JwtProofOfPossessionModule
Realm Operations
Resource path: /realm-config/authentication/modules/authJwtPoP
Resource version: 1.0
create
Usage:
am> create JwtProofOfPossessionModule --realm Realm --id id --body body
Parameters:
--id
The unique identifier for the resource.
--body
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "challengeSigningKey" : { "title" : "Challenge Signing Key", "description" : "Name of the key (in the AM keystore) to use to sign challenges.", "propertyOrder" : 200, "required" : true, "type" : "string", "exampleValue" : "" }, "subjectJwkSetAttr" : { "title" : "Subject JWK Set Attribute", "description" : "Subject profile attribute that contains a JWK Set of confirmation and encryption keys.", "propertyOrder" : 100, "required" : true, "type" : "string", "exampleValue" : "" }, "responseEncryptionCipher" : { "title" : "Response Encryption Cipher", "description" : "The authenticated encryption (AEAD) scheme to use for the response.", "propertyOrder" : 350, "required" : true, "type" : "string", "exampleValue" : "" }, "authenticationLevel" : { "title" : "Authentication Level", "description" : "The authentication level associated with this module.", "propertyOrder" : 10000, "required" : true, "type" : "integer", "exampleValue" : "" }, "responseEncryptionMethod" : { "title" : "Response Encryption Scheme", "description" : "Key exchange method to use for responses: ephemeral elliptic curve Diffie-Hellman (ECDHE)key agreement or using a pre-shared key (PSK) from the subject's JWK Set.", "propertyOrder" : 300, "required" : true, "type" : "string", "exampleValue" : "" }, "enableTlsSessionBinding" : { "title" : "Use TLS Session Binding", "description" : "If enabled the response must arrive in the same TLS (HTTPS) session as the challenge was issued.", "propertyOrder" : 400, "required" : true, "type" : "boolean", "exampleValue" : "" } } }
delete
Usage:
am> delete JwtProofOfPossessionModule --realm Realm --id id
Parameters:
--id
The unique identifier for the resource.
getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
Usage:
am> action JwtProofOfPossessionModule --realm Realm --actionName getAllTypes
getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
Usage:
am> action JwtProofOfPossessionModule --realm Realm --actionName getCreatableTypes
nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
Usage:
am> action JwtProofOfPossessionModule --realm Realm --actionName nextdescendents
query
Get the full list of instances of this collection. This query only supports `_queryFilter=true` filter.
Usage:
am> query JwtProofOfPossessionModule --realm Realm --filter filter
Parameters:
--filter
A CREST formatted query filter, where "true" will query all.
read
Usage:
am> read JwtProofOfPossessionModule --realm Realm --id id
Parameters:
--id
The unique identifier for the resource.
update
Usage:
am> update JwtProofOfPossessionModule --realm Realm --id id --body body
Parameters:
--id
The unique identifier for the resource.
--body
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "challengeSigningKey" : { "title" : "Challenge Signing Key", "description" : "Name of the key (in the AM keystore) to use to sign challenges.", "propertyOrder" : 200, "required" : true, "type" : "string", "exampleValue" : "" }, "subjectJwkSetAttr" : { "title" : "Subject JWK Set Attribute", "description" : "Subject profile attribute that contains a JWK Set of confirmation and encryption keys.", "propertyOrder" : 100, "required" : true, "type" : "string", "exampleValue" : "" }, "responseEncryptionCipher" : { "title" : "Response Encryption Cipher", "description" : "The authenticated encryption (AEAD) scheme to use for the response.", "propertyOrder" : 350, "required" : true, "type" : "string", "exampleValue" : "" }, "authenticationLevel" : { "title" : "Authentication Level", "description" : "The authentication level associated with this module.", "propertyOrder" : 10000, "required" : true, "type" : "integer", "exampleValue" : "" }, "responseEncryptionMethod" : { "title" : "Response Encryption Scheme", "description" : "Key exchange method to use for responses: ephemeral elliptic curve Diffie-Hellman (ECDHE)key agreement or using a pre-shared key (PSK) from the subject's JWK Set.", "propertyOrder" : 300, "required" : true, "type" : "string", "exampleValue" : "" }, "enableTlsSessionBinding" : { "title" : "Use TLS Session Binding", "description" : "If enabled the response must arrive in the same TLS (HTTPS) session as the challenge was issued.", "propertyOrder" : 400, "required" : true, "type" : "boolean", "exampleValue" : "" } } }
Global Operations
Resource path: /global-config/authentication/modules/authJwtPoP
Resource version: 1.0
getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
Usage:
am> action JwtProofOfPossessionModule --global --actionName getAllTypes
getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
Usage:
am> action JwtProofOfPossessionModule --global --actionName getCreatableTypes
nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
Usage:
am> action JwtProofOfPossessionModule --global --actionName nextdescendents
read
Usage:
am> read JwtProofOfPossessionModule --global
update
Usage:
am> update JwtProofOfPossessionModule --global --body body
Parameters:
--body
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "defaults" : { "properties" : { "subjectJwkSetAttr" : { "title" : "Subject JWK Set Attribute", "description" : "Subject profile attribute that contains a JWK Set of confirmation and encryption keys.", "propertyOrder" : 100, "required" : true, "type" : "string", "exampleValue" : "" }, "authenticationLevel" : { "title" : "Authentication Level", "description" : "The authentication level associated with this module.", "propertyOrder" : 10000, "required" : true, "type" : "integer", "exampleValue" : "" }, "responseEncryptionCipher" : { "title" : "Response Encryption Cipher", "description" : "The authenticated encryption (AEAD) scheme to use for the response.", "propertyOrder" : 350, "required" : true, "type" : "string", "exampleValue" : "" }, "responseEncryptionMethod" : { "title" : "Response Encryption Scheme", "description" : "Key exchange method to use for responses: ephemeral elliptic curve Diffie-Hellman (ECDHE)key agreement or using a pre-shared key (PSK) from the subject's JWK Set.", "propertyOrder" : 300, "required" : true, "type" : "string", "exampleValue" : "" }, "challengeSigningKey" : { "title" : "Challenge Signing Key", "description" : "Name of the key (in the AM keystore) to use to sign challenges.", "propertyOrder" : 200, "required" : true, "type" : "string", "exampleValue" : "" }, "enableTlsSessionBinding" : { "title" : "Use TLS Session Binding", "description" : "If enabled the response must arrive in the same TLS (HTTPS) session as the challenge was issued.", "propertyOrder" : 400, "required" : true, "type" : "boolean", "exampleValue" : "" } }, "type" : "object", "title" : "Realm Defaults" } } }