SAML2Authentication

Realm Operations

Resource path: /realm-config/authentication/authenticationtrees/nodes/product-Saml2Node

Resource version: 1.0

create

Usage:

am> create SAML2Authentication --realm Realm --id id --body body

Parameters:

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "binding" : {
      "title" : "Response Binding",
      "description" : "Use this parameter to indicate what binding the IdP should use when communicating with this SP.",
      "propertyOrder" : 800,
      "type" : "string",
      "exampleValue" : ""
    },
    "isPassive" : {
      "title" : "Passive Authentication",
      "description" : "Use this parameter to indicate whether the identity provider should authenticate passively (true) or not (false).",
      "propertyOrder" : 1000,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "authnContextDeclRef" : {
      "title" : "Authentication Context Declaration Reference",
      "description" : "(Optional) Use this parameter to specify authentication context declaration references.",
      "propertyOrder" : 600,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    },
    "idpEntityId" : {
      "title" : "IdP Entity ID",
      "description" : "The entity name of the SAML2 IdP Service to use for this module (must be configured).",
      "propertyOrder" : 100,
      "type" : "string",
      "exampleValue" : ""
    },
    "nameIdFormat" : {
      "title" : "NameID Format",
      "description" : "(Optional) Use this parameter to specify a SAML Name Identifier format identifier such as <pre>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</pre> <pre>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</pre> <pre>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</pre>",
      "propertyOrder" : 1100,
      "type" : "string",
      "exampleValue" : ""
    },
    "forceAuthn" : {
      "title" : "Force IdP Authentication",
      "description" : "Use this parameter to indicate whether the identity provider should force authentication (true) or can reuse existing security contexts (false).",
      "propertyOrder" : 900,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "metaAlias" : {
      "title" : "SP MetaAlias",
      "description" : "MetaAlias for Service Provider. The format of this parameter is <pre>/realm_name/SP</pre>",
      "propertyOrder" : 200,
      "type" : "string",
      "exampleValue" : ""
    },
    "sloEnabled" : {
      "title" : "Single Logout Enabled",
      "description" : "Enable to attempt logout of the user's IdP session at the point of session logout.",
      "propertyOrder" : 1200,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "allowCreate" : {
      "title" : "Allow IdP to Create NameID",
      "description" : "Use this parameter to indicate whether the identity provider can create a new identifier for the principal if none exists (true) or not (false).",
      "propertyOrder" : 300,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "requestBinding" : {
      "title" : "Request Binding",
      "description" : "Use this parameter to indicate what binding the SP should use when communicating with the IdP.",
      "propertyOrder" : 700,
      "type" : "string",
      "exampleValue" : ""
    },
    "authnContextClassRef" : {
      "title" : "Authentication Context Class Reference",
      "description" : "(Optional) Use this parameter to specify authentication context class references.",
      "propertyOrder" : 500,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    },
    "sloRelayState" : {
      "title" : "Single Logout URL",
      "description" : "If Single Logout is enabled, this is the URL to which the user should be forwarded after successful IdP logout. This must be an absolute URL, or the redirect will not function.",
      "propertyOrder" : 1500,
      "type" : "string",
      "exampleValue" : ""
    },
    "authComparison" : {
      "title" : "Comparison Type",
      "description" : "(Optional) Use this parameter to specify a comparison method to evaluate the requested context classes or statements. OpenAM accepts the following values: <pre>better</pre>, <pre>exact</pre>, <pre>maximum</pre>, and <pre>minimum</pre>.",
      "propertyOrder" : 400,
      "type" : "string",
      "exampleValue" : ""
    }
  },
  "required" : [ "nameIdFormat", "allowCreate", "authnContextClassRef", "isPassive", "sloEnabled", "idpEntityId", "requestBinding", "authComparison", "metaAlias", "authnContextDeclRef", "forceAuthn", "binding" ]
}

delete

Usage:

am> delete SAML2Authentication --realm Realm --id id

Parameters:

--id

The unique identifier for the resource.

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage:

am> action SAML2Authentication --realm Realm --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage:

am> action SAML2Authentication --realm Realm --actionName getCreatableTypes

listOutcomes

List the available outcomes for the node type.

Usage:

am> action SAML2Authentication --realm Realm --body body --actionName listOutcomes

Parameters:

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "title" : "Some configuration of the node. This does not need to be complete against the configuration schema."
}

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage:

am> action SAML2Authentication --realm Realm --actionName nextdescendents

query

Get the full list of instances of this collection. This query only supports `_queryFilter=true` filter.

Usage:

am> query SAML2Authentication --realm Realm --filter filter

Parameters:

--filter

A CREST formatted query filter, where "true" will query all.

read

Usage:

am> read SAML2Authentication --realm Realm --id id

Parameters:

--id

The unique identifier for the resource.

update

Usage:

am> update SAML2Authentication --realm Realm --id id --body body

Parameters:

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "binding" : {
      "title" : "Response Binding",
      "description" : "Use this parameter to indicate what binding the IdP should use when communicating with this SP.",
      "propertyOrder" : 800,
      "type" : "string",
      "exampleValue" : ""
    },
    "isPassive" : {
      "title" : "Passive Authentication",
      "description" : "Use this parameter to indicate whether the identity provider should authenticate passively (true) or not (false).",
      "propertyOrder" : 1000,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "authnContextDeclRef" : {
      "title" : "Authentication Context Declaration Reference",
      "description" : "(Optional) Use this parameter to specify authentication context declaration references.",
      "propertyOrder" : 600,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    },
    "idpEntityId" : {
      "title" : "IdP Entity ID",
      "description" : "The entity name of the SAML2 IdP Service to use for this module (must be configured).",
      "propertyOrder" : 100,
      "type" : "string",
      "exampleValue" : ""
    },
    "nameIdFormat" : {
      "title" : "NameID Format",
      "description" : "(Optional) Use this parameter to specify a SAML Name Identifier format identifier such as <pre>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</pre> <pre>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</pre> <pre>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</pre>",
      "propertyOrder" : 1100,
      "type" : "string",
      "exampleValue" : ""
    },
    "forceAuthn" : {
      "title" : "Force IdP Authentication",
      "description" : "Use this parameter to indicate whether the identity provider should force authentication (true) or can reuse existing security contexts (false).",
      "propertyOrder" : 900,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "metaAlias" : {
      "title" : "SP MetaAlias",
      "description" : "MetaAlias for Service Provider. The format of this parameter is <pre>/realm_name/SP</pre>",
      "propertyOrder" : 200,
      "type" : "string",
      "exampleValue" : ""
    },
    "sloEnabled" : {
      "title" : "Single Logout Enabled",
      "description" : "Enable to attempt logout of the user's IdP session at the point of session logout.",
      "propertyOrder" : 1200,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "allowCreate" : {
      "title" : "Allow IdP to Create NameID",
      "description" : "Use this parameter to indicate whether the identity provider can create a new identifier for the principal if none exists (true) or not (false).",
      "propertyOrder" : 300,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "requestBinding" : {
      "title" : "Request Binding",
      "description" : "Use this parameter to indicate what binding the SP should use when communicating with the IdP.",
      "propertyOrder" : 700,
      "type" : "string",
      "exampleValue" : ""
    },
    "authnContextClassRef" : {
      "title" : "Authentication Context Class Reference",
      "description" : "(Optional) Use this parameter to specify authentication context class references.",
      "propertyOrder" : 500,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    },
    "sloRelayState" : {
      "title" : "Single Logout URL",
      "description" : "If Single Logout is enabled, this is the URL to which the user should be forwarded after successful IdP logout. This must be an absolute URL, or the redirect will not function.",
      "propertyOrder" : 1500,
      "type" : "string",
      "exampleValue" : ""
    },
    "authComparison" : {
      "title" : "Comparison Type",
      "description" : "(Optional) Use this parameter to specify a comparison method to evaluate the requested context classes or statements. OpenAM accepts the following values: <pre>better</pre>, <pre>exact</pre>, <pre>maximum</pre>, and <pre>minimum</pre>.",
      "propertyOrder" : 400,
      "type" : "string",
      "exampleValue" : ""
    }
  },
  "required" : [ "nameIdFormat", "allowCreate", "authnContextClassRef", "isPassive", "sloEnabled", "idpEntityId", "requestBinding", "authComparison", "metaAlias", "authnContextDeclRef", "forceAuthn", "binding" ]
}
Read a different version of :