Management API Reference for ldap-realm

Provided Capabilities (2)

Attributes (6)

• allow-blank-password - Does this realm support blank password direct verification? Blank password attempt will be rejected otherwise.

  Type	BOOLEAN
  Default Value	false
  Is the attribute nillable?	true
  Does the attribute allow expression?	true
  Where is the attribute stored?	configuration
  Access Type	read-write
  Is restarted required?	all-services
  Stability Level	default
  Raw DMR model	{ "type" : { "TYPE_MODEL_VALUE" : "BOOLEAN" }, "description" : "Does this realm support blank password direct verification? Blank password attempt will be rejected otherwise.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : false, "requires" : ["direct-verification"], "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "all-services", "capability-reference" : null }

• dir-context - The configuration to connect to a LDAP server.

  Type	STRING
  Where is the attribute stored?	configuration
  Access Type	read-write
  Is restarted required?	all-services
  Stability Level	default
  Raw DMR model	{ "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The configuration to connect to a LDAP server.", "expressions-allowed" : false, "required" : true, "nillable" : false, "capability-reference" : "org.wildfly.security.dir-context", "min-length" : 1, "max-length" : 2147483647, "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "all-services" }

• direct-verification - Does this realm support verification of credentials by directly connecting to LDAP as the account being authenticated?

  Type	BOOLEAN
  Default Value	false
  Is the attribute nillable?	true
  Does the attribute allow expression?	true
  Where is the attribute stored?	configuration
  Access Type	read-write
  Is restarted required?	all-services
  Stability Level	default
  Raw DMR model	{ "type" : { "TYPE_MODEL_VALUE" : "BOOLEAN" }, "description" : "Does this realm support verification of credentials by directly connecting to LDAP as the account being authenticated?", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : false, "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "all-services", "capability-reference" : null }

• hash-charset - The character set to use when converting the password string to a byte array.

  Type	STRING
  Default Value	UTF-8
  Is the attribute nillable?	true
  Does the attribute allow expression?	true
  Where is the attribute stored?	configuration
  Access Type	read-write
  Is restarted required?	resource-services
  Stability Level	default
  Raw DMR model	{ "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The character set to use when converting the password string to a byte array.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : "UTF-8", "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "resource-services", "capability-reference" : null }

• hash-encoding - The string format for the password if it is not stored in plain text.

  Type	STRING
  Default Value	base64
  Is the attribute nillable?	true
  Does the attribute allow expression?	true
  Where is the attribute stored?	configuration
  Access Type	read-write
  Is restarted required?	resource-services
  Allowed Values	base64 hex
  Stability Level	default
  Raw DMR model	{ "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The string format for the password if it is not stored in plain text.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : "base64", "allowed" : [ "base64", "hex" ], "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "resource-services", "capability-reference" : null }

• identity-mapping - The configuration options that define how principals are mapped to their corresponding entries in the underlying LDAP server.

  Type	OBJECT
  Where is the attribute stored?	configuration
  Access Type	read-write
  Is restarted required?	all-services
  Stability Level	default
  Raw DMR model	{ "type" : { "TYPE_MODEL_VALUE" : "OBJECT" }, "description" : "The configuration options that define how principals are mapped to their corresponding entries in the underlying LDAP server.", "expressions-allowed" : false, "required" : true, "nillable" : false, "stability" : "default", "value-type" : { "rdn-identifier" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The RDN part of the principal's DN to be used to obtain the principal's name from an LDAP entry. Used also when creating new identities.", "expressions-allowed" : true, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "use-recursive-search" : { "type" : { "TYPE_MODEL_VALUE" : "BOOLEAN" }, "description" : "Indicates if identity search queries are recursive.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : false, "requires" : ["search-base-dn"], "stability" : "default" }, "search-base-dn" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The base DN to search for identities.", "expressions-allowed" : true, "required" : false, "nillable" : true, "requires" : ["rdn-identifier"], "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "attribute-mapping" : { "type" : { "TYPE_MODEL_VALUE" : "LIST" }, "description" : "The attribute mappings defined for this resource.", "expressions-allowed" : false, "required" : false, "nillable" : true, "min-length" : 0, "max-length" : 2147483647, "stability" : "default", "value-type" : { "from" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the LDAP attribute to map to an identity attribute. If not defined, DN of entry is used.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "to" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the identity attribute mapped from a specific LDAP attribute. If not provided, the name of the attribute is the same as define in 'from'. If the 'from' is not defined too, value 'dn' is used.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "reference" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of LDAP attribute containing DN of entry to obtain value from.", "expressions-allowed" : true, "required" : false, "nillable" : true, "alternatives" : ["filter"], "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "filter" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The filter to use to obtain the values for a specific attribute. String '{0}' will be replaced by username, '{1}' by user identity DN.", "expressions-allowed" : true, "required" : false, "nillable" : true, "alternatives" : ["reference"], "requires" : ["to"], "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "filter-base-dn" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the context where the filter should be performed.", "expressions-allowed" : true, "required" : false, "nillable" : true, "requires" : ["filter"], "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "search-recursive" : { "type" : { "TYPE_MODEL_VALUE" : "BOOLEAN" }, "description" : "Indicates if attribute LDAP search queries are recursive.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : true, "requires" : ["filter"], "stability" : "default" }, "role-recursion" : { "type" : { "TYPE_MODEL_VALUE" : "INT" }, "description" : "Sets recursive roles assignment - value determine maximum depth of recursion. (0 for no recursion)", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : 0, "stability" : "default" }, "role-recursion-name" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "Determine LDAP attribute of role entry which will be substitute for '{0}' in filter-name when searching roles of role.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : "cn", "requires" : ["role-recursion"], "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "extract-rdn" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The RDN key to use as the value for an attribute, in case the value in its raw form is in X.500 format.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" } } }, "filter-name" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The LDAP filter for getting identity by name. If this is not specified then the default value will be (rdn_identifier={0}). The string '{0}' will be replaced by searched identity name and the 'rdn_identifier' will be the value of the attribute 'rdn-identifier'.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "iterator-filter" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The LDAP filter for iterating over identities of the realm.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "new-identity-parent-dn" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The DN of parent of newly created identities. Required for modifiability of the realm.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "new-identity-attributes" : { "type" : { "TYPE_MODEL_VALUE" : "LIST" }, "description" : "The attributes of newly created identities. Required for modifiability of the realm.", "expressions-allowed" : false, "required" : false, "nillable" : true, "min-length" : 0, "max-length" : 2147483647, "stability" : "default", "value-type" : { "name" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The attribute name.", "expressions-allowed" : true, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "value" : { "type" : { "TYPE_MODEL_VALUE" : "LIST" }, "description" : "The attribute value.", "expressions-allowed" : true, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default", "value-type" : { "TYPE_MODEL_VALUE" : "STRING" } } } }, "user-password-mapper" : { "type" : { "TYPE_MODEL_VALUE" : "OBJECT" }, "description" : "The credential mapping for userPassword-like credential attribute.", "expressions-allowed" : false, "required" : false, "nillable" : true, "stability" : "default", "value-type" : { "from" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the LDAP attribute to map to an identity attribute. If not defined, DN of entry is used.", "expressions-allowed" : true, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "writable" : { "type" : { "TYPE_MODEL_VALUE" : "BOOLEAN" }, "description" : "Indicates if password can be changed.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : false, "stability" : "default" }, "verifiable" : { "type" : { "TYPE_MODEL_VALUE" : "BOOLEAN" }, "description" : "Indicates if password can be used to verify user.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : true, "stability" : "default" } } }, "otp-credential-mapper" : { "type" : { "TYPE_MODEL_VALUE" : "OBJECT" }, "description" : "The credential mapping for OTP credential.", "expressions-allowed" : false, "required" : false, "nillable" : true, "stability" : "default", "value-type" : { "algorithm-from" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the LDAP attribute to map to an OTP credential algorithm.", "expressions-allowed" : true, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "hash-from" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the LDAP attribute to map to a Base64 encoded OTP credential hash.", "expressions-allowed" : true, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "seed-from" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the LDAP attribute to map to an OTP credential seed.", "expressions-allowed" : true, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "sequence-from" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the LDAP attribute to map to an OTP credential sequence number.", "expressions-allowed" : true, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" } } }, "x509-credential-mapper" : { "type" : { "TYPE_MODEL_VALUE" : "OBJECT" }, "description" : "The configuration allowing to use LDAP as storage of X509 credentials. X509 credential is user certificate or information allowing to identify it. At least one *-from attribute should be specified. This definition will be ignored otherwise. If more *-from attributes is defined, user certificate must match all defined criteria.", "expressions-allowed" : false, "required" : false, "nillable" : true, "stability" : "default", "value-type" : { "digest-from" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the LDAP attribute to map to a user certificate digest. If not defined, certificate digest will not be checked.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "digest-algorithm" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The digest algorithm (hash function) used to compute digest of the user certificate. Will be used only if digest-from have been defined.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : "SHA-1", "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "certificate-from" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the LDAP attribute to map to an encoded user certificate. If not defined, encoded certificate will not be checked.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "serial-number-from" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the LDAP attribute to map to a serial number of user certificate. If not defined, serial number will not be checked.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "subject-dn-from" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the LDAP attribute to map to a subject DN of user certificate. If not defined, subject DN will not be checked.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" } } } }, "access-type" : "read-write", "storage" : "configuration", "restart-required" : "all-services", "capability-reference" : null }

Operations (8)

• add - The add operation for the security realm.

  Request Parameter	Type	Required	Expressions Allowed	Default value	Description
  allow-blank-password	BOOLEAN	false	true	false	Does this realm support blank password direct verification? Blank password attempt will be rejected otherwise.
  dir-context	STRING	true	false		The configuration to connect to a LDAP server.
  direct-verification	BOOLEAN	false	true	false	Does this realm support verification of credentials by directly connecting to LDAP as the account being authenticated?
  hash-charset	STRING	false	true	UTF-8	The character set to use when converting the password string to a byte array.
  hash-encoding	STRING	false	true	base64	The string format for the password if it is not stored in plain text.
  identity-mapping	OBJECT	true	false		The configuration options that define how principals are mapped to their corresponding entries in the underlying LDAP server.

  Raw DMR model

  { "operation-name" : "add", "description" : "The add operation for the security realm.", "request-properties" : { "allow-blank-password" : { "type" : { "TYPE_MODEL_VALUE" : "BOOLEAN" }, "description" : "Does this realm support blank password direct verification? Blank password attempt will be rejected otherwise.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : false, "requires" : ["direct-verification"], "stability" : "default" }, "dir-context" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The configuration to connect to a LDAP server.", "expressions-allowed" : false, "required" : true, "nillable" : false, "capability-reference" : "org.wildfly.security.dir-context", "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "direct-verification" : { "type" : { "TYPE_MODEL_VALUE" : "BOOLEAN" }, "description" : "Does this realm support verification of credentials by directly connecting to LDAP as the account being authenticated?", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : false, "stability" : "default" }, "hash-charset" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The character set to use when converting the password string to a byte array.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : "UTF-8", "stability" : "default" }, "hash-encoding" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The string format for the password if it is not stored in plain text.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : "base64", "allowed" : [ "base64", "hex" ], "stability" : "default" }, "identity-mapping" : { "type" : { "TYPE_MODEL_VALUE" : "OBJECT" }, "description" : "The configuration options that define how principals are mapped to their corresponding entries in the underlying LDAP server.", "expressions-allowed" : false, "required" : true, "nillable" : false, "stability" : "default", "value-type" : { "rdn-identifier" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The RDN part of the principal's DN to be used to obtain the principal's name from an LDAP entry. Used also when creating new identities.", "expressions-allowed" : true, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "use-recursive-search" : { "type" : { "TYPE_MODEL_VALUE" : "BOOLEAN" }, "description" : "Indicates if identity search queries are recursive.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : false, "requires" : ["search-base-dn"], "stability" : "default" }, "search-base-dn" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The base DN to search for identities.", "expressions-allowed" : true, "required" : false, "nillable" : true, "requires" : ["rdn-identifier"], "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "attribute-mapping" : { "type" : { "TYPE_MODEL_VALUE" : "LIST" }, "description" : "The attribute mappings defined for this resource.", "expressions-allowed" : false, "required" : false, "nillable" : true, "min-length" : 0, "max-length" : 2147483647, "stability" : "default", "value-type" : { "from" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the LDAP attribute to map to an identity attribute. If not defined, DN of entry is used.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "to" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the identity attribute mapped from a specific LDAP attribute. If not provided, the name of the attribute is the same as define in 'from'. If the 'from' is not defined too, value 'dn' is used.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "reference" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of LDAP attribute containing DN of entry to obtain value from.", "expressions-allowed" : true, "required" : false, "nillable" : true, "alternatives" : ["filter"], "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "filter" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The filter to use to obtain the values for a specific attribute. String '{0}' will be replaced by username, '{1}' by user identity DN.", "expressions-allowed" : true, "required" : false, "nillable" : true, "alternatives" : ["reference"], "requires" : ["to"], "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "filter-base-dn" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the context where the filter should be performed.", "expressions-allowed" : true, "required" : false, "nillable" : true, "requires" : ["filter"], "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "search-recursive" : { "type" : { "TYPE_MODEL_VALUE" : "BOOLEAN" }, "description" : "Indicates if attribute LDAP search queries are recursive.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : true, "requires" : ["filter"], "stability" : "default" }, "role-recursion" : { "type" : { "TYPE_MODEL_VALUE" : "INT" }, "description" : "Sets recursive roles assignment - value determine maximum depth of recursion. (0 for no recursion)", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : 0, "stability" : "default" }, "role-recursion-name" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "Determine LDAP attribute of role entry which will be substitute for '{0}' in filter-name when searching roles of role.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : "cn", "requires" : ["role-recursion"], "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "extract-rdn" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The RDN key to use as the value for an attribute, in case the value in its raw form is in X.500 format.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" } } }, "filter-name" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The LDAP filter for getting identity by name. If this is not specified then the default value will be (rdn_identifier={0}). The string '{0}' will be replaced by searched identity name and the 'rdn_identifier' will be the value of the attribute 'rdn-identifier'.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "iterator-filter" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The LDAP filter for iterating over identities of the realm.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "new-identity-parent-dn" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The DN of parent of newly created identities. Required for modifiability of the realm.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "new-identity-attributes" : { "type" : { "TYPE_MODEL_VALUE" : "LIST" }, "description" : "The attributes of newly created identities. Required for modifiability of the realm.", "expressions-allowed" : false, "required" : false, "nillable" : true, "min-length" : 0, "max-length" : 2147483647, "stability" : "default", "value-type" : { "name" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The attribute name.", "expressions-allowed" : true, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "value" : { "type" : { "TYPE_MODEL_VALUE" : "LIST" }, "description" : "The attribute value.", "expressions-allowed" : true, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default", "value-type" : { "TYPE_MODEL_VALUE" : "STRING" } } } }, "user-password-mapper" : { "type" : { "TYPE_MODEL_VALUE" : "OBJECT" }, "description" : "The credential mapping for userPassword-like credential attribute.", "expressions-allowed" : false, "required" : false, "nillable" : true, "stability" : "default", "value-type" : { "from" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the LDAP attribute to map to an identity attribute. If not defined, DN of entry is used.", "expressions-allowed" : true, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "writable" : { "type" : { "TYPE_MODEL_VALUE" : "BOOLEAN" }, "description" : "Indicates if password can be changed.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : false, "stability" : "default" }, "verifiable" : { "type" : { "TYPE_MODEL_VALUE" : "BOOLEAN" }, "description" : "Indicates if password can be used to verify user.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : true, "stability" : "default" } } }, "otp-credential-mapper" : { "type" : { "TYPE_MODEL_VALUE" : "OBJECT" }, "description" : "The credential mapping for OTP credential.", "expressions-allowed" : false, "required" : false, "nillable" : true, "stability" : "default", "value-type" : { "algorithm-from" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the LDAP attribute to map to an OTP credential algorithm.", "expressions-allowed" : true, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "hash-from" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the LDAP attribute to map to a Base64 encoded OTP credential hash.", "expressions-allowed" : true, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "seed-from" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the LDAP attribute to map to an OTP credential seed.", "expressions-allowed" : true, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "sequence-from" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the LDAP attribute to map to an OTP credential sequence number.", "expressions-allowed" : true, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" } } }, "x509-credential-mapper" : { "type" : { "TYPE_MODEL_VALUE" : "OBJECT" }, "description" : "The configuration allowing to use LDAP as storage of X509 credentials. X509 credential is user certificate or information allowing to identify it. At least one *-from attribute should be specified. This definition will be ignored otherwise. If more *-from attributes is defined, user certificate must match all defined criteria.", "expressions-allowed" : false, "required" : false, "nillable" : true, "stability" : "default", "value-type" : { "digest-from" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the LDAP attribute to map to a user certificate digest. If not defined, certificate digest will not be checked.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "digest-algorithm" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The digest algorithm (hash function) used to compute digest of the user certificate. Will be used only if digest-from have been defined.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : "SHA-1", "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "certificate-from" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the LDAP attribute to map to an encoded user certificate. If not defined, encoded certificate will not be checked.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "serial-number-from" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the LDAP attribute to map to a serial number of user certificate. If not defined, serial number will not be checked.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "subject-dn-from" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the LDAP attribute to map to a subject DN of user certificate. If not defined, subject DN will not be checked.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" } } } } } }, "reply-properties" : {}, "stability" : "default", "read-only" : false, "restart-required" : "resource-services", "runtime-only" : false }

• add-identity - Add an identity to a security realm.

  Request Parameter	Type	Required	Expressions Allowed	Default value	Description
  identity	STRING	true	false		The name of the identity.

  Raw DMR model

  { "operation-name" : "add-identity", "description" : "Add an identity to a security realm.", "request-properties" : {"identity" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the identity.", "expressions-allowed" : false, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }}, "reply-properties" : {}, "stability" : "default", "read-only" : false, "runtime-only" : true }

• add-identity-attribute - Add an attribute to an existing identity.

  Request Parameter	Type	Required	Expressions Allowed	Default value	Description
  identity	STRING	true	false		The name of the identity.
  name	STRING	true	false		The name of the attribute.
  value	LIST	true	false		The value of the attribute.

  Raw DMR model

  { "operation-name" : "add-identity-attribute", "description" : "Add an attribute to an existing identity.", "request-properties" : { "identity" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the identity.", "expressions-allowed" : false, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "name" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the attribute.", "expressions-allowed" : false, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "value" : { "type" : { "TYPE_MODEL_VALUE" : "LIST" }, "description" : "The value of the attribute.", "expressions-allowed" : false, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default", "value-type" : { "TYPE_MODEL_VALUE" : "STRING" } } }, "reply-properties" : {}, "stability" : "default", "read-only" : false, "runtime-only" : true }

• read-identity - Read an identity from a security realm if it exists.

  Request Parameter	Type	Required	Expressions Allowed	Default value	Description
  identity	STRING	true	false		The name of the identity.

  Raw DMR model

  { "operation-name" : "read-identity", "description" : "Read an identity from a security realm if it exists.", "request-properties" : {"identity" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the identity.", "expressions-allowed" : false, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }}, "reply-properties" : {}, "stability" : "default", "read-only" : true, "runtime-only" : true }

• remove - The remove operation for the security realm.

  Raw DMR model

  { "operation-name" : "remove", "description" : "The remove operation for the security realm.", "request-properties" : {}, "reply-properties" : {}, "stability" : "default", "read-only" : false, "restart-required" : "resource-services", "runtime-only" : false }

• remove-identity - Remove an identity from a security realm.

  Request Parameter	Type	Required	Expressions Allowed	Default value	Description
  identity	STRING	true	false		The name of the identity.

  Raw DMR model

  { "operation-name" : "remove-identity", "description" : "Remove an identity from a security realm.", "request-properties" : {"identity" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the identity.", "expressions-allowed" : false, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }}, "reply-properties" : {}, "stability" : "default", "read-only" : false, "runtime-only" : true }

• remove-identity-attribute - Remove an attribute to an existing identity.

  Request Parameter	Type	Required	Expressions Allowed	Default value	Description
  identity	STRING	true	false		The name of the identity.
  name	STRING	true	false		The name of the attribute.
  value	LIST	false	false		The value of the attribute.

  Raw DMR model

  { "operation-name" : "remove-identity-attribute", "description" : "Remove an attribute to an existing identity.", "request-properties" : { "identity" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the identity.", "expressions-allowed" : false, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "name" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the attribute.", "expressions-allowed" : false, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "value" : { "type" : { "TYPE_MODEL_VALUE" : "LIST" }, "description" : "The value of the attribute.", "expressions-allowed" : false, "required" : false, "nillable" : true, "min-length" : 0, "max-length" : 2147483647, "stability" : "default", "value-type" : { "TYPE_MODEL_VALUE" : "STRING" } } }, "reply-properties" : {}, "stability" : "default", "read-only" : false, "runtime-only" : true }

• set-password - Add a password to an existing identity.

  Request Parameter	Type	Required	Expressions Allowed	Default value	Description
  identity	STRING	true	false		The name of the identity.
  bcrypt	OBJECT	false	false		A password using the Bcrypt algorithm.
  clear	OBJECT	false	false		A password in clear text.
  simple-digest	OBJECT	false	false		A simple digest password.
  salted-simple-digest	OBJECT	false	false		A salted simple digest password.
  scram-digest	OBJECT	false	false		A password using the SCRAM digest algorithm.
  digest	OBJECT	false	false		A digest password.
  otp	OBJECT	false	false		A one-time password, used by the OTP SASL mechanism.

  Raw DMR model

  { "operation-name" : "set-password", "description" : "Add a password to an existing identity.", "request-properties" : { "identity" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the identity.", "expressions-allowed" : false, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "bcrypt" : { "type" : { "TYPE_MODEL_VALUE" : "OBJECT" }, "description" : "A password using the Bcrypt algorithm.", "expressions-allowed" : false, "required" : false, "nillable" : true, "stability" : "default", "value-type" : { "algorithm" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The algorithm used to encrypt the password.", "expressions-allowed" : false, "required" : false, "nillable" : true, "default" : "bcrypt", "allowed" : ["bcrypt"], "stability" : "default" }, "password" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The actual password to set.", "expressions-allowed" : false, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "salt" : { "type" : { "TYPE_MODEL_VALUE" : "BYTES" }, "description" : "The salt to apply to the password.", "expressions-allowed" : false, "required" : true, "nillable" : false, "min-length" : 0, "max-length" : 2147483647, "stability" : "default" }, "iteration-count" : { "type" : { "TYPE_MODEL_VALUE" : "INT" }, "description" : "The iteration count or cost to apply to the password.", "expressions-allowed" : false, "required" : true, "nillable" : false, "stability" : "default" } } }, "clear" : { "type" : { "TYPE_MODEL_VALUE" : "OBJECT" }, "description" : "A password in clear text.", "expressions-allowed" : false, "required" : false, "nillable" : true, "stability" : "default", "value-type" : {"password" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The actual password to set.", "expressions-allowed" : false, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }} }, "simple-digest" : { "type" : { "TYPE_MODEL_VALUE" : "OBJECT" }, "description" : "A simple digest password.", "expressions-allowed" : false, "required" : false, "nillable" : true, "stability" : "default", "value-type" : { "algorithm" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The algorithm used to encrypt the password.", "expressions-allowed" : false, "required" : false, "nillable" : true, "default" : "simple-digest-sha-512", "allowed" : [ "simple-digest-md2", "simple-digest-md5", "simple-digest-sha-1", "simple-digest-sha-256", "simple-digest-sha-384", "simple-digest-sha-512" ], "stability" : "default" }, "password" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The actual password to set.", "expressions-allowed" : false, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" } } }, "salted-simple-digest" : { "type" : { "TYPE_MODEL_VALUE" : "OBJECT" }, "description" : "A salted simple digest password.", "expressions-allowed" : false, "required" : false, "nillable" : true, "stability" : "default", "value-type" : { "algorithm" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The algorithm used to encrypt the password.", "expressions-allowed" : false, "required" : false, "nillable" : true, "default" : "password-salt-digest-sha-512", "allowed" : [ "password-salt-digest-md5", "password-salt-digest-sha-1", "password-salt-digest-sha-256", "password-salt-digest-sha-384", "password-salt-digest-sha-512", "salt-password-digest-md5", "salt-password-digest-sha-1", "salt-password-digest-sha-256", "salt-password-digest-sha-384", "salt-password-digest-sha-512" ], "stability" : "default" }, "password" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The actual password to set.", "expressions-allowed" : false, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "salt" : { "type" : { "TYPE_MODEL_VALUE" : "BYTES" }, "description" : "The salt to apply to the password.", "expressions-allowed" : false, "required" : true, "nillable" : false, "min-length" : 0, "max-length" : 2147483647, "stability" : "default" } } }, "scram-digest" : { "type" : { "TYPE_MODEL_VALUE" : "OBJECT" }, "description" : "A password using the SCRAM digest algorithm.", "expressions-allowed" : false, "required" : false, "nillable" : true, "stability" : "default", "value-type" : { "algorithm" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The algorithm used to encrypt the password.", "expressions-allowed" : false, "required" : false, "nillable" : true, "default" : "scram-sha-512", "allowed" : [ "scram-sha-1", "scram-sha-256", "scram-sha-384", "scram-sha-512" ], "stability" : "default" }, "password" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The actual password to set.", "expressions-allowed" : false, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "salt" : { "type" : { "TYPE_MODEL_VALUE" : "BYTES" }, "description" : "The salt to apply to the password.", "expressions-allowed" : false, "required" : true, "nillable" : false, "min-length" : 0, "max-length" : 2147483647, "stability" : "default" }, "iteration-count" : { "type" : { "TYPE_MODEL_VALUE" : "INT" }, "description" : "The iteration count or cost to apply to the password.", "expressions-allowed" : false, "required" : true, "nillable" : false, "stability" : "default" } } }, "digest" : { "type" : { "TYPE_MODEL_VALUE" : "OBJECT" }, "description" : "A digest password.", "expressions-allowed" : false, "required" : false, "nillable" : true, "stability" : "default", "value-type" : { "algorithm" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The algorithm used to encrypt the password.", "expressions-allowed" : false, "required" : false, "nillable" : true, "default" : "digest-sha-512", "allowed" : [ "digest-md5", "digest-sha", "digest-sha-256", "digest-sha-384", "digest-sha-512" ], "stability" : "default" }, "password" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The actual password to set.", "expressions-allowed" : false, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "realm" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The realm.", "expressions-allowed" : false, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" } } }, "otp" : { "type" : { "TYPE_MODEL_VALUE" : "OBJECT" }, "description" : "A one-time password, used by the OTP SASL mechanism.", "expressions-allowed" : false, "required" : false, "nillable" : true, "stability" : "default", "value-type" : { "algorithm" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The algorithm used to encrypt the password.", "expressions-allowed" : false, "required" : false, "nillable" : true, "default" : "otp-sha1", "allowed" : [ "otp-md5", "otp-sha1", "otp-sha256", "otp-sha384", "otp-sha512" ], "stability" : "default" }, "password" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The actual password to set.", "expressions-allowed" : false, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "seed" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The seed used to generate the hash.", "expressions-allowed" : true, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "sequence" : { "type" : { "TYPE_MODEL_VALUE" : "INT" }, "description" : "The sequence number used to generate the hash.", "expressions-allowed" : true, "required" : true, "nillable" : false, "stability" : "default" } } } }, "reply-properties" : {}, "stability" : "default", "read-only" : false, "runtime-only" : true }

Galleon Features

Galleon features are to be used when creating Galleon feature-packs.

• subsystem.elytron.ldap-realm

          
  <feature spec="subsystem.elytron.ldap-realm">
    <param name="ldap-realm" value="{resource name}"/>
    <param name="allow-blank-password" value="{value}"/>
    <param name="dir-context" value="{value}"/>
    <param name="direct-verification" value="{value}"/>
    <param name="hash-charset" value="{value}"/>
    <param name="hash-encoding" value="{value}"/>
    <param name="identity-mapping" value="{value}"/>
  <feature/>
          
        

  📋