CertificateCollectorNode

Realm Operations

Resource path: /realm-config/authentication/authenticationtrees/nodes/product-CertificateCollectorNode

Resource version: 1.0

create

Usage:

am> create CertificateCollectorNode --realm Realm --id id --body body

Parameters:

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "clientCertificateHttpHeaderName" : {
      "title" : "HTTP Header Name for Client Certificate",
      "description" : "The name of the HTTP request header containing the certificate, only used when header based collection is enabled.",
      "propertyOrder" : 200,
      "type" : "string",
      "exampleValue" : ""
    },
    "trustedRemoteHosts" : {
      "title" : "Trusted Remote Hosts",
      "description" : "A list of IP addresses trusted to supply client certificates.<br><br>If SSL/TLS is being terminated at a load balancer or at the Distributed Authentication server then this option can be used to ensure that only specified trusted hosts (identified by IP address) are allowed to supply client certificates to the certificate node.<br><br>Empty list means do not trust remote headers and a single value of \"any\" means all are trusted <code>any</code>.",
      "propertyOrder" : 300,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    },
    "certificateCollectionMethod" : {
      "title" : "Certificate Collection Method",
      "description" : "This field defines how the certificate should be client certificate should be collected from the request. If TLS termination happens at the web container that is running Access Management, choose <code>Request</code>. If you have Access Management behind a proxy or load balancer and terminate TLS there, select <code>Header</code>. If <code>Either</code> is selected, the collector node will first look at the request, then look at the <code>HTTP Header Name for Client Certificate</code> specified in that order.",
      "propertyOrder" : 100,
      "type" : "string",
      "exampleValue" : ""
    }
  },
  "required" : [ "certificateCollectionMethod", "trustedRemoteHosts" ]
}

delete

Usage:

am> delete CertificateCollectorNode --realm Realm --id id

Parameters:

--id

The unique identifier for the resource.

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage:

am> action CertificateCollectorNode --realm Realm --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage:

am> action CertificateCollectorNode --realm Realm --actionName getCreatableTypes

listOutcomes

List the available outcomes for the node type.

Usage:

am> action CertificateCollectorNode --realm Realm --body body --actionName listOutcomes

Parameters:

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "title" : "Some configuration of the node. This does not need to be complete against the configuration schema."
}

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage:

am> action CertificateCollectorNode --realm Realm --actionName nextdescendents

query

Get the full list of instances of this collection. This query only supports `_queryFilter=true` filter.

Usage:

am> query CertificateCollectorNode --realm Realm --filter filter

Parameters:

--filter

A CREST formatted query filter, where "true" will query all.

read

Usage:

am> read CertificateCollectorNode --realm Realm --id id

Parameters:

--id

The unique identifier for the resource.

update

Usage:

am> update CertificateCollectorNode --realm Realm --id id --body body

Parameters:

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "clientCertificateHttpHeaderName" : {
      "title" : "HTTP Header Name for Client Certificate",
      "description" : "The name of the HTTP request header containing the certificate, only used when header based collection is enabled.",
      "propertyOrder" : 200,
      "type" : "string",
      "exampleValue" : ""
    },
    "trustedRemoteHosts" : {
      "title" : "Trusted Remote Hosts",
      "description" : "A list of IP addresses trusted to supply client certificates.<br><br>If SSL/TLS is being terminated at a load balancer or at the Distributed Authentication server then this option can be used to ensure that only specified trusted hosts (identified by IP address) are allowed to supply client certificates to the certificate node.<br><br>Empty list means do not trust remote headers and a single value of \"any\" means all are trusted <code>any</code>.",
      "propertyOrder" : 300,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    },
    "certificateCollectionMethod" : {
      "title" : "Certificate Collection Method",
      "description" : "This field defines how the certificate should be client certificate should be collected from the request. If TLS termination happens at the web container that is running Access Management, choose <code>Request</code>. If you have Access Management behind a proxy or load balancer and terminate TLS there, select <code>Header</code>. If <code>Either</code> is selected, the collector node will first look at the request, then look at the <code>HTTP Header Name for Client Certificate</code> specified in that order.",
      "propertyOrder" : 100,
      "type" : "string",
      "exampleValue" : ""
    }
  },
  "required" : [ "certificateCollectionMethod", "trustedRemoteHosts" ]
}
Read a different version of :