HTTP OAuth2 OpenAM Authorization Mechanism

The HTTP OAuth2 OpenAM Authorization Mechanism is used to define OAuth2 authorization using an OpenAM server as authorization server .

Parent

The HTTP OAuth2 OpenAM Authorization Mechanism object inherits from HTTP OAuth2 Authorization Mechanism.

Dependencies

HTTP OAuth2 OpenAM Authorization Mechanisms depend on the following objects:

Basic Properties

access-token-cache-enabled

SynopsisIndicates whether the HTTP OAuth2 Authorization Mechanism is enabled for use.
Default Value

false

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced

No

Read-Only

No

access-token-cache-expiration

SynopsisToken cache expiration
Default Value

None

Allowed Values

Uses Duration Syntax .

Lower limit: 0 seconds.

Upper limit: 2147483647 seconds.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced

No

Read-Only

No

authzid-json-pointer

SynopsisSpecifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document.
Default Value

None

Allowed Values

A string.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced

No

Read-Only

No

enabled

SynopsisIndicates whether the HTTP Authorization Mechanism is enabled.
Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced

No

Read-Only

No

identity-mapper

SynopsisSpecifies the name of the identity mapper(s) to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token.
Default Value

None

Allowed Values

The name of an existing Identity Mapper .

The referenced identity mapper(s) must be enabled when the HTTP OAuth2 Authorization Mechanism is enabled.

Multi-valued

Yes

Required

Yes

Admin Action Required

None

Advanced

No

Read-Only

No

key-manager-provider

SynopsisSpecifies the name of the key manager that should be used with this HTTP OAuth2 OpenAM Authorization Mechanism .
Default Value

By default the system key manager(s) will be used.

Allowed Values

The name of an existing Key Manager Provider .

The referenced key manager provider must be enabled.

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property take effect immediately, but only for subsequent requests to the authorization server.

Advanced

No

Read-Only

No

required-scope

SynopsisScopes required to grant access to the service.
Default Value

None

Allowed Values

A string.

Multi-valued

Yes

Required

Yes

Admin Action Required

None

Advanced

No

Read-Only

No

ssl-cert-nickname

SynopsisSpecifies the nicknames (also called the aliases) of the keys or key pairs that the HTTP OAuth2 OpenAM Authorization Mechanism should use when performing SSL communication.
DescriptionThe property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the HTTP OAuth2 OpenAM Authorization Mechanism is configured to use SSL.
Default Value

Let the server decide.

Allowed Values

A string.

Multi-valued

Yes

Required

No

Admin Action Required

The object must be disabled and re-enabled for changes to take effect.

Advanced

No

Read-Only

No

ssl-cipher-suite

SynopsisSpecifies the names of the SSL cipher suites that are allowed for use in SSL or TLS communication.
Default Value

Uses the default set of SSL cipher suites provided by the server's JVM.

Allowed Values

A string.

Multi-valued

Yes

Required

No

Admin Action Required

None

Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change.

Advanced

No

Read-Only

No

ssl-protocol

SynopsisSpecifies the names of the SSL protocols that are allowed for use in SSL or TLS communication.
Default Value

Uses the default set of SSL protocols provided by the server's JVM.

Allowed Values

A string.

Multi-valued

Yes

Required

No

Admin Action Required

None

Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change.

Advanced

No

Read-Only

No

token-info-url

SynopsisDefines the OpenAM endpoint URL where the access-token resolution request should be sent.
Default Value

None

Allowed Values

A string.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced

No

Read-Only

No

trust-manager-provider

SynopsisSpecifies the name of the trust manager that should be used when negotiating SSL connections with the remote authorization server.
Default Value

By default, no trust manager is specified indicating that only certificates signed by the authorities associated with this JVM will be accepted.

Allowed Values

The name of an existing Trust Manager Provider .

The referenced trust manager provider must be enabled when SSL is enabled.

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property take effect immediately, but only impact subsequent SSL connection negotiations.

Advanced

No

Read-Only

No

Advanced Properties

Use the --advanced option to access advanced properties.

java-class

SynopsisSpecifies the fully-qualified name of the Java class that provides the HTTP OAuth2 OpenAM Authorization Mechanism implementation.
Default Value

org.opends.server.protocols.http.authz.HttpOAuth2OpenAmAuthorizationMechanism

Allowed Values

A Java class that extends or implements:

  • org.opends.server.protocols.http.authz.HttpAuthorizationMechanism

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced

Yes

Read-Only

No

Read a different version of :