Management API Reference for authentication-configuration

An individual authentication configuration definition.

Provided Capabilities (1)

Name	Dynamic	Other provider points
org.wildfly.security.authentication-configuration	true	none

Attributes (15)

anonymous - Enables anonymous authentication.

Type	BOOLEAN
Default Value	false
Is the attribute nillable?	true
Does the attribute allow expression?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	all-services
Stability Level	default
Raw DMR model	`{ "type" : { "TYPE_MODEL_VALUE" : "BOOLEAN" }, "description" : "Enables anonymous authentication.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : false, "alternatives" : [ "authentication-name", "kerberos-security-factory" ], "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "all-services", "capability-reference" : null }`

authentication-name - The authentication name to use.

Type	STRING
Is the attribute nillable?	true
Does the attribute allow expression?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	all-services
Stability Level	default
Raw DMR model	`{ "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The authentication name to use.", "expressions-allowed" : true, "required" : false, "nillable" : true, "alternatives" : [ "anonymous", "kerberos-security-factory" ], "min-length" : 1, "max-length" : 2147483647, "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "all-services", "capability-reference" : null }`

authorization-name - The authorization name to use.

Type	STRING
Is the attribute nillable?	true
Does the attribute allow expression?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	all-services
Stability Level	default
Raw DMR model	`{ "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The authorization name to use.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "all-services", "capability-reference" : null }`

credential-reference - The reference to credential stored in CredentialStore under defined alias or clear text password.

Type	OBJECT
Is the attribute nillable?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	all-services
Stability Level	default
Raw DMR model	{ "type" : { "TYPE_MODEL_VALUE" : "OBJECT" }, "description" : "The reference to credential stored in CredentialStore under defined alias or clear text password.", "expressions-allowed" : false, "required" : false, "nillable" : true, "stability" : "default", "access-constraints" : {"sensitive" : {"credential" : {"type" : "core"}}}, "value-type" : { "store" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the credential store holding the alias to credential.", "expressions-allowed" : false, "required" : false, "nillable" : true, "capability-reference" : "org.wildfly.security.credential-store", "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "alias" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The alias which denotes stored secret or credential in the store.", "expressions-allowed" : true, "required" : false, "nillable" : true, "requires" : ["store"], "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "type" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The type of credential this reference is denoting.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "clear-text" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" } }, "access-type" : "read-write", "storage" : "configuration", "restart-required" : "all-services", "capability-reference" : null }

extends - A previously defined authentication configuration to extend.

Type	STRING
Is the attribute nillable?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	all-services
Stability Level	default
Raw DMR model	`{ "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "A previously defined authentication configuration to extend.", "expressions-allowed" : false, "required" : false, "nillable" : true, "capability-reference" : "org.wildfly.security.authentication-configuration", "min-length" : 1, "max-length" : 2147483647, "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "all-services" }`

forwarding-mode - The type of security identity forwarding to use. A mode of 'authentication' forwarding forwards the principal and credential. A mode of 'authorization' forwards the authorization id, allowing for a different authentication identity.

Type	STRING
Default Value	authentication
Is the attribute nillable?	true
Does the attribute allow expression?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	all-services
Allowed Values	authorization authentication
Stability Level	default
Raw DMR model	{ "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The type of security identity forwarding to use. A mode of 'authentication' forwarding forwards the principal and credential. A mode of 'authorization' forwards the authorization id, allowing for a different authentication identity.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : "authentication", "allowed" : [ "authentication", "authorization" ], "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "all-services", "capability-reference" : null }

host - The host to use.

Type	STRING
Is the attribute nillable?	true
Does the attribute allow expression?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	all-services
Stability Level	default
Raw DMR model	`{ "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The host to use.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "all-services", "capability-reference" : null }`

kerberos-security-factory - Reference to a kerberos security factory used to obtain a GSS kerberos credential

Type	STRING
Is the attribute nillable?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	all-services
Stability Level	default
Raw DMR model	{ "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "Reference to a kerberos security factory used to obtain a GSS kerberos credential", "expressions-allowed" : false, "required" : false, "nillable" : true, "alternatives" : [ "anonymous", "authentication-name" ], "capability-reference" : "org.wildfly.security.security-factory.credential", "min-length" : 1, "max-length" : 2147483647, "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "all-services" }

mechanism-properties - Configuration properties for the SASL authentication mechanism.

Type	OBJECT
Is the attribute nillable?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	all-services
Stability Level	default
Raw DMR model	`{ "type" : { "TYPE_MODEL_VALUE" : "OBJECT" }, "description" : "Configuration properties for the SASL authentication mechanism.", "expressions-allowed" : false, "required" : false, "nillable" : true, "stability" : "default", "value-type" : { "TYPE_MODEL_VALUE" : "STRING" }, "access-type" : "read-write", "storage" : "configuration", "restart-required" : "all-services", "capability-reference" : null }`

port - The port to use.

Type	INT
Is the attribute nillable?	true
Does the attribute allow expression?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	all-services
Stability Level	default
Raw DMR model	`{ "type" : { "TYPE_MODEL_VALUE" : "INT" }, "description" : "The port to use.", "expressions-allowed" : true, "required" : false, "nillable" : true, "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "all-services", "capability-reference" : null }`

protocol - The protocol to use.

Type	STRING
Is the attribute nillable?	true
Does the attribute allow expression?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	all-services
Stability Level	default
Raw DMR model	`{ "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The protocol to use.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "all-services", "capability-reference" : null }`

realm - The realm to use.

Type	STRING
Is the attribute nillable?	true
Does the attribute allow expression?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	all-services
Stability Level	default
Raw DMR model	`{ "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The realm to use.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "all-services", "capability-reference" : null }`

sasl-mechanism-selector - The SASL mechanism selector string.

Type	STRING
Is the attribute nillable?	true
Does the attribute allow expression?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	resource-services
Stability Level	default
Raw DMR model	`{ "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The SASL mechanism selector string.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "resource-services", "capability-reference" : null }`

security-domain - Reference to a security domain to obtain a forwarded identity.

Type	STRING
Is the attribute nillable?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	all-services
Stability Level	default
Raw DMR model	`{ "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "Reference to a security domain to obtain a forwarded identity.", "expressions-allowed" : false, "required" : false, "nillable" : true, "capability-reference" : "org.wildfly.security.security-domain", "min-length" : 1, "max-length" : 2147483647, "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "all-services" }`

webservices - Web services client configuration definition.

Type	OBJECT
Is the attribute nillable?	true
Does the attribute allow expression?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	all-services
Stability Level	default
Raw DMR model	{ "type" : { "TYPE_MODEL_VALUE" : "OBJECT" }, "description" : "Web services client configuration definition.", "expressions-allowed" : true, "required" : false, "nillable" : true, "stability" : "default", "value-type" : { "http-mechanism" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "Name of HTTP mechanism web services client should use with credentials when connecting to the server. Default is BASIC.", "expressions-allowed" : false, "required" : false, "nillable" : true, "allowed" : ["BASIC"], "stability" : "default" }, "ws-security-type" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "Name of WS-security method that web services client should apply when connecting to the server. Default is UsernameToken.", "expressions-allowed" : false, "required" : false, "nillable" : true, "allowed" : ["UsernameToken"], "stability" : "default" } }, "access-type" : "read-write", "storage" : "configuration", "restart-required" : "all-services", "capability-reference" : null }

Operations (2)

add - Add a new authentication configuration definition.

Request Parameter	Type	Required	Expressions Allowed	Default value	Description
anonymous	BOOLEAN	false	true	false	Enables anonymous authentication.
authentication-name	STRING	false	true		The authentication name to use.
authorization-name	STRING	false	true		The authorization name to use.
credential-reference	OBJECT	false	false		The reference to credential stored in CredentialStore under defined alias or clear text password.
extends	STRING	false	false		A previously defined authentication configuration to extend.
forwarding-mode	STRING	false	true	authentication	The type of security identity forwarding to use. A mode of 'authentication' forwarding forwards the principal and credential. A mode of 'authorization' forwards the authorization id, allowing for a different authentication identity.
host	STRING	false	true		The host to use.
kerberos-security-factory	STRING	false	false		Reference to a kerberos security factory used to obtain a GSS kerberos credential
mechanism-properties	OBJECT	false	false		Configuration properties for the SASL authentication mechanism.
port	INT	false	true		The port to use.
protocol	STRING	false	true		The protocol to use.
realm	STRING	false	true		The realm to use.
sasl-mechanism-selector	STRING	false	true		The SASL mechanism selector string.
security-domain	STRING	false	false		Reference to a security domain to obtain a forwarded identity.
webservices	OBJECT	false	true		Web services client configuration definition.

Raw DMR model


{
    "operation-name" : "add",
    "description" : "Add a new authentication configuration definition.",
    "request-properties" : {
        "anonymous" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "BOOLEAN"
            },
            "description" : "Enables anonymous authentication.",
            "expressions-allowed" : true,
            "required" : false,
            "nillable" : true,
            "default" : false,
            "alternatives" : [
                "authentication-name",
                "kerberos-security-factory"
            ],
            "stability" : "default"
        },
        "authentication-name" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "STRING"
            },
            "description" : "The authentication name to use.",
            "expressions-allowed" : true,
            "required" : false,
            "nillable" : true,
            "alternatives" : [
                "anonymous",
                "kerberos-security-factory"
            ],
            "min-length" : 1,
            "max-length" : 2147483647,
            "stability" : "default"
        },
        "authorization-name" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "STRING"
            },
            "description" : "The authorization name to use.",
            "expressions-allowed" : true,
            "required" : false,
            "nillable" : true,
            "min-length" : 1,
            "max-length" : 2147483647,
            "stability" : "default"
        },
        "credential-reference" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "OBJECT"
            },
            "description" : "The reference to credential stored in CredentialStore under defined alias or clear text password.",
            "expressions-allowed" : false,
            "required" : false,
            "nillable" : true,
            "stability" : "default",
            "value-type" : {
                "store" : {
                    "type" : {
                        "TYPE_MODEL_VALUE" : "STRING"
                    },
                    "description" : "The name of the credential store holding the alias to credential.",
                    "expressions-allowed" : false,
                    "required" : false,
                    "nillable" : true,
                    "capability-reference" : "org.wildfly.security.credential-store",
                    "min-length" : 1,
                    "max-length" : 2147483647,
                    "stability" : "default"
                },
                "alias" : {
                    "type" : {
                        "TYPE_MODEL_VALUE" : "STRING"
                    },
                    "description" : "The alias which denotes stored secret or credential in the store.",
                    "expressions-allowed" : true,
                    "required" : false,
                    "nillable" : true,
                    "requires" : ["store"],
                    "min-length" : 1,
                    "max-length" : 2147483647,
                    "stability" : "default"
                },
                "type" : {
                    "type" : {
                        "TYPE_MODEL_VALUE" : "STRING"
                    },
                    "description" : "The type of credential this reference is denoting.",
                    "expressions-allowed" : true,
                    "required" : false,
                    "nillable" : true,
                    "min-length" : 1,
                    "max-length" : 2147483647,
                    "stability" : "default"
                },
                "clear-text" : {
                    "type" : {
                        "TYPE_MODEL_VALUE" : "STRING"
                    },
                    "description" : "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.",
                    "expressions-allowed" : true,
                    "required" : false,
                    "nillable" : true,
                    "min-length" : 1,
                    "max-length" : 2147483647,
                    "stability" : "default"
                }
            }
        },
        "extends" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "STRING"
            },
            "description" : "A previously defined authentication configuration to extend.",
            "expressions-allowed" : false,
            "required" : false,
            "nillable" : true,
            "capability-reference" : "org.wildfly.security.authentication-configuration",
            "min-length" : 1,
            "max-length" : 2147483647,
            "stability" : "default"
        },
        "forwarding-mode" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "STRING"
            },
            "description" : "The type of security identity forwarding to use. A mode of 'authentication' forwarding forwards the principal and credential. A mode of 'authorization' forwards the authorization id, allowing for a different authentication identity.",
            "expressions-allowed" : true,
            "required" : false,
            "nillable" : true,
            "default" : "authentication",
            "allowed" : [
                "authentication",
                "authorization"
            ],
            "stability" : "default"
        },
        "host" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "STRING"
            },
            "description" : "The host to use.",
            "expressions-allowed" : true,
            "required" : false,
            "nillable" : true,
            "min-length" : 1,
            "max-length" : 2147483647,
            "stability" : "default"
        },
        "kerberos-security-factory" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "STRING"
            },
            "description" : "Reference to a kerberos security factory used to obtain a GSS kerberos credential",
            "expressions-allowed" : false,
            "required" : false,
            "nillable" : true,
            "alternatives" : [
                "anonymous",
                "authentication-name"
            ],
            "capability-reference" : "org.wildfly.security.security-factory.credential",
            "min-length" : 1,
            "max-length" : 2147483647,
            "stability" : "default"
        },
        "mechanism-properties" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "OBJECT"
            },
            "description" : "Configuration properties for the SASL authentication mechanism.",
            "expressions-allowed" : false,
            "required" : false,
            "nillable" : true,
            "stability" : "default",
            "value-type" : {
                "TYPE_MODEL_VALUE" : "STRING"
            }
        },
        "port" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "INT"
            },
            "description" : "The port to use.",
            "expressions-allowed" : true,
            "required" : false,
            "nillable" : true,
            "stability" : "default"
        },
        "protocol" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "STRING"
            },
            "description" : "The protocol to use.",
            "expressions-allowed" : true,
            "required" : false,
            "nillable" : true,
            "min-length" : 1,
            "max-length" : 2147483647,
            "stability" : "default"
        },
        "realm" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "STRING"
            },
            "description" : "The realm to use.",
            "expressions-allowed" : true,
            "required" : false,
            "nillable" : true,
            "min-length" : 1,
            "max-length" : 2147483647,
            "stability" : "default"
        },
        "sasl-mechanism-selector" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "STRING"
            },
            "description" : "The SASL mechanism selector string.",
            "expressions-allowed" : true,
            "required" : false,
            "nillable" : true,
            "min-length" : 1,
            "max-length" : 2147483647,
            "stability" : "default"
        },
        "security-domain" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "STRING"
            },
            "description" : "Reference to a security domain to obtain a forwarded identity.",
            "expressions-allowed" : false,
            "required" : false,
            "nillable" : true,
            "capability-reference" : "org.wildfly.security.security-domain",
            "min-length" : 1,
            "max-length" : 2147483647,
            "stability" : "default"
        },
        "webservices" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "OBJECT"
            },
            "description" : "Web services client configuration definition.",
            "expressions-allowed" : true,
            "required" : false,
            "nillable" : true,
            "stability" : "default",
            "value-type" : {
                "http-mechanism" : {
                    "type" : {
                        "TYPE_MODEL_VALUE" : "STRING"
                    },
                    "description" : "Name of HTTP mechanism web services client should use with credentials when connecting to the server. Default is BASIC.",
                    "expressions-allowed" : false,
                    "required" : false,
                    "nillable" : true,
                    "allowed" : ["BASIC"],
                    "stability" : "default"
                },
                "ws-security-type" : {
                    "type" : {
                        "TYPE_MODEL_VALUE" : "STRING"
                    },
                    "description" : "Name of WS-security method that web services client should apply when connecting to the server. Default is UsernameToken.",
                    "expressions-allowed" : false,
                    "required" : false,
                    "nillable" : true,
                    "allowed" : ["UsernameToken"],
                    "stability" : "default"
                }
            }
        }
    },
    "reply-properties" : {},
    "stability" : "default",
    "read-only" : false,
    "restart-required" : "resource-services",
    "runtime-only" : false
}

remove - Remove the authentication configuration definition.

Raw DMR model


{
    "operation-name" : "remove",
    "description" : "Remove the authentication configuration definition.",
    "request-properties" : {},
    "reply-properties" : {},
    "stability" : "default",
    "read-only" : false,
    "restart-required" : "resource-services",
    "runtime-only" : false
}

Galleon Features

Galleon features are to be used when creating Galleon feature-packs.

subsystem.elytron.authentication-configuration

        
<feature spec="subsystem.elytron.authentication-configuration">
  <param name="authentication-configuration" value="{resource name}"/>
  <param name="anonymous" value="{value}"/>
  <param name="authentication-name" value="{value}"/>
  <param name="authorization-name" value="{value}"/>
  <param name="credential-reference" value="{value}"/>
  <param name="extends" value="{value}"/>
  <param name="forwarding-mode" value="{value}"/>
  <param name="host-feature" value="{value}"/>
  <param name="kerberos-security-factory" value="{value}"/>
  <param name="mechanism-properties" value="{value}"/>
  <param name="port" value="{value}"/>
  <param name="protocol" value="{value}"/>
  <param name="realm" value="{value}"/>
  <param name="sasl-mechanism-selector" value="{value}"/>
  <param name="security-domain" value="{value}"/>
  <param name="webservices" value="{value}"/>
<feature/>