WebAgentGroups

Realm Operations

Agent Groups handler that is responsible for managing agent groups

Resource path: /realm-config/agents/groups/WebAgent

Resource version: 1.0

create

Usage:

am> create WebAgentGroups --realm Realm --id id --body body

Parameters:

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "applicationWebAgentConfig" : {
      "type" : "object",
      "title" : "Application",
      "propertyOrder" : 1,
      "properties" : {
        "continuousSecurityCookies" : {
          "title" : "Continuous Security Cookies",
          "description" : "The name of the cookies to be sent as part of the payload during policy evaluation, which can be accessed via the 'environment' variable in a policy script. The 'key' is the name of the cookie to be sent, and the 'value' is the name which it will appear as in the policy evaluation script. It is possible to map multiple cookies to the same name (they will simply appear as an array in the evaluation script). If the cookie doesn't exist, then the empty string will be sent.",
          "propertyOrder" : 28900,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "profileAttributeFetchMode" : {
          "title" : "Profile Attribute Fetch Mode",
          "description" : "(property name: com.sun.identity.agents.config.profile.attribute.fetch.mode)",
          "propertyOrder" : 28200,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "notEnforcedIpsRegex" : {
          "title" : "Regular Expressions for Not-Enforced IPs",
          "description" : "Enable use of Perl-compatible regular expressions in Not-Enforced URL from IP settings. (property: org.forgerock.agents.config.notenforced.ext.regex.enable)",
          "propertyOrder" : 28150,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "sessionAttributeFetchMode" : {
          "title" : "Session Attribute Fetch Mode",
          "description" : "(property name: com.sun.identity.agents.config.session.attribute.fetch.mode)",
          "propertyOrder" : 28600,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "continuousSecurityHeaders" : {
          "title" : "Continuous Security Headers",
          "description" : "The name of the headers in the user's original request, that will be sent as part of the payload during policy evaluation, which can then be accessed via the 'environment' variable in a policy script. The 'key' is the name of the header to be sent, and the 'value' is the name which it will appear as in the policy evaluation script.It is possible to map multiple headers to the same name (they will simply appear as an array in the evaluation script). If the header doesn't exist, then the empty string will be sent.",
          "propertyOrder" : 29000,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "notEnforcedIpsList" : {
          "title" : "Not-Enforced URL from IP Processing List",
          "description" : "Specifies a list of client IP addresses that do not require authentication when requesting the indicated URLs. <br>The supported format requires a list of IP addresses separated by spaces, the horizontal bar (|) character, and a list of URLs separated by spaces. <br>For example: <br>  10.1.2.1 192.168.0.2|/public/* <br>In the preceding example, the IP addresses 10.1.2.1 and  192.168.0.2 can access any resource inside /public without authenticating. (property: org.forgerock.agents.config.notenforced.ipurl)",
          "propertyOrder" : 28050,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "notEnforcedUrlsRegex" : {
          "title" : "Regular Expressions for Not-Enforced URLs",
          "description" : "When true, enables use of Perl-compatible regular expressions in Not-enforced URL settings. (property: com.forgerock.agents.notenforced.url.regex.enable)",
          "propertyOrder" : 27850,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "sessionAttributeMap" : {
          "title" : "Session Attribute Map",
          "description" : "Maps the session attributes to be populated under specific names for the currently authenticated user. (property name: com.sun.identity.agents.config.session.attribute.mapping)   <br> Example: <br>  To populate the value of session attribute UserToken under name CUSTOM-userid: enter UserToken in Map Key field, and enter CUSTOM-userid in Corresponding Map Value field.",
          "propertyOrder" : 28700,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "responseAttributeMap" : {
          "title" : "Response Attribute Map",
          "description" : "Maps the policy response attributes to be populated under specific names for the currently authenticated user. (property name: com.sun.identity.agents.config.response.attribute.mapping)  <br> Example: <br> To populate the value of response attribute uid under name CUSTOM-USER-NAME: enter uid in Map Key field, and enter CUSTOM-USER-NAME in Corresponding Map Value field.",
          "propertyOrder" : 28500,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "profileAttributeMap" : {
          "title" : "Profile Attribute Map",
          "description" : "Maps the profile attributes to be populated under specific names for the currently authenticated user. (property name: com.sun.identity.agents.config.profile.attribute.mapping)  <br> Example: <br> To populate the value of profile attribute cn under name CUSTOM-Common-Name: enter cn in Map Key field, and enter CUSTOM-Common-Name in Corresponding Map Value field. <br> To populate the value of profile attribute mail under name CUSTOM-Email: enter mail in Map Key field, and enter CUSTOM-Email in Corresponding Map Value field.",
          "propertyOrder" : 28300,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "fetchAttributesForNotEnforcedUrls" : {
          "title" : "Fetch Attributes for Not Enforced URLs",
          "description" : "Agent fetches profile attributes for not enforced urls by doing policy evaluation. (property name: com.sun.identity.agents.config.notenforced.url.attributes.enable)",
          "propertyOrder" : 27900,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "attributeMultiValueSeparator" : {
          "title" : "Attribute Multi Value Separator",
          "description" : "Specifies separator for multiple values. Applies to all types of attributes i.e. profile, session and response attributes. (property name: com.sun.identity.agents.config.attribute.multi.value.separator)",
          "propertyOrder" : 28800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "invertNotEnforcedUrls" : {
          "title" : "Invert Not Enforced URLs",
          "description" : "Only not enforced list of urls will be enforced. (property name: com.sun.identity.agents.config.notenforced.url.invert)",
          "propertyOrder" : 27800,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "ignorePathInfoForNotEnforcedUrls" : {
          "title" : "Ignore Path Info for Not Enforced URLs",
          "description" : "Indicate whether the path info and query should be stripped from the request URL before being compared with the URLs of the not enforced list when those URLs have a wildcard '*' character.  (property name: com.sun.identity.agents.config.ignore.path.info.for.not.enforced.list)  ",
          "propertyOrder" : 27600,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "responseAttributeFetchMode" : {
          "title" : "Response Attribute Fetch Mode",
          "description" : "(property name: com.sun.identity.agents.config.response.attribute.fetch.mode)",
          "propertyOrder" : 28400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "notEnforcedIps" : {
          "title" : "Not Enforced Client IP List",
          "description" : "No authentication and authorization are required for the requests coming from these client IP addresses. (property name: com.sun.identity.agents.config.notenforced.ip) <br> Examples: <br> 192.18.145.* <br> 192.18.146.123",
          "propertyOrder" : 28000,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "notEnforcedUrls" : {
          "title" : "Not Enforced URLs",
          "description" : "List of urls for which no authentication required. (property name: com.sun.identity.agents.config.notenforced.url) <br> Example: <br> http://myagent.mydomain.com/*.gif",
          "propertyOrder" : 27700,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "clientIpValidation" : {
          "title" : "Client IP Validation",
          "description" : "This validates if the subsequent browser requests come from the same ip address that the SSO token is initially issued against. (property name: com.sun.identity.agents.config.client.ip.validation.enable)",
          "propertyOrder" : 28100,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "globalWebAgentConfig" : {
      "type" : "object",
      "title" : "Global",
      "propertyOrder" : 0,
      "properties" : {
        "agentConfigChangeNotificationsEnabled" : {
          "title" : "Agent Configuration Change Notification",
          "description" : "Enable agent to receive notification messages (via websockets) from AM server for configuration changes. (property name: org.forgerock.agents.config.change.notifications.enabled) ",
          "propertyOrder" : 25300,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "status" : {
          "title" : "Status",
          "description" : "Status of the agent configuration.",
          "propertyOrder" : 25100,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "jwtName" : {
          "title" : "JWT Cookie Name",
          "description" : "The name used by the agent to set the OIDC JWT on the user's browser. (property: org.forgerock.agents.jwt.cookie.name)",
          "propertyOrder" : 25500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "jwtAuditWhitelist" : {
          "title" : "Agent Profile ID Whitelist",
          "description" : "Specifies a comma-separated list of profile IDs that the agent will consider as valid values for the aud claim. This claim is represented in the JWT containing the end user's session. <br>Example: <br>agentprofile1,agentprofile2,.... <br>When several agents configured with different agent profiles protect the same application, set this property to a list of the agent profiles that are protecting the same application. <br>(property: com.forgerock.agents.jwt.aud.whitelist)",
          "propertyOrder" : 25520,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "fqdnCheck" : {
          "title" : "FQDN Check",
          "description" : "Enables checking of fqdn default value and fqdn map values. (property name: com.sun.identity.agents.config.fqdn.check.enable)",
          "propertyOrder" : 27300,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "fqdnDefault" : {
          "title" : "FQDN Default",
          "description" : "Fully qualified hostname that the users should use in order to access resources. (property name: com.sun.identity.agents.config.fqdn.default)",
          "propertyOrder" : 27400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "accessDeniedUrl" : {
          "title" : "Resources Access Denied URL",
          "description" : "The URL of the customized access denied page. (property name: com.sun.identity.agents.config.access.denied.url)",
          "propertyOrder" : 26300,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "agentUriPrefix" : {
          "title" : "Agent Deployment URI Prefix",
          "description" : "(property name: com.sun.identity.agents.config.agenturi.prefix)",
          "propertyOrder" : 25800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "disableJwtAudit" : {
          "title" : "Disable validation of the audience claim",
          "description" : "Specifies whether the agent should validate the audience claim matches the agent profile ID represented in the JWT containing the end user's session. <br>Possible values are: <br>  false = The agent validates audience claim. <br>  true = The agent does not validate audience claim.<br> (property: com.forgerock.agents.jwt.aud.disable)",
          "propertyOrder" : 25510,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "agentDebugLevel" : {
          "title" : "Agent Debug Level",
          "description" : "Agent debug level. (property name: com.sun.identity.agents.config.debug.level)",
          "propertyOrder" : 26400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "fqdnMapping" : {
          "title" : "FQDN Virtual Host Map",
          "description" : "Maps virtual, invalid, or partial hostnames, and IP addresses to the FQDN to access protected resources. (property name: com.sun.identity.agents.config.fqdn.mapping) <br> Examples: <br>  To map the partial hostname myserver to myserver.mydomain.com: enter myserver in the Map Key field and myserver.mydomain.com in the Corresponding Map Value field. To map a virtual server rst.hostname.com that points to the actual server abc.hostname.com: enter valid1 in the Map Key field and rst.hostname.com in the Corresponding Map Value field.",
          "propertyOrder" : 27500,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "configurationPollingInterval" : {
          "title" : "Configuration Reload Interval",
          "description" : "Interval in minutes to fetch agent configuration from AM. (property name: com.sun.identity.agents.config.polling.interval) <br>Required Agent Restart",
          "propertyOrder" : 25900,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "notificationsEnabled" : {
          "title" : "Enable Notifications",
          "description" : "The notifications help in maintaining agent's sso, policy and configuration caches. (property name: com.sun.identity.agents.config.notification.enable) <br>Required Agent Restart",
          "propertyOrder" : 25600,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "webSocketConnectionIntervalInMinutes" : {
          "title" : "Web Socket Connection Interval",
          "description" : "Interval in minutes by which agents reopen their web socket connection to ensure a fair distribution of connections across AM servers. (property: org.forgerock.agents.balance.websocket.interval.minutes).",
          "propertyOrder" : 25400,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "auditLogLocation" : {
          "title" : "Audit Log Location",
          "description" : "Specifies where audit messages should be logged. (property name: com.sun.identity.agents.config.log.disposition)",
          "propertyOrder" : 26800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "auditAccessType" : {
          "title" : "Audit Access Types",
          "description" : "Types of messages to log based on user URL access attempts. (property name: com.sun.identity.agents.config.audit.accesstype)",
          "propertyOrder" : 26700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "ssoOnlyMode" : {
          "title" : "SSO Only Mode",
          "description" : "Agent will just enforce authentication (SSO), but no authorization for policies. (property name: com.sun.identity.agents.config.sso.only)",
          "propertyOrder" : 26200,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "resetIdleTime" : {
          "title" : "Reset Idle Timeout",
          "description" : "If the agent is configured in SSO-only mode, the session may unexpectedly expire in AM due to idle timeout before the user has finished accessing the application. <br>Set this property to true to refresh the timeout when the user performs an action. <br>When set to true, the agent makes an additional call to AM, this may cause a performance impact. Configure this property only if: <br>   The agent is configured in SSO-only mode. <br>   User's sessions are timing out in AM because they are unexpectedly reaching the maximum idle timeout value. <br>(property: com.forgerock.agents.call.session.refresh)",
          "propertyOrder" : 26250,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "cdssoRootUrl" : {
          "title" : "Agent Root URL for CDSSO",
          "description" : "The agent root URL for CDSSO. The valid value is in the following format: <br>protocol://hostname:port/<br> The protocol represents the protocol used, such as http or https. The hostname represents the host name of the machine on which the agent resides. The port represents the port number on which the agent is installed. The slash following the port number is required.",
          "propertyOrder" : 26100,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        }
      }
    },
    "amServicesWebAgent" : {
      "type" : "object",
      "title" : "AM Services",
      "propertyOrder" : 3,
      "properties" : {
        "fetchPoliciesFromRootResource" : {
          "title" : "Fetch Policies from Root Resource",
          "description" : "Agent caches policy decision of the resource and all resources from the root of the resource down. (property name: com.sun.identity.agents.config.fetch.from.root.resource) <br>Required Agent Restart",
          "propertyOrder" : 31000,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "customLoginMode" : {
          "title" : "Custom Login Mode",
          "description" : "Specifies whether the agent should use the default or the custom login mode when redirecting unauthenticated users.<br>Possible values are: <br>0. Disabled. Default login redirection mode enabled <br>  1. Custom login mode enabled based on converts the SSO token into an ID token <br>  2. Legacy Custom login mode. Can be used in specific migration cases from agent 4 <br>(property: org.forgerock.openam.agents.config.allow.custom.login)",
          "propertyOrder" : 29890,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "publicAmUrl" : {
          "title" : "Public AM URL",
          "description" : "Overrides the agent's behavior of finding a suitable AM server and specifies the public URL of the AM to redirect to. <br> Use this property if: <br>  - Your environment uses custom login pages (OIDC-compliant and non-OIDC-compliant flows). <br>  - Your environment's custom login pages are in a network that can only access AM using a proxy, a firewall, or any other technology that remaps the AM URL to one accessible by the custom login pages. <br>  -End-users cannot log in due to their cookies being set in the wrong domains. <br>(property: com.forgerock.agents.public.am.url) ",
          "propertyOrder" : 29950,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "logoutUrlRegex" : {
          "title" : "Logout URL Regular Expression",
          "description" : "Perl-compatible regular expression that matches logout URLs. For example, to match URLs with protectedA or protectedB in the path and op=logout in the query string, use the following setting: <br>*(/protectedA\\?|/protectedB\\?/).*(\\&op=logout\\&)(.*|$)  <br>When you use this property, the agent ignores the settings for Logout URL List. (property: com.forgerock.agents.agent.logout.url.regex)",
          "propertyOrder" : 30540,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "retrieveClientHostname" : {
          "title" : "Retrieve Client Hostname",
          "description" : "Gets the client's hostname through DNS reverse lookup for use in policy evaluation. (property name: com.sun.identity.agents.config.get.client.host.name)",
          "propertyOrder" : 31100,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "applicationLogoutUrls" : {
          "title" : "Logout URL List",
          "description" : "List of application logout URLs. User gets logged out from AM session when these urls accessed. (property name: com.sun.identity.agents.config.agent.logout.url). If this property is used, user should specify a value for the below Logout Redirect URL property. <br> Example: <br> http://myagent.mydomain.com/logout.html",
          "propertyOrder" : 30300,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "enableLogoutRegex" : {
          "title" : "Enable Regex for Logout URL List",
          "description" : "This property allows regular expressions in \"Logout URL List\" (property: org.forgerock.agents.config.logout.regex.enable)",
          "propertyOrder" : 30530,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "regexConditionalLoginUrl" : {
          "title" : "Regular Expression Conditional Login URL",
          "description" : "Conditionally redirect users based on the incoming request URL. If the incoming request URL matches a regular expression, the web agent redirects the request to a specific URL. That specific URL can be an AM instance, site, or a different website. Specifies the redirection URL and its parameters. This property needs to configure \"Regular Expression Conditional Login Pattern\" <br>Example: <br>  org.forgerock.agents.config.conditional.login.pattern[0] = .*shop <br>  org.forgerock.agents.config.conditional.login.url[0] = http://openam.example.com/openam/oauth2/authorize?realm=sales <br>(property: org.forgerock.agents.config.conditional.login.url)",
          "propertyOrder" : 30100,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "userIdParameter" : {
          "title" : "User ID Parameter",
          "description" : "Agent sets value of User Id to REMOTE_USER server variable. (property name: com.sun.identity.agents.config.userid.param)",
          "propertyOrder" : 30800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "regexConditionalLoginPattern" : {
          "title" : "Regular Expression Conditional Login Pattern",
          "description" : "Conditionally redirect users based on the incoming request URL. If the incoming request URL matches a regular expression, the web agent redirects the request to a specific URL. That specific URL can be an AM instance, site, or a different website. Specifies the regular expression that the domain name must match. This property needs to configure \"Regular Expression Conditional Login URL\" <br>Example: <br>  org.forgerock.agents.config.conditional.login.pattern[0] = .*shop <br>  org.forgerock.agents.config.conditional.login.url[0] = http://openam.example.com/openam/oauth2/authorize?realm=sales <br>(property: org.forgerock.agents.config.conditional.login.pattern)",
          "propertyOrder" : 30050,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "logoutResetCookies" : {
          "title" : "Logout Cookies List for Reset",
          "description" : "Any cookies to be reset upon logout in the same format as cookie reset list. (property name: com.sun.identity.agents.config.logout.cookie.reset) <br> Cookie1 <br> Cookie2=value;Domain=subdomain.domain.com",
          "propertyOrder" : 30400,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "policyClockSkew" : {
          "title" : "Policy Clock Skew",
          "description" : "Time in seconds used adjust time difference between Agent machine and AM. Clock skew in seconds = AgentTime - AMServerTime. (property name: com.sun.identity.agents.config.policy.clock.skew) <br>Required Agent Restart",
          "propertyOrder" : 31200,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "conditionalLoginUrl" : {
          "title" : "AM Conditional Login URL",
          "description" : "Conditionally redirect users based on the incoming request URL. If the incoming request URL matches a specified domain name, the web agent redirects the request to a specific URL. That specific URL can be an AM instance, site, or a different website. <br>Example: <br>  example.com|https://openam.example.com/openam/oauth2/authorize <br>  myapp.domain.com|https://openam2.example.com/openam/oauth2/authorize?realm=sales (property: com.forgerock.agents.conditional.login.url)",
          "propertyOrder" : 30000,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "policyCachePollingInterval" : {
          "title" : "Policy Cache Polling Period",
          "description" : "Polling interval in minutes to refresh agent's policy cache. (property name: com.sun.identity.agents.config.policy.cache.polling.interval) <br>Required Agent Restart",
          "propertyOrder" : 30600,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "amLoginUrl" : {
          "title" : "AM Login URL",
          "description" : "AM login page URL. (property name: com.sun.identity.agents.config.login.url)  <br> Example: <br> http://host:port/am/UI/Login",
          "propertyOrder" : 29900,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "invalidateLogoutSession" : {
          "title" : "Invalidate Logout Session",
          "description" : "Specifies whether the agent must invalidate the user session in AM when redirecting to the logout URL specified either by the Logout URL list (com.sun.identity.agents.config.agent.logout.url) or the AM logout URL (com.sun.identity.agents.config.logout.url) properties. (property: org.forgerock.agents.config.logout.session.invalidate)",
          "propertyOrder" : 30520,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "policyEvaluationRealm" : {
          "title" : "Policy Evaluation Realm",
          "description" : "Which realm to start evaluating from. (property name: org.forgerock.openam.agents.config.policy.evaluation.realm)",
          "propertyOrder" : 31300,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "userIdParameterType" : {
          "title" : "User ID Parameter Type",
          "description" : "User ID can be fetched from either SESSION and LDAP attributes. (property name: com.sun.identity.agents.config.userid.param.type)",
          "propertyOrder" : 30900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "ssoCachePollingInterval" : {
          "title" : "SSO Cache Polling Period",
          "description" : "Polling interval in minutes to refresh agent's sso cache. (property name: com.sun.identity.agents.config.sso.cache.polling.interval) <br>Required Agent Restart",
          "propertyOrder" : 30700,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "logoutRedirectUrl" : {
          "title" : "Logout Redirect URL",
          "description" : "User gets redirected to this url after logout. (property name: com.sun.identity.agents.config.logout.redirect.url). This property should be specified along with the above Logout URL List.",
          "propertyOrder" : 30500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "amLogoutUrl" : {
          "title" : "AM Logout URL",
          "description" : "AM logout page URL. (property name: com.sun.identity.agents.config.logout.url)  <br> Example: <br> http://host:port/am/UI/Logout",
          "propertyOrder" : 30200,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "logoutRedirectDisabled" : {
          "title" : "Disabled Logout Redirection",
          "description" : "When disabled, instead of redirecting the user-agent, the web agent performs session logout in the background and then continues processing access to the current URL. (property: com.forgerock.agents.config.logout.redirect.disable)",
          "propertyOrder" : 30510,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "policyEvaluationApplication" : {
          "title" : "Policy Set",
          "description" : "Which application contains the policies to evaluate with. (property name: org.forgerock.openam.agents.config.policy.evaluation.application)",
          "propertyOrder" : 31400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "ssoWebAgentConfig" : {
      "type" : "object",
      "title" : "SSO",
      "propertyOrder" : 2,
      "properties" : {
        "cookieName" : {
          "title" : "Cookie Name",
          "description" : "Name of the SSO Token cookie used between the AM server and the Agent. (property name: com.sun.identity.agents.config.cookie.name)<br>Required Agent Restart",
          "propertyOrder" : 29100,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "persistentJwtCookie" : {
          "title" : "Persistent JWT Cookie",
          "description" : "Enable persistence for JWT cookie. If true JWT cookie will not be set as Session Cookie. (property: org.forgerock.agents.config.cdsso.persistent.cookie.enable)",
          "propertyOrder" : 29270,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "cdssoRedirectUri" : {
          "title" : "CDSSO Redirect URI",
          "description" : "An intermediate URI that is used by the Agent for processing CDSSO requests. (property name: org.forgerock.agents.authn.redirect.uri) ",
          "propertyOrder" : 29300,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "cookieResetOnRedirect" : {
          "title" : "Session Cookie Reset on Authentication Redirect",
          "description" : "When set to true. the agent will not reset the session cookie on an authentication redirect if there is a policy advice present.By default, the agent resets the session cookie in all configured domains on every authentication redirect when a policy advice is present. (property: org.forgerock.agents.config.cdsso.advice.cleanup.disable)",
          "propertyOrder" : 29400,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "cookieResetEnabled" : {
          "title" : "Cookie Reset",
          "description" : "Agent resets cookies in the response before redirecting to authentication. (property name: com.sun.identity.agents.config.cookie.reset.enable)",
          "propertyOrder" : 29700,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "secureCookies" : {
          "title" : "Cookie Security",
          "description" : "Agent sends secure cookies if communication is secure. (property name: com.sun.identity.agents.config.cookie.secure) <br>Required Agent Restart",
          "propertyOrder" : 29200,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "acceptSsoToken" : {
          "title" : "Accept SSO Token",
          "description" : "Specifies whether the agent should accept SSO tokens as session cookies alongside with ID tokens. Possible values: <br>- false. The agent does not accept SSO Tokens <br>- true. The agent accepts both SSO tokens and ID tokens as session tokens during the login flow, and afterwards. SSO tokens are not converted to ID tokens <br>Set this property to \"true\" only for specific migration cases (see documentation for more info) <br>(property: com.forgerock.agents.accept.sso.token) (Agent 5.7+ only)",
          "propertyOrder" : 29850,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "httpOnly" : {
          "title" : "HTTP Only Mode",
          "description" : "Agents with this property set to true mark cookies as HTTPOnly to prevent scripts and third-party programs from accessing the cookies. (property: com.sun.identity.cookie.httponly)",
          "propertyOrder" : 29250,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "multivaluePreAuthnCookie" : {
          "title" : "Multivalue for Pre-Authn Cookie",
          "description" : "With this set, the agent will use a legacy mode to create cookies that are used to track unauthenticated requests that have been redirected to login. This mode should only be used for backward compatibility, where the pre-5.7 way of tracking redirected requests is required, perhaps because the cookie names are referenced in proxy configuration. This property need not be set in any other situation. (property: org.forgerock.openam.agents.config.multivalue.pre.authn.cookies)",
          "propertyOrder" : 29280,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "cookieResetList" : {
          "title" : "Cookies Reset Name List",
          "description" : "List of cookies in the format: name[=value][;Domain=value]. (property name: com.sun.identity.agents.config.cookie.reset) <br> Examples: <br> Cookie1 <br> Cookie2=value;Domain=subdomain.domain.com",
          "propertyOrder" : 29800,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sameSite" : {
          "title" : "SameSite Cookie Attribute",
          "description" : "If set, agent will add SameSite attribute to all cookies created by agent with value which is provided in this property. <br>Example: Strict, Lax, None (property: com.forgerock.agents.cdsso.cookie.samesite)",
          "propertyOrder" : 29260,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "cdssoCookieDomain" : {
          "title" : "Cookies Domain List",
          "description" : "List of domains in which cookies have to be set in CDSSO. (property name: com.sun.identity.agents.config.cdsso.cookie.domain) <br> Example: <br> .example.com",
          "propertyOrder" : 29600,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        }
      }
    },
    "advancedWebAgentConfig" : {
      "type" : "object",
      "title" : "Advanced",
      "propertyOrder" : 5,
      "properties" : {
        "pdpStickySessionMode" : {
          "title" : "POST Data Sticky Load Balancing Mode",
          "description" : "Specifies whether to create a cookie, or to append a query string to the URL to assist with sticky load balancing. Possible values are: <br>COOKIE. The web agent creates a cookie with the value specified in the com.sun.identity.agents.config.postdata.preserve.stickysession.value property. <br>URL. The web agent appends the value specified in the com.sun.identity.agents.config.postdata.preserve.stickysession.value to the URL query string. <br> (property: com.sun.identity.agents.config.postdata.preserve.stickysession.mode)",
          "propertyOrder" : 33700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "pdpStickySessionValue" : {
          "title" : "POST Data Sticky Load Balancing Value",
          "description" : "Specifies a key-value pair separated by the = character that the web agent creates when evaluating the \"POST Data Sticky Load Balancing Mode\". For example, a setting of lb=myserver either sets an lb cookie with myserver value, or adds lb=myserver to the URL query string. When configuring POST data preservation with cookies, set the cookie name in the cookie pair to the same value configured in the \"POST Data Sticky Load Balancing Cookie Name\". (property: com.sun.identity.agents.config.postdata.preserve.stickysession.value)",
          "propertyOrder" : 33710,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "logonAndImpersonation" : {
          "title" : "Logon and Impersonation",
          "description" : "Set to true if agent should do Windows Logon and User Impersonation. (property name: com.sun.identity.agents.config.iis.logonuser)",
          "propertyOrder" : 34500,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "clientHostnameHeader" : {
          "title" : "Client Hostname Header",
          "description" : "HTTP header name that holds the Hostname of the client. (property name: org.forgerock.agents.http.header.containing.remote.hostname) ",
          "propertyOrder" : 32900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "fragmentRedirectEnabled" : {
          "title" : "Fragment Redirect Enabled",
          "description" : "Enable to save the browser's URL fragment during authentication. <br>(property: org.forgerock.agents.config.fragment.redirect.enable) (Agent 5.7+ only)",
          "propertyOrder" : 33400,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "postDataPreservation" : {
          "title" : "POST Data Preservation",
          "description" : "Enables POST data preservation. (property name: com.sun.identity.agents.config.postdata.preserve.enable) <br> Note that this feature is not supported in all the web agents. Please refer individual agents documentation for more details.",
          "propertyOrder" : 33500,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "overrideRequestPort" : {
          "title" : "Override Request URL Port",
          "description" : "Set to true if the agent is sitting behind a ssl/tls off-loader, load balancer, or proxy to override the port with the value from the property com.sun.identity.agents.config.agenturi.prefix. (property name: com.sun.identity.agents.config.override.port)",
          "propertyOrder" : 33300,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "pdpJavascriptRepost" : {
          "title" : "Show Password in HTTP Header",
          "description" : "Set to true if encrypted password should be set in HTTP header AUTH_PASSWORD. (property name: com.sun.identity.agents.config.iis.password.header)",
          "propertyOrder" : 33730,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "clientIpHeader" : {
          "title" : "Client IP Address Header",
          "description" : "HTTP header name that holds the IP address of the client. (property name: org.forgerock.agents.http.header.containing.ip.address) ",
          "propertyOrder" : 32800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "postDataCachePeriod" : {
          "title" : "POST Data Entries Cache Period",
          "description" : "POST cache entry lifetime in minutes. (property name: com.sun.identity.agents.config.postcache.entry.lifetime)",
          "propertyOrder" : 33600,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "replayPasswordKey" : {
          "title" : "Replay Password Key",
          "description" : "DES key for decrypting the basic authentication password in the session. (property name: com.sun.identity.agents.config.replaypasswd.key)",
          "propertyOrder" : 33900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "customProperties" : {
          "title" : "Custom Properties",
          "description" : "Additional properties that allow users to augment the set of properties supported by agent. (property name: com.sun.identity.agents.config.freeformproperties)  <br> Examples: <br> customproperty=custom-value1 <br> customlist[0]=customlist-value-0 <br> customlist[1]=customlist-value-1 <br> custommap[key1]=custommap-value-1 <br> custommap[key2]=custommap-value-2",
          "propertyOrder" : 35100,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "overrideRequestProtocol" : {
          "title" : "Override Request URL Protocol",
          "description" : "Set to true if the agent is sitting behind a ssl/tls off-loader, load balancer, or proxy to override the protocol with the value from the property com.sun.identity.agents.config.agenturi.prefix. (property name: com.sun.identity.agents.config.override.protocol)",
          "propertyOrder" : 33100,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "showPasswordInHeader" : {
          "title" : "Show Password in HTTP Header",
          "description" : "Set to true if encrypted password should be set in HTTP header AUTH_PASSWORD. (property name: com.sun.identity.agents.config.iis.password.header)",
          "propertyOrder" : 34400,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "pdpStickySessionCookieName" : {
          "title" : "POST Data Sticky Load Balancing Cookie Name",
          "description" : "Specifies the name of a cookie to use for enabling sticky load balancing when the \"POST Data Sticky Load Balancing Mode\" property is set to COOKIE. Set the cookie name to the same value configured in the \"POST Data Sticky Load Balancing Value\" property. (property: com.sun.identity.agents.config.postdata.preserve.lbcookie)",
          "propertyOrder" : 33720,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "overrideRequestHost" : {
          "title" : "Override Request URL Host",
          "description" : "Set to true if the agent is sitting behind a ssl/tls off-loader, load balancer, or proxy to override the host with the value from the property com.sun.identity.agents.config.agenturi.prefix. (property name: com.sun.identity.agents.config.override.host)",
          "propertyOrder" : 33200,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "pdpSkipPostUrl" : {
          "title" : "URLs Ignored by the Agent POST Data Inspector",
          "description" : "Specifies a list of URLs that will not be processed by the web agent POST data inspector. This allows other modules on the same server to access the POST data directly. <br>The following example uses wildcards to add a file named postreader.jsp in the root of any protected website to the list of URLs that will not have their POST data inspected: <br>http*://*:*/postreader.jsp <br>Any URLs added to this property should also be added to the Not-Enforced URLs <br> (property: org.forgerock.agents.config.skip.post.url)",
          "propertyOrder" : 33740,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        }
      }
    },
    "miscWebAgentConfig" : {
      "type" : "object",
      "title" : "Miscellaneous",
      "propertyOrder" : 4,
      "properties" : {
        "addCacheControlHeader" : {
          "title" : "Add Cache-Control Headers",
          "description" : "Set this property to true to enable use of Cache-Control headers that prevent proxies from caching resources accessed by unauthenticated users. (property: com.forgerock.agents.cache_control_header.enable)",
          "propertyOrder" : 32710,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "urlJsonResponse" : {
          "title" : "URLs to Receive JSON-Formatted Responses",
          "description" : "Returning the responses in JSON format is useful for non-browser-based, or AJAX applications, that may not want to redirect users to the AM user interface for authentication. <br>Example: org.forgerock.agents.config.json.url[0]=http*://*.example.com:*/api/* <br>org.forgerock.agents.config.json.response.code=202 <br>(property: org.forgerock.agents.config.json.url)",
          "propertyOrder" : 32730,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "anonymousUserId" : {
          "title" : "Anonymous User Default Value",
          "description" : "User id of unauthenticated users. (property name: com.sun.identity.agents.config.anonymous.user.id)",
          "propertyOrder" : 32700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "statusCodeJsonResponse" : {
          "title" : "HTTP Return Code for JSON-Formatted Responses",
          "description" : "Specifies an HTTP response code to return when a JSON-formatted error is triggered. (property: org.forgerock.agents.config.json.response.code)",
          "propertyOrder" : 32760,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "encodeUrlSpecialCharacters" : {
          "title" : "Encode URL's Special Characters",
          "description" : "Encodes the url which has special characters before doing policy evaluation. (property name: com.sun.identity.agents.config.encode.url.special.chars.enable)",
          "propertyOrder" : 32100,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "mineEncodeHeader" : {
          "title" : "MIME-Encode HTTP Header Values",
          "description" : "Specifies whether the agent must MIME-encode HTTP header values, and when to do it. Possible values are: <br>  0. The agent MIME-encodes the value of HTTP headers if said value is a multi-byte Unicode string. <br>  1. The agent MIME-encodes the value of every HTTP header. <br>  2. The agent does not MIME-encode the value of any HTTP header. <br> (property: com.forgerock.agents.header.mime.encode)",
          "propertyOrder" : 32720,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "compositeAdviceEncode" : {
          "title" : "Composite Advice Encode",
          "description" : "This property is used to specify whether AM composite advices should be based64url encoded before sending to custom login endpoints. (property: com.forgerock.agents.advice.b64.url.encode)",
          "propertyOrder" : 32300,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "compositeAdviceRedirect" : {
          "title" : "Composite Advice Handling",
          "description" : "When set to true, the agent sends composite advice in the query (GET request) instead of sending it through a POST request. (property: com.sun.am.use_redirect_for_advice)",
          "propertyOrder" : 32200,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "ignorePathInfo" : {
          "title" : "Ignore Path Info in Request URL",
          "description" : "The path info will be stripped from the request URL while doing Not Enforced List check and url policy evaluation if the value is set to true. (property name: com.sun.identity.agents.config.ignore.path.info)",
          "propertyOrder" : 32400,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "gotoParameterName" : {
          "title" : "Goto Parameter Name",
          "description" : "This is the name of the HTTP query \"goto\" parameter. It is not recommended to change it. (property name: com.sun.identity.agents.config.redirect.param) ",
          "propertyOrder" : 32600,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "invertUrlJsonResponse" : {
          "title" : "Invert Properties That Receive JSON-Formatted Responses",
          "description" : "Set to true to invert the meaning of both the org.forgerock.agents.config.json.url and org.forgerock.agents.config.json.header properties. When inverted the specified values in those two properties will not trigger JSON-formatted responses. Any non-specified value will trigger JSON-formatted responses, instead. (property: org.forgerock.agents.config.json.url.invert)",
          "propertyOrder" : 32750,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "invalidUrlRegex" : {
          "title" : "Invalid URL Regular Expression",
          "description" : "Specifies a Perl-compatible regular expression to parse valid request URLs. The web agent rejects requests to invalid URLs with HTTP 403 Forbidden status without further processing. <br>Example, to filter out URLs containing a list of characters and words such as ./ /. / . %00-%1f, %7f-%ff, %25, %2B, %2C, %7E, .info, configure the following regular expression: <br>^(\\?!.\\/|\\/.|.|.info|%2B|%00-%1f|%7f-%ff|%25|%2C|%7E).*$ <br>(property: com.forgerock.agents.agent.invalid.url.regex)",
          "propertyOrder" : 32500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "profileAttributesCookiePrefix" : {
          "title" : "Profile Attributes Cookie Prefix",
          "description" : "Sets cookie prefix in the attributes headers. (property name: com.sun.identity.agents.config.profile.attribute.cookie.prefix)",
          "propertyOrder" : 31800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "headerJsonResponse" : {
          "title" : "Headers and Values to Receive JSON-Formatted Responses",
          "description" : "Specify HTTP headers and associated values that trigger JSON-formatted errors to be returned. <br>Example: <br>org.forgerock.agents.config.json.header[enableJsonResponse]=true <br>org.forgerock.agents.config.json.response.code=202 <br>(property: org.forgerock.agents.config.json.header[Header]=Value)",
          "propertyOrder" : 32740,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "encodeSpecialCharsInCookies" : {
          "title" : "Encode special chars in Cookies",
          "description" : "Encode special chars in cookie by URL encoding. Useful when profile, session and response attributes contain special chars and attributes fetch mode is set to HTTP_COOKIE. (property name: com.sun.identity.agents.config.encode.cookie.special.chars.enable)  ",
          "propertyOrder" : 31700,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "caseInsensitiveUrlComparison" : {
          "title" : "URL Comparison Case Sensitivity Check",
          "description" : "Enforces case insensitivity in both policy and not enforced url evaluation. (property name: com.sun.identity.agents.config.url.comparison.case.ignore)",
          "propertyOrder" : 32000,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "anonymousUserEnabled" : {
          "title" : "Anonymous User",
          "description" : "Enable/Disable REMOTE_USER processing for anonymous users. (property name: com.sun.identity.agents.config.anonymous.user.enable)",
          "propertyOrder" : 31600,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "profileAttributesCookieMaxAge" : {
          "title" : "Profile Attributes Cookie Maxage",
          "description" : "Maxage of attributes cookie headers. (property name: com.sun.identity.agents.config.profile.attribute.cookie.maxage)",
          "propertyOrder" : 31900,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    }
  }
}

delete

Usage:

am> delete WebAgentGroups --realm Realm --id id

Parameters:

--id

The unique identifier for the resource.

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage:

am> action WebAgentGroups --realm Realm --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage:

am> action WebAgentGroups --realm Realm --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage:

am> action WebAgentGroups --realm Realm --actionName nextdescendents

query

Querying the agent groups of a specific type

Usage:

am> query WebAgentGroups --realm Realm --filter filter

Parameters:

--filter

A CREST formatted query filter, where "true" will query all.

read

Usage:

am> read WebAgentGroups --realm Realm --id id

Parameters:

--id

The unique identifier for the resource.

update

Usage:

am> update WebAgentGroups --realm Realm --id id --body body

Parameters:

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "applicationWebAgentConfig" : {
      "type" : "object",
      "title" : "Application",
      "propertyOrder" : 1,
      "properties" : {
        "continuousSecurityCookies" : {
          "title" : "Continuous Security Cookies",
          "description" : "The name of the cookies to be sent as part of the payload during policy evaluation, which can be accessed via the 'environment' variable in a policy script. The 'key' is the name of the cookie to be sent, and the 'value' is the name which it will appear as in the policy evaluation script. It is possible to map multiple cookies to the same name (they will simply appear as an array in the evaluation script). If the cookie doesn't exist, then the empty string will be sent.",
          "propertyOrder" : 28900,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "profileAttributeFetchMode" : {
          "title" : "Profile Attribute Fetch Mode",
          "description" : "(property name: com.sun.identity.agents.config.profile.attribute.fetch.mode)",
          "propertyOrder" : 28200,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "notEnforcedIpsRegex" : {
          "title" : "Regular Expressions for Not-Enforced IPs",
          "description" : "Enable use of Perl-compatible regular expressions in Not-Enforced URL from IP settings. (property: org.forgerock.agents.config.notenforced.ext.regex.enable)",
          "propertyOrder" : 28150,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "sessionAttributeFetchMode" : {
          "title" : "Session Attribute Fetch Mode",
          "description" : "(property name: com.sun.identity.agents.config.session.attribute.fetch.mode)",
          "propertyOrder" : 28600,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "continuousSecurityHeaders" : {
          "title" : "Continuous Security Headers",
          "description" : "The name of the headers in the user's original request, that will be sent as part of the payload during policy evaluation, which can then be accessed via the 'environment' variable in a policy script. The 'key' is the name of the header to be sent, and the 'value' is the name which it will appear as in the policy evaluation script.It is possible to map multiple headers to the same name (they will simply appear as an array in the evaluation script). If the header doesn't exist, then the empty string will be sent.",
          "propertyOrder" : 29000,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "notEnforcedIpsList" : {
          "title" : "Not-Enforced URL from IP Processing List",
          "description" : "Specifies a list of client IP addresses that do not require authentication when requesting the indicated URLs. <br>The supported format requires a list of IP addresses separated by spaces, the horizontal bar (|) character, and a list of URLs separated by spaces. <br>For example: <br>  10.1.2.1 192.168.0.2|/public/* <br>In the preceding example, the IP addresses 10.1.2.1 and  192.168.0.2 can access any resource inside /public without authenticating. (property: org.forgerock.agents.config.notenforced.ipurl)",
          "propertyOrder" : 28050,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "notEnforcedUrlsRegex" : {
          "title" : "Regular Expressions for Not-Enforced URLs",
          "description" : "When true, enables use of Perl-compatible regular expressions in Not-enforced URL settings. (property: com.forgerock.agents.notenforced.url.regex.enable)",
          "propertyOrder" : 27850,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "sessionAttributeMap" : {
          "title" : "Session Attribute Map",
          "description" : "Maps the session attributes to be populated under specific names for the currently authenticated user. (property name: com.sun.identity.agents.config.session.attribute.mapping)   <br> Example: <br>  To populate the value of session attribute UserToken under name CUSTOM-userid: enter UserToken in Map Key field, and enter CUSTOM-userid in Corresponding Map Value field.",
          "propertyOrder" : 28700,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "responseAttributeMap" : {
          "title" : "Response Attribute Map",
          "description" : "Maps the policy response attributes to be populated under specific names for the currently authenticated user. (property name: com.sun.identity.agents.config.response.attribute.mapping)  <br> Example: <br> To populate the value of response attribute uid under name CUSTOM-USER-NAME: enter uid in Map Key field, and enter CUSTOM-USER-NAME in Corresponding Map Value field.",
          "propertyOrder" : 28500,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "profileAttributeMap" : {
          "title" : "Profile Attribute Map",
          "description" : "Maps the profile attributes to be populated under specific names for the currently authenticated user. (property name: com.sun.identity.agents.config.profile.attribute.mapping)  <br> Example: <br> To populate the value of profile attribute cn under name CUSTOM-Common-Name: enter cn in Map Key field, and enter CUSTOM-Common-Name in Corresponding Map Value field. <br> To populate the value of profile attribute mail under name CUSTOM-Email: enter mail in Map Key field, and enter CUSTOM-Email in Corresponding Map Value field.",
          "propertyOrder" : 28300,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "fetchAttributesForNotEnforcedUrls" : {
          "title" : "Fetch Attributes for Not Enforced URLs",
          "description" : "Agent fetches profile attributes for not enforced urls by doing policy evaluation. (property name: com.sun.identity.agents.config.notenforced.url.attributes.enable)",
          "propertyOrder" : 27900,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "attributeMultiValueSeparator" : {
          "title" : "Attribute Multi Value Separator",
          "description" : "Specifies separator for multiple values. Applies to all types of attributes i.e. profile, session and response attributes. (property name: com.sun.identity.agents.config.attribute.multi.value.separator)",
          "propertyOrder" : 28800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "invertNotEnforcedUrls" : {
          "title" : "Invert Not Enforced URLs",
          "description" : "Only not enforced list of urls will be enforced. (property name: com.sun.identity.agents.config.notenforced.url.invert)",
          "propertyOrder" : 27800,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "ignorePathInfoForNotEnforcedUrls" : {
          "title" : "Ignore Path Info for Not Enforced URLs",
          "description" : "Indicate whether the path info and query should be stripped from the request URL before being compared with the URLs of the not enforced list when those URLs have a wildcard '*' character.  (property name: com.sun.identity.agents.config.ignore.path.info.for.not.enforced.list)  ",
          "propertyOrder" : 27600,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "responseAttributeFetchMode" : {
          "title" : "Response Attribute Fetch Mode",
          "description" : "(property name: com.sun.identity.agents.config.response.attribute.fetch.mode)",
          "propertyOrder" : 28400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "notEnforcedIps" : {
          "title" : "Not Enforced Client IP List",
          "description" : "No authentication and authorization are required for the requests coming from these client IP addresses. (property name: com.sun.identity.agents.config.notenforced.ip) <br> Examples: <br> 192.18.145.* <br> 192.18.146.123",
          "propertyOrder" : 28000,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "notEnforcedUrls" : {
          "title" : "Not Enforced URLs",
          "description" : "List of urls for which no authentication required. (property name: com.sun.identity.agents.config.notenforced.url) <br> Example: <br> http://myagent.mydomain.com/*.gif",
          "propertyOrder" : 27700,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "clientIpValidation" : {
          "title" : "Client IP Validation",
          "description" : "This validates if the subsequent browser requests come from the same ip address that the SSO token is initially issued against. (property name: com.sun.identity.agents.config.client.ip.validation.enable)",
          "propertyOrder" : 28100,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "globalWebAgentConfig" : {
      "type" : "object",
      "title" : "Global",
      "propertyOrder" : 0,
      "properties" : {
        "agentConfigChangeNotificationsEnabled" : {
          "title" : "Agent Configuration Change Notification",
          "description" : "Enable agent to receive notification messages (via websockets) from AM server for configuration changes. (property name: org.forgerock.agents.config.change.notifications.enabled) ",
          "propertyOrder" : 25300,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "status" : {
          "title" : "Status",
          "description" : "Status of the agent configuration.",
          "propertyOrder" : 25100,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "jwtName" : {
          "title" : "JWT Cookie Name",
          "description" : "The name used by the agent to set the OIDC JWT on the user's browser. (property: org.forgerock.agents.jwt.cookie.name)",
          "propertyOrder" : 25500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "jwtAuditWhitelist" : {
          "title" : "Agent Profile ID Whitelist",
          "description" : "Specifies a comma-separated list of profile IDs that the agent will consider as valid values for the aud claim. This claim is represented in the JWT containing the end user's session. <br>Example: <br>agentprofile1,agentprofile2,.... <br>When several agents configured with different agent profiles protect the same application, set this property to a list of the agent profiles that are protecting the same application. <br>(property: com.forgerock.agents.jwt.aud.whitelist)",
          "propertyOrder" : 25520,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "fqdnCheck" : {
          "title" : "FQDN Check",
          "description" : "Enables checking of fqdn default value and fqdn map values. (property name: com.sun.identity.agents.config.fqdn.check.enable)",
          "propertyOrder" : 27300,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "fqdnDefault" : {
          "title" : "FQDN Default",
          "description" : "Fully qualified hostname that the users should use in order to access resources. (property name: com.sun.identity.agents.config.fqdn.default)",
          "propertyOrder" : 27400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "accessDeniedUrl" : {
          "title" : "Resources Access Denied URL",
          "description" : "The URL of the customized access denied page. (property name: com.sun.identity.agents.config.access.denied.url)",
          "propertyOrder" : 26300,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "agentUriPrefix" : {
          "title" : "Agent Deployment URI Prefix",
          "description" : "(property name: com.sun.identity.agents.config.agenturi.prefix)",
          "propertyOrder" : 25800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "disableJwtAudit" : {
          "title" : "Disable validation of the audience claim",
          "description" : "Specifies whether the agent should validate the audience claim matches the agent profile ID represented in the JWT containing the end user's session. <br>Possible values are: <br>  false = The agent validates audience claim. <br>  true = The agent does not validate audience claim.<br> (property: com.forgerock.agents.jwt.aud.disable)",
          "propertyOrder" : 25510,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "agentDebugLevel" : {
          "title" : "Agent Debug Level",
          "description" : "Agent debug level. (property name: com.sun.identity.agents.config.debug.level)",
          "propertyOrder" : 26400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "fqdnMapping" : {
          "title" : "FQDN Virtual Host Map",
          "description" : "Maps virtual, invalid, or partial hostnames, and IP addresses to the FQDN to access protected resources. (property name: com.sun.identity.agents.config.fqdn.mapping) <br> Examples: <br>  To map the partial hostname myserver to myserver.mydomain.com: enter myserver in the Map Key field and myserver.mydomain.com in the Corresponding Map Value field. To map a virtual server rst.hostname.com that points to the actual server abc.hostname.com: enter valid1 in the Map Key field and rst.hostname.com in the Corresponding Map Value field.",
          "propertyOrder" : 27500,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "configurationPollingInterval" : {
          "title" : "Configuration Reload Interval",
          "description" : "Interval in minutes to fetch agent configuration from AM. (property name: com.sun.identity.agents.config.polling.interval) <br>Required Agent Restart",
          "propertyOrder" : 25900,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "notificationsEnabled" : {
          "title" : "Enable Notifications",
          "description" : "The notifications help in maintaining agent's sso, policy and configuration caches. (property name: com.sun.identity.agents.config.notification.enable) <br>Required Agent Restart",
          "propertyOrder" : 25600,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "webSocketConnectionIntervalInMinutes" : {
          "title" : "Web Socket Connection Interval",
          "description" : "Interval in minutes by which agents reopen their web socket connection to ensure a fair distribution of connections across AM servers. (property: org.forgerock.agents.balance.websocket.interval.minutes).",
          "propertyOrder" : 25400,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "auditLogLocation" : {
          "title" : "Audit Log Location",
          "description" : "Specifies where audit messages should be logged. (property name: com.sun.identity.agents.config.log.disposition)",
          "propertyOrder" : 26800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "auditAccessType" : {
          "title" : "Audit Access Types",
          "description" : "Types of messages to log based on user URL access attempts. (property name: com.sun.identity.agents.config.audit.accesstype)",
          "propertyOrder" : 26700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "ssoOnlyMode" : {
          "title" : "SSO Only Mode",
          "description" : "Agent will just enforce authentication (SSO), but no authorization for policies. (property name: com.sun.identity.agents.config.sso.only)",
          "propertyOrder" : 26200,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "resetIdleTime" : {
          "title" : "Reset Idle Timeout",
          "description" : "If the agent is configured in SSO-only mode, the session may unexpectedly expire in AM due to idle timeout before the user has finished accessing the application. <br>Set this property to true to refresh the timeout when the user performs an action. <br>When set to true, the agent makes an additional call to AM, this may cause a performance impact. Configure this property only if: <br>   The agent is configured in SSO-only mode. <br>   User's sessions are timing out in AM because they are unexpectedly reaching the maximum idle timeout value. <br>(property: com.forgerock.agents.call.session.refresh)",
          "propertyOrder" : 26250,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "cdssoRootUrl" : {
          "title" : "Agent Root URL for CDSSO",
          "description" : "The agent root URL for CDSSO. The valid value is in the following format: <br>protocol://hostname:port/<br> The protocol represents the protocol used, such as http or https. The hostname represents the host name of the machine on which the agent resides. The port represents the port number on which the agent is installed. The slash following the port number is required.",
          "propertyOrder" : 26100,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        }
      }
    },
    "amServicesWebAgent" : {
      "type" : "object",
      "title" : "AM Services",
      "propertyOrder" : 3,
      "properties" : {
        "fetchPoliciesFromRootResource" : {
          "title" : "Fetch Policies from Root Resource",
          "description" : "Agent caches policy decision of the resource and all resources from the root of the resource down. (property name: com.sun.identity.agents.config.fetch.from.root.resource) <br>Required Agent Restart",
          "propertyOrder" : 31000,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "customLoginMode" : {
          "title" : "Custom Login Mode",
          "description" : "Specifies whether the agent should use the default or the custom login mode when redirecting unauthenticated users.<br>Possible values are: <br>0. Disabled. Default login redirection mode enabled <br>  1. Custom login mode enabled based on converts the SSO token into an ID token <br>  2. Legacy Custom login mode. Can be used in specific migration cases from agent 4 <br>(property: org.forgerock.openam.agents.config.allow.custom.login)",
          "propertyOrder" : 29890,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "publicAmUrl" : {
          "title" : "Public AM URL",
          "description" : "Overrides the agent's behavior of finding a suitable AM server and specifies the public URL of the AM to redirect to. <br> Use this property if: <br>  - Your environment uses custom login pages (OIDC-compliant and non-OIDC-compliant flows). <br>  - Your environment's custom login pages are in a network that can only access AM using a proxy, a firewall, or any other technology that remaps the AM URL to one accessible by the custom login pages. <br>  -End-users cannot log in due to their cookies being set in the wrong domains. <br>(property: com.forgerock.agents.public.am.url) ",
          "propertyOrder" : 29950,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "logoutUrlRegex" : {
          "title" : "Logout URL Regular Expression",
          "description" : "Perl-compatible regular expression that matches logout URLs. For example, to match URLs with protectedA or protectedB in the path and op=logout in the query string, use the following setting: <br>*(/protectedA\\?|/protectedB\\?/).*(\\&op=logout\\&)(.*|$)  <br>When you use this property, the agent ignores the settings for Logout URL List. (property: com.forgerock.agents.agent.logout.url.regex)",
          "propertyOrder" : 30540,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "retrieveClientHostname" : {
          "title" : "Retrieve Client Hostname",
          "description" : "Gets the client's hostname through DNS reverse lookup for use in policy evaluation. (property name: com.sun.identity.agents.config.get.client.host.name)",
          "propertyOrder" : 31100,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "applicationLogoutUrls" : {
          "title" : "Logout URL List",
          "description" : "List of application logout URLs. User gets logged out from AM session when these urls accessed. (property name: com.sun.identity.agents.config.agent.logout.url). If this property is used, user should specify a value for the below Logout Redirect URL property. <br> Example: <br> http://myagent.mydomain.com/logout.html",
          "propertyOrder" : 30300,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "enableLogoutRegex" : {
          "title" : "Enable Regex for Logout URL List",
          "description" : "This property allows regular expressions in \"Logout URL List\" (property: org.forgerock.agents.config.logout.regex.enable)",
          "propertyOrder" : 30530,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "regexConditionalLoginUrl" : {
          "title" : "Regular Expression Conditional Login URL",
          "description" : "Conditionally redirect users based on the incoming request URL. If the incoming request URL matches a regular expression, the web agent redirects the request to a specific URL. That specific URL can be an AM instance, site, or a different website. Specifies the redirection URL and its parameters. This property needs to configure \"Regular Expression Conditional Login Pattern\" <br>Example: <br>  org.forgerock.agents.config.conditional.login.pattern[0] = .*shop <br>  org.forgerock.agents.config.conditional.login.url[0] = http://openam.example.com/openam/oauth2/authorize?realm=sales <br>(property: org.forgerock.agents.config.conditional.login.url)",
          "propertyOrder" : 30100,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "userIdParameter" : {
          "title" : "User ID Parameter",
          "description" : "Agent sets value of User Id to REMOTE_USER server variable. (property name: com.sun.identity.agents.config.userid.param)",
          "propertyOrder" : 30800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "regexConditionalLoginPattern" : {
          "title" : "Regular Expression Conditional Login Pattern",
          "description" : "Conditionally redirect users based on the incoming request URL. If the incoming request URL matches a regular expression, the web agent redirects the request to a specific URL. That specific URL can be an AM instance, site, or a different website. Specifies the regular expression that the domain name must match. This property needs to configure \"Regular Expression Conditional Login URL\" <br>Example: <br>  org.forgerock.agents.config.conditional.login.pattern[0] = .*shop <br>  org.forgerock.agents.config.conditional.login.url[0] = http://openam.example.com/openam/oauth2/authorize?realm=sales <br>(property: org.forgerock.agents.config.conditional.login.pattern)",
          "propertyOrder" : 30050,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "logoutResetCookies" : {
          "title" : "Logout Cookies List for Reset",
          "description" : "Any cookies to be reset upon logout in the same format as cookie reset list. (property name: com.sun.identity.agents.config.logout.cookie.reset) <br> Cookie1 <br> Cookie2=value;Domain=subdomain.domain.com",
          "propertyOrder" : 30400,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "policyClockSkew" : {
          "title" : "Policy Clock Skew",
          "description" : "Time in seconds used adjust time difference between Agent machine and AM. Clock skew in seconds = AgentTime - AMServerTime. (property name: com.sun.identity.agents.config.policy.clock.skew) <br>Required Agent Restart",
          "propertyOrder" : 31200,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "conditionalLoginUrl" : {
          "title" : "AM Conditional Login URL",
          "description" : "Conditionally redirect users based on the incoming request URL. If the incoming request URL matches a specified domain name, the web agent redirects the request to a specific URL. That specific URL can be an AM instance, site, or a different website. <br>Example: <br>  example.com|https://openam.example.com/openam/oauth2/authorize <br>  myapp.domain.com|https://openam2.example.com/openam/oauth2/authorize?realm=sales (property: com.forgerock.agents.conditional.login.url)",
          "propertyOrder" : 30000,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "policyCachePollingInterval" : {
          "title" : "Policy Cache Polling Period",
          "description" : "Polling interval in minutes to refresh agent's policy cache. (property name: com.sun.identity.agents.config.policy.cache.polling.interval) <br>Required Agent Restart",
          "propertyOrder" : 30600,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "amLoginUrl" : {
          "title" : "AM Login URL",
          "description" : "AM login page URL. (property name: com.sun.identity.agents.config.login.url)  <br> Example: <br> http://host:port/am/UI/Login",
          "propertyOrder" : 29900,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "invalidateLogoutSession" : {
          "title" : "Invalidate Logout Session",
          "description" : "Specifies whether the agent must invalidate the user session in AM when redirecting to the logout URL specified either by the Logout URL list (com.sun.identity.agents.config.agent.logout.url) or the AM logout URL (com.sun.identity.agents.config.logout.url) properties. (property: org.forgerock.agents.config.logout.session.invalidate)",
          "propertyOrder" : 30520,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "policyEvaluationRealm" : {
          "title" : "Policy Evaluation Realm",
          "description" : "Which realm to start evaluating from. (property name: org.forgerock.openam.agents.config.policy.evaluation.realm)",
          "propertyOrder" : 31300,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "userIdParameterType" : {
          "title" : "User ID Parameter Type",
          "description" : "User ID can be fetched from either SESSION and LDAP attributes. (property name: com.sun.identity.agents.config.userid.param.type)",
          "propertyOrder" : 30900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "ssoCachePollingInterval" : {
          "title" : "SSO Cache Polling Period",
          "description" : "Polling interval in minutes to refresh agent's sso cache. (property name: com.sun.identity.agents.config.sso.cache.polling.interval) <br>Required Agent Restart",
          "propertyOrder" : 30700,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "logoutRedirectUrl" : {
          "title" : "Logout Redirect URL",
          "description" : "User gets redirected to this url after logout. (property name: com.sun.identity.agents.config.logout.redirect.url). This property should be specified along with the above Logout URL List.",
          "propertyOrder" : 30500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "amLogoutUrl" : {
          "title" : "AM Logout URL",
          "description" : "AM logout page URL. (property name: com.sun.identity.agents.config.logout.url)  <br> Example: <br> http://host:port/am/UI/Logout",
          "propertyOrder" : 30200,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "logoutRedirectDisabled" : {
          "title" : "Disabled Logout Redirection",
          "description" : "When disabled, instead of redirecting the user-agent, the web agent performs session logout in the background and then continues processing access to the current URL. (property: com.forgerock.agents.config.logout.redirect.disable)",
          "propertyOrder" : 30510,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "policyEvaluationApplication" : {
          "title" : "Policy Set",
          "description" : "Which application contains the policies to evaluate with. (property name: org.forgerock.openam.agents.config.policy.evaluation.application)",
          "propertyOrder" : 31400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "ssoWebAgentConfig" : {
      "type" : "object",
      "title" : "SSO",
      "propertyOrder" : 2,
      "properties" : {
        "cookieName" : {
          "title" : "Cookie Name",
          "description" : "Name of the SSO Token cookie used between the AM server and the Agent. (property name: com.sun.identity.agents.config.cookie.name)<br>Required Agent Restart",
          "propertyOrder" : 29100,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "persistentJwtCookie" : {
          "title" : "Persistent JWT Cookie",
          "description" : "Enable persistence for JWT cookie. If true JWT cookie will not be set as Session Cookie. (property: org.forgerock.agents.config.cdsso.persistent.cookie.enable)",
          "propertyOrder" : 29270,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "cdssoRedirectUri" : {
          "title" : "CDSSO Redirect URI",
          "description" : "An intermediate URI that is used by the Agent for processing CDSSO requests. (property name: org.forgerock.agents.authn.redirect.uri) ",
          "propertyOrder" : 29300,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "cookieResetOnRedirect" : {
          "title" : "Session Cookie Reset on Authentication Redirect",
          "description" : "When set to true. the agent will not reset the session cookie on an authentication redirect if there is a policy advice present.By default, the agent resets the session cookie in all configured domains on every authentication redirect when a policy advice is present. (property: org.forgerock.agents.config.cdsso.advice.cleanup.disable)",
          "propertyOrder" : 29400,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "cookieResetEnabled" : {
          "title" : "Cookie Reset",
          "description" : "Agent resets cookies in the response before redirecting to authentication. (property name: com.sun.identity.agents.config.cookie.reset.enable)",
          "propertyOrder" : 29700,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "secureCookies" : {
          "title" : "Cookie Security",
          "description" : "Agent sends secure cookies if communication is secure. (property name: com.sun.identity.agents.config.cookie.secure) <br>Required Agent Restart",
          "propertyOrder" : 29200,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "acceptSsoToken" : {
          "title" : "Accept SSO Token",
          "description" : "Specifies whether the agent should accept SSO tokens as session cookies alongside with ID tokens. Possible values: <br>- false. The agent does not accept SSO Tokens <br>- true. The agent accepts both SSO tokens and ID tokens as session tokens during the login flow, and afterwards. SSO tokens are not converted to ID tokens <br>Set this property to \"true\" only for specific migration cases (see documentation for more info) <br>(property: com.forgerock.agents.accept.sso.token) (Agent 5.7+ only)",
          "propertyOrder" : 29850,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "httpOnly" : {
          "title" : "HTTP Only Mode",
          "description" : "Agents with this property set to true mark cookies as HTTPOnly to prevent scripts and third-party programs from accessing the cookies. (property: com.sun.identity.cookie.httponly)",
          "propertyOrder" : 29250,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "multivaluePreAuthnCookie" : {
          "title" : "Multivalue for Pre-Authn Cookie",
          "description" : "With this set, the agent will use a legacy mode to create cookies that are used to track unauthenticated requests that have been redirected to login. This mode should only be used for backward compatibility, where the pre-5.7 way of tracking redirected requests is required, perhaps because the cookie names are referenced in proxy configuration. This property need not be set in any other situation. (property: org.forgerock.openam.agents.config.multivalue.pre.authn.cookies)",
          "propertyOrder" : 29280,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "cookieResetList" : {
          "title" : "Cookies Reset Name List",
          "description" : "List of cookies in the format: name[=value][;Domain=value]. (property name: com.sun.identity.agents.config.cookie.reset) <br> Examples: <br> Cookie1 <br> Cookie2=value;Domain=subdomain.domain.com",
          "propertyOrder" : 29800,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sameSite" : {
          "title" : "SameSite Cookie Attribute",
          "description" : "If set, agent will add SameSite attribute to all cookies created by agent with value which is provided in this property. <br>Example: Strict, Lax, None (property: com.forgerock.agents.cdsso.cookie.samesite)",
          "propertyOrder" : 29260,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "cdssoCookieDomain" : {
          "title" : "Cookies Domain List",
          "description" : "List of domains in which cookies have to be set in CDSSO. (property name: com.sun.identity.agents.config.cdsso.cookie.domain) <br> Example: <br> .example.com",
          "propertyOrder" : 29600,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        }
      }
    },
    "advancedWebAgentConfig" : {
      "type" : "object",
      "title" : "Advanced",
      "propertyOrder" : 5,
      "properties" : {
        "pdpStickySessionMode" : {
          "title" : "POST Data Sticky Load Balancing Mode",
          "description" : "Specifies whether to create a cookie, or to append a query string to the URL to assist with sticky load balancing. Possible values are: <br>COOKIE. The web agent creates a cookie with the value specified in the com.sun.identity.agents.config.postdata.preserve.stickysession.value property. <br>URL. The web agent appends the value specified in the com.sun.identity.agents.config.postdata.preserve.stickysession.value to the URL query string. <br> (property: com.sun.identity.agents.config.postdata.preserve.stickysession.mode)",
          "propertyOrder" : 33700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "pdpStickySessionValue" : {
          "title" : "POST Data Sticky Load Balancing Value",
          "description" : "Specifies a key-value pair separated by the = character that the web agent creates when evaluating the \"POST Data Sticky Load Balancing Mode\". For example, a setting of lb=myserver either sets an lb cookie with myserver value, or adds lb=myserver to the URL query string. When configuring POST data preservation with cookies, set the cookie name in the cookie pair to the same value configured in the \"POST Data Sticky Load Balancing Cookie Name\". (property: com.sun.identity.agents.config.postdata.preserve.stickysession.value)",
          "propertyOrder" : 33710,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "logonAndImpersonation" : {
          "title" : "Logon and Impersonation",
          "description" : "Set to true if agent should do Windows Logon and User Impersonation. (property name: com.sun.identity.agents.config.iis.logonuser)",
          "propertyOrder" : 34500,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "clientHostnameHeader" : {
          "title" : "Client Hostname Header",
          "description" : "HTTP header name that holds the Hostname of the client. (property name: org.forgerock.agents.http.header.containing.remote.hostname) ",
          "propertyOrder" : 32900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "fragmentRedirectEnabled" : {
          "title" : "Fragment Redirect Enabled",
          "description" : "Enable to save the browser's URL fragment during authentication. <br>(property: org.forgerock.agents.config.fragment.redirect.enable) (Agent 5.7+ only)",
          "propertyOrder" : 33400,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "postDataPreservation" : {
          "title" : "POST Data Preservation",
          "description" : "Enables POST data preservation. (property name: com.sun.identity.agents.config.postdata.preserve.enable) <br> Note that this feature is not supported in all the web agents. Please refer individual agents documentation for more details.",
          "propertyOrder" : 33500,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "overrideRequestPort" : {
          "title" : "Override Request URL Port",
          "description" : "Set to true if the agent is sitting behind a ssl/tls off-loader, load balancer, or proxy to override the port with the value from the property com.sun.identity.agents.config.agenturi.prefix. (property name: com.sun.identity.agents.config.override.port)",
          "propertyOrder" : 33300,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "pdpJavascriptRepost" : {
          "title" : "Show Password in HTTP Header",
          "description" : "Set to true if encrypted password should be set in HTTP header AUTH_PASSWORD. (property name: com.sun.identity.agents.config.iis.password.header)",
          "propertyOrder" : 33730,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "clientIpHeader" : {
          "title" : "Client IP Address Header",
          "description" : "HTTP header name that holds the IP address of the client. (property name: org.forgerock.agents.http.header.containing.ip.address) ",
          "propertyOrder" : 32800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "postDataCachePeriod" : {
          "title" : "POST Data Entries Cache Period",
          "description" : "POST cache entry lifetime in minutes. (property name: com.sun.identity.agents.config.postcache.entry.lifetime)",
          "propertyOrder" : 33600,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "replayPasswordKey" : {
          "title" : "Replay Password Key",
          "description" : "DES key for decrypting the basic authentication password in the session. (property name: com.sun.identity.agents.config.replaypasswd.key)",
          "propertyOrder" : 33900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "customProperties" : {
          "title" : "Custom Properties",
          "description" : "Additional properties that allow users to augment the set of properties supported by agent. (property name: com.sun.identity.agents.config.freeformproperties)  <br> Examples: <br> customproperty=custom-value1 <br> customlist[0]=customlist-value-0 <br> customlist[1]=customlist-value-1 <br> custommap[key1]=custommap-value-1 <br> custommap[key2]=custommap-value-2",
          "propertyOrder" : 35100,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "overrideRequestProtocol" : {
          "title" : "Override Request URL Protocol",
          "description" : "Set to true if the agent is sitting behind a ssl/tls off-loader, load balancer, or proxy to override the protocol with the value from the property com.sun.identity.agents.config.agenturi.prefix. (property name: com.sun.identity.agents.config.override.protocol)",
          "propertyOrder" : 33100,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "showPasswordInHeader" : {
          "title" : "Show Password in HTTP Header",
          "description" : "Set to true if encrypted password should be set in HTTP header AUTH_PASSWORD. (property name: com.sun.identity.agents.config.iis.password.header)",
          "propertyOrder" : 34400,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "pdpStickySessionCookieName" : {
          "title" : "POST Data Sticky Load Balancing Cookie Name",
          "description" : "Specifies the name of a cookie to use for enabling sticky load balancing when the \"POST Data Sticky Load Balancing Mode\" property is set to COOKIE. Set the cookie name to the same value configured in the \"POST Data Sticky Load Balancing Value\" property. (property: com.sun.identity.agents.config.postdata.preserve.lbcookie)",
          "propertyOrder" : 33720,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "overrideRequestHost" : {
          "title" : "Override Request URL Host",
          "description" : "Set to true if the agent is sitting behind a ssl/tls off-loader, load balancer, or proxy to override the host with the value from the property com.sun.identity.agents.config.agenturi.prefix. (property name: com.sun.identity.agents.config.override.host)",
          "propertyOrder" : 33200,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "pdpSkipPostUrl" : {
          "title" : "URLs Ignored by the Agent POST Data Inspector",
          "description" : "Specifies a list of URLs that will not be processed by the web agent POST data inspector. This allows other modules on the same server to access the POST data directly. <br>The following example uses wildcards to add a file named postreader.jsp in the root of any protected website to the list of URLs that will not have their POST data inspected: <br>http*://*:*/postreader.jsp <br>Any URLs added to this property should also be added to the Not-Enforced URLs <br> (property: org.forgerock.agents.config.skip.post.url)",
          "propertyOrder" : 33740,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        }
      }
    },
    "miscWebAgentConfig" : {
      "type" : "object",
      "title" : "Miscellaneous",
      "propertyOrder" : 4,
      "properties" : {
        "addCacheControlHeader" : {
          "title" : "Add Cache-Control Headers",
          "description" : "Set this property to true to enable use of Cache-Control headers that prevent proxies from caching resources accessed by unauthenticated users. (property: com.forgerock.agents.cache_control_header.enable)",
          "propertyOrder" : 32710,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "urlJsonResponse" : {
          "title" : "URLs to Receive JSON-Formatted Responses",
          "description" : "Returning the responses in JSON format is useful for non-browser-based, or AJAX applications, that may not want to redirect users to the AM user interface for authentication. <br>Example: org.forgerock.agents.config.json.url[0]=http*://*.example.com:*/api/* <br>org.forgerock.agents.config.json.response.code=202 <br>(property: org.forgerock.agents.config.json.url)",
          "propertyOrder" : 32730,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "anonymousUserId" : {
          "title" : "Anonymous User Default Value",
          "description" : "User id of unauthenticated users. (property name: com.sun.identity.agents.config.anonymous.user.id)",
          "propertyOrder" : 32700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "statusCodeJsonResponse" : {
          "title" : "HTTP Return Code for JSON-Formatted Responses",
          "description" : "Specifies an HTTP response code to return when a JSON-formatted error is triggered. (property: org.forgerock.agents.config.json.response.code)",
          "propertyOrder" : 32760,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "encodeUrlSpecialCharacters" : {
          "title" : "Encode URL's Special Characters",
          "description" : "Encodes the url which has special characters before doing policy evaluation. (property name: com.sun.identity.agents.config.encode.url.special.chars.enable)",
          "propertyOrder" : 32100,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "mineEncodeHeader" : {
          "title" : "MIME-Encode HTTP Header Values",
          "description" : "Specifies whether the agent must MIME-encode HTTP header values, and when to do it. Possible values are: <br>  0. The agent MIME-encodes the value of HTTP headers if said value is a multi-byte Unicode string. <br>  1. The agent MIME-encodes the value of every HTTP header. <br>  2. The agent does not MIME-encode the value of any HTTP header. <br> (property: com.forgerock.agents.header.mime.encode)",
          "propertyOrder" : 32720,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "compositeAdviceEncode" : {
          "title" : "Composite Advice Encode",
          "description" : "This property is used to specify whether AM composite advices should be based64url encoded before sending to custom login endpoints. (property: com.forgerock.agents.advice.b64.url.encode)",
          "propertyOrder" : 32300,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "compositeAdviceRedirect" : {
          "title" : "Composite Advice Handling",
          "description" : "When set to true, the agent sends composite advice in the query (GET request) instead of sending it through a POST request. (property: com.sun.am.use_redirect_for_advice)",
          "propertyOrder" : 32200,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "ignorePathInfo" : {
          "title" : "Ignore Path Info in Request URL",
          "description" : "The path info will be stripped from the request URL while doing Not Enforced List check and url policy evaluation if the value is set to true. (property name: com.sun.identity.agents.config.ignore.path.info)",
          "propertyOrder" : 32400,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "gotoParameterName" : {
          "title" : "Goto Parameter Name",
          "description" : "This is the name of the HTTP query \"goto\" parameter. It is not recommended to change it. (property name: com.sun.identity.agents.config.redirect.param) ",
          "propertyOrder" : 32600,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "invertUrlJsonResponse" : {
          "title" : "Invert Properties That Receive JSON-Formatted Responses",
          "description" : "Set to true to invert the meaning of both the org.forgerock.agents.config.json.url and org.forgerock.agents.config.json.header properties. When inverted the specified values in those two properties will not trigger JSON-formatted responses. Any non-specified value will trigger JSON-formatted responses, instead. (property: org.forgerock.agents.config.json.url.invert)",
          "propertyOrder" : 32750,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "invalidUrlRegex" : {
          "title" : "Invalid URL Regular Expression",
          "description" : "Specifies a Perl-compatible regular expression to parse valid request URLs. The web agent rejects requests to invalid URLs with HTTP 403 Forbidden status without further processing. <br>Example, to filter out URLs containing a list of characters and words such as ./ /. / . %00-%1f, %7f-%ff, %25, %2B, %2C, %7E, .info, configure the following regular expression: <br>^(\\?!.\\/|\\/.|.|.info|%2B|%00-%1f|%7f-%ff|%25|%2C|%7E).*$ <br>(property: com.forgerock.agents.agent.invalid.url.regex)",
          "propertyOrder" : 32500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "profileAttributesCookiePrefix" : {
          "title" : "Profile Attributes Cookie Prefix",
          "description" : "Sets cookie prefix in the attributes headers. (property name: com.sun.identity.agents.config.profile.attribute.cookie.prefix)",
          "propertyOrder" : 31800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "headerJsonResponse" : {
          "title" : "Headers and Values to Receive JSON-Formatted Responses",
          "description" : "Specify HTTP headers and associated values that trigger JSON-formatted errors to be returned. <br>Example: <br>org.forgerock.agents.config.json.header[enableJsonResponse]=true <br>org.forgerock.agents.config.json.response.code=202 <br>(property: org.forgerock.agents.config.json.header[Header]=Value)",
          "propertyOrder" : 32740,
          "required" : false,
          "patternProperties" : {
            ".*" : {
              "type" : "string"
            }
          },
          "type" : "object",
          "exampleValue" : ""
        },
        "encodeSpecialCharsInCookies" : {
          "title" : "Encode special chars in Cookies",
          "description" : "Encode special chars in cookie by URL encoding. Useful when profile, session and response attributes contain special chars and attributes fetch mode is set to HTTP_COOKIE. (property name: com.sun.identity.agents.config.encode.cookie.special.chars.enable)  ",
          "propertyOrder" : 31700,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "caseInsensitiveUrlComparison" : {
          "title" : "URL Comparison Case Sensitivity Check",
          "description" : "Enforces case insensitivity in both policy and not enforced url evaluation. (property name: com.sun.identity.agents.config.url.comparison.case.ignore)",
          "propertyOrder" : 32000,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "anonymousUserEnabled" : {
          "title" : "Anonymous User",
          "description" : "Enable/Disable REMOTE_USER processing for anonymous users. (property name: com.sun.identity.agents.config.anonymous.user.enable)",
          "propertyOrder" : 31600,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "profileAttributesCookieMaxAge" : {
          "title" : "Profile Attributes Cookie Maxage",
          "description" : "Maxage of attributes cookie headers. (property name: com.sun.identity.agents.config.profile.attribute.cookie.maxage)",
          "propertyOrder" : 31900,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    }
  }
}
Read a different version of :