PingDS 7.5.0

HDAP Authorization Mechanism

The HDAP Authorization Mechanism authenticates the end-user using either a DN / password or using a JWT bearer token (obtained using the HDAP "authenticate" action) or anonymously depending on the user privileges on the requested resource.

Parent

The HDAP Authorization Mechanism object inherits from HTTP Authorization Mechanism.

Dependencies

HDAP Authorization Mechanisms depend on the following objects:

HDAP Authorization Mechanism properties

You can use configuration expressions to set property values at startup time. For details, see Property value substitution.

Basic Properties Advanced Properties

enabled
jwt-algorithm
jwt-key-alias
jwt-key-manager-provider
jwt-validity-period

java-class

Basic properties

Use the --advanced option to access advanced properties.

enabled

Synopsis

Indicates whether the HTTP Authorization Mechanism is enabled.

Default value

None

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

jwt-algorithm

Synopsis

The JWT algorithm used to sign and validate the HTTP requests.

Default value

HS256

Allowed values

A string.

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

jwt-key-alias

Synopsis

Specifies the alias of the key from the key manager that is used for the JWT support with the HDAP Authorization Mechanism. If it is not specified and the HDAP Authorization Mechanism is enabled, an internal generated key will be used to sign and validate the JWTs.

Default value

None

Allowed values

A string.

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

jwt-key-manager-provider

Synopsis

Specifies the name of the key manager that is used for the JWT support with theHDAP Authorization Mechanism.

Default value

None

Allowed values

The name of an existing key-manager-provider.

The referenced key manager provider must be enabled.

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

jwt-validity-period

Synopsis

The validity period for a JWT.

Default value

5 minutes

Allowed values

Lower limit: 0 seconds.

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

Advanced properties

Use the --advanced option to access advanced properties.

java-class

Synopsis

Specifies the fully-qualified name of the Java class that provides the HDAP Authorization Mechanism implementation.

Default value

org.opends.server.protocols.http.authz.HdapAuthorizationMechanism

Allowed values

A Java class that extends or implements:

  • org.opends.server.protocols.http.authz.HttpAuthorizationMechanism

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

Yes

Read-only

No

Copyright © 2010-2024 ForgeRock, all rights reserved.