How To

How do I enable HTTP PUT, DELETE and PATCH actions so I can include them in my policies in OpenAM 11.0.0 and 11.0.1?

Last updated Jan 5, 2021

The purpose of this article is to provide information about enabling the HTTP PUT, DELETE and PATCH actions so they can be included in your OpenAM 11.0.0 and 11.0.1 policies. The HTTP GET and POST actions are already available for inclusion in your policies by default.

2 readers recommend this article

This article has been archived and is no longer maintained by ForgeRock.

Enabling additional HTTP actions

You can enable additional HTTP actions as follows:

  1. Back up the amWebAgent.xml file (located in the $HOME/[openam_instance]/config/xml directory).
  2. Edit the amWebAgent.xml file and include the following Attribute schema details to add all three HTTP actions: <AttributeSchema name="PUT" type="single" syntax="boolean" uitype="radio" i18nKey="PUT"> <IsResourceNameAllowed/> <BooleanValues> <BooleanTrueValue i18nKey="allow">allow</BooleanTrueValue> <BooleanFalseValue i18nKey="deny">deny</BooleanFalseValue> </BooleanValues> </AttributeSchema> <AttributeSchema name="DELETE" type="single" syntax="boolean" uitype="radio" i18nKey="DELETE"> <IsResourceNameAllowed/> <BooleanValues> <BooleanTrueValue i18nKey="allow">allow</BooleanTrueValue> <BooleanFalseValue i18nKey="deny">deny</BooleanFalseValue> </BooleanValues> </AttributeSchema> <AttributeSchema name="PATCH" type="single" syntax="boolean" uitype="radio" i18nKey="PATCH"> <IsResourceNameAllowed/> <BooleanValues> <BooleanTrueValue i18nKey="allow">allow</BooleanTrueValue> <BooleanFalseValue i18nKey="deny">deny</BooleanFalseValue> </BooleanValues> </AttributeSchema>
  3. Enter the following ssoadm command to import the amended file: $ ./ssoadm update-svc -X amWebAgent.xml -u [adminID] -f [passwordfile] replacing [adminID] and [passwordfile] with appropriate values.
  4. Create a data file (called DATA_FILE to match the next command) with the following contents: actions=DELETE=true actions=GET=true actions=PATCH=true actions=POST=true actions=PUT=true
  5. Enter the following ssoadm command to update the sub configurations: $ ./ssoadm set-sub-cfg -u [adminID] -f [passwordfile] -s sunEntitlementService -g "applicationTypes/iPlanetAMWebAgentService" -o set -D DATA_FILE replacing [adminID] and [passwordfile] with appropriate values.
  6. Restart the web application container in which OpenAM runs to apply these configuration changes.
  7. You can now add these HTTP actions to your policies.

This issue is also fixed in OpenAM 11.0.2 and later; you can download this from BackStage.

See Also

OpenAM Reference › OpenAM Command Line Tools › ssoadm

Related Training


Related Issue Tracker IDs

OPENAM-336 (Add support for HTTP PUT and DELETE operations to the entitlements framework)

Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.