dsconfig list-http-authorization-mechanisms — Lists existing HTTP Authorization Mechanisms
dsconfig list-http-authorization-mechanisms
{options}
The dsconfig list-http-authorization-mechanisms command takes the following options:
--property {property}
The name of a property to be displayed.
HTTP Authorization Mechanism properties depend on the HTTP Authorization Mechanism type, which depends on the {property} you provide.
By default, OpenDJ directory server supports the following HTTP Authorization Mechanism types:
Default {property}: HTTP Anonymous Authorization Mechanism
Enabled by default: true
See the section called “HTTP Anonymous Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.
Default {property}: HTTP Basic Authorization Mechanism
Enabled by default: true
See the section called “HTTP Basic Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.
Default {property}: HTTP Oauth2 Cts Authorization Mechanism
Enabled by default: true
See the section called “HTTP Oauth2 Cts Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.
Default {property}: HTTP Oauth2 File Authorization Mechanism
Enabled by default: true
See the section called “HTTP Oauth2 File Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.
Default {property}: HTTP Oauth2 Openam Authorization Mechanism
Enabled by default: true
See the section called “HTTP Oauth2 Openam Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.
Default {property}: HTTP Oauth2 Token Introspection Authorization Mechanism
Enabled by default: true
See the section called “HTTP Oauth2 Token Introspection Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.
-z | --unit-size {unit}
Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).
HTTP Authorization Mechanism properties depend on the HTTP Authorization Mechanism type, which depends on the {unit} you provide.
By default, OpenDJ directory server supports the following HTTP Authorization Mechanism types:
Default {unit}: HTTP Anonymous Authorization Mechanism
Enabled by default: true
See the section called “HTTP Anonymous Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.
Default {unit}: HTTP Basic Authorization Mechanism
Enabled by default: true
See the section called “HTTP Basic Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.
Default {unit}: HTTP Oauth2 Cts Authorization Mechanism
Enabled by default: true
See the section called “HTTP Oauth2 Cts Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.
Default {unit}: HTTP Oauth2 File Authorization Mechanism
Enabled by default: true
See the section called “HTTP Oauth2 File Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.
Default {unit}: HTTP Oauth2 Openam Authorization Mechanism
Enabled by default: true
See the section called “HTTP Oauth2 Openam Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.
Default {unit}: HTTP Oauth2 Token Introspection Authorization Mechanism
Enabled by default: true
See the section called “HTTP Oauth2 Token Introspection Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.
-m | --unit-time {unit}
Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).
HTTP Authorization Mechanism properties depend on the HTTP Authorization Mechanism type, which depends on the {unit} you provide.
By default, OpenDJ directory server supports the following HTTP Authorization Mechanism types:
Default {unit}: HTTP Anonymous Authorization Mechanism
Enabled by default: true
See the section called “HTTP Anonymous Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.
Default {unit}: HTTP Basic Authorization Mechanism
Enabled by default: true
See the section called “HTTP Basic Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.
Default {unit}: HTTP Oauth2 Cts Authorization Mechanism
Enabled by default: true
See the section called “HTTP Oauth2 Cts Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.
Default {unit}: HTTP Oauth2 File Authorization Mechanism
Enabled by default: true
See the section called “HTTP Oauth2 File Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.
Default {unit}: HTTP Oauth2 Openam Authorization Mechanism
Enabled by default: true
See the section called “HTTP Oauth2 Openam Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.
Default {unit}: HTTP Oauth2 Token Introspection Authorization Mechanism
Enabled by default: true
See the section called “HTTP Oauth2 Token Introspection Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.
HTTP Authorization Mechanisms of type http-anonymous-authorization-mechanism have the following properties:
Indicates whether the HTTP Authorization Mechanism is enabled.
None
true
false
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the HTTP Anonymous Authorization Mechanism implementation.
org.opends.server.protocols.http.authz.HttpAnonymousAuthorizationMechanism
A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism
No
Yes
None
Yes (Use --advanced in interactive mode.)
No
The authorization DN which will be used for performing anonymous operations.
By default, operations will be performed using an anonymously bound connection.
A valid DN.
No
No
None
No
No
HTTP Authorization Mechanisms of type http-basic-authorization-mechanism have the following properties:
Specifies whether user credentials may be provided using alternative headers to the standard 'Authorize' header.
false
true
false
No
Yes
None
No
No
Alternate HTTP headers to get the user's password from.
None
A String
No
No
None
No
No
Alternate HTTP headers to get the user's name from.
None
A String
No
No
None
No
No
Indicates whether the HTTP Authorization Mechanism is enabled.
None
true
false
No
Yes
None
No
No
> Specifies the name of the identity mapper used to get the user's entry corresponding to the user-id provided in the HTTP authentication header.
None
The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Basic Authorization Mechanism is enabled.
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the HTTP Basic Authorization Mechanism implementation.
org.opends.server.protocols.http.authz.HttpBasicAuthorizationMechanism
A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism
No
Yes
None
Yes (Use --advanced in interactive mode.)
No
HTTP Authorization Mechanisms of type http-oauth2-cts-authorization-mechanism have the following properties:
Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use.
false
true
false
No
Yes
None
No
No
Token cache expiration
None
Some property values take a time duration.
Durations are expressed as numbers followed by units.
For example 1 s
means one second,
and 2 w
means two weeks.
Some durations have minimum granularity or maximum units,
so you cannot necessary specify every duration
in milliseconds or weeks for example.
Some durations allow you to use a special value to mean unlimited.
Units are specified as follows.
ms
: milliseconds
s
: seconds
m
: minutes
h
: hours
d
: days
w
: weeks
Lower limit is 0 seconds.Upper limit is 2147483647 seconds.
No
No
None
No
No
Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid)
None
A String
No
Yes
None
No
No
The base DN of the Core Token Service where access token are stored. (example: ou=famrecords,ou=openam-session,ou=tokens,dc=example,dc=com)
None
A String
No
Yes
None
No
No
Indicates whether the HTTP Authorization Mechanism is enabled.
None
true
false
No
Yes
None
No
No
> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token.
None
The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled.
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 Cts Authorization Mechanism implementation.
org.opends.server.protocols.http.authz.HttpOAuth2CtsAuthorizationMechanism
A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism
No
Yes
None
Yes (Use --advanced in interactive mode.)
No
Scopes required to grant access to the service.
None
A String
Yes
Yes
None
No
No
HTTP Authorization Mechanisms of type http-oauth2-file-authorization-mechanism have the following properties:
Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use.
false
true
false
No
Yes
None
No
No
Token cache expiration
None
Some property values take a time duration.
Durations are expressed as numbers followed by units.
For example 1 s
means one second,
and 2 w
means two weeks.
Some durations have minimum granularity or maximum units,
so you cannot necessary specify every duration
in milliseconds or weeks for example.
Some durations allow you to use a special value to mean unlimited.
Units are specified as follows.
ms
: milliseconds
s
: seconds
m
: minutes
h
: hours
d
: days
w
: weeks
Lower limit is 0 seconds.Upper limit is 2147483647 seconds.
No
No
None
No
No
Directory containing token files. File names must be equal to the token strings. The file content must a JSON object with the following attributes: 'scope', 'expireTime' and all the field(s) needed to resolve the authzIdTemplate.
oauth2-demo/
A String
No
Yes
None
No
No
Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid)
None
A String
No
Yes
None
No
No
Indicates whether the HTTP Authorization Mechanism is enabled.
None
true
false
No
Yes
None
No
No
> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token.
None
The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled.
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 File Authorization Mechanism implementation.
org.opends.server.protocols.http.authz.HttpOAuth2FileAuthorizationMechanism
A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism
No
Yes
None
Yes (Use --advanced in interactive mode.)
No
Scopes required to grant access to the service.
None
A String
Yes
Yes
None
No
No
HTTP Authorization Mechanisms of type http-oauth2-openam-authorization-mechanism have the following properties:
Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use.
false
true
false
No
Yes
None
No
No
Token cache expiration
None
Some property values take a time duration.
Durations are expressed as numbers followed by units.
For example 1 s
means one second,
and 2 w
means two weeks.
Some durations have minimum granularity or maximum units,
so you cannot necessary specify every duration
in milliseconds or weeks for example.
Some durations allow you to use a special value to mean unlimited.
Units are specified as follows.
ms
: milliseconds
s
: seconds
m
: minutes
h
: hours
d
: days
w
: weeks
Lower limit is 0 seconds.Upper limit is 2147483647 seconds.
No
No
None
No
No
Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid)
None
A String
No
Yes
None
No
No
Indicates whether the HTTP Authorization Mechanism is enabled.
None
true
false
No
Yes
None
No
No
> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token.
None
The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled.
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 Openam Authorization Mechanism implementation.
org.opends.server.protocols.http.authz.HttpOAuth2OpenAmAuthorizationMechanism
A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism
No
Yes
None
Yes (Use --advanced in interactive mode.)
No
Specifies the name of the key manager that should be used with this HTTP Oauth2 Openam Authorization Mechanism .
By default the system key manager(s) will be used.
The DN of any Key Manager Provider. The referenced key manager provider must be enabled.
No
No
None
Changes to this property take effect immediately, but only for subsequent requests to the authorization server.
No
No
Scopes required to grant access to the service.
None
A String
Yes
Yes
None
No
No
Defines the OpenAM endpoint URL where the access-token resolution request should be sent.
None
A String
No
Yes
None
No
No
Specifies the name of the trust manager that should be used when negotiating SSL connections with the remote authorization server.
By default, no trust manager is specified indicating that only certificates signed by the authorities associated with this JVM will be accepted.
The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when SSL is enabled.
No
No
None
Changes to this property take effect immediately, but only impact subsequent SSL connection negotiations.
No
No
HTTP Authorization Mechanisms of type http-oauth2-token-introspection-authorization-mechanism have the following properties:
Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use.
false
true
false
No
Yes
None
No
No
Token cache expiration
None
Some property values take a time duration.
Durations are expressed as numbers followed by units.
For example 1 s
means one second,
and 2 w
means two weeks.
Some durations have minimum granularity or maximum units,
so you cannot necessary specify every duration
in milliseconds or weeks for example.
Some durations allow you to use a special value to mean unlimited.
Units are specified as follows.
ms
: milliseconds
s
: seconds
m
: minutes
h
: hours
d
: days
w
: weeks
Lower limit is 0 seconds.Upper limit is 2147483647 seconds.
No
No
None
No
No
Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid)
None
A String
No
Yes
None
No
No
Client's ID to use during the HTTP basic authentication against the authorization server.
None
A String
No
Yes
None
No
No
Client's secret to use during the HTTP basic authentication against the authorization server.
None
A String
No
Yes
None
No
No
Indicates whether the HTTP Authorization Mechanism is enabled.
None
true
false
No
Yes
None
No
No
> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token.
None
The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled.
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 Token Introspection Authorization Mechanism implementation.
org.opends.server.protocols.http.authz.HttpOAuth2TokenIntrospectionAuthorizationMechanism
A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism
No
Yes
None
Yes (Use --advanced in interactive mode.)
No
Specifies the name of the key manager that should be used with this HTTP Oauth2 Token Introspection Authorization Mechanism .
None
The DN of any Key Manager Provider. The referenced key manager provider must be enabled.
No
No
None
Changes to this property take effect immediately, but only for subsequent requests to the authorization server.
No
No
Scopes required to grant access to the service.
None
A String
Yes
Yes
None
No
No
Defines the token introspection endpoint URL where the access-token resolution request should be sent. (example: http://example.com/introspect)
None
A String
No
Yes
None
No
No
Specifies the name of the trust manager that should be used when negotiating SSL connections with the remote authorization server.
By default, no trust manager is specified indicating that only certificates signed by the authorities associated with this JVM will be accepted.
The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when SSL is enabled.
No
No
None
Changes to this property take effect immediately, but only impact subsequent SSL connection negotiations.
No
No