HTTP OAuth2 OpenAM Authorization Mechanism
The HTTP OAuth2 OpenAM Authorization Mechanism is used to define OAuth2 authorization using an OpenAM server as authorization server .
Parent
The HTTP OAuth2 OpenAM Authorization Mechanism object inherits from HTTP OAuth2 Authorization Mechanism.
Dependencies
HTTP OAuth2 OpenAM Authorization Mechanisms depend on the following objects:
HTTP OAuth2 OpenAM Authorization Mechanism Properties
You can use configuration expressions to set property values at startup time. For details, see Property Value Substitution.
Basic Properties
| Synopsis | Indicates whether the HTTP OAuth2 Authorization Mechanism is enabled for use. |
| Default Value | false |
| Allowed Values | true false |
| Multi-valued | No |
| Required | Yes |
| Admin Action Required | None |
| Advanced | No |
| Read-Only | No |
| Synopsis | Token cache expiration |
| Default Value | None |
| Allowed Values | Uses Duration Syntax . Lower limit: 0 seconds. Upper limit: 2147483647 seconds. |
| Multi-valued | No |
| Required | No |
| Admin Action Required | None |
| Advanced | No |
| Read-Only | No |
| Synopsis | Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. |
| Default Value | None |
| Allowed Values | A string. |
| Multi-valued | No |
| Required | Yes |
| Admin Action Required | None |
| Advanced | No |
| Read-Only | No |
| Synopsis | Indicates whether the HTTP Authorization Mechanism is enabled. |
| Default Value | None |
| Allowed Values | true false |
| Multi-valued | No |
| Required | Yes |
| Admin Action Required | None |
| Advanced | No |
| Read-Only | No |
| Synopsis | Specifies the name of the identity mapper(s) to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token. |
| Default Value | None |
| Allowed Values | The name of an existing Identity Mapper . The referenced identity mapper(s) must be enabled when the HTTP OAuth2 Authorization Mechanism is enabled. |
| Multi-valued | Yes |
| Required | Yes |
| Admin Action Required | None |
| Advanced | No |
| Read-Only | No |
| Synopsis | Specifies the name of the key manager that should be used with this HTTP OAuth2 OpenAM Authorization Mechanism . |
| Default Value | By default the system key manager(s) will be used. |
| Allowed Values | The name of an existing Key Manager Provider . The referenced key manager provider must be enabled. |
| Multi-valued | No |
| Required | No |
| Admin Action Required | None Changes to this property take effect immediately, but only for subsequent requests to the authorization server. |
| Advanced | No |
| Read-Only | No |
| Synopsis | Scopes required to grant access to the service. |
| Default Value | None |
| Allowed Values | A string. |
| Multi-valued | Yes |
| Required | Yes |
| Admin Action Required | None |
| Advanced | No |
| Read-Only | No |
| Synopsis | Specifies the nicknames (also called the aliases) of the keys or key pairs that the HTTP OAuth2 OpenAM Authorization Mechanism should use when performing SSL communication. |
| Description | The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the HTTP OAuth2 OpenAM Authorization Mechanism is configured to use SSL. |
| Default Value | Let the server decide. |
| Allowed Values | A string. |
| Multi-valued | Yes |
| Required | No |
| Admin Action Required | The object must be disabled and re-enabled for changes to take effect. |
| Advanced | No |
| Read-Only | No |
| Synopsis | Specifies the names of the SSL cipher suites that are allowed for use in SSL or TLS communication. |
| Default Value | Uses the default set of SSL cipher suites provided by the server's JVM. |
| Allowed Values | A string. |
| Multi-valued | Yes |
| Required | No |
| Admin Action Required | None Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. |
| Advanced | No |
| Read-Only | No |
| Synopsis | Specifies the names of the SSL protocols that are allowed for use in SSL or TLS communication. |
| Default Value | Uses the default set of SSL protocols provided by the server's JVM. |
| Allowed Values | A string. |
| Multi-valued | Yes |
| Required | No |
| Admin Action Required | None Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. |
| Advanced | No |
| Read-Only | No |
| Synopsis | Defines the OpenAM endpoint URL where the access-token resolution request should be sent. |
| Default Value | None |
| Allowed Values | A string. |
| Multi-valued | No |
| Required | Yes |
| Admin Action Required | None |
| Advanced | No |
| Read-Only | No |
| Synopsis | Specifies the name of the trust manager that should be used when negotiating SSL connections with the remote authorization server. |
| Default Value | By default, no trust manager is specified indicating that only certificates signed by the authorities associated with this JVM will be accepted. |
| Allowed Values | The name of an existing Trust Manager Provider . The referenced trust manager provider must be enabled when SSL is enabled. |
| Multi-valued | No |
| Required | No |
| Admin Action Required | None Changes to this property take effect immediately, but only impact subsequent SSL connection negotiations. |
| Advanced | No |
| Read-Only | No |
Advanced Properties
Use the --advanced option to access advanced properties.
| Synopsis | Specifies the fully-qualified name of the Java class that provides the HTTP OAuth2 OpenAM Authorization Mechanism implementation. |
| Default Value | org.opends.server.protocols.http.authz.HttpOAuth2OpenAmAuthorizationMechanism |
| Allowed Values | A Java class that extends or implements:
|
| Multi-valued | No |
| Required | Yes |
| Admin Action Required | None |
| Advanced | Yes |
| Read-Only | No |