HTTP OAuth2 OpenAM Authorization Mechanism

The HTTP OAuth2 OpenAM Authorization Mechanism is used to define OAuth2 authorization using an OpenAM server as authorization server .

Parent

The HTTP OAuth2 OpenAM Authorization Mechanism object inherits from HTTP OAuth2 Authorization Mechanism.

Dependencies

HTTP OAuth2 OpenAM Authorization Mechanisms depend on the following objects:

Properties

Use the --advanced option to access advanced properties.

Basic Properties

Advanced Properties

Basic Properties

access-token-cache-enabled

SynopsisIndicates whether the HTTP OAuth2 Authorization Mechanism is enabled for use.
Default Valuefalse
Allowed Valuestrue
false
Multi-valuedNo
RequiredYes
Admin Action RequiredNone
AdvancedNo
Read-OnlyNo

access-token-cache-expiration

SynopsisToken cache expiration
Default ValueNone
Allowed ValuesA duration. Lower limit: 0 seconds. Upper limit: 2147483647 seconds.
Multi-valuedNo
RequiredNo
Admin Action RequiredNone
AdvancedNo
Read-OnlyNo

authzid-json-pointer

SynopsisSpecifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid)
Default ValueNone
Allowed ValuesA string.
Multi-valuedNo
RequiredYes
Admin Action RequiredNone
AdvancedNo
Read-OnlyNo

enabled

SynopsisIndicates whether the HTTP Authorization Mechanism is enabled.
Default ValueNone
Allowed Valuestrue
false
Multi-valuedNo
RequiredYes
Admin Action RequiredNone
AdvancedNo
Read-OnlyNo

identity-mapper

Synopsis> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token.
Default ValueNone
Allowed ValuesThe name of an existing Identity Mapper. The referenced identity mapper must be enabled when the HTTP OAuth2 Authorization Mechanism is enabled.
Multi-valuedNo
RequiredYes
Admin Action RequiredNone
AdvancedNo
Read-OnlyNo

key-manager-provider

SynopsisSpecifies the name of the key manager that should be used with this HTTP OAuth2 OpenAM Authorization Mechanism .
Default ValueBy default the system key manager(s) will be used.
Allowed ValuesThe name of an existing Key Manager Provider. The referenced key manager provider must be enabled.
Multi-valuedNo
RequiredNo
Admin Action RequiredNone
Changes to this property take effect immediately, but only for subsequent requests to the authorization server.
AdvancedNo
Read-OnlyNo

required-scope

SynopsisScopes required to grant access to the service.
Default ValueNone
Allowed ValuesA string.
Multi-valuedYes
RequiredYes
Admin Action RequiredNone
AdvancedNo
Read-OnlyNo

token-info-url

SynopsisDefines the OpenAM endpoint URL where the access-token resolution request should be sent.
Default ValueNone
Allowed ValuesA string.
Multi-valuedNo
RequiredYes
Admin Action RequiredNone
AdvancedNo
Read-OnlyNo

trust-manager-provider

SynopsisSpecifies the name of the trust manager that should be used when negotiating SSL connections with the remote authorization server.
Default ValueBy default, no trust manager is specified indicating that only certificates signed by the authorities associated with this JVM will be accepted.
Allowed ValuesThe name of an existing Trust Manager Provider. The referenced trust manager provider must be enabled when SSL is enabled.
Multi-valuedNo
RequiredNo
Admin Action RequiredNone
Changes to this property take effect immediately, but only impact subsequent SSL connection negotiations.
AdvancedNo
Read-OnlyNo

Advanced Properties

java-class

SynopsisSpecifies the fully-qualified name of the Java class that provides the HTTP OAuth2 OpenAM Authorization Mechanism implementation.
Default Valueorg.opends.server.protocols.http.authz.HttpOAuth2OpenAmAuthorizationMechanism
Allowed ValuesA Java class that extends or implements:
org.opends.server.protocols.http.authz.HttpAuthorizationMechanism
Multi-valuedNo
RequiredYes
Admin Action RequiredNone
AdvancedYes
Read-OnlyNo