This chapter provides descriptions of custom WebLogic Scripting Tool (WLST) commands for Oracle Access Management OAuth Services, including command syntax, arguments and examples.
The following section lists the OAuth Services WLST commands and contains links to the command reference details.
Use the WLST commands listed in Table 7-1 to manage Oracle Access Management OAuth Services configuration objects.
Table 7-1 WLST Mobile and Social Commands for OAuth Services
Use this command... | To... | Use with WLST... |
---|---|---|
OAuth Identity Domain Commands |
||
Removes the specified OAuth Identity Domain. |
Online |
|
Creates a new OAuth Identity Domain. |
Online |
|
Updates an OAuth Identity Domain. |
Online |
|
Updates and allows individual attributes to be modified. |
Online |
|
OAuth System Configuration Commands |
||
Updates the OAuth System Configuration Defaults for the Identity Domain. |
Online |
|
OAuth System Component Commands |
||
Removes the specified OAuth System Component. |
Online |
|
Creates the specified OAuth System Component. |
Online |
|
Updates the specified OAuth System Component. |
Online |
|
OAuth Service Provider Commands |
||
This command will remove an OAuth Service Provider object. |
Online |
|
Creates an OAuth Service Provider. |
Online |
|
Updates an OAuth Service Provider. |
Online |
|
Updates an OAuth Service Provider parameter. |
Online |
|
OAuth Client Commands |
||
Removes an OAuth client object. |
Online |
|
Creates an OAuth client object. |
Online |
|
Updates an OAuth client object. |
Online |
|
Service Profile Commands |
||
Removes a service profile. |
Online |
|
Creates a service profile. |
Online |
|
Updates a service profile. |
Online |
|
Updates a service profile and allows individual attributes to be modified. |
Online |
|
OAuth Adaptive Access Plug-in Commands |
||
Removes the specified OAuth Adaptive Access Plug-in. |
Online |
|
Creates the specified OAuth Adaptive Access Plug-in. |
Online |
|
Updates the specified OAuth Adaptive Access Plug-in. |
Online |
|
OAuth Token Attributes Plug-in Commands |
||
Removes the specified OAuth Token Attributes Plug-in. |
Online |
|
Creates the specified OAuth Token Attributes Plug-in. |
Online |
|
Updates the specified OAuth Token Attributes Plug-in. |
Online |
|
OAuth ResourceServer Interface Commands |
||
Removes an OAuth Resource Server Interface. |
Online |
|
Updates an OAuth Resource Server Interface. |
Online |
|
Creates an OAuth Resource Server Interface. |
Online |
|
OAuth ResourceServer Interface |
||
Removes an OAuth User Profile Resource Server Interface. |
Online |
|
Updates an OAuth User Profile Resource Server Interface. |
Online |
|
Updates an OAuth Resource Server Interface and allows an individual attribute to be modified. |
Online |
|
Creates an OAuth User Profile Resource Server Interface. |
Online |
|
OAuth MSM Plug-in Commands |
||
Removes the specified OAuth MSM Plugin. |
Online |
|
Creates the specified OAuth MSM Plugin. |
Online |
|
Updates the specified OAuth MSM Plugin. |
Online |
|
Updates an OAuth MSM Plugin. |
Online |
|
Get / Display Commands |
||
Gets all the existing OAuth Identity Domains. |
Online |
|
Display the specified OAuth Identity Domain. |
Online |
|
Display the specified OAuth system configuration. |
Online |
|
Gets all the existing OAuth System Components. |
Online |
|
Display the specified OAuth System Component. |
Online |
|
Gets all the existing OAuth Service Providers. |
Online |
|
Display the specified OAuth Service Provider. |
Online |
|
Gets all the existing OAuth Clients. |
Online |
|
Display the specified OAuth Client. |
Online |
|
Gets all the existing OAuth AdaptiveAccessPlugins. |
Online |
|
Display the specified OAuth AdaptiveAccessPlugin. |
Online |
|
Gets all the existing OAuth authorization plug-ins. |
Online |
|
Display the specified OAuth authorization plug-ins. |
Online |
|
Gets all the existing OAuth Token Attributes Plug-ins. |
Online |
|
Display the specified OAuth Token Attributes Plug-in. |
Online |
|
Gets all the existing OAuth ResourceServerInterfaces. |
Online |
|
Display the specified OAuth ResourceServerInterface. |
Online |
|
Gets all the existing OAuth UserProfile resource server plug-ins. |
Online |
|
Display the specified OAuth UserProfile resource server plug-in. |
Online |
|
Gets all the existing OAuth Service Profiles. |
Online |
|
Display the specified OAuth Service Profile. |
Online |
removeOAuthIdentityDomain
removeOAuthIdentityDomain(name)
where name
is the name of the OAuth Identity Domain to be removed.
createOAuthIdentityDomain
createOAuthIdentityDomain(name, description, allowMultRS, enableMobile, globalUID )
Argument | Definition |
---|---|
name |
The name of the OAuth Identity Domain. |
description |
A description of the OAuth Identity Domain. [Optional] |
allowMultRS |
Boolean set for allowing multiple resource servers. |
enableMobile |
Boolean set that enables mobile parameters (used by UI console). |
globalUID |
Global unique identifier. [Optional] |
updateOAuthIdentityDomain
updateOAuthIdentityDomain(name, newName, description, allowMultRS, enableMobile
)
Argument | Definition |
---|---|
name |
The name of the OAuth Identity Domain. |
newName |
The new name of the OAuth Identity Domain. |
description |
A description of the OAuth Identity Domain. [Optional] |
allowMultRS |
Boolean set for allowing multiple resource servers. |
enableMobile |
Boolean set that enables mobile parameters (used by UI console). |
updateOAuthIdentityDomainParam
updateOAuthIdentityDomainParam(name, parameter, newvalue)
Argument | Definition |
---|---|
name |
The name of the OAuth Identity Domain. |
parameter |
The parameter to update: name | description | allowTokenAttrRetrieval | enableMobile |
new value |
The new value for the specified parameter. |
updateOAuthSystemConfig
updateOAuthSystemConfig(identityDomainName, proxyProtocol, proxyHost, proxyPort, proxyUser, minPool, maxPool, keepAlive, maxTokenSearchResult, paramList )
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
proxyProtocol |
The default HTTP protocol. Either HTTP or HTTPS. [optional] |
proxyHost |
The default HTTP proxy host. [optional] |
proxyPort |
The default HTTP proxy port. [optional] |
proxyUser |
The default HTTP proxy user. [optional] |
minPool |
The default Apple Push Notification minimum connection pool. |
maxPool |
The default Apple Push Notification maximum connection pool. |
keepAlive |
The default Apple Push Notification keepAlive in seconds. |
maxTokenSearchResult |
The maximum token search result in seconds. |
paramList |
A list of parameters specified in JSON format: [{name1:value1},{name2:value2}...] |
removeOAuthSysComponent
removeOAuthSysComponent(identityDomainName, name )
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth system component. |
createOAuthSysComponent
createOAuthSysComponent(identityDomainName, name, description, interClass, implClass, paramList)
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth system component. |
description |
A description of the OAuth system component. [Optional] |
interClass |
The interface class of the OAuth system component.
|
implClass |
The implement class of the OAuth system component. |
paramList |
A list of parameters specified in JSON format: [{name1:value1},{name2:value2}...] |
createOAuthSysComponent('myDomain','DefaultUserConsentService','Default User Consent Service','oracle.security.idaas.oauth.consent.AuthorizationUserConsent','oracle.security.idaas.oauth.consent.impl.LDAPAuthorizationUserConsentImpl','[{uc.ldap.username.attr:uid},{uc.ldap.consent.attr:postaladdress},{uc.ldap.userprofile.service:"/UserProfile"}]')
updateOAuthSysComponent
updateOAuthSysComponent(identityDomainName, name, description, interClass, implClass, paramList)
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth system component. |
description |
A description of the OAuth system component. [Optional] |
interClass |
The interface class of the OAuth system component.
|
implClass |
The implement class of the OAuth system component. |
paramList |
A list of parameters specified in JSON format: [{name1:value1},{name2:value2}...] |
updateOAuthSysComponent('myDomain','DefaultUserConsentService','Default User Consent Service','oracle.security.idaas.oauth.consent.AuthorizationUserConsent','oracle.security.idaas.oauth.consent.impl.LDAPAuthorizationUserConsentImpl','[{uc.ldap.username.attr:uid},{uc.ldap.consent.attr:postaladdress},{uc.ldap.userprofile.service:"/UserProfile"}]')
removeOAuthServiceProvider
removeOAuthServiceProvider(identityDomainName, name )
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth service provider. |
createOAuthServiceProvider
createOAuthServiceProvider(identityDomainName, name, description, implClass, paramList)
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth service provider. |
description |
A description of the OAuth service provider. [Optional] |
implClass |
The implement class of the OAuth service provider. |
paramList |
A list of parameters specified in JSON format: [{name1:value1},{name2:value2}...] |
createOAuthServiceProvider('myDomain','OAuthServiceProvider','OAuth Service Provider','oracle.security.idaas.oauth.token.jwtimpl.OAuthProvider', '[{oam.OAM_VERSION_disabled:OAM_11G},{oam.WEBGATE_ID:accessgate-oic},{oam.ENCRYPTED_PASSWORD:""},{oam.DEBUG_VALUE:0},{oam.TRANSPORT_SECURITY:OPEN},{oam.OAM_SERVER_1:"localhost:5575"},{oam.OAM_SERVER_1_MAX_CONN:4},{oam.OAM_SERVER_2:"oam_server_2:5575"},{oam.OAM_SERVER_2_MAX_CONN:4},{oam.AuthNURLForUID:"wl_authen://sample_ldap_no_pwd_protected_res"}]')
updateOAuthServiceProvider
updateOAuthServiceProvider(identityDomainName, name, description, implClass, paramList)
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth service provider. |
description |
A description of the OAuth service provider. [Optional] |
implClass |
The implement class of the OAuth service provider. |
paramList |
A list of parameters specified in JSON format: [{name1:value1},{name2:value2}...] |
updateOAuthServiceProvider('myDomain','OAuthServiceProvider','OAuth Service Provider','oracle.security.idaas.oauth.token.jwtimpl.OAuthProvider', '[{oam.OAM_VERSION_disabled:OAM_11G},{oam.WEBGATE_ID:accessgate-oic},{oam.ENCRYPTED_PASSWORD:"welcome"},{oam.DEBUG_VALUE:0},{oam.TRANSPORT_SECURITY:OPEN},{oam.OAM_SERVER_1:"localhost:5575"},{oam.OAM_SERVER_1_MAX_CONN:4},{oam.OAM_SERVER_2:"oam_server_2:5575"},{oam.OAM_SERVER_2_MAX_CONN:4},{oam.AuthNURLForUID:"wl_authen://sample_ldap_no_pwd_protected_res"}]')
updateOAuthServiceProviderParam
updateOAuthServiceProviderParam(identityDomainName, name, param, newvalue)
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth service provider. |
param |
The parameter to update: name , description , implClass , paramList , paramListAdd (adds the specified parameter leaving existing parameters in place) |
newvalue |
New value for the parameter. |
removeOAuthClient
removeOAuthClient(identityDomainName, name )
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth client. |
createOAuthClient
createOAuthClient(identityDomainName, name, description, globalUID, secret, allowTokenAttrRetrieval, httpRedirectURIList, paramList, mobileRedirectURIList, mobileParams, claimList, minPool, maxPool, keepAlive, production, gcmAppSetting, scopeRequiresUserConsent, scopeInvokeUserConsent, allowAllScopes, resourceServerScopes, scopes, grantTypes, clientType)
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth client. |
description |
A description of the OAuth Client. |
globalUID |
Global unique identifier. [Optional] |
secret |
The secret key. |
allowTokenAttrRetrieval |
Boolean to enable/disable token attribute retrieval. |
httpRedirectList |
The list of one or more redirect URIs specified in JSON format:
|
paramList |
A list of parameters specified in JSON format:
|
mobileRedirectURIList |
List of one or more mobile redirect URIs. [Optional] |
mobileParams |
A list of parameters specified in JSON format: [{name1:value1},{name2:value2}...] |
claimList |
A list of claim attributes. [Optional] |
minPool |
The default Apple Push Notification minimum connection pool. [Optional] |
maxPool |
The default Apple Push Notification maximum connection pool. [Optional] |
keepAlive |
The default Apple Push Notification keepAlive in seconds. [Optional] |
production |
A Boolean to set production or development mode. [Optional] |
gcmAppSetting |
Google Restricted Package name. [Optional] |
scopeRequiresUserConsent |
Boolean |
scopeInvokeUserConsent |
Boolean |
allowAllScopes |
Boolean |
resourceServerScopes |
List of resource server scopes. Use this argument to select the resource server scope name prefix, for example userProfile would allow a client to access all userProfile resource server scopes. [Optional] |
scopes |
List of scopes. Use this argument to select a specific scope name, for example: userProfile.me.read . [Optional] |
grantTypes |
[Optional] List of grant types:
|
clientType |
Type of client: Either CONFIDENTIAL_CLIENT or MOBILE_CLIENT |
createOAuthClient('myDomain','sampleOAuthMobileClient', 'sample client app','1234567890','quiet','true', '[{"http://localhost:7005:/base_domain/domainRuntime":false}]','[{par1:val1}]', '','[{mobpar1:mobval1}]', 'oracle:idm:claims:client:geolocation,oracle:idm:claims:client:imei, oracle:idm:claims:client:jailbroken,oracle:idm:claims:client:locale, oracle:idm:claims:client:macaddress,oracle:idm:claims:client:networktype, oracle:idm:claims:client:ostype,oracle:idm:claims:client:osversion, oracle:idm:claims:client:phonecarriername,oracle:idm:claims:client:phonenumber, oracle:idm:claims:client:sdkversion,oracle:idm:claims:client:udid, oracle:idm:claims:client:vpnenabled,oracle:idm:claims:client:fingerprint', '1','3','300','false','gcm','true','false','true','','', 'authorization_code,client_credentials','MOBILE_CLIENT')
updateOAuthClient
updateOAuthClient(identityDomainName, name, description, secret, allowTokenAttrRetrieval, httpRedirectURIList, paramList, mobileRedirectURIList, mobileParams, claimList, minPool, maxPool, keepAlive, production, gcmAppSetting, scopeRequiresUserConsent, scopeInvokeUserConsent, allowAllScopes, resourceServerScopes, scopes, grantTypes, clientType)
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth client. |
description |
A description of the OAuth Client. |
secret |
The secret key. |
allowTokenAttrRetrieval |
Boolean to enable/disable token attribute retrieval. |
httpRedirectList |
The list of one or more redirect URIs specified in JSON format:
|
paramList |
A list of parameters specified in JSON format:
|
mobileRedirectURIList |
List of one or more mobile redirect URIs. [Optional] |
mobileParams |
A list of parameters specified in JSON format: [{name1:value1},{name2:value2}...] |
claimList |
A list of claim attributes. [Optional] |
minPool |
The default Apple Push Notification minimum connection pool. [Optional] |
maxPool |
The default Apple Push Notification maximum connection pool. [Optional] |
keepAlive |
The default Apple Push Notification keepAlive in seconds. [Optional] |
production |
A Boolean to set production or development mode. [Optional] |
gcmAppSetting |
Google Restricted Package name. [Optional] |
scopeRequiresUserConsent |
Boolean |
scopeInvokeUserConsent |
Boolean |
allowAllScopes |
Boolean |
resourceServerScopes |
List of resource server scopes. [Optional] |
scopes |
List of scopes. [Optional] |
grantTypes |
[Optional] List of grant types:
|
clientType |
Type of client: Either CONFIDENTIAL_CLIENT or MOBILE_CLIENT ,ALL |
updateOAuthClient('myDomain','sampleOAuthMobileClient', 'sample client app','quiet', '[{"http://localhost:7005:/base_domain/domainRuntime":false}]', '[{par1:val1}]','','[{mobpar1:mobval1}]','oracle:idm:claims:client:geolocation, oracle:idm:claims:client:imei,oracle:idm:claims:client:jailbroken, oracle:idm:claims:client:locale,oracle:idm:claims:client:macaddress, oracle:idm:claims:client:networktype,oracle:idm:claims:client:ostype, oracle:idm:claims:client:osversion,oracle:idm:claims:client:phonecarriername, oracle:idm:claims:client:phonenumber,oracle:idm:claims:client:sdkversion, oracle:idm:claims:client:udid,oracle:idm:claims:client:vpnenabled, oracle:idm:claims:client:fingerprint','1','3','300','false','gcm','true','false', 'true','','','authorization_code,client_credentials','MOBILE_CLIENT')
updateOAuthClientParam
updateOAuthClient(identityDomainName, name, param, newvalue)
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth client. |
param |
The parameter to update: [name, description, secret, allowTokenAttrRetrieval, httpRedirectURIList, paramList, paramListAdd (adds the specified parameter leaving existing parameters in place), mobileRedirectURIList] |
newvalue |
New value for the parameter. |
removeOAuthServiceProfile
removeOAuthServiceProfile(identityDomainName, name)
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth service profile. |
createOAuthServiceProfile
createOAuthServiceProfile(identityDomainName, name, description, adAccessPlugin, tokenAttrPlugin, clientPlugin, pluginMode, resourceServerProfilePlugin, authzUserConsentPlugin, allResourceServerInterfaces, resourceServers, allClients, clientAppBindings, preferredHardwareIdList, androidSender, androidSecurityLevel, iosSecurityLevel, otherSecurityLevel, consentServiceProtection, clientRegRequiresUserConsent, serviceProvider, endpoint, serviceEnable, mobilePreAuthzExpire, mobilePreAuthzEnable, authzExpire, authzEnable, clientExpire, clientEnable, clientRefreshExpire, clientRefreshEnable, userExpire, userEnable, userRefreshExpire, userRefreshEnable, accessExpire, accessEnable, accessRefreshExpire, accessRefreshEnable, paramList, mobParamList, userAuthenticator, tokenStatic, tokenDynamic)
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth system component. |
description |
A description of the OAuth Service Profile. [Optional] |
adAccessPlugin |
Adaptive Access Plug-in. [Optional] |
tokenAttrPlugin |
Token Attribute Plugin. [Optional] |
clientPlugin |
The name of the client plug-in. |
pluginMode |
Client plug-in mode. Either ALL_LOCAL_STORAGE or ALL_PLUGIN_DELEGATION. |
resourceServerProfilePlugin |
Resource server profile plug-in. |
authzUserConsentPlugin |
Authorization user consent plug-in. |
allResourceServerInterfaces |
Boolean that specifies whether the service profile can contain generic (false) interfaces. |
resourceServers |
List of resource servers. |
allClients |
Boolean that specifies is the service profile applies to all clients. |
clientAppBindings |
[Optional] List of client application bindings specified in JSON format:
|
preferredHardwareIdList |
List of Hardware IDs separated by commas. |
androidSender |
GCM sender ID. [Optional] |
androidSecurityLevel |
Android security level: HIGH or MEDIUM or LOW. |
iosSecurityLevel |
iOS security level: HIGH or MEDIUM or LOW. |
otherSecurityLevel |
Other security level: HIGH or MEDIUM or LOW. |
consentServiceProtection |
Service Protection Mode: OAM or JWT_IDS or JWT_OAM. |
clientRegRequiresUserConsent |
Boolean that specifies if client registration requires user consent. |
serviceProvider |
Service provider. |
endpoint |
Service endpoint. |
serviceEnable |
Boolean that enables or disables the service profile. Either true or false. |
mobilePreAuthzExpire |
Mobile pre-authorization code expiration length (in seconds). [Optional] |
mobilePreAuthzEnable |
Boolean that enables or disables the mobile pre-authorization code. [Optional] Either true or false. |
authzExpire |
Authorization code expiration (in seconds). [Optional] |
authzEnable |
Boolean that enables or disables the authorization code. [Optional] Either true or false. |
clientExpire |
Client token authorization code expiration (in seconds). [Optional] |
clientEnable |
Boolean that enables or disables the client token. [Optional] Either true or false. |
clientRefreshExpire |
Client refresh token expiration (in seconds). [Optional] |
clientRefreshEnable |
Boolean that enables or disables the client refresh token. [Optional] |
userExpire |
User token expiration (in seconds). [Optional] |
userEnable |
Boolean that enables or disables the user token. [Optional] |
userRefreshExpire |
User refresh token expiration (in seconds). [Optional] |
userRefreshEnable |
Boolean that enables or disables the user refresh token. [Optional] |
accessExpire |
Access token expiration (in seconds). |
accessEnable |
Boolean access token enable. |
accessRefreshExpire |
Access refresh token expiration (in seconds). |
accessRefreshEnable |
Boolean access refresh Token enable. |
paramList |
A list of parameters specified in JSON format:
|
mobParamList |
A list of mobile client parameters specified in JSON format:
|
userAuthenticator |
User Authenticator. Either IDS or OAM. |
tokenStatic |
[Optional] Static token attribute specified in JSON format:
|
tokenDynamic |
Dynamic token attribute list. [Optional] |
createOAuthServiceProfile('myDomain', 'OAuthServiceProfile', 'OAuth Service Profile','sampleSecurityPlugin','defaultTokenAttrPlugin', 'DefaultClientSecurityManager','ALL_LOCAL_STORAGE', 'DefaultResourceServerProfilePlugin','AuthzUserConsentPlugin', 'false','sampleResourceServerInterface','false', '[{client:sampleOAuthClient,role:SSOAgent,priority:45,param:[{param1:val1}, {param2:val2}]},{client:sampleOwsmOAuthClient,role:SSOAgent,priority:45, param:[{param1:val1},{param2:val2}]}]','','GoogleCloudMessaging','HIGH','MEDIUM', 'LOW','OAM','true','OAuthServiceProvider','/oauthserv','true','150','false', '900','true','28800','true','604800','true','28800','true','0','false','3600', 'true','28800','true','[{oracle.id.name:userrole},{jwt.CryptoScheme:RS512}, {jwt.issuer:www.oracle.example.com}]','[{mobileParamName:mobileParamValue}]', 'OAM','[{attr1:val1}]','attr1,attr2,attr3')
updateOAuthServiceProfile
updateOAuthServiceProfile(identityDomainName, name, description, adAccessPlugin, tokenAttrPlugin, clientPlugin, pluginMode, resourceServerProfilePlugin, authzUserConsentPlugin, allResourceServerInterfaces, resourceServers, allClients, clientAppBindings, preferredHardwareIdList,androidSender, androidSecurityLevel, iosSecurityLevel, otherSecurityLevel, consentServiceProtection, clientRegRequiresUserConsent, serviceProvider, endpoint, serviceEnable, mobilePreAuthzExpire, mobilePreAuthzEnable, authzExpire, authzEnable, clientExpire, clientEnable, clientRefreshExpire, clientRefreshEnable, userExpire, userEnable, userRefreshExpire, userRefreshEnable, accessExpire, accessEnable, accessRefreshExpire, accessRefreshEnable, paramList, mobParamList, userAuthenticator, tokenStatic, tokenDynamic)
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth service profile. |
description |
A description of the OAuth service profile. [Optional] |
adAccessPlugin |
Adaptive Access Plug-in. [Optional] |
tokenAttrPlugin |
Token Attribute Plugin. [Optional] |
clientPlugin |
The name of the client plug-in. |
pluginMode |
Client plug-in mode. Either ALL_LOCAL_STORAGE or ALL_PLUGIN_DELEGATION. |
resourceServerProfilePlugin |
Resource server profile plug-in. |
authzUserConsentPlugin |
Authorization user consent plug-in. |
allResourceServerInterfaces |
Boolean that specifies whether the service profile can contain generic (false) interfaces. |
resourceServers |
List of resource servers. |
allClients |
Boolean that specifies is the service profile applies to all clients. |
clientAppBindings |
[Optional] List of client application bindings specified in JSON format:
|
preferredHardwareIdList |
List of Hardware IDs separated by commas. |
androidSender |
GCM sender ID. [Optional] |
androidSecurityLevel |
Android security level: HIGH or MEDIUM or LOW. |
iosSecurityLevel |
iOS security level: HIGH or MEDIUM or LOW. |
otherSecurityLevel |
Other security level: HIGH or MEDIUM or LOW. |
consentServiceProtection |
Service Protection Mode: OAM or JWT_IDS or JWT_OAM. |
clientRegRequiresUserConsent |
Boolean that specifies if client registration requires user consent. |
serviceProvider |
Service provider. |
endpoint |
Service endpoint. |
serviceEnable |
Boolean that enables or disables the service profile. Either true or false. |
mobilePreAuthzExpire |
Mobile pre-authorization code expiration length (in seconds). [Optional] |
mobilePreAuthzEnable |
Boolean that enables or disables the mobile pre-authorization code. [Optional] Either true or false. |
authzExpire |
Authorization code expiration (in seconds). [Optional] |
authzEnable |
Boolean that enables or disables the authorization code. [Optional] Either true or false. |
clientExpire |
Client token authorization code expiration (in seconds). [Optional] |
clientEnable |
Boolean that enables or disables the client token. [Optional] Either true or false. |
clientRefreshExpire |
Client refresh token expiration (in seconds). [Optional] |
clientRefreshEnable |
Boolean that enables or disables the client refresh token. [Optional] |
userExpire |
User token expiration (in seconds). [Optional] |
userEnable |
Boolean that enables or disables the user token. [Optional] |
userRefreshExpire |
User refresh token expiration (in seconds). [Optional] |
userRefreshEnable |
Boolean that enables or disables the user refresh token. [Optional] |
accessExpire |
Access token expiration (in seconds). |
accessEnable |
Boolean access token enable. |
accessRefreshExpire |
Access refresh token expiration (in seconds). |
accessRefreshEnable |
Boolean access refresh Token enable. |
paramList |
A list of parameters specified in JSON format:
|
mobParamList |
A list of mobile client parameters specified in JSON format:
|
userAuthenticator |
User Authenticator. Either IDS or OAM. |
tokenStatic |
[Optional] Static token attribute specified in JSON format:
|
tokenDynamic |
Dynamic token attribute list. [Optional] |
updateOAuthServiceProfile('myDomain', 'OAuthServiceProfile', 'OAuth Service Profile','sampleSecurityPlugin','defaultTokenAttrPlugin','DefaultClientSecurityManager','ALL_LOCAL_STORAGE','DefaultResourceServerProfilePlugin','AuthzUserConsentPlugin','false','sampleResourceServerInterface','false','[{client:sampleOAuthClient,role:SSOAgent,priority:45,param:[{param1:val1},{param2:val2}]},{client:sampleOwsmOAuthClient,role:SSOAgent,priority:45,param:[{param1:val1},{param2:val2}]}]','oracle:idm:claims:client:iosidforvendor,oracle:idm:claims:client:macaddress,oracle:idm:claims:client:imei','GoogleCloudMessaging','HIGH','MEDIUM','LOW','OAM','true','OAuthServiceProvider','/oauthserv','true','150','false','900','true','28800','true','604800','true','28800','true','0','false','3600','true','28800','true','[{oracle.id.name:userrole},{jwt.CryptoScheme:RS512},{jwt.issuer:www.oracle.example.com}]','[{mobileParamName:mobileParamValue}]','OAM','[{attr1:val1}]','attr1,attr2,attr3')
updateOAuthServiceProfileParam
updateOAuthServiceProfileParam(domainName, name, parameter, newvalue)
Argument | Definition |
---|---|
domainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth service profile. |
param eter |
The parameter to update: name | description | adAccessPlugin | msmPlugin | tokenAttrPlugin | clientPlugin | pluginMode | resourceServerProfilePlugin | authzUserConsentPlugin | allResourceServerInterfaces | resourceServers | allClients | clientAppBindings | androidSender | androidSecurityLevel | iosSecurityLevel | otherSecurityLevel | consentServiceProtection | clientRegRequiresUserConsent | serviceProvider | endpoint | serviceEnable | mobilePreAuthzExpire | mobilePreAuthzEnable | authzExpire | authzEnable | clientExpire | clientEnable | clientRefreshExpire | clientRefreshEnable | userExpire | userEnable | userRefreshExpire | userRefreshEnable | accessExpire | accessEnable | accessRefreshExpire | accessRefreshEnable | paramList | paramListAdd | mobParamList | userAuthenticator | tokenStatic | tokenDynamic | preferredHardwareIdList | preferredHardwareIdListAdd |
newvalue |
New value for the specified parameter. |
removeOAuthAdaptiveAccessPlugin
removeOAuthAdaptiveAccessPlugin(identityDomainName,name)
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth system component. |
createOAuthAdaptiveAccessPlugin
createOAuthAdaptiveAccessPlugin(identityDomainName, name, description, implClass, paramList)
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth plug-in. |
description |
A description of the OAuth plug-in. [Optional] |
implClass |
The implement class of the OAuth plug-in. |
paramList |
A list of parameters specified in JSON format: [{name1:value1},{name2:value2}...] |
updateOAuthAdaptiveAccessPlugin
updateOAuthAdaptiveAccessPlugin(identityDomainName, name, description, implClass, paramList)
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth plug-in. |
description |
A description of the OAuth plug-in. [Optional] |
implClass |
The implement class of the OAuth plug-in. |
paramList |
A list of parameters specified in JSON format: [{name1:value1},{name2:value2}...] |
removeOAuthTokenAttributesPlugin
removeOAuthTokenAttributesPlugin(identityDomainName,name)
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth system component. |
createOAuthTokenAttributesPlugin
createOAuthTokenAttributesPlugin(identityDomainName, name, description,implClass, paramList)
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth plug-in. |
description |
A description of the OAuth plug-in. [Optional] |
implClass |
The implement class of the OAuth plug-in. |
paramList |
A list of parameters specified in JSON format: [{name1:value1},{name2:value2}...] |
updateOAuthTokenAttributesPlugin
updateOAuthTokenAttributesPlugin(identityDomainName, name, description, implClass, paramList)
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth plug-in. |
description |
A description of the OAuth plug-in. [Optional] |
implClass |
The implement class of the OAuth plug-in. |
paramList |
A list of parameters specified in JSON format: [{name1:value1},{name2:value2}...] |
removeOAuthResourceServerInterface
removeOAuthResourceServerInterface(identityDomainName, name )
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth resource server interface. |
updateOAuthResourceServerInterface
updateOAuthResourceServerInterface(identityDomainName, name, description, secret, allowTokenAttrRetrieval, namespacePrefix, audienceClaim, scopeList, offlineScope, authzUserConsentPluginRef, overriddenAuthzExpire, overriddenAuthzEnable, overriddenAccessExpire, overriddenAccessEnable, overriddenAccessRefreshExpire, overriddenAccessRefreshEnable, tokenStatic, tokenDynamic)
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth resource server interface. |
description |
A description of the OAuth resource server interface. |
secret |
The secret key. |
allowTokenAttrRetrieval |
Boolean that enables/disables token attribute retrieval. |
namespacePrefix |
A namespace prefix. [Optional] |
audienceClaim |
Audience claim URI. [Optional] |
scopeList |
A list of parameters specified in JSON format:
|
offlineScope |
Offline scope. [Optional] |
authzUserConsentPluginRef |
Authorization UserConsent plug-in reference. |
overriddenAuthzExpire |
Overridden authorization code expiration (in seconds). |
overriddenAuthzEnable |
Boolean that enables/disables the authorization override option. |
overriddenAccessExpire |
Overridden access token expiration (in seconds). |
overriddenAccessEnable |
Boolean that enables/disables the access token override option. |
overriddenAccessRefreshExpire |
Overridden access refresh token expiration (in seconds). |
overriddenAccessRefreshEnable |
Boolean that enables/disables the access refresh override option. |
tokenStatic |
A list of static token attributes specified in JSON format: [{name1:value1},{name2:value2}...] |
tokenDynamic |
Dynamic token attribute list. |
updateOAuthResourceServerInterface('myDomain','sampleResourceServerInterface','sample portal content resource server','secret','true','namespaceprefix.','audienceClaim','[{scopeName:samplePortalContentServer.portal.read,includedInDefault:false,userOffline:false,requiresConsent:true,scopeDesc:[{en-us:read portal content}]},{scopeName:samplePortalContentServer.portal.write,includedInDefault:false,userOffline:false,requiresConsent:true,scopeDesc:[{en-us:write portal content}]}]','offlineScope','AuthzUserConsentPlugin','1200','false','7200','false','28801','false','[]','')
updateOAuthResourceServerInterfaceParam
updateOAuthResourceServerInterfaceParam(identityDomainName, name, param, newvalue)
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth resource server interface. |
param |
The parameter to update: [name, description, secret, allowTokenAttrRetrieval, namespacePrefix, audienceClaim, scopeList, offlineScope, authzUserConsentPluginRef ]. |
newvalue |
New value for the parameter. |
createOAuthResourceServerInterface
createOAuthResourceServerInterface(identityDomainName, name, description, globalUID, secret, allowTokenAttrRetrieval, namespacePrefix, audienceClaim, scopeList, offlineScope, authzUserConsentPluginRef, overriddenAuthzExpire, overriddenAuthzEnable, overriddenAccessExpire, overriddenAccessEnable, overriddenAccessRefreshExpire, overriddenAccessRefreshEnable, tokenStatic, tokenDynamic)
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth resource server interface. |
description |
A description of the OAuth resource server interface. |
globalUID |
Global unique identifier. [Optional] |
secret |
The secret key. |
allowTokenAttrRetrieval |
Boolean that enables/disables token attribute retrieval. |
namespacePrefix |
A namespace prefix. [Optional] |
audienceClaim |
Audience claim URI. [Optional] |
scopeList |
A list of parameters specified in JSON format:
|
offlineScope |
Offline scope. [Optional] |
authzUserConsentPluginRef |
Authorization UserConsent plug-in reference. |
overriddenAuthzExpire |
Overridden authorization code expiration (in seconds). |
overriddenAuthzEnable |
Boolean that enables/disables the authorization override option. |
overriddenAccessExpire |
Overridden access token expiration (in seconds). |
overriddenAccessEnable |
Boolean that enables/disables the access token override option. |
overriddenAccessRefreshExpire |
Overridden access refresh token expiration (in seconds). |
overriddenAccessRefreshEnable |
Boolean that enables/disables the access refresh override option. |
tokenStatic |
A list of static token attributes specified in JSON format: [{name1:value1},{name2:value2}...] |
tokenDynamic |
Dynamic token attribute list. |
createOAuthResourceServerInterface('myDomain','sampleResourceServerInterface', 'sample portal content resource server','','secret','true','namespaceprefix.', 'audienceClaim','[{scopeName:samplePortalContentServer.portal.read, includedInDefault:false,userOffline:false,requiresConsent:true, scopeDesc:[{en-us:read portal content}]}, {scopeName:samplePortalContentServer.portal.write, includedInDefault:false,userOffline:false,requiresConsent:true, scopeDesc:[{en-us:write portal content}]}]', 'offlineScope','AuthzUserConsentPlugin','1200','false','7200','false','28801', 'false','[]','')
removeOAuthUserProfileResourceServer
removeOAuthUserProfileResourceServer(identityDomainName, name)
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth user profile resource server interface. |
updateOAuthUserProfileResourceServer
updateOAuthUserProfileResourceServer(identityDomainName, resName, resDesc, secret, namespacePrefix, authzPluginRef, scopeList, offlineScope, authzExpire, authzEnable, accessExpire, accessEnable, accessRefreshExpire, accessRefreshEnable, tokenStatic, tokenDynamic, endpoint, enabled, subResource, paramList)
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
resName |
The name of the OAuth resource server interface. |
resDesc |
A description of the OAuth resource server interface. |
secret |
The secret key. |
namespacePrefix |
A namespace prefix. |
authzPluginRef |
Authorization plug-in reference. |
scopeList |
A list of parameters specified in JSON format:
|
offlineScope |
Offline scope. [Optional] |
authzExpire |
Authorization code expiration (in seconds) |
authzEnable |
Boolean that enables/disables the authorization code option. |
accessExpire |
Access token expiration (in seconds). |
accessEnable |
Boolean that enables/disables the access token option. |
accessRefreshExpire |
Access refresh token expiration (in seconds). |
accessRefreshEnable |
Boolean that enables/disables the access refresh option. |
tokenStatic |
A list of static token attributes specified in JSON format: [{name1:value1},{name2:value2}...] |
tokenDynamic |
Dynamic token attribute list. |
endpoint |
Service endpoint. |
enabled |
Boolean to enable/disable. |
subResource |
Specified in JSON format:
|
paramList |
A list of parameters specified in JSON format: [{name1:value1},{name2:value2}...] |
updateOAuthUserProfileResourceServer('myDomain','userProfile', 'Out Of The Box User Profile Resource Server','welcome1', '[{scopeName:userProfile.users.read,includedInDefault:false,userOffline:false, requiresConsent:false,scopeDesc:[{en-us:read any user default profile}]}, {scopeName:userProfile.users.write,includedInDefault:false,userOffline:false, requiresConsent:false,scopeDesc:[{en-us:write any user default profile}]}, {scopeName:userProfile.group.read,includedInDefault:false,userOffline:false, requiresConsent:false,scopeDesc:[{en-us:read any group default profile}]}, {scopeName:userProfile.group.write,includedInDefault:false,userOffline:false, requiresConsent:false,scopeDesc:[{en-us:write any group default profile}]}, {scopeName:userProfile.me.read,includedInDefault:false,userOffline:false, requiresConsent:true,scopeDesc:[{en-us:read my default profile}]}, {scopeName:userProfile.me.write,includedInDefault:false,userOffline:false, requiresConsent:true,scopeDesc:[{en-us:write my default profile}]}, {scopeName:userProfile.me.password,includedInDefault:false,userOffline:false, requiresConsent:true,scopeDesc:[{en-us:write my default password}]}]', 'namespace','userrole','defaultPlugin','900','true','604800','true','28800', 'true','/myuserprofile','false','[{accessControl:false}, {adminGroup:"cn=Administrators,ou=groups,ou=myrealm,dc=base_domain"}, {selfEdit:true}]','[{endpoint:"/me", enabled:true,implClass:oracle.security.idaas.oauth.jaxrs.Me, entities:[{attributes:"",relationship:[{name:people_groups, endpoint:memberOf,srcEntity:person-uri,destEntity:group-uri,scopeNames:""}, {name:people_manager,endpoint:manager,srcEntity:report-uri, destEntity:manager-uri,scopeNames:""}]}],binding:[{method:"GET", allow:true,scope:myscope,addScope:[{name:userProfile.me.read,attr:"uid,mail, description,commonname,firstname,lastname"},{name:userProfile.me.password, attr:password}]},{method:"POST,PUT,DELETE",allow:true,scope:myscope, addScope:[{name:userProfile.me.write,attr:"uid,mail,description,commonname, firstname,lastname"},{name:userProfile.me.password,attr:password}]}],param:[]}, {endpoint:"/users",enabled:true,implClass:oracle. security.idaas.oauth.jaxrs.Users,entities:[{attributes:"", relationship:[{name:people_groups,endpoint:memberOf,srcEntity:person-uri, destEntity:group-uri,scopeNames:""},{name:people_manager,endpoint:manager, srcEntity:report-uri,destEntity:manager-uri,scopeNames:""}]}], binding:[{method:"GET",allow:true,scope:myscope, addScope:[{name:userProfile.users.read,attr:"uid,mail,description,commonname, firstname,lastname"}]},{method:"POST,PUT,DELETE",allow:true,scope:myscope, addScope:[{name:userProfile.users.write,attr:"uid,mail,description,commonname, firstname,lastname"}]}],param:[]},{endpoint:"/groups",enabled:true, implClass:oracle.security.idaas.oauth.jaxrs.Groups,entities:[{attributes:"", relationship:[{name:groups_people,endpoint:memberOf,srcEntity:group-uri, destEntity:person-uri,scopeNames:""}]}],binding:[{method:"GET",allow:true, scope:myscope,addScope:[{name:userProfile.group.read,attr:"name,description"}]}, {method:"POST,PUT,DELETE",allow:true,scope:myscope, addScope:[{name:userProfile.group . write,attr:"name,description"}]}], param:[]}]','[{param1:val1},{param2:val2}]','attr1,attr2')
updateOAuthResourceServerInterfaceParam
Updates an OAuth resource server interface and allows individual attributes to be modified.
updateOAuthResourceServerInterfaceParam(domainName, name, parameter, newvalue)
Argument | Definition |
---|---|
domainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth resource server interface. |
parameter |
The parameter to update: name | description | allowTokenAttrRetrieval | secret | namespacePrefix |
newvalue |
The new value for the specified parameter. |
createOAuthUserProfileResourceServer
createOAuthUserProfileResourceServer(identityDomainName, resName, resDesc, globalUID, secret, scopeList, namespacePrefix, idsName, authzPluginRef, authzExpire, authzEnable, accessExpire, accessEnable, accessRefreshExpire, accessRefreshEnable, endpoint, enabled, paramList, subResourceList, tokenStatic, tokenDynamic)
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
resName |
The name of the OAuth resource server interface. |
resDesc |
A description of the OAuth resource server interface. |
globalUID |
Global unique identifier. (Optional) |
secret |
The secret key. |
scopeList |
A list of parameters specified in JSON format:
|
namespacePrefix |
A namespace prefix. |
idsName |
The identity directory service name. |
authzPluginRef |
Authorization plug-in reference. |
authzExpire |
Authorization code expiration (in seconds) |
authzEnable |
Boolean that enables/disables the authorization code option. |
accessExpire |
Access token expiration (in seconds). |
accessEnable |
Boolean that enables/disables the access token option. |
accessRefreshExpire |
Access refresh token expiration (in seconds). |
accessRefreshEnable |
Boolean that enables/disables the access refresh option. |
endpoint |
Service endpoint. |
enabled |
Boolean to enable/disable. |
paramList |
A list of parameters specified in JSON format: [{name1:value1},{name2:value2}...] |
subResource |
Specified in JSON format:
|
tokenStatic |
A list of static token attributes specified in JSON format: [{name1:value1},{name2:value2}...] |
tokenDynamic |
Dynamic token attribute list. |
createOAuthUserProfileResourceServer('myDomain','userProfile', 'Out Of The Box User Profile Resource Server','555888','welcome1', '[{scopeName:userProfile.users.read,includedInDefault:false,userOffline:false, requiresConsent:false,scopeDesc:[{en-us:read any user default profile}]}, {scopeName:userProfile.users.write,includedInDefault:false,userOffline:false, requiresConsent:false,scopeDesc:[{en-us:write any user default profile}]}, {scopeName:userProfile.group.read,includedInDefault:false,userOffline:false, requiresConsent:false,scopeDesc:[{en-us:read any group default profile}]}, {scopeName:userProfile.group.write,includedInDefault:false,userOffline:false, requiresConsent:false,scopeDesc:[{en-us:write any group default profile}]}, {scopeName:userProfile.me.read,includedInDefault:false,userOffline:false, requiresConsent:true,scopeDesc:[{en-us:read my default profile}]}, {scopeName:userProfile.me.write,includedInDefault:false,userOffline:false, requiresConsent:true,scopeDesc:[{en-us:write my default profile}]}, {scopeName:userProfile.me.password,includedInDefault:false,userOffline:false, requiresConsent:true,scopeDesc:[{en-us:write my default password}]}]', 'namespace','userrole','defaultPlugin','900','true','604800','true','28800', 'true','/myuserprofile','false','[{accessControl:false}, {adminGroup:"cn=Administrators,ou=groups,ou=myrealm,dc=base_domain"}, {selfEdit:true}]','[{endpoint:"/me",enabled:true, implClass:oracle.security.idaas.oauth.jaxrs.Me,entities:[{attributes:"", relationship:[{name:people_groups,endpoint:memberOf,srcEntity:person-uri, destEntity:group-uri,scopeNames:""},{name:people_manager,endpoint:manager, srcEntity:report-uri,destEntity:manager-uri,scopeNames:""}]}], binding:[{method:"GET",allow:true,scope:myscope, addScope:[{name:userProfile.me.read,attr:"uid,mail,description,commonname, firstname,lastname"},{name:userProfile.me.password,attr:password}]}, {method:"POST,PUT,DELETE",allow:true,scope:myscope, addScope:[{name:userProfile.me.write,attr:"uid,mail,description,commonname, firstname,lastname"},{name:userProfile.me.password,attr:password}]}],param:[]}, {endpoint:"/users",enabled:true, implClass:oracle.security.idaas.oauth.jaxrs.Users,entities:[{attributes:"", relationship:[{name:people_groups,endpoint:memberOf,srcEntity:person-uri, destEntity:group-uri,scopeNames:""},{name:people_manager,endpoint:manager, srcEntity:report-uri,destEntity:manager-uri,scopeNames:""}]}], binding:[{method:"GET",allow:true,scope:myscope, addScope:[{name:userProfile.users.read,attr:"uid,mail,description,commonname, firstname,lastname"}]},{method:"POST,PUT,DELETE",allow:true,scope:myscope, addScope:[{name:userProfile.users.write,attr:"uid,mail,description,commonname, firstname,lastname"}]}],param:[]},{endpoint:"/groups",enabled:true, implClass:oracle.security.idaas.oauth.jaxrs.Groups, entities:[{attributes:"",relationship:[{name:groups_people,endpoint:memberOf, srcEntity:group-uri,destEntity:person-uri,scopeNames:""}]}], binding:[{method:"GET",allow:true,scope:myscope, addScope:[{name:userProfile.group.read,attr:"name,description"}]}, {method:"POST,PUT,DELETE",allow:true,scope:myscope, addScope:[{name:userProfile.group.write,attr: "name,description"}]}], param:[]}]','[{param1:val1},{param2:val2}]','attr1,attr2')
removeOAuthMSMPlugin
removeOAuthMSMPlugin(identityDomainName, name )
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth system component. |
createOAuthMSMPlugin
createOAuthMSMPlugin(identityDomainName, name, description, implClass, paramList)
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth plug-in. |
description |
Description of the OAuth plug-in. |
implClass |
Implement class of the OAuth Plug-in. |
paramList |
List of parameters specified in JSON format: [{name1:value1},{name2:value2}...] |
updateOAuthMSMPlugin
updateOAuthMSMPlugin(identityDomainName, name, description, implClass, paramList)
Argument | Definition |
---|---|
identityDomainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth plug-in. |
description |
Description of the OAuth plug-in. |
implClass |
Implement class of the OAuth Plug-in. |
paramList |
List of parameters specified in JSON format: [{name1:value1},{name2:value2}...] |
updateOAuthMSMPluginParam
updateOAuthMSMPluginParam(domainName, name, parameter, newvalue)
Argument | Definition |
---|---|
domainName |
The name of the OAuth identity domain. |
name |
The name of the OAuth plug-in. |
parameter |
Parameter to update: name | description | implClass | paramList | paramListAdd | paramListUpdate | paramListRemove |
newvalue |
New value for the specified parameter. |
getOAuthIdentityDomains
displayOAuthIdentityDomain
displayOAuthIdentityDomain(uuid)
Argument | Definition |
---|---|
uuid |
The universally unique identifier for the identity domain. |
displayOAuthSystemConfig
displayOAuthSystemConfig(uuid)
Argument | Definition |
---|---|
uuid |
The universally unique identifier for the identity domain. |
getOAuthSysComponents
getOAuthSysComponents(uuid)
Argument | Definition |
---|---|
uuid |
The universally unique identifier for the identity domain. |
displayOAuthSysComponent
displayOAuthSysComponent(uuid,name)
Argument | Definition |
---|---|
uuid |
The universally unique identifier for the identity domain. |
name |
The name of the specific system component. |
getOAuthServiceProviders
getOAuthServiceProviders(uuid)
Argument | Definition |
---|---|
uuid |
The universally unique identifier for the identity domain. |
displayOAuthServiceProvider
displayOAuthServiceProvider(uuid,name)
Argument | Definition |
---|---|
uuid |
The universally unique identifier for the identity domain. |
name |
The name of the specific service provider. |
getOAuthClients
getOAuthClients(uuid)
Argument | Definition |
---|---|
uuid |
The universally unique identifier for the identity domain. |
displayOAuthClient
displayOAuthClient(uuid,name)
Argument | Definition |
---|---|
uuid |
The universally unique identifier for the identity domain. |
name |
The name of the specific client. |
getOAuthAdaptiveAccessPlugins
getOAuthAdaptiveAccessPlugins(uuid)
Argument | Definition |
---|---|
uuid |
The universally unique identifier for the identity domain. |
displayOAuthAdaptiveAccessPlugin
displayOAuthAdaptiveAccessPlugin(uuid,name)
Argument | Definition |
---|---|
uuid |
The universally unique identifier for the identity domain. |
name |
The name of the specific adaptive access plug-in. |
getOAuthAuthzPlugin
getOAuthAuthzPlugin(uuid)
Argument | Definition |
---|---|
uuid |
The universally unique identifier for the identity domain. |
displayOAuthAuthzPlugin
displayOAuthAuthzPlugin(uuid,name)
Argument | Definition |
---|---|
uuid |
The universally unique identifier for the identity domain. |
name |
The name of the specific authorization plug-in. |
getOAuthTokenAttributesPlugins
getOAuthTokenAttributesPlugins(uuid)
Argument | Definition |
---|---|
uuid |
The universally unique identifier for the identity domain. |
displayOAuthTokenAttributesPlugin
displayOAuthTokenAttributesPlugin(uuid,name)
Argument | Definition |
---|---|
uuid |
The universally unique identifier for the identity domain. |
name |
The name of the specific token attributes plug-in. |
getOAuthResourceServerInterfaces
getOAuthResourceServerInterfaces(uuid)
Argument | Definition |
---|---|
uuid |
The universally unique identifier for the identity domain. |
displayOAuthResourceServerInterface
displayOAuthResourceServerInterface(uuid,name)
Argument | Definition |
---|---|
uuid |
The universally unique identifier for the identity domain. |
name |
The name of the specific resource server interface. |
getOAuthUserProfileResourceServers
getOAuthUserProfileResourceServers(uuid)
Argument | Definition |
---|---|
uuid |
The universally unique identifier for the identity domain. |
displayOAuthUserProfileResourceServer
displayOAuthUserProfileResourceServer(uuid,name)
Argument | Definition |
---|---|
uuid |
The universally unique identifier for the identity domain. |
name |
The name of the specific User Profile resource server plug-in. |
getOAuthServiceProfiles
getOAuthServiceProfiles(uuid)
Argument | Definition |
---|---|
uuid |
The universally unique identifier for the identity domain. |
displayOAuthServiceProfile
displayOAuthServiceProfile(uuid,name)
Argument | Definition |
---|---|
uuid |
The universally unique identifier for the identity domain. |
name |
The name of the specific service profile. |