Name

dsconfig list-http-authorization-mechanisms — Lists existing HTTP Authorization Mechanisms

Synopsis

dsconfig list-http-authorization-mechanisms {options}

Options

The dsconfig list-http-authorization-mechanisms command takes the following options:

--property {property}

The name of a property to be displayed.

HTTP Authorization Mechanism properties depend on the HTTP Authorization Mechanism type, which depends on the {property} you provide.

By default, OpenDJ directory server supports the following HTTP Authorization Mechanism types:

http-anonymous-authorization-mechanism

Default {property}: HTTP Anonymous Authorization Mechanism

Enabled by default: true

See the section called “HTTP Anonymous Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.

http-basic-authorization-mechanism

Default {property}: HTTP Basic Authorization Mechanism

Enabled by default: true

See the section called “HTTP Basic Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.

http-oauth2-cts-authorization-mechanism

Default {property}: HTTP Oauth2 Cts Authorization Mechanism

Enabled by default: true

See the section called “HTTP Oauth2 Cts Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.

http-oauth2-file-authorization-mechanism

Default {property}: HTTP Oauth2 File Authorization Mechanism

Enabled by default: true

See the section called “HTTP Oauth2 File Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.

http-oauth2-openam-authorization-mechanism

Default {property}: HTTP Oauth2 Openam Authorization Mechanism

Enabled by default: true

See the section called “HTTP Oauth2 Openam Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.

http-oauth2-token-introspection-authorization-mechanism

Default {property}: HTTP Oauth2 Token Introspection Authorization Mechanism

Enabled by default: true

See the section called “HTTP Oauth2 Token Introspection Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.

-z | --unit-size {unit}

Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

HTTP Authorization Mechanism properties depend on the HTTP Authorization Mechanism type, which depends on the {unit} you provide.

By default, OpenDJ directory server supports the following HTTP Authorization Mechanism types:

http-anonymous-authorization-mechanism

Default {unit}: HTTP Anonymous Authorization Mechanism

Enabled by default: true

See the section called “HTTP Anonymous Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.

http-basic-authorization-mechanism

Default {unit}: HTTP Basic Authorization Mechanism

Enabled by default: true

See the section called “HTTP Basic Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.

http-oauth2-cts-authorization-mechanism

Default {unit}: HTTP Oauth2 Cts Authorization Mechanism

Enabled by default: true

See the section called “HTTP Oauth2 Cts Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.

http-oauth2-file-authorization-mechanism

Default {unit}: HTTP Oauth2 File Authorization Mechanism

Enabled by default: true

See the section called “HTTP Oauth2 File Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.

http-oauth2-openam-authorization-mechanism

Default {unit}: HTTP Oauth2 Openam Authorization Mechanism

Enabled by default: true

See the section called “HTTP Oauth2 Openam Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.

http-oauth2-token-introspection-authorization-mechanism

Default {unit}: HTTP Oauth2 Token Introspection Authorization Mechanism

Enabled by default: true

See the section called “HTTP Oauth2 Token Introspection Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.

-m | --unit-time {unit}

Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

HTTP Authorization Mechanism properties depend on the HTTP Authorization Mechanism type, which depends on the {unit} you provide.

By default, OpenDJ directory server supports the following HTTP Authorization Mechanism types:

http-anonymous-authorization-mechanism

Default {unit}: HTTP Anonymous Authorization Mechanism

Enabled by default: true

See the section called “HTTP Anonymous Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.

http-basic-authorization-mechanism

Default {unit}: HTTP Basic Authorization Mechanism

Enabled by default: true

See the section called “HTTP Basic Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.

http-oauth2-cts-authorization-mechanism

Default {unit}: HTTP Oauth2 Cts Authorization Mechanism

Enabled by default: true

See the section called “HTTP Oauth2 Cts Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.

http-oauth2-file-authorization-mechanism

Default {unit}: HTTP Oauth2 File Authorization Mechanism

Enabled by default: true

See the section called “HTTP Oauth2 File Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.

http-oauth2-openam-authorization-mechanism

Default {unit}: HTTP Oauth2 Openam Authorization Mechanism

Enabled by default: true

See the section called “HTTP Oauth2 Openam Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.

http-oauth2-token-introspection-authorization-mechanism

Default {unit}: HTTP Oauth2 Token Introspection Authorization Mechanism

Enabled by default: true

See the section called “HTTP Oauth2 Token Introspection Authorization Mechanism” for the properties of this HTTP Authorization Mechanism type.

HTTP Basic Authorization Mechanism

HTTP Authorization Mechanisms of type http-basic-authorization-mechanism have the following properties:

alt-authentication-enabled
Description

Specifies whether user credentials may be provided using alternative headers to the standard 'Authorize' header.

Default Value

false

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

alt-password-header
Description

Alternate HTTP headers to get the user's password from.

Default Value

None

Allowed Values

A String

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

alt-username-header
Description

Alternate HTTP headers to get the user's name from.

Default Value

None

Allowed Values

A String

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

enabled
Description

Indicates whether the HTTP Authorization Mechanism is enabled.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

identity-mapper
Description

> Specifies the name of the identity mapper used to get the user's entry corresponding to the user-id provided in the HTTP authentication header.

Default Value

None

Allowed Values

The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Basic Authorization Mechanism is enabled.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the Java class that provides the HTTP Basic Authorization Mechanism implementation.

Default Value

org.opends.server.protocols.http.authz.HttpBasicAuthorizationMechanism

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

HTTP Oauth2 Cts Authorization Mechanism

HTTP Authorization Mechanisms of type http-oauth2-cts-authorization-mechanism have the following properties:

access-token-cache-enabled
Description

Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use.

Default Value

false

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

access-token-cache-expiration
Description

Token cache expiration

Default Value

None

Allowed Values

Some property values take a time duration. Durations are expressed as numbers followed by units. For example 1 s means one second, and 2 w means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows.

  • ms: milliseconds

  • s: seconds

  • m: minutes

  • h: hours

  • d: days

  • w: weeks

Lower limit is 0 seconds.Upper limit is 2147483647 seconds.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

authzid-json-pointer
Description

Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid)

Default Value

None

Allowed Values

A String

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

base-dn
Description

The base DN of the Core Token Service where access token are stored. (example: ou=famrecords,ou=openam-session,ou=tokens,dc=example,dc=com)

Default Value

None

Allowed Values

A String

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

enabled
Description

Indicates whether the HTTP Authorization Mechanism is enabled.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

identity-mapper
Description

> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token.

Default Value

None

Allowed Values

The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 Cts Authorization Mechanism implementation.

Default Value

org.opends.server.protocols.http.authz.HttpOAuth2CtsAuthorizationMechanism

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

required-scope
Description

Scopes required to grant access to the service.

Default Value

None

Allowed Values

A String

Multi-valued

Yes

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

HTTP Oauth2 File Authorization Mechanism

HTTP Authorization Mechanisms of type http-oauth2-file-authorization-mechanism have the following properties:

access-token-cache-enabled
Description

Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use.

Default Value

false

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

access-token-cache-expiration
Description

Token cache expiration

Default Value

None

Allowed Values

Some property values take a time duration. Durations are expressed as numbers followed by units. For example 1 s means one second, and 2 w means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows.

  • ms: milliseconds

  • s: seconds

  • m: minutes

  • h: hours

  • d: days

  • w: weeks

Lower limit is 0 seconds.Upper limit is 2147483647 seconds.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

access-token-directory
Description

Directory containing token files. File names must be equal to the token strings. The file content must a JSON object with the following attributes: 'scope', 'expireTime' and all the field(s) needed to resolve the authzIdTemplate.

Default Value

oauth2-demo/

Allowed Values

A String

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

authzid-json-pointer
Description

Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid)

Default Value

None

Allowed Values

A String

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

enabled
Description

Indicates whether the HTTP Authorization Mechanism is enabled.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

identity-mapper
Description

> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token.

Default Value

None

Allowed Values

The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 File Authorization Mechanism implementation.

Default Value

org.opends.server.protocols.http.authz.HttpOAuth2FileAuthorizationMechanism

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

required-scope
Description

Scopes required to grant access to the service.

Default Value

None

Allowed Values

A String

Multi-valued

Yes

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

HTTP Oauth2 Openam Authorization Mechanism

HTTP Authorization Mechanisms of type http-oauth2-openam-authorization-mechanism have the following properties:

access-token-cache-enabled
Description

Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use.

Default Value

false

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

access-token-cache-expiration
Description

Token cache expiration

Default Value

None

Allowed Values

Some property values take a time duration. Durations are expressed as numbers followed by units. For example 1 s means one second, and 2 w means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows.

  • ms: milliseconds

  • s: seconds

  • m: minutes

  • h: hours

  • d: days

  • w: weeks

Lower limit is 0 seconds.Upper limit is 2147483647 seconds.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

authzid-json-pointer
Description

Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid)

Default Value

None

Allowed Values

A String

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

enabled
Description

Indicates whether the HTTP Authorization Mechanism is enabled.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

identity-mapper
Description

> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token.

Default Value

None

Allowed Values

The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 Openam Authorization Mechanism implementation.

Default Value

org.opends.server.protocols.http.authz.HttpOAuth2OpenAmAuthorizationMechanism

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

key-manager-provider
Description

Specifies the name of the key manager that should be used with this HTTP Oauth2 Openam Authorization Mechanism .

Default Value

By default the system key manager(s) will be used.

Allowed Values

The DN of any Key Manager Provider. The referenced key manager provider must be enabled.

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property take effect immediately, but only for subsequent requests to the authorization server.

Advanced Property

No

Read-only

No

required-scope
Description

Scopes required to grant access to the service.

Default Value

None

Allowed Values

A String

Multi-valued

Yes

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

token-info-url
Description

Defines the OpenAM endpoint URL where the access-token resolution request should be sent.

Default Value

None

Allowed Values

A String

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

trust-manager-provider
Description

Specifies the name of the trust manager that should be used when negotiating SSL connections with the remote authorization server.

Default Value

By default, no trust manager is specified indicating that only certificates signed by the authorities associated with this JVM will be accepted.

Allowed Values

The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when SSL is enabled.

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property take effect immediately, but only impact subsequent SSL connection negotiations.

Advanced Property

No

Read-only

No

HTTP Oauth2 Token Introspection Authorization Mechanism

HTTP Authorization Mechanisms of type http-oauth2-token-introspection-authorization-mechanism have the following properties:

access-token-cache-enabled
Description

Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use.

Default Value

false

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

access-token-cache-expiration
Description

Token cache expiration

Default Value

None

Allowed Values

Some property values take a time duration. Durations are expressed as numbers followed by units. For example 1 s means one second, and 2 w means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows.

  • ms: milliseconds

  • s: seconds

  • m: minutes

  • h: hours

  • d: days

  • w: weeks

Lower limit is 0 seconds.Upper limit is 2147483647 seconds.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

authzid-json-pointer
Description

Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid)

Default Value

None

Allowed Values

A String

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

client-id
Description

Client's ID to use during the HTTP basic authentication against the authorization server.

Default Value

None

Allowed Values

A String

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

client-secret
Description

Client's secret to use during the HTTP basic authentication against the authorization server.

Default Value

None

Allowed Values

A String

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

enabled
Description

Indicates whether the HTTP Authorization Mechanism is enabled.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

identity-mapper
Description

> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token.

Default Value

None

Allowed Values

The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 Token Introspection Authorization Mechanism implementation.

Default Value

org.opends.server.protocols.http.authz.HttpOAuth2TokenIntrospectionAuthorizationMechanism

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

key-manager-provider
Description

Specifies the name of the key manager that should be used with this HTTP Oauth2 Token Introspection Authorization Mechanism .

Default Value

None

Allowed Values

The DN of any Key Manager Provider. The referenced key manager provider must be enabled.

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property take effect immediately, but only for subsequent requests to the authorization server.

Advanced Property

No

Read-only

No

required-scope
Description

Scopes required to grant access to the service.

Default Value

None

Allowed Values

A String

Multi-valued

Yes

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

token-introspection-url
Description

Defines the token introspection endpoint URL where the access-token resolution request should be sent. (example: http://example.com/introspect)

Default Value

None

Allowed Values

A String

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

trust-manager-provider
Description

Specifies the name of the trust manager that should be used when negotiating SSL connections with the remote authorization server.

Default Value

By default, no trust manager is specified indicating that only certificates signed by the authorities associated with this JVM will be accepted.

Allowed Values

The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when SSL is enabled.

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property take effect immediately, but only impact subsequent SSL connection negotiations.

Advanced Property

No

Read-only

No