J2eeAgents
Realm Operations
Agents handler that is responsible for managing agents
Resource path: /realm-config/agents/J2EEAgent
Resource version: 1.0
create
Usage:
am> create J2eeAgents --realm Realm --id id --body body
Parameters:
--id
The unique identifier for the resource.
--body
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "ssoJ2EEAgentConfig" : { "type" : "object", "title" : "SSO", "propertyOrder" : 2, "properties" : { "cookieResetPaths" : { "title" : "Cookies Reset Path Map", "description" : "Maps cookie names specified in Cookie Reset Name List to value being the path of this cookie to be used when a reset event occurs. (property name: org.forgerock.agents.cookie.reset.path.map) ", "propertyOrder" : 4900, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "setCookieAttributeMap" : { "title" : "Set-Cookie Attribute Map", "description" : "Text from this map will be added directly into the Set-Cookie header by the AttributeTaskHandler and its decendents when it creates cookies out of Profile Attributes, Session Info Attributes and/or Response Attributes. The key is the cookie name, the value is any arbitrary text suitable for the Set-Cookie header. Users should remember semicolons if they wish to add multiple values. Values inappropriate for the header will likely cause the Agent to fail to create the relevant cookie. (property: org.forgerock.agents.set.cookie.attribute.map)", "propertyOrder" : 5950, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "acceptIPDPCookie" : { "title" : "Convert SSO Tokens into OpenID Connect JWTs", "description" : "When this property is set to true, for each incoming request, when the user does not present a JWT in the designated cookie, the Agent will look for an SSO token in the iPlanetDirectoryPro cookie (configurable in AM). If this is found, the Agent invokes AM to exchange it for a JWT which is then used in further requests. The result is cached, so interaction with AM will not be needed, if the same SSO token is presented in the future (and the existing cache entry is still valid) (property: org.forgerock.agents.accept.ipdp.cookie.enabled)", "propertyOrder" : 5900, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "httpOnly" : { "title" : "Http Only", "description" : "Flag saying whether HTTP only cookies are enabled. (property: com.sun.identity.cookie.httponly)", "propertyOrder" : 5910, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "authExchangeCookieName" : { "title" : "Authentication Exchange Cookie Name", "description" : "This property allows the administrator to define a cooke name that will be used by the authn exchange endpoint. The value is empty by default and the endpoint will thus not be capable of examining cookie values (property: org.forgerock.agents.authn.exchange.cookie.name) (Agent 5.7+ only)", "propertyOrder" : 5902, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "cdssoRedirectUri" : { "title" : "CDSSO Redirect URI", "description" : "An intermediate URI that is used by the Agent for processing CDSSO requests. (property name: org.forgerock.agents.authn.redirect.uri) ", "propertyOrder" : 5100, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "cookieResetDomains" : { "title" : "Cookies Reset Domain Map", "description" : "Maps cookie names specified in Cookie Reset Name List to value being the domain of this cookie to be used when a reset event occurs. (property name: org.forgerock.agents.cookie.reset.domain.map) ", "propertyOrder" : 4800, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "cdssoSecureCookies" : { "title" : "CDSSO Secure Enable", "description" : "The SSO Token cookie set by the agent in the different domains in CDSSO mode will be marked secure. Only transmitted if the communications channel with host is a secure one. (property name: org.forgerock.agents.secure.cookies.enabled) ", "propertyOrder" : 5700, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "authExchangeUri" : { "title" : "Authentication Exchange URI", "description" : "This property allows the administrator to enable an endpoint that will facilitate the exchange of SSO tokens for OIDC JWTs. The value is empty by default and thus the endpoint is not accessible. (property: org.forgerock.agents.authn.exchange.uri) (Agent 5.7+ only)", "propertyOrder" : 5901, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "setCookieInternalMap" : { "title" : "Set-Cookie Internal Map", "description" : "Text from this map will be added directly into the Set-Cookie header when creating \"internal\" cookies (e.g. the am-auth-jwt and pre-auth cookies). This allows, among other things, the same-site value to be manipulated. The key is the cookie name, the value is any arbitrary text suitable for the Set-Cookie header. Users should remember semicolons if they wish to add multiple values. Values inappropriate for the header will likely cause the Agent to fail to create the relevant cookie. (property: org.forgerock.agents.set.cookie.internal.map)", "propertyOrder" : 5940, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "secureCookies" : { "title" : "Secure Cookies", "description" : "On setting this property to true, all cookies created by the Agent will be secure. The value is set to false for backwards compatibility. (property: org.forgerock.agents.jwt.cookie.secure.enabled)", "propertyOrder" : 5930, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "cookieResetEnabled" : { "title" : "Cookie Reset", "description" : "Agent resets cookies in the response before redirecting to authentication. (property name: org.forgerock.agents.cookie.reset.enabled) ", "propertyOrder" : 4600, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "cdssoDomainList" : { "title" : "CDSSO Domain List", "description" : "Domains for which cookies have to be set in a CDSSO scenario. (property name: org.forgerock.agents.jwt.cookie.domain.list) <br> Example: <br> .sun.com", "propertyOrder" : 5800, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "cookieResetNames" : { "title" : "Cookies Reset Name List", "description" : "Cookie names that will be reset by the Agent if Cookie Reset is enabled. (property name: org.forgerock.agents.cookie.reset.name.list) ", "propertyOrder" : 4700, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "excludedUserAgentsList" : { "title" : "Samesite Cookie Attributes Excluded User Agents Pattern List", "description" : "Excluded User agents pattern list. List of incompatible user agents that will be prevented from receiving SameSite cookie attributes. <br> (Property:org.forgerock.agents.samesite.excluded.user.agents.list)", "propertyOrder" : 5960, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "encodeCookies" : { "title" : "Encode Cookies", "description" : "Cookies are encoded, if set. (property: com.iplanet.am.cookie.encode)", "propertyOrder" : 5920, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } } } }, "advancedJ2EEAgentConfig" : { "type" : "object", "title" : "Advanced", "propertyOrder" : 5, "properties" : { "postDataStickySessionMode" : { "title" : "PDP Stickysession mode", "description" : "If the PDP mechanism needs sticky loadbalancing, the URL mode will append a querystring, while the Cookie mode will create a cookie. (property name: org.forgerock.agents.pdp.sticky.session.mode)", "propertyOrder" : 13400, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "alternativeAgentHostname" : { "title" : "Alternative Agent Host Name", "description" : "Host name identifying the Agent protected server to the client browsers if different from the actual host name. (property name: org.forgerock.agents.agent.hostname) ", "propertyOrder" : 4100, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "postDataCacheTtlMin" : { "title" : "PDP Cache TTL in Minutes", "description" : "This sets the time in minutes after which entries in the Post Data Preservation cache will timeout and be purged. (property: org.forgerock.agents.pdp.cache.ttl.minutes) <br>Required Agent Restart", "propertyOrder" : 13300, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "ssoExchangeCacheTTL" : { "title" : "Exchanged SSO Token Cache Time to Live", "description" : "This sets the time in minutes after which entries in the SSO token exchange cache will timeout and be purged. Since exchanging SSO tokens for JWTs is an expensive process, previously exchanged SSO tokens are cached so that the roundtrip to AM can be avoided in the case where an entity is unable to permanently store its JWT in a cookie. (property: org.forgerock.agents.sso.exchange.cache.ttl.minutes) <br>Required Agent Restart", "propertyOrder" : 13900, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "clientHostnameHeader" : { "title" : "Client Hostname Header", "description" : "HTTP header name that holds the Hostname of the client. (property name: org.forgerock.agents.http.header.containing.remote.hostname) ", "propertyOrder" : 1100, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "xssDetectionRedirectUri" : { "title" : "XSS detection redirect URI", "description" : "An application-specific Map that identifies a URI of the customized page if XSS code has been deteced. (property name: org.forgerock.agents.xss.redirect.uri.map) <br>Examples: <br>To set a redirect target for application BankApp: enter BankApp in Map Key field, and enter a redirect URI in Corresponding Map Value field.", "propertyOrder" : 12900, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "ssoExchangeCacheSize" : { "title" : "Exchanged SSO Token Cache Size", "description" : "The number of entries in the SSO Exchange cache. (property: org.forgerock.agents.sso.exchange.cache.size) <br>Required Agent Restart", "propertyOrder" : 13910, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "customProperties" : { "title" : "Custom Properties", "description" : "Additional properties that allow users to augment the set of properties supported by agent. (property name: com.sun.identity.agents.config.freeformproperties) <br> Examples: <br> customproperty=custom-value1 <br> customlist[0]=customlist-value-0 <br> customlist[1]=customlist-value-1 <br> custommap[key1]=custommap-value-1 <br> custommap[key2]=custommap-value-2", "propertyOrder" : 20000, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "postDataPreserveCacheEntryMaxEntries" : { "title" : "PDP Maximum Number of Cache Entries", "description" : "Maximum number of entries to hold in the PDP cache (Property name: org.forgerock.agents.pdp.cache.size).", "propertyOrder" : 13550, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "postDataPreservation" : { "title" : "Post Data Preservation enabled", "description" : "Post Data Preservation functionality basically stores any POST data before redirecting the user to the login screen and after successful login the agent will generate a page that autosubmits the same POST to the original URL. (property name: org.forgerock.agents.post.data.preservation.enabled)", "propertyOrder" : 13100, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "monitoringToCSV" : { "title" : "Export Monitoring Metrics to CSV", "description" : "When set to true, the Agent will write monitoring information to CSV files. (property: org.forgerock.agents.monitoring.to.csv.enabled)", "propertyOrder" : 13085, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "idleTimeRefreshWindow" : { "title" : "Idle Time Refresh Window", "description" : "Once every this number of minutes, the Agent will nudge AM so it knows a particular session is still in use, thereby resetting its idle time. (property: org.forgerock.agents.idle.time.window.minutes)", "propertyOrder" : 14200, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "clientIpHeader" : { "title" : "Client IP Address Header", "description" : "HTTP header name that holds the IP address of the client. (property name: org.forgerock.agents.http.header.containing.ip.address) ", "propertyOrder" : 1000, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "policyCachePerUser" : { "title" : "Policy Cache Per User", "description" : "This is the number of distinct policy evaluation entries that each session (stored in the policy evaluation cache) can have. Thus the total number of policy evaluation results that can be stored is the \"Policy Cache Size\" multiplied by the \"Policy Cache Per User\". (property: org.forgerock.agents.policy.cache.per.session.size) <br>Required Agent Restart", "propertyOrder" : 14100, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "alternativeAgentPort" : { "title" : "Alternative Agent Port Number", "description" : "Port number identifying the Agent protected server listening port to the client browsers if different from the actual listening port. (property name: org.forgerock.agents.agent.port) ", "propertyOrder" : 4200, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "postDataPreserveCacheEntryMaxTotalSizeMb" : { "title" : "PDP Maximum Cache Size", "description" : "Maximum size of the PDP cache, in megabytes (Property name: org.forgerock.agents.pdp.cache.total.size.mb).", "propertyOrder" : 13600, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "policyCacheSize" : { "title" : "Policy Cache Size", "description" : "The maximum number of sessions, i.e. distinct users, stored in the policy evaluation cache at any one time. (property: org.forgerock.agents.policy.cache.session.size) <br>Required Agent Restart", "propertyOrder" : 14000, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "fragmentRelayUri" : { "title" : "Fragment Relay URI", "description" : "To enable unauthenticated fragment retention within incoming requests, set this property to a valid dummy URI within the Agent application.<br>Example: /agentapp/pre-authn-fragment-capture <br>(property: org.forgerock.agents.authn.fragment.relay.uri) (Agent 5.7+ only)", "propertyOrder" : 13090, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "alternativeAgentProtocol" : { "title" : "Alternative Agent Protocol", "description" : "Protocol being used (http/https) by the client browsers to communicate with the Agent protected server if different from the actual protocol used by the server. (property name: org.forgerock.agents.agent.protocol) ", "propertyOrder" : 4300, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "postDataStickySessionKeyValue" : { "title" : "PDP Stickysession key-value", "description" : "The provided key-value pair will be used for adding to the URL or creating the cookie. <br>Example: <br>Set 'lb=server1' to append to the querystring or to have 'lb' cookie with 'server1' value. (property name: org.forgerock.agents.pdp.sticky.session.value)", "propertyOrder" : 13500, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "missingPostDataPreservationEntryUri" : { "title" : "Missing PDP entry URI", "description" : "An application-specific URI Map that is used in case the referenced PDP entry cannot be found in the local cache (due to ttl). In such cases it will redirect to the specified URI, otherwise it will show a HTTP 403 Forbidden error. (property name: org.forgerock.agents.pdp.noentry.url.map)<br>Examples: <br>To set a redirect target for application BankApp: enter Bankapp in Map Key field and enter a redirect URI in corresponding Map Value field.", "propertyOrder" : 13200, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "sessionCacheTTL" : { "title" : "Session Cache TTL", "description" : "This sets the time in minutes after which entries in the session cache will timeout and be purged. If an entry is not cached, the Agent will need to retrieve session information from AM, hence by default the timeout is much longer than for the policy cache. (property: org.forgerock.agents.session.cache.ttl.minutes) <br>Required Agent Restart", "propertyOrder" : 13700, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "postDataCacheTtl" : { "title" : "PDP Cache TTL in Milliseconds", "description" : "This value tells how long a given POST entry should be stored in the local cache (in milliseconds), default value is 300000. DEPRECATED: use \"PDP Cache TTL in Minutes\" instead (property name: com.sun.identity.agents.config.postdata.preserve.cache.entry.ttl) <br>Required Agent Restart", "propertyOrder" : 13310, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "policyClientPollingInterval" : { "title" : "Policy Cache TTL", "description" : "This sets the time in minutes after which entries in the policy cache will timeout and be purged. (property name: org.forgerock.agents.policy.cache.ttl.minutes) <br>Required Agent Restart", "propertyOrder" : 13950, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "jwtCacheTTL" : { "title" : "JWT Cache TTL", "description" : "This sets the time in minutes after which entries in the JWT cache will timeout and be purged. Since all JWTs in the cache have been parsed, and parsing is a CPU intensive process, having a large timeout on this cache is advantageous and will save CPU cycles reparsing already seen JWTs (property: org.forgerock.agents.jwt.cache.ttl.minutes) <br>Required Agent Restart", "propertyOrder" : 13800, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "possibleXssCodeElements" : { "title" : "Possible XSS code elements", "description" : "If one of these strings occurs in the request, the client is redirected to an error page. (property name: org.forgerock.agents.xss.code.element.list) ", "propertyOrder" : 12800, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "jwtCacheSize" : { "title" : "JWT Cache Size", "description" : "The maximum number of entries in the JWT cache. (property: org.forgerock.agents.jwt.cache.size) <br>Required Agent Restart", "propertyOrder" : 13810, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } } } }, "miscJ2EEAgentConfig" : { "type" : "object", "title" : "Miscellaneous", "propertyOrder" : 4, "properties" : { "gotoUrl" : { "title" : "Goto Url", "description" : "This is a URL used in rare circumstances where the Agent has nowhere else to go. For instance if the user requests a resource, authenticates for the first time, then presses the back button and the administrator hasn't set up the authn fail URL. (property: org.forgerock.agents.default.goto.url)", "propertyOrder" : 19200, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "unwantedHttpUrlParams" : { "title" : "Remove Query Parameters", "description" : "Specifies a list of query parameters to be removed from a URL for policy decision and caching purposes. The property has the format [Domain/path] | parameter[,parameter...] with no spaces between values (property: org.forgerock.agents.unwanted.http.url.param.list) <br>Example: myapp.example.com/customers|location,lang", "propertyOrder" : 19500, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "loginReasonParameterName" : { "title" : "Login Reason Parameter Name", "description" : "Property to say why the user is being asked to login, the agent will (in custom login mode ONLY) pass the named parameter to the custom login endpoint, with an appropriate value. Note that this property is not enabled by default as this additional information represents an information leak. Default reasons: NO_TOKEN, JWT_INVALID, TOKEN_EXPIRED, EXCEPTION. (property: org.forgerock.agents.login.reason.parameter.name)", "propertyOrder" : 18700, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "authFailReasonParameterRemapper" : { "title" : "Authentication Fail Reason Parameter Value Map", "description" : "This map allows some of the possible reasons to be mapped to arbitrary values. When empty, will use default values. (property: org.forgerock.agents.authn.fail.reason.remapper)", "propertyOrder" : 19100, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "gotoParameterName" : { "title" : "Goto Parameter Name", "description" : "This is the name of the HTTP query \"goto\" parameter. It is not recommended to change it. (property name: com.sun.identity.agents.config.redirect.param) ", "propertyOrder" : 3600, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "localeCountry" : { "title" : "Locale Country", "description" : "(property name: org.forgerock.agents.locale.country) <br>Required Agent Restart", "propertyOrder" : 1400, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "authFailReasonParameterName" : { "title" : "Authentication Fail Reason Parameter Name", "description" : "If this property is defined, the agent will pass the named parameter to a custom page (defined by \"Authentication Fail Reason Url\") saying why authentication failed. The reason can be very detailed and users may want to use the \"Authentication Fail Reason Parameter Value Map\" to give custom detail, otherwise these default values will be used: AUTHN_BOOKKEEPING_COOKIE_MISSING, NONCE_MISSING, EXCEPTION (property: org.forgerock.agents.authn.fail.reason.parameter.name)", "propertyOrder" : 19000, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "wantedHttpUrlParams" : { "title" : "Retain Query Parameters", "description" : "Specifies a list of query parameters to be retained (other parameters will be removed) from a URL for policy decision and caching purposes. The property has the format [Domain/path] | parameter[,parameter...] with no spaces between values. (property: org.forgerock.agents.wanted.http.url.param.list) <br>Example: myapp.example.com/customers|location,lang", "propertyOrder" : 19300, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "loginReasonMap" : { "title" : "Login Reason Value Map", "description" : "This map allows some of the possible reasons to be mapped to arbitrary values, when empty will be used default values(see: \"Login Reason Parameter Name\" description). LOGIN REASON=CUSTOM VALUE e.g. [JWT_INVALID]=corrupted_token. (property: org.forgerock.agents.login.reason.remapper)", "propertyOrder" : 18800, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "legacyUserAgentSupport" : { "title" : "Legacy User Agent Support Enable", "description" : "Enables support for legacy user agents (browser). (property name: org.forgerock.agents.legacy.support.enabled) ", "propertyOrder" : 6700, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "serviceResolverClass" : { "title" : "Service Resolver Class Name", "description" : "Name of the service resolver class to change in order to instantiate own service resolver and overriding default ones <br>(property: org.forgerock.agents.service.resolver.class.name) (Agent 5.6.2+ only) <br> Agent restart is required", "propertyOrder" : 19700, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "wantedHttpUrlRegexParams" : { "title" : "Regular Expression Retain Query Parameters", "description" : "Specifies a list of regular expressions the agent uses to match query parameters to be retained for policy decision and caching purposes. The property has the format [Domain/path] | regular_expression[,regular_expression...] with no spaces between values. (property: org.forgerock.agents.wanted.http.url.params.regex.list)", "propertyOrder" : 19400, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "authFailReasonUrl" : { "title" : "Authentication Fail Reason Url", "description" : "This property allows administrators to set the URL/URI of a web page that says that authentication failed and which may, using the login fail reason parameter, explain why. (property: org.forgerock.agents.authn.fail.url)", "propertyOrder" : 18900, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "portCheckEnabled" : { "title" : "Port Check Enable", "description" : "Indicates if port check functionality is enabled or disabled. (property name: org.forgerock.agents.port.check.enabled) ", "propertyOrder" : 7200, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "legacyRedirectUri" : { "title" : "Legacy User Agent Redirect URI", "description" : "An intermediate URI used by the Agent to redirect legacy user agent requests. (property name: org.forgerock.agents.legacy.redirect.uri) ", "propertyOrder" : 6900, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "portCheckSetting" : { "title" : "Port Check Setting", "description" : "Map of port versus protocol entries with the key being the listening port number and value being the listening protocol to be used by the Agent to identify requests with invalid port numbers. (property name: org.forgerock.agents.port.check.map) <br> Example: <br> To map port 80 to protocol http: enter 80 in Map Key field, and enter http in Corresponding Map Value field.", "propertyOrder" : 7400, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "unwantedHttpUrlRegexParams" : { "title" : "Regular Expression Remove Query Parameters", "description" : "Specifies a list of regular expressions the agent uses to match query parameters to be removed from a URL for policy decision and caching purposes. The property has the format [Domain/path] | regular_expression[,regular_expression...] with no spaces between values. (property: org.forgerock.agents.unwanted.http.url.params.regex.list)", "propertyOrder" : 19600, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "legacyUserAgentList" : { "title" : "Legacy User Agent List", "description" : "List of user agent header values that identify legacy browsers. Entries in this list can have wild card character '*'. (property name: org.forgerock.agents.legacy.user.agent.list) ", "propertyOrder" : 6800, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "portCheckFile" : { "title" : "Port Check File", "description" : "Name or complete path of a file that has the necessary content needed to handle requests that need port correction. (property name: org.forgerock.agents.port.check.file) ", "propertyOrder" : 7300, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "ignorePathInfo" : { "title" : "Ignore Path Info in Request URL", "description" : "The path info will be stripped from the request URL while doing Not Enforced List check and url policy evaluation if the value is set to true. (property name: com.sun.identity.agents.config.ignore.path.info)", "propertyOrder" : 18600, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "localeLanguage" : { "title" : "Locale Language", "description" : "(property name: org.forgerock.agents.locale.language) <br>Required Agent Restart", "propertyOrder" : 1300, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } } } }, "applicationJ2EEAgentConfig" : { "type" : "object", "title" : "Application", "propertyOrder" : 1, "properties" : { "profileAttributeFetchMode" : { "title" : "Profile Attribute Fetch Mode", "description" : "The mode of fetching profile attributes. (property name: com.sun.identity.agents.config.profile.attribute.fetch.mode) ", "propertyOrder" : 8700, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "logoutRequestParameters" : { "title" : "Logout Request Parameter", "description" : "An application-specific Map that identifies a parameter which when present in the HTTP request indicates a logout event. (property name: org.forgerock.agents.logout.request.param.map) <br>Valid key: the web application name. <br>Valid value: the logout request parameter. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific logout request parameter. <br> Examples: <br>To set a global application logout request parameter: leave Map Key field empty, and enter the global application logout request parameter logoutparam in Corresponding Map Value field. <br> To set the logout request parameter for application BankApp: enter BankApp in Map Key field, and enter the logout request parameter logoutparam in Corresponding Map Value field.", "propertyOrder" : 6100, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "invertNotEnforcedIps" : { "title" : "Invert Not Enforced IPs", "description" : "Client IP Addresses to invert protection of IP addresses listed in the related Not Enforced Client IP List. (property name: org.forgerock.agents.notenforced.ip.invert.enabled) ", "propertyOrder" : 8000, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "notEnforcedIps" : { "title" : "Not Enforced Client IP List", "description" : "No authentication and authorization protection from agent are required for the requests coming from these client IP addresses. (property name: org.forgerock.agents.notenforced.ip.list) <br> Examples: <br> 192.18.145.* <br> 192.18.146.123", "propertyOrder" : 7900, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "continuousSecurityCookies" : { "title" : "Continuous Security Cookies", "description" : "The name of the cookies to be sent as part of the payload during policy evaluation, which can be accessed via the 'environment' variable in a policy script. The 'key' is the name of the cookie to be sent, and the 'value' is the name which it will appear as in the policy evaluation script. It is possible to map multiple cookies to the same name (they will simply appear as an array in the evaluation script). If the cookie doesn't exist, then the empty string will be sent.", "propertyOrder" : 3210, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "applicationLogoutUris" : { "title" : "Application Logout URI", "description" : "An application-specific Map that identifies a request URI which indicates a logout event. (property name: org.forgerock.agents.logout.endpoint.map) <br>Valid key: the web application name. <br>Valid value: the application logout URI. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific logout URI. <br> Examples: <br>To set a global application logout URI: leave Map Key field empty, and enter the global application logout URI /logout.jsp in Corresponding Map Value field. <br> To set the logout URI for application BankApp: enter BankApp in Map Key field, and enter the application logout URI /BankApp/logout.jsp in Corresponding Map Value field.", "propertyOrder" : 6000, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "sessionAttributeFetchMode" : { "title" : "Session Attribute Fetch Mode", "description" : "The mode of fetching session attributes. (property name: com.sun.identity.agents.config.session.attribute.fetch.mode) ", "propertyOrder" : 8900, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "notEnforcedIpsCacheEnabled" : { "title" : "Not Enforced IP Cache Flag", "description" : "Enable caching of not-enforced IP list evaluation results. (property name: org.forgerock.agents.notenforced.ip.cache.enabled) ", "propertyOrder" : 8100, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "cookieAttributeUrlEncoded" : { "title" : "Attribute Cookie Encode", "description" : "Indicates if the value of the attribute should be URL encoded before being set as a cookie. (property name: org.forgerock.agents.attribute.cookie.encode.enabled) ", "propertyOrder" : 8500, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "logoutEntryUri" : { "title" : "Logout Entry URI", "description" : "An application-specific Map that identifies a URI to be used as an entry point after successful logout and subsequent successful authentication if applicable. (property name: org.forgerock.agents.logout.goto.map) <br>Valid key: the web application name. <br>Valid value: the logout entry URI. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific logout entry URI. <br> Examples: <br>To set a global application logout entry URI: leave Map Key field empty, and enter the global application logout entry URI /welcome.html in Corresponding Map Value field. <br> To set the logout entry URI for application BankApp: enter BankApp in Map Key field, and enter the logout entry URI /BankApp/welcome.html in Corresponding Map Value field.", "propertyOrder" : 6300, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "cookieAttributeMultiValueSeparator" : { "title" : "Cookie Separator Character", "description" : "Character that will be used to separate multiple values of the same attribute when it is being set as a cookie. (property name: org.forgerock.agents.attribute.cookie.separator) ", "propertyOrder" : 8300, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "responseAttributeFetchMode" : { "title" : "Response Attribute Fetch Mode", "description" : "The mode of fetching policy response attributes. (property name: com.sun.identity.agents.config.response.attribute.fetch.mode) ", "propertyOrder" : 9100, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "notEnforcedIpsCacheSize" : { "title" : "Not Enforced IP Cache Size", "description" : "Size of the cache to be used if Not Enforced IP Cache Flag is enabled. (property name: org.forgerock.agents.notenforced.ip.cache.size) ", "propertyOrder" : 8200, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "notEnforcedFavicon" : { "title" : "Not Enforced Favicon", "description" : "This flag, if enabled, automatically adds \"*/favicon.ico\" to the not enforced list. This can help to avoid odd situations in which a user is required to log in after logging out, just because favicon.ico has been requested by browser. (property: org.forgerock.agents.auto.not.enforce.favicon.enabled) <br>Required Agent Restart", "propertyOrder" : 7650, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "notEnforcedRuleCompoundSeparator" : { "title" : "Not Enforced Compound Rule Separator", "description" : "Specifies a separator for not enforced compound rules. The format for compound rules requires a list of IP rules, a separator (by default the | character), and a list of URI rules. <br>Example, GET 192.168.1.1-192.168.4.3 | /images/* <br>Configure a different separator (for example, &&) when working with the REGEX keyword to avoid invalid regular expressions.", "propertyOrder" : 7450, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "resourceAccessDeniedUri" : { "title" : "Resource Access Denied URI", "description" : "An application-specific Map that identifies a URI of the customized access denied page. (property name: org.forgerock.agents.access.denied.uri.map) <br>Valid key: the web application name. <br>Valid value: the customized application access denied page URI. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific access denied page. <br> Examples: <br>To set a global access denied page: leave Map Key field empty, and enter the global access denied page URI /sample/accessdenied.html in Corresponding Map Value field. <br> To set the access denied page URI for application BankApp: enter BankApp in Map Key field, and enter the application access denied page URI /BankApp/accessdenied.html in Corresponding Map Value field.", "propertyOrder" : 2700, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "profileAttributeMap" : { "title" : "Profile Attribute Mapping", "description" : "Maps the profile attributes to be populated under specific names for the currently authenticated user. (property name: org.forgerock.agents.profile.attribute.map) <br> Example: <br> To populate the value of profile attribute cn under name CUSTOM-Common-Name: enter cn in Map Key field, and enter CUSTOM-Common-Name in Corresponding Map Value field. <br> To populate the value of profile attribute mail under name CUSTOM-Email: enter mail in Map Key field, and enter CUSTOM-Email in Corresponding Map Value field.", "propertyOrder" : 8800, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "headerAttributeDateFormat" : { "title" : "Fetch Attribute Date Format", "description" : "Format of date attribute values to be used when the attribute is being set as HTTP header. Format is based on java.text.SimpleDateFormat. (property name: org.forgerock.agents.attribute.date.format) ", "propertyOrder" : 8400, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "notEnforcedUris" : { "title" : "Not Enforced URIs", "description" : "List of URIs for which protection is not enforced by the Agent. (property name: org.forgerock.agents.notenforced.uri.list) <br> Examples: <br> /BankApp/public/* <br> /BankApp/images/*", "propertyOrder" : 7500, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "responseAttributeMap" : { "title" : "Response Attribute Mapping", "description" : "Maps the policy response attributes to be populated under specific names for the currently authenticated user. (property name: org.forgerock.agents.response.attribute.map) <br> Example: <br> To populate the value of response attribute uid under name CUSTOM-USER-NAME: enter uid in Map Key field, and enter CUSTOM-USER-NAME in Corresponding Map Value field.", "propertyOrder" : 9200, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "continuousSecurityHeaders" : { "title" : "Continuous Security Headers", "description" : "The name of the headers in the user's original request, that will be sent as part of the payload during policy evaluation, which can then be accessed via the 'environment' variable in a policy script. The 'key' is the name of the header to be sent, and the 'value' is the name which it will appear as in the policy evaluation script.It is possible to map multiple headers to the same name (they will simply appear as an array in the evaluation script). If the header doesn't exist, then the empty string will be sent.", "propertyOrder" : 3211, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "loginFormUri" : { "title" : "Login Form URI", "description" : "List of absolute URIs corresponding to an application's web.xml form-login-page element. (property name: com.sun.identity.agents.config.login.form) <br> Example: <br> /BankApp/jsp/login.jsp", "propertyOrder" : 2800, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "notEnforcedUrisCacheSize" : { "title" : "Not Enforced URIs Cache Size", "description" : "Size of the cache to be used if caching of not enforced URI list evaluation results is enabled. (property name: org.forgerock.agents.notenforced.uri.cache.size) ", "propertyOrder" : 7800, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "notEnforcedUrisCacheEnabled" : { "title" : "Not Enforced URIs Cache Enabled", "description" : "Enables the caching of the Not Enforced URIs list evaluation results. (property name: org.forgerock.agents.notenforced.uri.cache.enabled) ", "propertyOrder" : 7700, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "sessionAttributeMap" : { "title" : "Session Attribute Mapping", "description" : "Maps the session attributes to be populated under specific names for the currently authenticated user. (property name: org.forgerock.agents.session.attribute.map) <br> Example: <br> To populate the value of session attribute UserToken under name CUSTOM-userid: enter UserToken in Map Key field, and enter CUSTOM-userid in Corresponding Map Value field.", "propertyOrder" : 9000, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "invertNotEnforcedUris" : { "title" : "Invert Not Enforced URIs", "description" : "Inverts protection of URIs specified in Not Enforced URIs list. When set to true, it indicates that the URIs specified should be enforced and all other URIs should be not enforced by the Agent. (property name: org.forgerock.agents.notenforced.uri.invert.enabled) ", "propertyOrder" : 7600, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "logoutIntrospection" : { "title" : "Logout Introspect Enabled", "description" : "Allows the Agent to search HTTP request body to locate logout parameter. (property name: org.forgerock.agents.logout.introspection.enabled) ", "propertyOrder" : 6200, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } } } }, "globalJ2EEAgentConfig" : { "type" : "object", "title" : "Global", "propertyOrder" : 0, "properties" : { "fqdnMapping" : { "title" : "FQDN Virtual Host Map", "description" : "Maps virtual, invalid, or partial hostnames, and IP addresses to the FQDN to access protected resources. (property name: org.forgerock.agents.fqdn.map) <br> Examples: <br> To map the partial hostname myserver to myserver.mydomain.com: enter myserver in the Map Key field and myserver.mydomain.com in the Corresponding Map Value field. To map a virtual server rst.hostname.com that points to the actual server abc.hostname.com: enter valid1 in the Map Key field and rst.hostname.com in the Corresponding Map Value field.", "propertyOrder" : 6600, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "localAuditRotationSize" : { "title" : "Local Audit Log Rotation Size", "description" : "Size limit when a local audit log file is rotated to a new file. (property name: com.sun.identity.agents.config.local.log.size) ", "propertyOrder" : 1900, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "agentSessionChangeNotificationsEnabled" : { "title" : "Session Logout Notification ", "description" : "Flag to indicate whether the Agent will subscribe to session logout notifications (via websockets) from AM. (property: org.forgerock.agents.session.change.notifications.enabled)", "propertyOrder" : 12110, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "localAuditLogRotation" : { "title" : "Rotate Local Audit Log", "description" : "Flag to indicate that audit log files should be rotated when reaching a certain size. (property name: org.forgerock.agents.local.audit.log.rotation.enabled) ", "propertyOrder" : 1800, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "redirectAttemptLimitCookieName" : { "title" : "Redirect Attempt Cookie Name", "description" : "Agent tries to detect redirect loops while authenticating, which would normally indicate a cookie domain problem. The Agent does this by using a cookie to holds the current redirection count. (property: org.forgerock.agents.redirect.cookie.name)", "propertyOrder" : 7150, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "configurationReloadInterval" : { "title" : "Configuration Reload Interval", "description" : "Only used when websocket notifications are disabled, specifies interval in seconds after which config is reloaded automatically by the Agent. (property name: org.forgerock.agents.config.reload.seconds) ", "propertyOrder" : 1200, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "debugLogfileRotationMinutes" : { "title" : "Debug File Rotation Time", "description" : "This is the time in minutes after which log file rotation will occur. (property: org.forgerock.agents.debug.rotation.time.minutes)", "propertyOrder" : 10040, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "agentConfigChangeNotificationsEnabled" : { "title" : "Agent Configuration Change Notification", "description" : "Enable agent to receive notification messages (via websockets) from AM server for configuration changes. (property name: org.forgerock.agents.config.change.notifications.enabled) ", "propertyOrder" : 12100, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "customResponseHeader" : { "title" : "Custom Response Header", "description" : "Map specifies the custom headers that are set by the Agent on the client browser. The key is the header name and the value represents the header value. (property name: org.forgerock.agents.response.header.map) <br> Example: <br> To set the custom header Cache-Control to value no-cache: enter Cache-Control in Map Key field, and enter no-cache in Corresponding Map Value field.", "propertyOrder" : 7000, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "debugLevel" : { "title" : "Agent Debug Level", "description" : "Specifies type of agent debug messages to log. (property name: com.iplanet.services.debug.level) ", "propertyOrder" : 10000, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "preAuthCookieMaxAge" : { "title" : "Pre-Authenticated Cookie Max Age", "description" : "This is the amount of time in seconds before the pre-authn cookie will timeout. (property: org.forgerock.agents.authn.cookie.max.age.seconds)", "propertyOrder" : 11220, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "debugLogfileRetentionCount" : { "title" : "Debug File Rotation Retention Count", "description" : "This is the number of log files to retain after rotation, so for example, setting it to 10 would give you one current debug file and nine older (rotated) files. (property: org.forgerock.agents.debug.retention.count)", "propertyOrder" : 10050, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "fqdnCheck" : { "title" : "FQDN Check", "description" : "Enables checking of fqdn default value and fqdn map values. (property name: org.forgerock.agents.fqdn.check.enabled) ", "propertyOrder" : 6400, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "webSocketConnectionIntervalInMinutes" : { "title" : "Web Socket Connection Interval", "description" : "Interval in minutes by which agents reopen their web socket connection to ensure a fair distribution of connections across AM servers. (property: org.forgerock.agents.balance.websocket.interval.minutes).", "propertyOrder" : 12120, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "preAuthCookieName" : { "title" : "Pre-Authenticated Cookie Name", "description" : "Specifies the name of the cookie the agent uses to track the progress of authentication with AM. (property: org.forgerock.agents.authn.cookie.name)", "propertyOrder" : 11210, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "httpSessionBinding" : { "title" : "HTTP Session Binding", "description" : "If true will invalidate the http session when login has failed, user has no SSO session, or principal user name does not match SSO user name. (property name: org.forgerock.agents.http.session.binding.enabled) ", "propertyOrder" : 3500, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "userTokenName" : { "title" : "User Token Name", "description" : "Session property name for user-ID of the authenticated user in session. (property name: org.forgerock.agents.userid.mapping.mode.use.session.property.name) ", "propertyOrder" : 900, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "userpassword" : { "title" : "Password", "description" : "", "propertyOrder" : 100, "required" : true, "type" : "string", "format" : "password", "exampleValue" : "" }, "auditAccessType" : { "title" : "Audit Access Types", "description" : "Types of messages to log based on user URL access attempts. (property name: org.forgerock.agents.audit.what) ", "propertyOrder" : 1500, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "userMappingMode" : { "title" : "User Mapping Mode", "description" : "Specifies mechanism agent uses to determine user-ID. (property name: org.forgerock.agents.user.mapping.mode) ", "propertyOrder" : 600, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "repositoryLocation" : { "title" : "Location of Agent Configuration Repository", "description" : "Indicates agent's configuration located either on agent's host or centrally on AM server (property: org.forgerock.agents.config.location).", "propertyOrder" : 400, "required" : true, "type" : "string", "exampleValue" : "" }, "status" : { "title" : "Status", "description" : "Status of the agent configuration.", "propertyOrder" : 200, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : true } } }, "localAuditLogfileRetentionCount" : { "title" : "Audit Logfile Retention Count", "description" : "The number of audit log files to retain after rotation has occurred. (property: org.forgerock.agents.local.audit.log.retention.count)", "propertyOrder" : 2100, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "fqdnDefault" : { "title" : "FQDN Default", "description" : "Fully qualified hostname that the users should use in order to access resources. (property name: org.forgerock.agents.fqdn.default) ", "propertyOrder" : 6500, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "loginAttemptLimitCookieName" : { "title" : "Login Attempt Limit Cookie Name", "description" : "The name of the cookie used to record the number of login attempts. (property: org.forgerock.agents.login.counter.cookie.name)", "propertyOrder" : 4500, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "jwtName" : { "title" : "JWT Cookie Name", "description" : "The name used by the agent to set the OIDC JWT on the user's browser. (property: org.forgerock.agents.jwt.cookie.name)", "propertyOrder" : 11201, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "redirectAttemptLimit" : { "title" : "Redirect Attempt Limit", "description" : "Number of successive single point redirects that a user can make using a single browser session which will trigger the blocking of the user request. Set to 0 to disable this feature. (property name: org.forgerock.agents.redirect.attempt.limit) ", "propertyOrder" : 7100, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "agentgroup" : { "title" : "Group", "description" : "Add the agent to a group to allow inheritance of property values from the group. <br>Changing the group will update inherited property values. <br>Inherited property values are copied to the agent.", "propertyOrder" : 50, "required" : false, "type" : "string", "exampleValue" : "" }, "userAttributeName" : { "title" : "User Attribute Name", "description" : "Name of the attribute which contains the user-ID. (property name: org.forgerock.agents.user.mapping.mode.attribute.name) ", "propertyOrder" : 700, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "debugLogfileDirectory" : { "title" : "Debug Logfile Directory", "description" : "Location of the agent logs files, and where monitoring CSV files are written. This is normally set in bootstrap properties during the install process. Note there is no default and no logging will occur until a value for this property is provided. Anything logged will be written to the standard output and may end up in the container log file (so \"catalina.out\" in the case of Tomcat). (property: org.forgerock.agents.csv.monitoring.directory)", "propertyOrder" : 10060, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "debugLogfilePrefix" : { "title" : "Debug File Rotation Prefix", "description" : "Prefix which can be added onto the front of the debug file name when it is rotated. (property: org.forgerock.agents.debug.prefix)", "propertyOrder" : 10010, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "localAuditLogfilePath" : { "title" : "Audit Logfile Path", "description" : "The full path of the local auditing file. (property: org.forgerock.agents.local.audit.file.path)", "propertyOrder" : 2000, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "cdssoRootUrl" : { "title" : "Agent Root URL for CDSSO", "description" : "The agent root URL for CDSSO. The valid value is in the following format: <br>protocol://hostname:port/<br> The protocol represents the protocol used, such as http or https. The hostname represents the host name of the machine on which the agent resides. The port represents the port number on which the agent is installed. The slash following the port number is required.", "propertyOrder" : 22700, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "filterMode" : { "title" : "Agent Filter Mode", "description" : "Specifies the mode of operation of the Filter. (property name: org.forgerock.agents.filter.mode.map) <br>Valid key: the web application name. <br>Valid values: ALL, URL_POLICY, SSO_ONLY, NONE <br>For this property, a global value can be set to apply to all the applications that don't have their own specific filter mode. <br>Examples: <br>To set ALL as the global filter mode: leave Map Key field empty, and enter ALL in Corresponding Map Value field. <br>To set URL_POLICY as the filter mode for application BankApp: enter BankApp in Map Key field, and enter URL_POLICY in Corresponding Map Value field.", "propertyOrder" : 500, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "loginAttemptLimit" : { "title" : "Login Attempt Limit", "description" : "Limit of failed login attempts for a user's single browser session until triggering the blocking of the user request. Value of 0 disables this feature. (property name: org.forgerock.agents.login.attempt.limit.count) ", "propertyOrder" : 4400, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "debugLogfileRotationSize" : { "title" : "Debug File Rotation Size", "description" : "This specifies the approximate size in bytes at which a log file will be rotated to a new log file. (property: org.forgerock.agents.debug.rotation.size.bytes)", "propertyOrder" : 10030, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "fallforwardModeEnabled" : { "title" : "Fall-Forward Mode", "description" : "This property is used when AM is not available. <br> Disabled: the Agent will deny every incoming request with an HTTP 403 <br> Enabled: the Agent will continue to allow access to any resource matched by a not enforced rule until AM becomes available again <br><br>(property: org.forgerock.agents.session.change.notifications.enabled) (Agent 5.7+ only)", "propertyOrder" : 12115, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "userPrincipalFlag" : { "title" : "User Principal Flag", "description" : "Use principal instead of just the user-ID for authenticating the user. (property name: org.forgerock.agents.userid.mapping.mode.use.dn.enabled) ", "propertyOrder" : 800, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "debugLogfileSuffix" : { "title" : "Debug File Rotation Suffix", "description" : "This is a value appended onto the end of the debug file name when it is rotated. The user is free to define it as they want, but if it does not involve a timestamp that produces different file names when the rotation time is reached, log file rotation is unlikely to function correctly (property: org.forgerock.agents.debug.suffix)", "propertyOrder" : 10020, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "auditLogLocation" : { "title" : "Audit Log Location", "description" : "LOCAL = audit information stored in files based locally to the Agent container <br>REMOTE = audit information logged via AM. (property name: org.forgerock.agents.audit.where) ", "propertyOrder" : 1600, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } } } }, "amServicesJ2EEAgent" : { "type" : "object", "title" : "AM Services", "propertyOrder" : 3, "properties" : { "urlPolicyEnvJsessionParameters" : { "title" : "URL Policy Env jsession Parameters", "description" : "List of HTTP SESSION attributes whose names and values will be set in the environment map for URL policy evaluation at AM server. (property name: org.forgerock.agents.continuous.security.http.session.list) <br> Examples: <br> name <br> phonenumber", "propertyOrder" : 12000, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "conditionalLoginUrl" : { "title" : "AM Conditional Login URL", "description" : "(property name: org.forgerock.openam.agents.config.conditional.login.url) <br> Examples: <br> match|url?param1=value1&ampparam2=value2 <br> match/path|?param1=value1&ampparam2=value2&ampparam3=value3", "propertyOrder" : 3800, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "authSuccessRedirectUrl" : { "title" : "Redirect to AM's Success URL", "description" : "When enabled, the Agent will redirect to the session's Success URL instead (defined in auth. chain) of the originally requested resource after successful authentication. (property: org.forgerock.agents.authn.success.redirect.session.url.enabled)", "propertyOrder" : 4000, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "agentAdviceEncode" : { "title" : "Composite Advice Encode", "description" : "This property is used to specify whether AM composite advices should be based64url encoded before sending to custom login endpoints. (property: org.forgerock.agents.advice.b64.url.encode)", "propertyOrder" : 13050, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "policyEvaluationRealm" : { "title" : "Policy Evaluation Realm", "description" : "Which realm to start evaluating from. (property name: org.forgerock.agents.policy.evaluation.realm.map) ", "propertyOrder" : 5400, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "authServicePort" : { "title" : "AM Authentication Service Port", "description" : "Port to be used by the AM authentication service. This property need to be updated in OpenSSOAgentBootstrap.properties (property name: org.forgerock.agents.am.port) <br>Required Agent Restart", "propertyOrder" : 11100, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "customLoginEnabled" : { "title" : "Allow Custom Login Mode", "description" : "Flag to enable custom login. (property: org.forgerock.agents.legacy.login.enabled)", "propertyOrder" : 3700, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "urlPolicyEnvPostParameters" : { "title" : "URL Policy Env POST Parameters", "description" : "List of HTTP POST request parameters whose names and values will be set in the environment map for URL policy evaluation at AM server. (property name: org.forgerock.agents.continuous.security.post.list) <br> Examples: <br> name <br> phonenumber", "propertyOrder" : 11900, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "policyEvaluationApplication" : { "title" : "Policy Set", "description" : "Which application contains the policies to evaluate with. (property name: org.forgerock.agents.policy.set.map) ", "propertyOrder" : 5500, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "urlPolicyEnvGetParameters" : { "title" : "URL Policy Env GET Parameters", "description" : "List of HTTP GET request parameters whose names and values will be set in the environment map for URL policy evaluation at AM server. (property name: org.forgerock.agents.continuous.security.get.list) <br> Examples: <br> name <br> phonenumber", "propertyOrder" : 11800, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "legacyLoginUrlList" : { "title" : "Custom Conditional Login URL", "description" : "Conditionally redirect users based on the incoming request URL. If the incoming request URL matches a specified domain name, the Java agent redirects the request to a specific URL. Conditional redirects have the format [Domain/path]|[URL?realm=value&parameter1=value1...], with no spaces between values. <br>Example: myapp.domain.com|https://login.example.com/apps/login.jsp?realm=sales <br>(property: org.forgerock.openam.agents.config.conditional.custom.login.url)", "propertyOrder" : 3900, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "authServiceProtocol" : { "title" : "AM Authentication Service Protocol", "description" : "Protocol to be used by the AM authentication service. This property need to be updated in OpenSSOAgentBootstrap.properties (property name: org.forgerock.agents.am.protocol) <br>Required Agent Restart", "propertyOrder" : 10900, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "policyNotifications" : { "title" : "Enable Policy Notifications", "description" : "Enable Notifications(via websockets) for remote policy client. (property name: org.forgerock.agents.policy.change.notifications.enabled) <br>Required Agent Restart", "propertyOrder" : 11200, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "amLoginUrl" : { "title" : "AM Login URL", "description" : "AM login page URL. (property name: com.sun.identity.agents.config.login.url) <br> Example: <br> http://host:port/am/UI/Login", "propertyOrder" : 3710, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "restrictToRealm" : { "title" : "Restrict To Realm", "description" : "A map keyed by application name which allows users from only the specified realms (each entry is a CSV) to access the specified application. If no restricted realm is set, any user from any realm will be allowed access. Keyed by application name, value is a comma separated list of realms from which users may request resources. (property: org.forgerock.agents.restrict.to.realm.map)", "propertyOrder" : 13080, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "authServiceHost" : { "title" : "AM Authentication Service Host Name", "description" : "Host name to be used by the AM authentication service. This property need to be updated in OpenSSOAgentBootstrap.properties (property name: org.forgerock.agents.am.hostname) <br>Required Agent Restart", "propertyOrder" : 11000, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "conditionalLogoutUrl" : { "title" : "AM Conditional Logout URL", "description" : "(property name: org.forgerock.agents.conditional.logout.url.list) <br> Examples: <br> match|url?param1=value1&param2=value2 <br> match/path|?param1=value1&param2=value2&param3=value3", "propertyOrder" : 12550, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } } } } } }
delete
Usage:
am> delete J2eeAgents --realm Realm --id id
Parameters:
--id
The unique identifier for the resource.
getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
Usage:
am> action J2eeAgents --realm Realm --actionName getAllTypes
getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
Usage:
am> action J2eeAgents --realm Realm --actionName getCreatableTypes
nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
Usage:
am> action J2eeAgents --realm Realm --actionName nextdescendents
query
Querying the agents of a specific type
Usage:
am> query J2eeAgents --realm Realm --filter filter
Parameters:
--filter
A CREST formatted query filter, where "true" will query all.
read
Usage:
am> read J2eeAgents --realm Realm --id id
Parameters:
--id
The unique identifier for the resource.
update
Usage:
am> update J2eeAgents --realm Realm --id id --body body
Parameters:
--id
The unique identifier for the resource.
--body
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "ssoJ2EEAgentConfig" : { "type" : "object", "title" : "SSO", "propertyOrder" : 2, "properties" : { "cookieResetPaths" : { "title" : "Cookies Reset Path Map", "description" : "Maps cookie names specified in Cookie Reset Name List to value being the path of this cookie to be used when a reset event occurs. (property name: org.forgerock.agents.cookie.reset.path.map) ", "propertyOrder" : 4900, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "setCookieAttributeMap" : { "title" : "Set-Cookie Attribute Map", "description" : "Text from this map will be added directly into the Set-Cookie header by the AttributeTaskHandler and its decendents when it creates cookies out of Profile Attributes, Session Info Attributes and/or Response Attributes. The key is the cookie name, the value is any arbitrary text suitable for the Set-Cookie header. Users should remember semicolons if they wish to add multiple values. Values inappropriate for the header will likely cause the Agent to fail to create the relevant cookie. (property: org.forgerock.agents.set.cookie.attribute.map)", "propertyOrder" : 5950, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "acceptIPDPCookie" : { "title" : "Convert SSO Tokens into OpenID Connect JWTs", "description" : "When this property is set to true, for each incoming request, when the user does not present a JWT in the designated cookie, the Agent will look for an SSO token in the iPlanetDirectoryPro cookie (configurable in AM). If this is found, the Agent invokes AM to exchange it for a JWT which is then used in further requests. The result is cached, so interaction with AM will not be needed, if the same SSO token is presented in the future (and the existing cache entry is still valid) (property: org.forgerock.agents.accept.ipdp.cookie.enabled)", "propertyOrder" : 5900, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "httpOnly" : { "title" : "Http Only", "description" : "Flag saying whether HTTP only cookies are enabled. (property: com.sun.identity.cookie.httponly)", "propertyOrder" : 5910, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "authExchangeCookieName" : { "title" : "Authentication Exchange Cookie Name", "description" : "This property allows the administrator to define a cooke name that will be used by the authn exchange endpoint. The value is empty by default and the endpoint will thus not be capable of examining cookie values (property: org.forgerock.agents.authn.exchange.cookie.name) (Agent 5.7+ only)", "propertyOrder" : 5902, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "cdssoRedirectUri" : { "title" : "CDSSO Redirect URI", "description" : "An intermediate URI that is used by the Agent for processing CDSSO requests. (property name: org.forgerock.agents.authn.redirect.uri) ", "propertyOrder" : 5100, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "cookieResetDomains" : { "title" : "Cookies Reset Domain Map", "description" : "Maps cookie names specified in Cookie Reset Name List to value being the domain of this cookie to be used when a reset event occurs. (property name: org.forgerock.agents.cookie.reset.domain.map) ", "propertyOrder" : 4800, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "cdssoSecureCookies" : { "title" : "CDSSO Secure Enable", "description" : "The SSO Token cookie set by the agent in the different domains in CDSSO mode will be marked secure. Only transmitted if the communications channel with host is a secure one. (property name: org.forgerock.agents.secure.cookies.enabled) ", "propertyOrder" : 5700, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "authExchangeUri" : { "title" : "Authentication Exchange URI", "description" : "This property allows the administrator to enable an endpoint that will facilitate the exchange of SSO tokens for OIDC JWTs. The value is empty by default and thus the endpoint is not accessible. (property: org.forgerock.agents.authn.exchange.uri) (Agent 5.7+ only)", "propertyOrder" : 5901, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "setCookieInternalMap" : { "title" : "Set-Cookie Internal Map", "description" : "Text from this map will be added directly into the Set-Cookie header when creating \"internal\" cookies (e.g. the am-auth-jwt and pre-auth cookies). This allows, among other things, the same-site value to be manipulated. The key is the cookie name, the value is any arbitrary text suitable for the Set-Cookie header. Users should remember semicolons if they wish to add multiple values. Values inappropriate for the header will likely cause the Agent to fail to create the relevant cookie. (property: org.forgerock.agents.set.cookie.internal.map)", "propertyOrder" : 5940, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "secureCookies" : { "title" : "Secure Cookies", "description" : "On setting this property to true, all cookies created by the Agent will be secure. The value is set to false for backwards compatibility. (property: org.forgerock.agents.jwt.cookie.secure.enabled)", "propertyOrder" : 5930, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "cookieResetEnabled" : { "title" : "Cookie Reset", "description" : "Agent resets cookies in the response before redirecting to authentication. (property name: org.forgerock.agents.cookie.reset.enabled) ", "propertyOrder" : 4600, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "cdssoDomainList" : { "title" : "CDSSO Domain List", "description" : "Domains for which cookies have to be set in a CDSSO scenario. (property name: org.forgerock.agents.jwt.cookie.domain.list) <br> Example: <br> .sun.com", "propertyOrder" : 5800, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "cookieResetNames" : { "title" : "Cookies Reset Name List", "description" : "Cookie names that will be reset by the Agent if Cookie Reset is enabled. (property name: org.forgerock.agents.cookie.reset.name.list) ", "propertyOrder" : 4700, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "excludedUserAgentsList" : { "title" : "Samesite Cookie Attributes Excluded User Agents Pattern List", "description" : "Excluded User agents pattern list. List of incompatible user agents that will be prevented from receiving SameSite cookie attributes. <br> (Property:org.forgerock.agents.samesite.excluded.user.agents.list)", "propertyOrder" : 5960, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "encodeCookies" : { "title" : "Encode Cookies", "description" : "Cookies are encoded, if set. (property: com.iplanet.am.cookie.encode)", "propertyOrder" : 5920, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } } } }, "advancedJ2EEAgentConfig" : { "type" : "object", "title" : "Advanced", "propertyOrder" : 5, "properties" : { "postDataStickySessionMode" : { "title" : "PDP Stickysession mode", "description" : "If the PDP mechanism needs sticky loadbalancing, the URL mode will append a querystring, while the Cookie mode will create a cookie. (property name: org.forgerock.agents.pdp.sticky.session.mode)", "propertyOrder" : 13400, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "alternativeAgentHostname" : { "title" : "Alternative Agent Host Name", "description" : "Host name identifying the Agent protected server to the client browsers if different from the actual host name. (property name: org.forgerock.agents.agent.hostname) ", "propertyOrder" : 4100, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "postDataCacheTtlMin" : { "title" : "PDP Cache TTL in Minutes", "description" : "This sets the time in minutes after which entries in the Post Data Preservation cache will timeout and be purged. (property: org.forgerock.agents.pdp.cache.ttl.minutes) <br>Required Agent Restart", "propertyOrder" : 13300, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "ssoExchangeCacheTTL" : { "title" : "Exchanged SSO Token Cache Time to Live", "description" : "This sets the time in minutes after which entries in the SSO token exchange cache will timeout and be purged. Since exchanging SSO tokens for JWTs is an expensive process, previously exchanged SSO tokens are cached so that the roundtrip to AM can be avoided in the case where an entity is unable to permanently store its JWT in a cookie. (property: org.forgerock.agents.sso.exchange.cache.ttl.minutes) <br>Required Agent Restart", "propertyOrder" : 13900, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "clientHostnameHeader" : { "title" : "Client Hostname Header", "description" : "HTTP header name that holds the Hostname of the client. (property name: org.forgerock.agents.http.header.containing.remote.hostname) ", "propertyOrder" : 1100, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "xssDetectionRedirectUri" : { "title" : "XSS detection redirect URI", "description" : "An application-specific Map that identifies a URI of the customized page if XSS code has been deteced. (property name: org.forgerock.agents.xss.redirect.uri.map) <br>Examples: <br>To set a redirect target for application BankApp: enter BankApp in Map Key field, and enter a redirect URI in Corresponding Map Value field.", "propertyOrder" : 12900, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "ssoExchangeCacheSize" : { "title" : "Exchanged SSO Token Cache Size", "description" : "The number of entries in the SSO Exchange cache. (property: org.forgerock.agents.sso.exchange.cache.size) <br>Required Agent Restart", "propertyOrder" : 13910, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "customProperties" : { "title" : "Custom Properties", "description" : "Additional properties that allow users to augment the set of properties supported by agent. (property name: com.sun.identity.agents.config.freeformproperties) <br> Examples: <br> customproperty=custom-value1 <br> customlist[0]=customlist-value-0 <br> customlist[1]=customlist-value-1 <br> custommap[key1]=custommap-value-1 <br> custommap[key2]=custommap-value-2", "propertyOrder" : 20000, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "postDataPreserveCacheEntryMaxEntries" : { "title" : "PDP Maximum Number of Cache Entries", "description" : "Maximum number of entries to hold in the PDP cache (Property name: org.forgerock.agents.pdp.cache.size).", "propertyOrder" : 13550, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "postDataPreservation" : { "title" : "Post Data Preservation enabled", "description" : "Post Data Preservation functionality basically stores any POST data before redirecting the user to the login screen and after successful login the agent will generate a page that autosubmits the same POST to the original URL. (property name: org.forgerock.agents.post.data.preservation.enabled)", "propertyOrder" : 13100, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "monitoringToCSV" : { "title" : "Export Monitoring Metrics to CSV", "description" : "When set to true, the Agent will write monitoring information to CSV files. (property: org.forgerock.agents.monitoring.to.csv.enabled)", "propertyOrder" : 13085, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "idleTimeRefreshWindow" : { "title" : "Idle Time Refresh Window", "description" : "Once every this number of minutes, the Agent will nudge AM so it knows a particular session is still in use, thereby resetting its idle time. (property: org.forgerock.agents.idle.time.window.minutes)", "propertyOrder" : 14200, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "clientIpHeader" : { "title" : "Client IP Address Header", "description" : "HTTP header name that holds the IP address of the client. (property name: org.forgerock.agents.http.header.containing.ip.address) ", "propertyOrder" : 1000, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "policyCachePerUser" : { "title" : "Policy Cache Per User", "description" : "This is the number of distinct policy evaluation entries that each session (stored in the policy evaluation cache) can have. Thus the total number of policy evaluation results that can be stored is the \"Policy Cache Size\" multiplied by the \"Policy Cache Per User\". (property: org.forgerock.agents.policy.cache.per.session.size) <br>Required Agent Restart", "propertyOrder" : 14100, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "alternativeAgentPort" : { "title" : "Alternative Agent Port Number", "description" : "Port number identifying the Agent protected server listening port to the client browsers if different from the actual listening port. (property name: org.forgerock.agents.agent.port) ", "propertyOrder" : 4200, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "postDataPreserveCacheEntryMaxTotalSizeMb" : { "title" : "PDP Maximum Cache Size", "description" : "Maximum size of the PDP cache, in megabytes (Property name: org.forgerock.agents.pdp.cache.total.size.mb).", "propertyOrder" : 13600, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "policyCacheSize" : { "title" : "Policy Cache Size", "description" : "The maximum number of sessions, i.e. distinct users, stored in the policy evaluation cache at any one time. (property: org.forgerock.agents.policy.cache.session.size) <br>Required Agent Restart", "propertyOrder" : 14000, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "fragmentRelayUri" : { "title" : "Fragment Relay URI", "description" : "To enable unauthenticated fragment retention within incoming requests, set this property to a valid dummy URI within the Agent application.<br>Example: /agentapp/pre-authn-fragment-capture <br>(property: org.forgerock.agents.authn.fragment.relay.uri) (Agent 5.7+ only)", "propertyOrder" : 13090, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "alternativeAgentProtocol" : { "title" : "Alternative Agent Protocol", "description" : "Protocol being used (http/https) by the client browsers to communicate with the Agent protected server if different from the actual protocol used by the server. (property name: org.forgerock.agents.agent.protocol) ", "propertyOrder" : 4300, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "postDataStickySessionKeyValue" : { "title" : "PDP Stickysession key-value", "description" : "The provided key-value pair will be used for adding to the URL or creating the cookie. <br>Example: <br>Set 'lb=server1' to append to the querystring or to have 'lb' cookie with 'server1' value. (property name: org.forgerock.agents.pdp.sticky.session.value)", "propertyOrder" : 13500, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "missingPostDataPreservationEntryUri" : { "title" : "Missing PDP entry URI", "description" : "An application-specific URI Map that is used in case the referenced PDP entry cannot be found in the local cache (due to ttl). In such cases it will redirect to the specified URI, otherwise it will show a HTTP 403 Forbidden error. (property name: org.forgerock.agents.pdp.noentry.url.map)<br>Examples: <br>To set a redirect target for application BankApp: enter Bankapp in Map Key field and enter a redirect URI in corresponding Map Value field.", "propertyOrder" : 13200, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "sessionCacheTTL" : { "title" : "Session Cache TTL", "description" : "This sets the time in minutes after which entries in the session cache will timeout and be purged. If an entry is not cached, the Agent will need to retrieve session information from AM, hence by default the timeout is much longer than for the policy cache. (property: org.forgerock.agents.session.cache.ttl.minutes) <br>Required Agent Restart", "propertyOrder" : 13700, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "postDataCacheTtl" : { "title" : "PDP Cache TTL in Milliseconds", "description" : "This value tells how long a given POST entry should be stored in the local cache (in milliseconds), default value is 300000. DEPRECATED: use \"PDP Cache TTL in Minutes\" instead (property name: com.sun.identity.agents.config.postdata.preserve.cache.entry.ttl) <br>Required Agent Restart", "propertyOrder" : 13310, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "policyClientPollingInterval" : { "title" : "Policy Cache TTL", "description" : "This sets the time in minutes after which entries in the policy cache will timeout and be purged. (property name: org.forgerock.agents.policy.cache.ttl.minutes) <br>Required Agent Restart", "propertyOrder" : 13950, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "jwtCacheTTL" : { "title" : "JWT Cache TTL", "description" : "This sets the time in minutes after which entries in the JWT cache will timeout and be purged. Since all JWTs in the cache have been parsed, and parsing is a CPU intensive process, having a large timeout on this cache is advantageous and will save CPU cycles reparsing already seen JWTs (property: org.forgerock.agents.jwt.cache.ttl.minutes) <br>Required Agent Restart", "propertyOrder" : 13800, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "possibleXssCodeElements" : { "title" : "Possible XSS code elements", "description" : "If one of these strings occurs in the request, the client is redirected to an error page. (property name: org.forgerock.agents.xss.code.element.list) ", "propertyOrder" : 12800, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "jwtCacheSize" : { "title" : "JWT Cache Size", "description" : "The maximum number of entries in the JWT cache. (property: org.forgerock.agents.jwt.cache.size) <br>Required Agent Restart", "propertyOrder" : 13810, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } } } }, "miscJ2EEAgentConfig" : { "type" : "object", "title" : "Miscellaneous", "propertyOrder" : 4, "properties" : { "gotoUrl" : { "title" : "Goto Url", "description" : "This is a URL used in rare circumstances where the Agent has nowhere else to go. For instance if the user requests a resource, authenticates for the first time, then presses the back button and the administrator hasn't set up the authn fail URL. (property: org.forgerock.agents.default.goto.url)", "propertyOrder" : 19200, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "unwantedHttpUrlParams" : { "title" : "Remove Query Parameters", "description" : "Specifies a list of query parameters to be removed from a URL for policy decision and caching purposes. The property has the format [Domain/path] | parameter[,parameter...] with no spaces between values (property: org.forgerock.agents.unwanted.http.url.param.list) <br>Example: myapp.example.com/customers|location,lang", "propertyOrder" : 19500, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "loginReasonParameterName" : { "title" : "Login Reason Parameter Name", "description" : "Property to say why the user is being asked to login, the agent will (in custom login mode ONLY) pass the named parameter to the custom login endpoint, with an appropriate value. Note that this property is not enabled by default as this additional information represents an information leak. Default reasons: NO_TOKEN, JWT_INVALID, TOKEN_EXPIRED, EXCEPTION. (property: org.forgerock.agents.login.reason.parameter.name)", "propertyOrder" : 18700, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "authFailReasonParameterRemapper" : { "title" : "Authentication Fail Reason Parameter Value Map", "description" : "This map allows some of the possible reasons to be mapped to arbitrary values. When empty, will use default values. (property: org.forgerock.agents.authn.fail.reason.remapper)", "propertyOrder" : 19100, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "gotoParameterName" : { "title" : "Goto Parameter Name", "description" : "This is the name of the HTTP query \"goto\" parameter. It is not recommended to change it. (property name: com.sun.identity.agents.config.redirect.param) ", "propertyOrder" : 3600, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "localeCountry" : { "title" : "Locale Country", "description" : "(property name: org.forgerock.agents.locale.country) <br>Required Agent Restart", "propertyOrder" : 1400, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "authFailReasonParameterName" : { "title" : "Authentication Fail Reason Parameter Name", "description" : "If this property is defined, the agent will pass the named parameter to a custom page (defined by \"Authentication Fail Reason Url\") saying why authentication failed. The reason can be very detailed and users may want to use the \"Authentication Fail Reason Parameter Value Map\" to give custom detail, otherwise these default values will be used: AUTHN_BOOKKEEPING_COOKIE_MISSING, NONCE_MISSING, EXCEPTION (property: org.forgerock.agents.authn.fail.reason.parameter.name)", "propertyOrder" : 19000, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "wantedHttpUrlParams" : { "title" : "Retain Query Parameters", "description" : "Specifies a list of query parameters to be retained (other parameters will be removed) from a URL for policy decision and caching purposes. The property has the format [Domain/path] | parameter[,parameter...] with no spaces between values. (property: org.forgerock.agents.wanted.http.url.param.list) <br>Example: myapp.example.com/customers|location,lang", "propertyOrder" : 19300, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "loginReasonMap" : { "title" : "Login Reason Value Map", "description" : "This map allows some of the possible reasons to be mapped to arbitrary values, when empty will be used default values(see: \"Login Reason Parameter Name\" description). LOGIN REASON=CUSTOM VALUE e.g. [JWT_INVALID]=corrupted_token. (property: org.forgerock.agents.login.reason.remapper)", "propertyOrder" : 18800, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "legacyUserAgentSupport" : { "title" : "Legacy User Agent Support Enable", "description" : "Enables support for legacy user agents (browser). (property name: org.forgerock.agents.legacy.support.enabled) ", "propertyOrder" : 6700, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "serviceResolverClass" : { "title" : "Service Resolver Class Name", "description" : "Name of the service resolver class to change in order to instantiate own service resolver and overriding default ones <br>(property: org.forgerock.agents.service.resolver.class.name) (Agent 5.6.2+ only) <br> Agent restart is required", "propertyOrder" : 19700, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "wantedHttpUrlRegexParams" : { "title" : "Regular Expression Retain Query Parameters", "description" : "Specifies a list of regular expressions the agent uses to match query parameters to be retained for policy decision and caching purposes. The property has the format [Domain/path] | regular_expression[,regular_expression...] with no spaces between values. (property: org.forgerock.agents.wanted.http.url.params.regex.list)", "propertyOrder" : 19400, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "authFailReasonUrl" : { "title" : "Authentication Fail Reason Url", "description" : "This property allows administrators to set the URL/URI of a web page that says that authentication failed and which may, using the login fail reason parameter, explain why. (property: org.forgerock.agents.authn.fail.url)", "propertyOrder" : 18900, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "portCheckEnabled" : { "title" : "Port Check Enable", "description" : "Indicates if port check functionality is enabled or disabled. (property name: org.forgerock.agents.port.check.enabled) ", "propertyOrder" : 7200, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "legacyRedirectUri" : { "title" : "Legacy User Agent Redirect URI", "description" : "An intermediate URI used by the Agent to redirect legacy user agent requests. (property name: org.forgerock.agents.legacy.redirect.uri) ", "propertyOrder" : 6900, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "portCheckSetting" : { "title" : "Port Check Setting", "description" : "Map of port versus protocol entries with the key being the listening port number and value being the listening protocol to be used by the Agent to identify requests with invalid port numbers. (property name: org.forgerock.agents.port.check.map) <br> Example: <br> To map port 80 to protocol http: enter 80 in Map Key field, and enter http in Corresponding Map Value field.", "propertyOrder" : 7400, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "unwantedHttpUrlRegexParams" : { "title" : "Regular Expression Remove Query Parameters", "description" : "Specifies a list of regular expressions the agent uses to match query parameters to be removed from a URL for policy decision and caching purposes. The property has the format [Domain/path] | regular_expression[,regular_expression...] with no spaces between values. (property: org.forgerock.agents.unwanted.http.url.params.regex.list)", "propertyOrder" : 19600, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "legacyUserAgentList" : { "title" : "Legacy User Agent List", "description" : "List of user agent header values that identify legacy browsers. Entries in this list can have wild card character '*'. (property name: org.forgerock.agents.legacy.user.agent.list) ", "propertyOrder" : 6800, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "portCheckFile" : { "title" : "Port Check File", "description" : "Name or complete path of a file that has the necessary content needed to handle requests that need port correction. (property name: org.forgerock.agents.port.check.file) ", "propertyOrder" : 7300, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "ignorePathInfo" : { "title" : "Ignore Path Info in Request URL", "description" : "The path info will be stripped from the request URL while doing Not Enforced List check and url policy evaluation if the value is set to true. (property name: com.sun.identity.agents.config.ignore.path.info)", "propertyOrder" : 18600, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "localeLanguage" : { "title" : "Locale Language", "description" : "(property name: org.forgerock.agents.locale.language) <br>Required Agent Restart", "propertyOrder" : 1300, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } } } }, "applicationJ2EEAgentConfig" : { "type" : "object", "title" : "Application", "propertyOrder" : 1, "properties" : { "profileAttributeFetchMode" : { "title" : "Profile Attribute Fetch Mode", "description" : "The mode of fetching profile attributes. (property name: com.sun.identity.agents.config.profile.attribute.fetch.mode) ", "propertyOrder" : 8700, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "logoutRequestParameters" : { "title" : "Logout Request Parameter", "description" : "An application-specific Map that identifies a parameter which when present in the HTTP request indicates a logout event. (property name: org.forgerock.agents.logout.request.param.map) <br>Valid key: the web application name. <br>Valid value: the logout request parameter. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific logout request parameter. <br> Examples: <br>To set a global application logout request parameter: leave Map Key field empty, and enter the global application logout request parameter logoutparam in Corresponding Map Value field. <br> To set the logout request parameter for application BankApp: enter BankApp in Map Key field, and enter the logout request parameter logoutparam in Corresponding Map Value field.", "propertyOrder" : 6100, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "invertNotEnforcedIps" : { "title" : "Invert Not Enforced IPs", "description" : "Client IP Addresses to invert protection of IP addresses listed in the related Not Enforced Client IP List. (property name: org.forgerock.agents.notenforced.ip.invert.enabled) ", "propertyOrder" : 8000, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "notEnforcedIps" : { "title" : "Not Enforced Client IP List", "description" : "No authentication and authorization protection from agent are required for the requests coming from these client IP addresses. (property name: org.forgerock.agents.notenforced.ip.list) <br> Examples: <br> 192.18.145.* <br> 192.18.146.123", "propertyOrder" : 7900, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "continuousSecurityCookies" : { "title" : "Continuous Security Cookies", "description" : "The name of the cookies to be sent as part of the payload during policy evaluation, which can be accessed via the 'environment' variable in a policy script. The 'key' is the name of the cookie to be sent, and the 'value' is the name which it will appear as in the policy evaluation script. It is possible to map multiple cookies to the same name (they will simply appear as an array in the evaluation script). If the cookie doesn't exist, then the empty string will be sent.", "propertyOrder" : 3210, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "applicationLogoutUris" : { "title" : "Application Logout URI", "description" : "An application-specific Map that identifies a request URI which indicates a logout event. (property name: org.forgerock.agents.logout.endpoint.map) <br>Valid key: the web application name. <br>Valid value: the application logout URI. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific logout URI. <br> Examples: <br>To set a global application logout URI: leave Map Key field empty, and enter the global application logout URI /logout.jsp in Corresponding Map Value field. <br> To set the logout URI for application BankApp: enter BankApp in Map Key field, and enter the application logout URI /BankApp/logout.jsp in Corresponding Map Value field.", "propertyOrder" : 6000, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "sessionAttributeFetchMode" : { "title" : "Session Attribute Fetch Mode", "description" : "The mode of fetching session attributes. (property name: com.sun.identity.agents.config.session.attribute.fetch.mode) ", "propertyOrder" : 8900, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "notEnforcedIpsCacheEnabled" : { "title" : "Not Enforced IP Cache Flag", "description" : "Enable caching of not-enforced IP list evaluation results. (property name: org.forgerock.agents.notenforced.ip.cache.enabled) ", "propertyOrder" : 8100, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "cookieAttributeUrlEncoded" : { "title" : "Attribute Cookie Encode", "description" : "Indicates if the value of the attribute should be URL encoded before being set as a cookie. (property name: org.forgerock.agents.attribute.cookie.encode.enabled) ", "propertyOrder" : 8500, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "logoutEntryUri" : { "title" : "Logout Entry URI", "description" : "An application-specific Map that identifies a URI to be used as an entry point after successful logout and subsequent successful authentication if applicable. (property name: org.forgerock.agents.logout.goto.map) <br>Valid key: the web application name. <br>Valid value: the logout entry URI. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific logout entry URI. <br> Examples: <br>To set a global application logout entry URI: leave Map Key field empty, and enter the global application logout entry URI /welcome.html in Corresponding Map Value field. <br> To set the logout entry URI for application BankApp: enter BankApp in Map Key field, and enter the logout entry URI /BankApp/welcome.html in Corresponding Map Value field.", "propertyOrder" : 6300, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "cookieAttributeMultiValueSeparator" : { "title" : "Cookie Separator Character", "description" : "Character that will be used to separate multiple values of the same attribute when it is being set as a cookie. (property name: org.forgerock.agents.attribute.cookie.separator) ", "propertyOrder" : 8300, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "responseAttributeFetchMode" : { "title" : "Response Attribute Fetch Mode", "description" : "The mode of fetching policy response attributes. (property name: com.sun.identity.agents.config.response.attribute.fetch.mode) ", "propertyOrder" : 9100, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "notEnforcedIpsCacheSize" : { "title" : "Not Enforced IP Cache Size", "description" : "Size of the cache to be used if Not Enforced IP Cache Flag is enabled. (property name: org.forgerock.agents.notenforced.ip.cache.size) ", "propertyOrder" : 8200, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "notEnforcedFavicon" : { "title" : "Not Enforced Favicon", "description" : "This flag, if enabled, automatically adds \"*/favicon.ico\" to the not enforced list. This can help to avoid odd situations in which a user is required to log in after logging out, just because favicon.ico has been requested by browser. (property: org.forgerock.agents.auto.not.enforce.favicon.enabled) <br>Required Agent Restart", "propertyOrder" : 7650, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "notEnforcedRuleCompoundSeparator" : { "title" : "Not Enforced Compound Rule Separator", "description" : "Specifies a separator for not enforced compound rules. The format for compound rules requires a list of IP rules, a separator (by default the | character), and a list of URI rules. <br>Example, GET 192.168.1.1-192.168.4.3 | /images/* <br>Configure a different separator (for example, &&) when working with the REGEX keyword to avoid invalid regular expressions.", "propertyOrder" : 7450, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "resourceAccessDeniedUri" : { "title" : "Resource Access Denied URI", "description" : "An application-specific Map that identifies a URI of the customized access denied page. (property name: org.forgerock.agents.access.denied.uri.map) <br>Valid key: the web application name. <br>Valid value: the customized application access denied page URI. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific access denied page. <br> Examples: <br>To set a global access denied page: leave Map Key field empty, and enter the global access denied page URI /sample/accessdenied.html in Corresponding Map Value field. <br> To set the access denied page URI for application BankApp: enter BankApp in Map Key field, and enter the application access denied page URI /BankApp/accessdenied.html in Corresponding Map Value field.", "propertyOrder" : 2700, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "profileAttributeMap" : { "title" : "Profile Attribute Mapping", "description" : "Maps the profile attributes to be populated under specific names for the currently authenticated user. (property name: org.forgerock.agents.profile.attribute.map) <br> Example: <br> To populate the value of profile attribute cn under name CUSTOM-Common-Name: enter cn in Map Key field, and enter CUSTOM-Common-Name in Corresponding Map Value field. <br> To populate the value of profile attribute mail under name CUSTOM-Email: enter mail in Map Key field, and enter CUSTOM-Email in Corresponding Map Value field.", "propertyOrder" : 8800, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "headerAttributeDateFormat" : { "title" : "Fetch Attribute Date Format", "description" : "Format of date attribute values to be used when the attribute is being set as HTTP header. Format is based on java.text.SimpleDateFormat. (property name: org.forgerock.agents.attribute.date.format) ", "propertyOrder" : 8400, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "notEnforcedUris" : { "title" : "Not Enforced URIs", "description" : "List of URIs for which protection is not enforced by the Agent. (property name: org.forgerock.agents.notenforced.uri.list) <br> Examples: <br> /BankApp/public/* <br> /BankApp/images/*", "propertyOrder" : 7500, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "responseAttributeMap" : { "title" : "Response Attribute Mapping", "description" : "Maps the policy response attributes to be populated under specific names for the currently authenticated user. (property name: org.forgerock.agents.response.attribute.map) <br> Example: <br> To populate the value of response attribute uid under name CUSTOM-USER-NAME: enter uid in Map Key field, and enter CUSTOM-USER-NAME in Corresponding Map Value field.", "propertyOrder" : 9200, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "continuousSecurityHeaders" : { "title" : "Continuous Security Headers", "description" : "The name of the headers in the user's original request, that will be sent as part of the payload during policy evaluation, which can then be accessed via the 'environment' variable in a policy script. The 'key' is the name of the header to be sent, and the 'value' is the name which it will appear as in the policy evaluation script.It is possible to map multiple headers to the same name (they will simply appear as an array in the evaluation script). If the header doesn't exist, then the empty string will be sent.", "propertyOrder" : 3211, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "loginFormUri" : { "title" : "Login Form URI", "description" : "List of absolute URIs corresponding to an application's web.xml form-login-page element. (property name: com.sun.identity.agents.config.login.form) <br> Example: <br> /BankApp/jsp/login.jsp", "propertyOrder" : 2800, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "notEnforcedUrisCacheSize" : { "title" : "Not Enforced URIs Cache Size", "description" : "Size of the cache to be used if caching of not enforced URI list evaluation results is enabled. (property name: org.forgerock.agents.notenforced.uri.cache.size) ", "propertyOrder" : 7800, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "notEnforcedUrisCacheEnabled" : { "title" : "Not Enforced URIs Cache Enabled", "description" : "Enables the caching of the Not Enforced URIs list evaluation results. (property name: org.forgerock.agents.notenforced.uri.cache.enabled) ", "propertyOrder" : 7700, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "sessionAttributeMap" : { "title" : "Session Attribute Mapping", "description" : "Maps the session attributes to be populated under specific names for the currently authenticated user. (property name: org.forgerock.agents.session.attribute.map) <br> Example: <br> To populate the value of session attribute UserToken under name CUSTOM-userid: enter UserToken in Map Key field, and enter CUSTOM-userid in Corresponding Map Value field.", "propertyOrder" : 9000, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "invertNotEnforcedUris" : { "title" : "Invert Not Enforced URIs", "description" : "Inverts protection of URIs specified in Not Enforced URIs list. When set to true, it indicates that the URIs specified should be enforced and all other URIs should be not enforced by the Agent. (property name: org.forgerock.agents.notenforced.uri.invert.enabled) ", "propertyOrder" : 7600, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "logoutIntrospection" : { "title" : "Logout Introspect Enabled", "description" : "Allows the Agent to search HTTP request body to locate logout parameter. (property name: org.forgerock.agents.logout.introspection.enabled) ", "propertyOrder" : 6200, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } } } }, "globalJ2EEAgentConfig" : { "type" : "object", "title" : "Global", "propertyOrder" : 0, "properties" : { "fqdnMapping" : { "title" : "FQDN Virtual Host Map", "description" : "Maps virtual, invalid, or partial hostnames, and IP addresses to the FQDN to access protected resources. (property name: org.forgerock.agents.fqdn.map) <br> Examples: <br> To map the partial hostname myserver to myserver.mydomain.com: enter myserver in the Map Key field and myserver.mydomain.com in the Corresponding Map Value field. To map a virtual server rst.hostname.com that points to the actual server abc.hostname.com: enter valid1 in the Map Key field and rst.hostname.com in the Corresponding Map Value field.", "propertyOrder" : 6600, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "localAuditRotationSize" : { "title" : "Local Audit Log Rotation Size", "description" : "Size limit when a local audit log file is rotated to a new file. (property name: com.sun.identity.agents.config.local.log.size) ", "propertyOrder" : 1900, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "agentSessionChangeNotificationsEnabled" : { "title" : "Session Logout Notification ", "description" : "Flag to indicate whether the Agent will subscribe to session logout notifications (via websockets) from AM. (property: org.forgerock.agents.session.change.notifications.enabled)", "propertyOrder" : 12110, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "localAuditLogRotation" : { "title" : "Rotate Local Audit Log", "description" : "Flag to indicate that audit log files should be rotated when reaching a certain size. (property name: org.forgerock.agents.local.audit.log.rotation.enabled) ", "propertyOrder" : 1800, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "redirectAttemptLimitCookieName" : { "title" : "Redirect Attempt Cookie Name", "description" : "Agent tries to detect redirect loops while authenticating, which would normally indicate a cookie domain problem. The Agent does this by using a cookie to holds the current redirection count. (property: org.forgerock.agents.redirect.cookie.name)", "propertyOrder" : 7150, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "configurationReloadInterval" : { "title" : "Configuration Reload Interval", "description" : "Only used when websocket notifications are disabled, specifies interval in seconds after which config is reloaded automatically by the Agent. (property name: org.forgerock.agents.config.reload.seconds) ", "propertyOrder" : 1200, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "debugLogfileRotationMinutes" : { "title" : "Debug File Rotation Time", "description" : "This is the time in minutes after which log file rotation will occur. (property: org.forgerock.agents.debug.rotation.time.minutes)", "propertyOrder" : 10040, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "agentConfigChangeNotificationsEnabled" : { "title" : "Agent Configuration Change Notification", "description" : "Enable agent to receive notification messages (via websockets) from AM server for configuration changes. (property name: org.forgerock.agents.config.change.notifications.enabled) ", "propertyOrder" : 12100, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "customResponseHeader" : { "title" : "Custom Response Header", "description" : "Map specifies the custom headers that are set by the Agent on the client browser. The key is the header name and the value represents the header value. (property name: org.forgerock.agents.response.header.map) <br> Example: <br> To set the custom header Cache-Control to value no-cache: enter Cache-Control in Map Key field, and enter no-cache in Corresponding Map Value field.", "propertyOrder" : 7000, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "debugLevel" : { "title" : "Agent Debug Level", "description" : "Specifies type of agent debug messages to log. (property name: com.iplanet.services.debug.level) ", "propertyOrder" : 10000, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "preAuthCookieMaxAge" : { "title" : "Pre-Authenticated Cookie Max Age", "description" : "This is the amount of time in seconds before the pre-authn cookie will timeout. (property: org.forgerock.agents.authn.cookie.max.age.seconds)", "propertyOrder" : 11220, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "debugLogfileRetentionCount" : { "title" : "Debug File Rotation Retention Count", "description" : "This is the number of log files to retain after rotation, so for example, setting it to 10 would give you one current debug file and nine older (rotated) files. (property: org.forgerock.agents.debug.retention.count)", "propertyOrder" : 10050, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "fqdnCheck" : { "title" : "FQDN Check", "description" : "Enables checking of fqdn default value and fqdn map values. (property name: org.forgerock.agents.fqdn.check.enabled) ", "propertyOrder" : 6400, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "webSocketConnectionIntervalInMinutes" : { "title" : "Web Socket Connection Interval", "description" : "Interval in minutes by which agents reopen their web socket connection to ensure a fair distribution of connections across AM servers. (property: org.forgerock.agents.balance.websocket.interval.minutes).", "propertyOrder" : 12120, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "preAuthCookieName" : { "title" : "Pre-Authenticated Cookie Name", "description" : "Specifies the name of the cookie the agent uses to track the progress of authentication with AM. (property: org.forgerock.agents.authn.cookie.name)", "propertyOrder" : 11210, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "httpSessionBinding" : { "title" : "HTTP Session Binding", "description" : "If true will invalidate the http session when login has failed, user has no SSO session, or principal user name does not match SSO user name. (property name: org.forgerock.agents.http.session.binding.enabled) ", "propertyOrder" : 3500, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "userTokenName" : { "title" : "User Token Name", "description" : "Session property name for user-ID of the authenticated user in session. (property name: org.forgerock.agents.userid.mapping.mode.use.session.property.name) ", "propertyOrder" : 900, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "userpassword" : { "title" : "Password", "description" : "", "propertyOrder" : 100, "required" : true, "type" : "string", "format" : "password", "exampleValue" : "" }, "auditAccessType" : { "title" : "Audit Access Types", "description" : "Types of messages to log based on user URL access attempts. (property name: org.forgerock.agents.audit.what) ", "propertyOrder" : 1500, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "userMappingMode" : { "title" : "User Mapping Mode", "description" : "Specifies mechanism agent uses to determine user-ID. (property name: org.forgerock.agents.user.mapping.mode) ", "propertyOrder" : 600, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "repositoryLocation" : { "title" : "Location of Agent Configuration Repository", "description" : "Indicates agent's configuration located either on agent's host or centrally on AM server (property: org.forgerock.agents.config.location).", "propertyOrder" : 400, "required" : true, "type" : "string", "exampleValue" : "" }, "status" : { "title" : "Status", "description" : "Status of the agent configuration.", "propertyOrder" : 200, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : true } } }, "localAuditLogfileRetentionCount" : { "title" : "Audit Logfile Retention Count", "description" : "The number of audit log files to retain after rotation has occurred. (property: org.forgerock.agents.local.audit.log.retention.count)", "propertyOrder" : 2100, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "fqdnDefault" : { "title" : "FQDN Default", "description" : "Fully qualified hostname that the users should use in order to access resources. (property name: org.forgerock.agents.fqdn.default) ", "propertyOrder" : 6500, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "loginAttemptLimitCookieName" : { "title" : "Login Attempt Limit Cookie Name", "description" : "The name of the cookie used to record the number of login attempts. (property: org.forgerock.agents.login.counter.cookie.name)", "propertyOrder" : 4500, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "jwtName" : { "title" : "JWT Cookie Name", "description" : "The name used by the agent to set the OIDC JWT on the user's browser. (property: org.forgerock.agents.jwt.cookie.name)", "propertyOrder" : 11201, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "redirectAttemptLimit" : { "title" : "Redirect Attempt Limit", "description" : "Number of successive single point redirects that a user can make using a single browser session which will trigger the blocking of the user request. Set to 0 to disable this feature. (property name: org.forgerock.agents.redirect.attempt.limit) ", "propertyOrder" : 7100, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "agentgroup" : { "title" : "Group", "description" : "Add the agent to a group to allow inheritance of property values from the group. <br>Changing the group will update inherited property values. <br>Inherited property values are copied to the agent.", "propertyOrder" : 50, "required" : false, "type" : "string", "exampleValue" : "" }, "userAttributeName" : { "title" : "User Attribute Name", "description" : "Name of the attribute which contains the user-ID. (property name: org.forgerock.agents.user.mapping.mode.attribute.name) ", "propertyOrder" : 700, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "debugLogfileDirectory" : { "title" : "Debug Logfile Directory", "description" : "Location of the agent logs files, and where monitoring CSV files are written. This is normally set in bootstrap properties during the install process. Note there is no default and no logging will occur until a value for this property is provided. Anything logged will be written to the standard output and may end up in the container log file (so \"catalina.out\" in the case of Tomcat). (property: org.forgerock.agents.csv.monitoring.directory)", "propertyOrder" : 10060, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "debugLogfilePrefix" : { "title" : "Debug File Rotation Prefix", "description" : "Prefix which can be added onto the front of the debug file name when it is rotated. (property: org.forgerock.agents.debug.prefix)", "propertyOrder" : 10010, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "localAuditLogfilePath" : { "title" : "Audit Logfile Path", "description" : "The full path of the local auditing file. (property: org.forgerock.agents.local.audit.file.path)", "propertyOrder" : 2000, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "cdssoRootUrl" : { "title" : "Agent Root URL for CDSSO", "description" : "The agent root URL for CDSSO. The valid value is in the following format: <br>protocol://hostname:port/<br> The protocol represents the protocol used, such as http or https. The hostname represents the host name of the machine on which the agent resides. The port represents the port number on which the agent is installed. The slash following the port number is required.", "propertyOrder" : 22700, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "filterMode" : { "title" : "Agent Filter Mode", "description" : "Specifies the mode of operation of the Filter. (property name: org.forgerock.agents.filter.mode.map) <br>Valid key: the web application name. <br>Valid values: ALL, URL_POLICY, SSO_ONLY, NONE <br>For this property, a global value can be set to apply to all the applications that don't have their own specific filter mode. <br>Examples: <br>To set ALL as the global filter mode: leave Map Key field empty, and enter ALL in Corresponding Map Value field. <br>To set URL_POLICY as the filter mode for application BankApp: enter BankApp in Map Key field, and enter URL_POLICY in Corresponding Map Value field.", "propertyOrder" : 500, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "loginAttemptLimit" : { "title" : "Login Attempt Limit", "description" : "Limit of failed login attempts for a user's single browser session until triggering the blocking of the user request. Value of 0 disables this feature. (property name: org.forgerock.agents.login.attempt.limit.count) ", "propertyOrder" : 4400, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "debugLogfileRotationSize" : { "title" : "Debug File Rotation Size", "description" : "This specifies the approximate size in bytes at which a log file will be rotated to a new log file. (property: org.forgerock.agents.debug.rotation.size.bytes)", "propertyOrder" : 10030, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "fallforwardModeEnabled" : { "title" : "Fall-Forward Mode", "description" : "This property is used when AM is not available. <br> Disabled: the Agent will deny every incoming request with an HTTP 403 <br> Enabled: the Agent will continue to allow access to any resource matched by a not enforced rule until AM becomes available again <br><br>(property: org.forgerock.agents.session.change.notifications.enabled) (Agent 5.7+ only)", "propertyOrder" : 12115, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "userPrincipalFlag" : { "title" : "User Principal Flag", "description" : "Use principal instead of just the user-ID for authenticating the user. (property name: org.forgerock.agents.userid.mapping.mode.use.dn.enabled) ", "propertyOrder" : 800, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "debugLogfileSuffix" : { "title" : "Debug File Rotation Suffix", "description" : "This is a value appended onto the end of the debug file name when it is rotated. The user is free to define it as they want, but if it does not involve a timestamp that produces different file names when the rotation time is reached, log file rotation is unlikely to function correctly (property: org.forgerock.agents.debug.suffix)", "propertyOrder" : 10020, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "auditLogLocation" : { "title" : "Audit Log Location", "description" : "LOCAL = audit information stored in files based locally to the Agent container <br>REMOTE = audit information logged via AM. (property name: org.forgerock.agents.audit.where) ", "propertyOrder" : 1600, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } } } }, "amServicesJ2EEAgent" : { "type" : "object", "title" : "AM Services", "propertyOrder" : 3, "properties" : { "urlPolicyEnvJsessionParameters" : { "title" : "URL Policy Env jsession Parameters", "description" : "List of HTTP SESSION attributes whose names and values will be set in the environment map for URL policy evaluation at AM server. (property name: org.forgerock.agents.continuous.security.http.session.list) <br> Examples: <br> name <br> phonenumber", "propertyOrder" : 12000, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "conditionalLoginUrl" : { "title" : "AM Conditional Login URL", "description" : "(property name: org.forgerock.openam.agents.config.conditional.login.url) <br> Examples: <br> match|url?param1=value1&ampparam2=value2 <br> match/path|?param1=value1&ampparam2=value2&ampparam3=value3", "propertyOrder" : 3800, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "authSuccessRedirectUrl" : { "title" : "Redirect to AM's Success URL", "description" : "When enabled, the Agent will redirect to the session's Success URL instead (defined in auth. chain) of the originally requested resource after successful authentication. (property: org.forgerock.agents.authn.success.redirect.session.url.enabled)", "propertyOrder" : 4000, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "agentAdviceEncode" : { "title" : "Composite Advice Encode", "description" : "This property is used to specify whether AM composite advices should be based64url encoded before sending to custom login endpoints. (property: org.forgerock.agents.advice.b64.url.encode)", "propertyOrder" : 13050, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "policyEvaluationRealm" : { "title" : "Policy Evaluation Realm", "description" : "Which realm to start evaluating from. (property name: org.forgerock.agents.policy.evaluation.realm.map) ", "propertyOrder" : 5400, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "authServicePort" : { "title" : "AM Authentication Service Port", "description" : "Port to be used by the AM authentication service. This property need to be updated in OpenSSOAgentBootstrap.properties (property name: org.forgerock.agents.am.port) <br>Required Agent Restart", "propertyOrder" : 11100, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "integer", "required" : false } } }, "customLoginEnabled" : { "title" : "Allow Custom Login Mode", "description" : "Flag to enable custom login. (property: org.forgerock.agents.legacy.login.enabled)", "propertyOrder" : 3700, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "urlPolicyEnvPostParameters" : { "title" : "URL Policy Env POST Parameters", "description" : "List of HTTP POST request parameters whose names and values will be set in the environment map for URL policy evaluation at AM server. (property name: org.forgerock.agents.continuous.security.post.list) <br> Examples: <br> name <br> phonenumber", "propertyOrder" : 11900, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "policyEvaluationApplication" : { "title" : "Policy Set", "description" : "Which application contains the policies to evaluate with. (property name: org.forgerock.agents.policy.set.map) ", "propertyOrder" : 5500, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "urlPolicyEnvGetParameters" : { "title" : "URL Policy Env GET Parameters", "description" : "List of HTTP GET request parameters whose names and values will be set in the environment map for URL policy evaluation at AM server. (property name: org.forgerock.agents.continuous.security.get.list) <br> Examples: <br> name <br> phonenumber", "propertyOrder" : 11800, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "legacyLoginUrlList" : { "title" : "Custom Conditional Login URL", "description" : "Conditionally redirect users based on the incoming request URL. If the incoming request URL matches a specified domain name, the Java agent redirects the request to a specific URL. Conditional redirects have the format [Domain/path]|[URL?realm=value&parameter1=value1...], with no spaces between values. <br>Example: myapp.domain.com|https://login.example.com/apps/login.jsp?realm=sales <br>(property: org.forgerock.openam.agents.config.conditional.custom.login.url)", "propertyOrder" : 3900, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "authServiceProtocol" : { "title" : "AM Authentication Service Protocol", "description" : "Protocol to be used by the AM authentication service. This property need to be updated in OpenSSOAgentBootstrap.properties (property name: org.forgerock.agents.am.protocol) <br>Required Agent Restart", "propertyOrder" : 10900, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "policyNotifications" : { "title" : "Enable Policy Notifications", "description" : "Enable Notifications(via websockets) for remote policy client. (property name: org.forgerock.agents.policy.change.notifications.enabled) <br>Required Agent Restart", "propertyOrder" : 11200, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "boolean", "required" : false } } }, "amLoginUrl" : { "title" : "AM Login URL", "description" : "AM login page URL. (property name: com.sun.identity.agents.config.login.url) <br> Example: <br> http://host:port/am/UI/Login", "propertyOrder" : 3710, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } }, "restrictToRealm" : { "title" : "Restrict To Realm", "description" : "A map keyed by application name which allows users from only the specified realms (each entry is a CSV) to access the specified application. If no restricted realm is set, any user from any realm will be allowed access. Keyed by application name, value is a comma separated list of realms from which users may request resources. (property: org.forgerock.agents.restrict.to.realm.map)", "propertyOrder" : 13080, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "object", "required" : false } } }, "authServiceHost" : { "title" : "AM Authentication Service Host Name", "description" : "Host name to be used by the AM authentication service. This property need to be updated in OpenSSOAgentBootstrap.properties (property name: org.forgerock.agents.am.hostname) <br>Required Agent Restart", "propertyOrder" : 11000, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "string", "required" : false } } }, "conditionalLogoutUrl" : { "title" : "AM Conditional Logout URL", "description" : "(property name: org.forgerock.agents.conditional.logout.url.list) <br> Examples: <br> match|url?param1=value1&param2=value2 <br> match/path|?param1=value1&param2=value2&param3=value3", "propertyOrder" : 12550, "items" : { "type" : "string" }, "type" : "object", "exampleValue" : "", "properties" : { "inherited" : { "type" : "boolean", "required" : true }, "value" : { "type" : "array", "required" : false } } } } } } }