Management API Reference for setting=single-sign-on

An SSO authentication mechanism configuration.

Provided Capabilities (2)

Name	Dynamic	Other provider points
org.wildfly.undertow.application-security-domain.sso.factory	true	none
org.wildfly.undertow.application-security-domain.sso.configuration	true	none

Attributes (9)

client-ssl-context - Reference to the SSL context used to secure back-channel logout connection.

Type	STRING
Is the attribute nillable?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	no-services
Stability Level	default
Raw DMR model	{ "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "Reference to the SSL context used to secure back-channel logout connection.", "expressions-allowed" : false, "required" : false, "nillable" : true, "capability-reference" : "org.wildfly.security.ssl-context", "min-length" : 1, "max-length" : 2147483647, "stability" : "default", "access-constraints" : {"sensitive" : {"ssl-ref" : {"type" : "core"}}}, "access-type" : "read-write", "storage" : "configuration", "restart-required" : "no-services" }

- Name of the cookie

Type	STRING
Default Value	JSESSIONIDSSO
Is the attribute nillable?	true
Does the attribute allow expression?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	all-services
Stability Level	default
Raw DMR model	`{ "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "Name of the cookie", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : "JSESSIONIDSSO", "min-length" : 1, "max-length" : 2147483647, "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "all-services", "capability-reference" : null }`

credential-reference - The credential reference to decrypt the private key entry.

Type	OBJECT
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	no-services
Stability Level	default
Raw DMR model	{ "type" : { "TYPE_MODEL_VALUE" : "OBJECT" }, "description" : "The credential reference to decrypt the private key entry.", "expressions-allowed" : false, "required" : true, "nillable" : false, "stability" : "default", "access-constraints" : {"sensitive" : {"credential" : {"type" : "core"}}}, "value-type" : { "store" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The name of the credential store holding the alias to credential.", "expressions-allowed" : false, "required" : false, "nillable" : true, "capability-reference" : "org.wildfly.security.credential-store", "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "alias" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The alias which denotes stored secret or credential in the store.", "expressions-allowed" : true, "required" : false, "nillable" : true, "requires" : ["store"], "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "type" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The type of credential this reference is denoting.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" }, "clear-text" : { "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The secret specified using clear text. Check credential store way of supplying credential/secrets to services.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default" } }, "access-type" : "read-write", "storage" : "configuration", "restart-required" : "no-services", "capability-reference" : null }

domain - The cookie domain that will be used.

Type	STRING
Is the attribute nillable?	true
Does the attribute allow expression?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	all-services
Stability Level	default
Raw DMR model	`{ "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The cookie domain that will be used.", "expressions-allowed" : true, "required" : false, "nillable" : true, "min-length" : 1, "max-length" : 2147483647, "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "all-services", "capability-reference" : null }`

http-only - Set Cookie httpOnly attribute.

Type	BOOLEAN
Default Value	false
Is the attribute nillable?	true
Does the attribute allow expression?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	all-services
Stability Level	default
Raw DMR model	`{ "type" : { "TYPE_MODEL_VALUE" : "BOOLEAN" }, "description" : "Set Cookie httpOnly attribute.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : false, "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "all-services", "capability-reference" : null }`

key-alias - Alias of the private key entry used for signing and verifying back-channel logout connection.

Type	STRING
Does the attribute allow expression?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	no-services
Stability Level	default
Raw DMR model	`{ "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "Alias of the private key entry used for signing and verifying back-channel logout connection.", "expressions-allowed" : true, "required" : true, "nillable" : false, "min-length" : 1, "max-length" : 2147483647, "stability" : "default", "access-constraints" : {"sensitive" : {"ssl-ref" : {"type" : "core"}}}, "access-type" : "read-write", "storage" : "configuration", "restart-required" : "no-services", "capability-reference" : null }`

key-store - Reference to key store containing a private key entry.

Type	STRING
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	no-services
Stability Level	default
Raw DMR model	`{ "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "Reference to key store containing a private key entry.", "expressions-allowed" : false, "required" : true, "nillable" : false, "capability-reference" : "org.wildfly.security.key-store", "min-length" : 1, "max-length" : 2147483647, "stability" : "default", "access-constraints" : {"sensitive" : {"ssl-ref" : {"type" : "core"}}}, "access-type" : "read-write", "storage" : "configuration", "restart-required" : "no-services" }`

path - Cookie path.

Type	STRING
Default Value	/
Is the attribute nillable?	true
Does the attribute allow expression?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	all-services
Stability Level	default
Raw DMR model	`{ "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "Cookie path.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : "/", "min-length" : 1, "max-length" : 2147483647, "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "all-services", "capability-reference" : null }`

secure - Set Cookie secure attribute.

Type	BOOLEAN
Default Value	false
Is the attribute nillable?	true
Does the attribute allow expression?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	all-services
Stability Level	default
Raw DMR model	`{ "type" : { "TYPE_MODEL_VALUE" : "BOOLEAN" }, "description" : "Set Cookie secure attribute.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : false, "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "all-services", "capability-reference" : null }`

Operations (2)

add - Adds an SSO authentication mechanism.

Request Parameter	Type	Required	Expressions Allowed	Default value	Description
client-ssl-context	STRING	false	false		Reference to the SSL context used to secure back-channel logout connection.
cookie-name	STRING	false	true	JSESSIONIDSSO	Name of the cookie
credential-reference	OBJECT	true	false		The credential reference to decrypt the private key entry.
domain	STRING	false	true		The cookie domain that will be used.
http-only	BOOLEAN	false	true	false	Set Cookie httpOnly attribute.
key-alias	STRING	true	true		Alias of the private key entry used for signing and verifying back-channel logout connection.
key-store	STRING	true	false		Reference to key store containing a private key entry.
path	STRING	false	true	/	Cookie path.
secure	BOOLEAN	false	true	false	Set Cookie secure attribute.

Raw DMR model


{
    "operation-name" : "add",
    "description" : "Adds an SSO authentication mechanism.",
    "request-properties" : {
        "client-ssl-context" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "STRING"
            },
            "description" : "Reference to the SSL context used to secure back-channel logout connection.",
            "expressions-allowed" : false,
            "required" : false,
            "nillable" : true,
            "capability-reference" : "org.wildfly.security.ssl-context",
            "min-length" : 1,
            "max-length" : 2147483647,
            "stability" : "default"
        },
        "cookie-name" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "STRING"
            },
            "description" : "Name of the cookie",
            "expressions-allowed" : true,
            "required" : false,
            "nillable" : true,
            "default" : "JSESSIONIDSSO",
            "min-length" : 1,
            "max-length" : 2147483647,
            "stability" : "default"
        },
        "credential-reference" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "OBJECT"
            },
            "description" : "The credential reference to decrypt the private key entry.",
            "expressions-allowed" : false,
            "required" : true,
            "nillable" : false,
            "stability" : "default",
            "value-type" : {
                "store" : {
                    "type" : {
                        "TYPE_MODEL_VALUE" : "STRING"
                    },
                    "description" : "The name of the credential store holding the alias to credential.",
                    "expressions-allowed" : false,
                    "required" : false,
                    "nillable" : true,
                    "capability-reference" : "org.wildfly.security.credential-store",
                    "min-length" : 1,
                    "max-length" : 2147483647,
                    "stability" : "default"
                },
                "alias" : {
                    "type" : {
                        "TYPE_MODEL_VALUE" : "STRING"
                    },
                    "description" : "The alias which denotes stored secret or credential in the store.",
                    "expressions-allowed" : true,
                    "required" : false,
                    "nillable" : true,
                    "requires" : ["store"],
                    "min-length" : 1,
                    "max-length" : 2147483647,
                    "stability" : "default"
                },
                "type" : {
                    "type" : {
                        "TYPE_MODEL_VALUE" : "STRING"
                    },
                    "description" : "The type of credential this reference is denoting.",
                    "expressions-allowed" : true,
                    "required" : false,
                    "nillable" : true,
                    "min-length" : 1,
                    "max-length" : 2147483647,
                    "stability" : "default"
                },
                "clear-text" : {
                    "type" : {
                        "TYPE_MODEL_VALUE" : "STRING"
                    },
                    "description" : "The secret specified using clear text. Check credential store way of supplying credential/secrets to services.",
                    "expressions-allowed" : true,
                    "required" : false,
                    "nillable" : true,
                    "min-length" : 1,
                    "max-length" : 2147483647,
                    "stability" : "default"
                }
            }
        },
        "domain" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "STRING"
            },
            "description" : "The cookie domain that will be used.",
            "expressions-allowed" : true,
            "required" : false,
            "nillable" : true,
            "min-length" : 1,
            "max-length" : 2147483647,
            "stability" : "default"
        },
        "http-only" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "BOOLEAN"
            },
            "description" : "Set Cookie httpOnly attribute.",
            "expressions-allowed" : true,
            "required" : false,
            "nillable" : true,
            "default" : false,
            "stability" : "default"
        },
        "key-alias" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "STRING"
            },
            "description" : "Alias of the private key entry used for signing and verifying back-channel logout connection.",
            "expressions-allowed" : true,
            "required" : true,
            "nillable" : false,
            "min-length" : 1,
            "max-length" : 2147483647,
            "stability" : "default"
        },
        "key-store" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "STRING"
            },
            "description" : "Reference to key store containing a private key entry.",
            "expressions-allowed" : false,
            "required" : true,
            "nillable" : false,
            "capability-reference" : "org.wildfly.security.key-store",
            "min-length" : 1,
            "max-length" : 2147483647,
            "stability" : "default"
        },
        "path" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "STRING"
            },
            "description" : "Cookie path.",
            "expressions-allowed" : true,
            "required" : false,
            "nillable" : true,
            "default" : "/",
            "min-length" : 1,
            "max-length" : 2147483647,
            "stability" : "default"
        },
        "secure" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "BOOLEAN"
            },
            "description" : "Set Cookie secure attribute.",
            "expressions-allowed" : true,
            "required" : false,
            "nillable" : true,
            "default" : false,
            "stability" : "default"
        }
    },
    "reply-properties" : {},
    "stability" : "default",
    "read-only" : false,
    "runtime-only" : false
}

remove - Removes the SSO authentication mechanism.

Raw DMR model


{
    "operation-name" : "remove",
    "description" : "Removes the SSO authentication mechanism.",
    "request-properties" : {},
    "reply-properties" : {},
    "stability" : "default",
    "read-only" : false,
    "restart-required" : "resource-services",
    "runtime-only" : false
}

Galleon Features

Galleon features are to be used when creating Galleon feature-packs.

subsystem.undertow.application-security-domain.setting.single-sign-on

        
<feature spec="subsystem.undertow.application-security-domain.setting.single-sign-on">
  <param name="application-security-domain" value="{resource name}"/>
  <param name="client-ssl-context" value="{value}"/>
  <param name="cookie-name" value="{value}"/>
  <param name="credential-reference" value="{value}"/>
  <param name="domain" value="{value}"/>
  <param name="http-only" value="{value}"/>
  <param name="key-alias" value="{value}"/>
  <param name="key-store" value="{value}"/>
  <param name="path" value="{value}"/>
  <param name="secure" value="{value}"/>
<feature/>