",
      "propertyOrder" : 9,
      "properties" : {
        "requestHeaderValue" : {
          "title" : "Request Header Value",
          "description" : "The required value of the named HTTP header.",
          "propertyOrder" : 4500,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "invertRequestHeaderScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 4700,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "requestHeaderScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 4600,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "requestHeaderCheckEnabled" : {
          "title" : "Request Header Check",
          "description" : "Enables the checking of the client request for a known header name and value.<br><br>The request header check will pass if the client request contains the required named header and value.",
          "propertyOrder" : 4300,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "requestHeaderName" : {
          "title" : "Request Header Name",
          "description" : "The name of the required HTTP header ",
          "propertyOrder" : 4400,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "lastlogin" : {
      "type" : "object",
      "title" : "Time Since Last Login",
      "propertyOrder" : 6,
      "properties" : {
        "timeSinceLastLoginCookieName" : {
          "title" : "Cookie Name",
          "description" : "The name of the cookie used to store the time of the last successful authentication.",
          "propertyOrder" : 2300,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "maxTimeSinceLastLogin" : {
          "title" : "Max Time since Last login",
          "description" : "The maximum number of days that can elapse before this test.",
          "propertyOrder" : 2400,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "saveLastLoginTimeOnSuccessfulLogin" : {
          "title" : "Save time of Successful Login",
          "description" : "The last login time will be saved in a client cookie<br><br>The Adaptive Risk Post Authentication Plug-in will update the last login time",
          "propertyOrder" : 2500,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "invertTimeSinceLastLoginScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 2700,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "timeSinceLastLoginScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 2600,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "timeSinceLastLoginCheckEnabled" : {
          "title" : "Time since Last login Check",
          "description" : "Enables the checking of the last time the user successfully authenticated.<br><br>If this check is enabled, the check ensures the user has successfully authenticated within a given interval. If the interval has been exceeded the check will fail. The last authentication for the user is stored in a client cookie.",
          "propertyOrder" : 2200,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "devicecookie" : {
      "type" : "object",
      "title" : "Device Cookie",
      "propertyOrder" : 5,
      "properties" : {
        "invertDeviceCookieScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 3700,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "saveDeviceCookieValueOnSuccessfulLogin" : {
          "title" : "Save Device Registration on Successful Login",
          "description" : "Set the device cookie on the client response<br><br>The Adaptive Risk Post Authentication Plug-in will set the device cookie on the client response",
          "propertyOrder" : 3500,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "deviceCookieName" : {
          "title" : "Cookie Name",
          "description" : "The name of the cookie to be checked for (and optionally set) on the client request",
          "propertyOrder" : 3400,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "deviceCookieCheckEnabled" : {
          "title" : "Device Registration Cookie Check",
          "description" : "Enables the checking of the client request for a known cookie.<br><br>If this check is enabled, the check will pass if the client request contains the named cookie.",
          "propertyOrder" : 3300,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "deviceCookieScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 3600,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    },
    "geolocation" : {
      "type" : "object",
      "title" : "Geo Location",
      "propertyOrder" : 8,
      "properties" : {
        "geolocationValidCountryCodes" : {
          "title" : "Valid Country Codes",
          "description" : "The list of country codes that are considered as valid locations for client IPs.<br><br>The list is made up of country codes separated by a | character; for example:<br/><br/><code>gb|us|no|fr</code>",
          "propertyOrder" : 4000,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "geolocationCheckEnabled" : {
          "title" : "Geolocation Country Code Check",
          "description" : "Enables the checking of the client IP address against the geolocation database.<br><br>The geolocation database associates IP addresses against their known location. This check passes if the country associated with the client IP address is matched against the list of valid country codes.<br/><br/>The geolocation database is available in binary format at <a href=\"http://www.maxmind.com/app/country\" target=\"_blank\">MaxMind</a>.",
          "propertyOrder" : 3800,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "geolocationScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 4100,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "invertGeolocationScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 4200,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "geolocationDatabaseLocation" : {
          "title" : "Geolocation Database location",
          "description" : "The path to the location of the GEO location database.<br><br>The Geolocation database is not distributed with OpenAM, you can get it in binary format from <a href=\"http://www.maxmind.com/app/country\" target=\"_blank\">MaxMind</a>.",
          "propertyOrder" : 3900,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "general" : {
      "type" : "object",
      "title" : "General",
      "propertyOrder" : 0,
      "properties" : {
        "authenticationLevel" : {
          "title" : "Authentication Level",
          "description" : "The authentication level associated with this module.<br><br>Each authentication module has an authentication level that can be used to indicate the level of security associated with the module; 0 is the lowest (and the default).",
          "propertyOrder" : 100,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "riskThreshold" : {
          "title" : "Risk Threshold",
          "description" : "If the risk threshold value is not reached after executing the different tests, the authentication is considered to be successful.<br><br>Associated with many of the adaptive risk checks is a score; if a check does not passes then the score is added to the current running total. The final score is then compared with the <i>Risk Threshold</i>, if the score is lesser than said threshold the module will be successful. ",
          "propertyOrder" : 200,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    },
    "authfailed" : {
      "type" : "object",
      "title" : "Failed Authentications",
      "propertyOrder" : 1,
      "properties" : {
        "failureScore" : {
          "title" : "Score",
          "description" : "The amount to increment the score if this check fails.",
          "propertyOrder" : 400,
          "required" : true,
          "type" : "integer",
          "exampleValue" : ""
        },
        "invertFailureScore" : {
          "title" : "Invert Result",
          "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
          "propertyOrder" : 500,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "failedAuthenticationCheckEnabled" : {
          "title" : "Failed Authentication Check",
          "description" : "Checks if the user has past authentication failures.<br><br>Check if the OpenAM account lockout mechanism has recorded past authentication failures for the user.<br/><br/><i>NB </i>For this check to function, Account Lockout must be enabled.",
          "propertyOrder" : 300,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    }
  }
}

Global Operations

Resource path: /global-config/authentication/modules/adaptiverisk

Resource version: 1.0

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage:

am> action AdaptiveRiskModule --global --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage:

am> action AdaptiveRiskModule --global --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage:

am> action AdaptiveRiskModule --global --actionName nextdescendents

read

Usage:

am> read AdaptiveRiskModule --global

update

Usage:

am> update AdaptiveRiskModule --global --body body

Parameters:

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "defaults" : {
      "properties" : {
        "geolocation" : {
          "type" : "object",
          "title" : "Geo Location",
          "propertyOrder" : 8,
          "properties" : {
            "geolocationDatabaseLocation" : {
              "title" : "Geolocation Database location",
              "description" : "The path to the location of the GEO location database.<br><br>The Geolocation database is not distributed with OpenAM, you can get it in binary format from <a href=\"http://www.maxmind.com/app/country\" target=\"_blank\">MaxMind</a>.",
              "propertyOrder" : 3900,
              "required" : true,
              "type" : "string",
              "exampleValue" : ""
            },
            "geolocationValidCountryCodes" : {
              "title" : "Valid Country Codes",
              "description" : "The list of country codes that are considered as valid locations for client IPs.<br><br>The list is made up of country codes separated by a | character; for example:<br/><br/><code>gb|us|no|fr</code>",
              "propertyOrder" : 4000,
              "required" : true,
              "type" : "string",
              "exampleValue" : ""
            },
            "geolocationCheckEnabled" : {
              "title" : "Geolocation Country Code Check",
              "description" : "Enables the checking of the client IP address against the geolocation database.<br><br>The geolocation database associates IP addresses against their known location. This check passes if the country associated with the client IP address is matched against the list of valid country codes.<br/><br/>The geolocation database is available in binary format at <a href=\"http://www.maxmind.com/app/country\" target=\"_blank\">MaxMind</a>.",
              "propertyOrder" : 3800,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "geolocationScore" : {
              "title" : "Score",
              "description" : "The amount to increment the score if this check fails.",
              "propertyOrder" : 4100,
              "required" : true,
              "type" : "integer",
              "exampleValue" : ""
            },
            "invertGeolocationScore" : {
              "title" : "Invert Result",
              "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
              "propertyOrder" : 4200,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            }
          }
        },
        "devicecookie" : {
          "type" : "object",
          "title" : "Device Cookie",
          "propertyOrder" : 5,
          "properties" : {
            "invertDeviceCookieScore" : {
              "title" : "Invert Result",
              "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
              "propertyOrder" : 3700,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "deviceCookieScore" : {
              "title" : "Score",
              "description" : "The amount to increment the score if this check fails.",
              "propertyOrder" : 3600,
              "required" : true,
              "type" : "integer",
              "exampleValue" : ""
            },
            "deviceCookieCheckEnabled" : {
              "title" : "Device Registration Cookie Check",
              "description" : "Enables the checking of the client request for a known cookie.<br><br>If this check is enabled, the check will pass if the client request contains the named cookie.",
              "propertyOrder" : 3300,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "saveDeviceCookieValueOnSuccessfulLogin" : {
              "title" : "Save Device Registration on Successful Login",
              "description" : "Set the device cookie on the client response<br><br>The Adaptive Risk Post Authentication Plug-in will set the device cookie on the client response",
              "propertyOrder" : 3500,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "deviceCookieName" : {
              "title" : "Cookie Name",
              "description" : "The name of the cookie to be checked for (and optionally set) on the client request",
              "propertyOrder" : 3400,
              "required" : true,
              "type" : "string",
              "exampleValue" : ""
            }
          }
        },
        "general" : {
          "type" : "object",
          "title" : "General",
          "propertyOrder" : 0,
          "properties" : {
            "authenticationLevel" : {
              "title" : "Authentication Level",
              "description" : "The authentication level associated with this module.<br><br>Each authentication module has an authentication level that can be used to indicate the level of security associated with the module; 0 is the lowest (and the default).",
              "propertyOrder" : 100,
              "required" : true,
              "type" : "integer",
              "exampleValue" : ""
            },
            "riskThreshold" : {
              "title" : "Risk Threshold",
              "description" : "If the risk threshold value is not reached after executing the different tests, the authentication is considered to be successful.<br><br>Associated with many of the adaptive risk checks is a score; if a check does not passes then the score is added to the current running total. The final score is then compared with the <i>Risk Threshold</i>, if the score is lesser than said threshold the module will be successful. ",
              "propertyOrder" : 200,
              "required" : true,
              "type" : "integer",
              "exampleValue" : ""
            }
          }
        },
        "iphistory" : {
          "type" : "object",
          "title" : "IP Address History",
          "propertyOrder" : 3,
          "properties" : {
            "ipHistoryScore" : {
              "title" : "Score",
              "description" : "The amount to increment the score if this check fails.",
              "propertyOrder" : 1400,
              "required" : true,
              "type" : "integer",
              "exampleValue" : ""
            },
            "ipHistoryCount" : {
              "title" : "History size",
              "description" : "The number of client IP addresses to save in the history list.",
              "propertyOrder" : 1100,
              "required" : true,
              "type" : "integer",
              "exampleValue" : ""
            },
            "saveSuccessfulIP" : {
              "title" : "Save Successful IP Address",
              "description" : "The IP History list will be updated in the data store<br><br>The Adaptive Risk Post Authentication Plug-in will update the IP history list if the overall authentication is successful.",
              "propertyOrder" : 1300,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "invertIPHistoryScore" : {
              "title" : "Invert Result",
              "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
              "propertyOrder" : 1500,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "ipHistoryProfileAttribute" : {
              "title" : "Profile Attribute Name",
              "description" : "The name of the attribute used to store the IP history list in the data store.<br><br>IP history list is stored in the Data Store meaning your Data Store should be able to store values under the configured attribute name. If you're using a directory server as backend, make sure your Data Store configuration contains the necessary objectclass and attribute related settings.",
              "propertyOrder" : 1200,
              "required" : true,
              "type" : "string",
              "exampleValue" : ""
            },
            "ipHistoryCheckEnabled" : {
              "title" : "IP History Check",
              "description" : "Enables the checking of client IP address against a list of past IP addresses.<br><br>If this check is enabled; a set number of past IP addresses used by the client to access OpenAM is recorded in the user profile. This check passes if the current client IP address is present in the history list. If the IP address is not present, the check fails and the IP address is added to list if the overall authentication is successful (causing the oldest IP address to be removed).",
              "propertyOrder" : 1000,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            }
          }
        },
        "lastlogin" : {
          "type" : "object",
          "title" : "Time Since Last Login",
          "propertyOrder" : 6,
          "properties" : {
            "saveLastLoginTimeOnSuccessfulLogin" : {
              "title" : "Save time of Successful Login",
              "description" : "The last login time will be saved in a client cookie<br><br>The Adaptive Risk Post Authentication Plug-in will update the last login time",
              "propertyOrder" : 2500,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "invertTimeSinceLastLoginScore" : {
              "title" : "Invert Result",
              "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
              "propertyOrder" : 2700,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "timeSinceLastLoginScore" : {
              "title" : "Score",
              "description" : "The amount to increment the score if this check fails.",
              "propertyOrder" : 2600,
              "required" : true,
              "type" : "integer",
              "exampleValue" : ""
            },
            "timeSinceLastLoginCookieName" : {
              "title" : "Cookie Name",
              "description" : "The name of the cookie used to store the time of the last successful authentication.",
              "propertyOrder" : 2300,
              "required" : true,
              "type" : "string",
              "exampleValue" : ""
            },
            "timeSinceLastLoginCheckEnabled" : {
              "title" : "Time since Last login Check",
              "description" : "Enables the checking of the last time the user successfully authenticated.<br><br>If this check is enabled, the check ensures the user has successfully authenticated within a given interval. If the interval has been exceeded the check will fail. The last authentication for the user is stored in a client cookie.",
              "propertyOrder" : 2200,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "maxTimeSinceLastLogin" : {
              "title" : "Max Time since Last login",
              "description" : "The maximum number of days that can elapse before this test.",
              "propertyOrder" : 2400,
              "required" : true,
              "type" : "string",
              "exampleValue" : ""
            }
          }
        },
        "attributecheck" : {
          "type" : "object",
          "title" : "Profile Attribute",
          "propertyOrder" : 7,
          "properties" : {
            "profileRiskAttributeValue" : {
              "title" : "Attribute Value",
              "description" : "The required value of the named attribute.",
              "propertyOrder" : 3000,
              "required" : true,
              "type" : "string",
              "exampleValue" : ""
            },
            "profileRiskAttributeName" : {
              "title" : "Attribute Name",
              "description" : "The name of the attribute to retrieve from the user profile in the data store.",
              "propertyOrder" : 2900,
              "required" : true,
              "type" : "string",
              "exampleValue" : ""
            },
            "profileRiskAttributeCheckEnabled" : {
              "title" : "Profile Risk Attribute check",
              "description" : "Enables the checking of the user profile for a matching attribute and value.<br><br>If this check is enabled, the check will pass if the users profile contains the required risk attribute and value.",
              "propertyOrder" : 2800,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "invertProfileRiskAttributeScore" : {
              "title" : "Invert Result",
              "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
              "propertyOrder" : 3200,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "profileRiskAttributeScore" : {
              "title" : "Score",
              "description" : "The amount to increment the score if this check fails.",
              "propertyOrder" : 3100,
              "required" : true,
              "type" : "integer",
              "exampleValue" : ""
            }
          }
        },
        "iprange" : {
          "type" : "object",
          "title" : "IP Address Range",
          "propertyOrder" : 2,
          "properties" : {
            "ipRangeScore" : {
              "title" : "Score",
              "description" : "The amount to increment the score if this check fails.",
              "propertyOrder" : 800,
              "required" : true,
              "type" : "integer",
              "exampleValue" : ""
            },
            "ipRange" : {
              "title" : "IP Range",
              "description" : "The list of IP address to compare against the client IP address.<br><br>The format of the IP address is as follows:<br/><br/><ul><li>Single IP address: <code>172.16.90.1</code></li><li>CIDR notation: <code>172.16.90.0/24</code></li><li>IP net-block with netmask: <code>172.16.90.0:255.255.255.0</code></li></ul>",
              "propertyOrder" : 700,
              "required" : true,
              "items" : {
                "type" : "string"
              },
              "type" : "array",
              "exampleValue" : ""
            },
            "ipRangeCheckEnabled" : {
              "title" : "IP Range Check",
              "description" : "Enables the checking of the client IP address against a list of IP addresses.<br><br>The IP range check compares the IP of the client against a list of IP addresses, if the client IP is found within said list the check is successful.",
              "propertyOrder" : 600,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "invertIPRangeScoreEnabled" : {
              "title" : "Invert Result",
              "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
              "propertyOrder" : 900,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            }
          }
        },
        "knowncookie" : {
          "type" : "object",
          "title" : "Known Cookie",
          "propertyOrder" : 4,
          "properties" : {
            "createKnownCookieOnSuccessfulLogin" : {
              "title" : "Save Cookie Value on Successful Login",
              "description" : "The cookie will be created on the client after successful login<br><br>The Adaptive Risk Post Authentication Plug-in will set the cookie on the client response",
              "propertyOrder" : 1900,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "knownCookieCheckEnabled" : {
              "title" : "Cookie Value Check",
              "description" : "Enables the checking of a known cookie value in the client request<br><br>If this check is enabled, the check looks for a known cookie in the client request. If the cookie exists and has the correct value then the check will pass. ",
              "propertyOrder" : 1600,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "knownCookieName" : {
              "title" : "Cookie Name",
              "description" : "The name of the cookie to set on the client.",
              "propertyOrder" : 1700,
              "required" : true,
              "type" : "string",
              "exampleValue" : ""
            },
            "invertKnownCookieScore" : {
              "title" : "Invert Result",
              "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
              "propertyOrder" : 2100,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "knownCookieScore" : {
              "title" : "Score",
              "description" : "The amount to increment the score if this check fails.",
              "propertyOrder" : 2000,
              "required" : true,
              "type" : "integer",
              "exampleValue" : ""
            },
            "knownCookieValue" : {
              "title" : "Cookie Value",
              "description" : "The value to be set on the cookie.",
              "propertyOrder" : 1800,
              "required" : true,
              "type" : "string",
              "exampleValue" : ""
            }
          }
        },
        "requestheader" : {
          "type" : "object",
          "title" : "Request Header",
          "propertyOrder" : 9,
          "properties" : {
            "invertRequestHeaderScore" : {
              "title" : "Invert Result",
              "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
              "propertyOrder" : 4700,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "requestHeaderName" : {
              "title" : "Request Header Name",
              "description" : "The name of the required HTTP header ",
              "propertyOrder" : 4400,
              "required" : true,
              "type" : "string",
              "exampleValue" : ""
            },
            "requestHeaderValue" : {
              "title" : "Request Header Value",
              "description" : "The required value of the named HTTP header.",
              "propertyOrder" : 4500,
              "required" : true,
              "type" : "string",
              "exampleValue" : ""
            },
            "requestHeaderScore" : {
              "title" : "Score",
              "description" : "The amount to increment the score if this check fails.",
              "propertyOrder" : 4600,
              "required" : true,
              "type" : "integer",
              "exampleValue" : ""
            },
            "requestHeaderCheckEnabled" : {
              "title" : "Request Header Check",
              "description" : "Enables the checking of the client request for a known header name and value.<br><br>The request header check will pass if the client request contains the required named header and value.",
              "propertyOrder" : 4300,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            }
          }
        },
        "authfailed" : {
          "type" : "object",
          "title" : "Failed Authentications",
          "propertyOrder" : 1,
          "properties" : {
            "invertFailureScore" : {
              "title" : "Invert Result",
              "description" : "If the check succeeds the score will be included in the total, for failure the score will not be incremented.",
              "propertyOrder" : 500,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "failedAuthenticationCheckEnabled" : {
              "title" : "Failed Authentication Check",
              "description" : "Checks if the user has past authentication failures.<br><br>Check if the OpenAM account lockout mechanism has recorded past authentication failures for the user.<br/><br/><i>NB </i>For this check to function, Account Lockout must be enabled.",
              "propertyOrder" : 300,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "failureScore" : {
              "title" : "Score",
              "description" : "The amount to increment the score if this check fails.",
              "propertyOrder" : 400,
              "required" : true,
              "type" : "integer",
              "exampleValue" : ""
            }
          }
        }
      },
      "type" : "object",
      "title" : "Realm Defaults"
    }
  }
}
Read a different version of :