ルート・スキーマ: schema
型: object
ソースを表示
{
"required":[
"radiusAdminUser",
"radiusAdminGroup"
],
"properties":{
"radiusAdminUser":{
"description":"List of admin users that are present in directory to manage configurations and RADIUS clients for Oracle RADIUS Agent This is required for day-0 and optional for others",
"example":"[ \"cn=radiusAdminUser,ou=people,dc=example,dc=com\",\"cn=adminUser,ou=people,dc=example,dc=com\" ]\nOR\n[ \"radiusAdminUser\",\" + \"adminUser\" ]",
"items":{
"type":"string"
},
"type":"array"
},
"radiusAdminGroup":{
"description":"List of admin groups that are present in directory to manage configurations and RADIUS clients for Oracle RADIUS Agent This is required for day-0 and optional for others",
"example":"[ \"cn=group1,ou=groups,dc=example,dc=com\",\"cn=group2,ou=groups,dc=example,dc=com\" ]\nOR\n[ \"group1\",\" + \"group2\" ]",
"items":{
"type":"string"
},
"type":"array"
},
"server":{
"properties":{
"customDictionary":{
"description":"Custom RADIUS dictionary file that contain definitions for vendor specific attributes",
"type":"string"
},
"customDictionaryAsStream":{
"description":"Custom dictionary file as stream",
"items":{
"format":"byte",
"type":"string"
},
"type":"array"
},
"enableDynamicClients":{
"default":"false",
"description":"Indicates if dynamic clients are allowed or not",
"type":"boolean"
},
"enableMetrics":{
"default":"true",
"description":"Indicates if metrics is enabled",
"type":"boolean"
},
"heartBeatInterval":{
"default":"120000",
"description":"Configured heartbeat thread invocation interval in ms to check availability of authenticator like LDAP",
"format":"int32",
"type":"integer"
},
"stateCacheConcurrencyLevel":{
"default":"6",
"description":"State Attribute Cache's concurrency Level",
"format":"int32",
"type":"integer"
},
"stateCacheEntryTimeout":{
"default":"120000",
"description":"State Attribute Cache's Entry Timeout",
"format":"int64",
"type":"integer"
},
"validatedTokenCacheConcurrencyLevel":{
"default":"6",
"description":"Validated MFA Token Cache's concurrency Level",
"format":"int32",
"type":"integer"
},
"validatedTokenCacheEntryTimeout":{
"default":"60000",
"description":"Validated MFA Token Cache's Entry Timeout",
"format":"int64",
"type":"integer"
},
"customDictionaryFileAsStream":{
"items":{
"format":"byte",
"type":"string"
},
"type":"array"
}
},
"description":"Server config details",
"type":"object"
},
"logging":{
"description":"Logging details",
"type":"object"
},
"radiusListener":{
"properties":{
"channelSelectTimeout":{
"default":"120000",
"description":"UDP NIO channel selection timeout in ms",
"format":"int64",
"type":"integer"
},
"coreThreadPoolSize":{
"default":"10",
"description":"CorePoolSize value for the underlying ThreadPoolExecutor of the worker threads",
"format":"int32",
"type":"integer"
},
"numberOfWorkerThreads":{
"default":"20",
"description":"The number of worker threads configured, maximum PoolSize value for the underlying ThreadPoolExecutor of the worker threads",
"format":"int32",
"type":"integer"
},
"requestCacheCleanupInitialDelay":{
"default":"0",
"description":"Request Cache Cleanup Thread's initial delay",
"format":"int64",
"type":"integer"
},
"requestCacheCleanupInterval":{
"default":"60000",
"description":"Request cache cleanup thread's interval",
"format":"int64",
"type":"integer"
},
"requestCacheCleanupPoolSize":{
"default":"0",
"description":"Request Cache Cleanup Thread Pool Size",
"format":"int32",
"type":"integer"
},
"requestCacheConcurrencyLevel":{
"default":"6",
"description":"Request Cache's concurrency level",
"format":"int32",
"type":"integer"
},
"requestCacheEntryTimeout":{
"default":"30000",
"description":"Request cache's entry timeout value in milliseconds",
"format":"int64",
"type":"integer"
},
"socketSOTimeout":{
"default":"1800000",
"description":"The underlying socket SO timeout in ms",
"format":"int32",
"type":"integer"
},
"threadPoolKeepAliveTime":{
"default":"10000",
"description":"Thread Pool Keep Alive Time for the underlying ThreadPoolExecutor of the worker threads",
"format":"int64",
"type":"integer"
},
"threadPoolMaxQueueSize":{
"default":"0",
"description":"Allowed maximum queue size value for the underlying queue used by ThreadPoolExecutor of the worker threads",
"format":"int32",
"type":"integer"
}
},
"description":"Global RADIUS Listener config details",
"type":"object"
},
"authentication":{
"required":[
"provider"
],
"properties":{
"provider":{
"default":"LDAP",
"description":"Configured authentication provider type",
"type":"string"
},
"userCacheEntryTimeout":{
"default":"300000L",
"description":"User cache entry timeout value in ms",
"format":"int64",
"type":"integer"
},
"userCacheConcurrencyLevel":{
"default":"4",
"description":"User cache concurrency level",
"format":"int32",
"type":"integer"
},
"userCacheCleanupInterval":{
"default":"300000L",
"description":"User cache cleanup interval",
"format":"int64",
"type":"integer"
},
"userCacheCleanupPoolSize":{
"default":"1",
"description":"User cache cleanup thread pool size",
"format":"int32",
"type":"integer"
},
"userCacheCleanupInitialDelay":{
"default":"0L",
"description":"UserCache clean up initial delay after which the cleanup thread will start",
"format":"int64",
"type":"integer"
},
"ldap":{
"required":[
"name",
"dn",
"password",
"ldapUrl",
"baseDN",
"enabled"
],
"properties":{
"name":{
"description":"Name of the configuration",
"example":"<name of provider>",
"type":"string"
},
"initSize":{
"default":"5",
"description":"This property indicates the number of connections that are created when connection pool is initialized",
"format":"int32",
"type":"integer"
},
"maxSize":{
"default":"100",
"description":"The maximum number of connections the pool maintains. If minSize is greater than maxSize then minSize is set to maxSize",
"format":"int32",
"type":"integer"
},
"minSize":{
"default":"5",
"description":"The minimum number of connections the pool maintains. If initSize is less than minSize then connection pool is initialized with minSize connections",
"format":"int32",
"type":"integer"
},
"readTimeout":{
"default":"30000",
"description":"Time limit in milliseconds for which RADIUS agent will wait for LDAP server to respond back",
"format":"int64",
"type":"integer"
},
"connectTimeout":{
"default":"5000",
"description":"Time limit in milliseconds within which LDAP connection has to be made",
"format":"int64",
"type":"integer"
},
"searchTimeout":{
"default":"30000",
"description":"Time limit in milliseconds for LDAP searches",
"format":"int32",
"type":"integer"
},
"poolMaxWaitTime":{
"default":"20000",
"description":"Time limit in milliseconds for which client will wait for a LDAP connection to be made available",
"format":"int64",
"type":"integer"
},
"poolIncrementSize":{
"default":"5",
"description":"Number of connections to be made at a time when all existing connections are in use and number of connections are less than maxSize",
"format":"int32",
"type":"integer"
},
"poolMaintenanceInterval":{
"default":"600000",
"description":"Time interval in milliseconds when maintenance thread would run",
"format":"int64",
"type":"integer"
},
"dn":{
"description":"The DN of user which RADIUS agent uses to connect to LDAP server",
"example":"cn=Directory Manager",
"type":"string"
},
"password":{
"description":"The password of user which RADIUS agent uses to connect to LDAP server",
"example":"<password>",
"type":"string"
},
"ldapUrl":{
"description":"URL of the LDAP server",
"example":"ldaps://<hostname>:<port>",
"type":"string"
},
"baseDN":{
"description":"The base DN of the LDAP domain that is used by RADIUS Agent for searching users and groups",
"example":"dc=example,dc=com",
"type":"string"
},
"loginAttr":{
"default":"uid",
"description":"The login attribute name in LDAP for user. This is used to construct filter to lookup user during login",
"type":"string"
},
"truststore":{
"description":"Truststore file location in case a JKS file is used for certificates",
"type":"string"
},
"trustedCertificate":{
"description":"Trusted certificate in Base 64 format",
"example":"BASE 64 FORMAT",
"type":"string"
},
"trustedCertificateAliasName":{
"default":"ldap-server-trusted-cert",
"description":"Alias name to be used for referring to trusted certificate in JKS",
"example":"ldap-server-cert",
"type":"string"
},
"truststorePassword":{
"description":"Truststore password. This is optional and needs to be provided if truststore is used instead of a trustedCertificate",
"example":"<Password>",
"type":"string"
},
"keystore":{
"description":"Keystore file location to be used for SSL mutual authentication",
"type":"string"
},
"keystoreCertificateAliasName":{
"description":"Alias name used for referring to the certificate in keystore JKS",
"type":"string"
},
"keystorePassword":{
"description":"Password to the keystore file",
"type":"string"
},
"keyFactorAlgorithm":{
"default":"RSA",
"description":"Algorithm with which certificate has been signed",
"type":"string"
},
"keystoreTruststoreType":{
"description":"File type (JKS/PKCS12) when file based truststore/keystore is used. If null, it means certificate itself has been provided",
"type":"string"
},
"sslProtocol":{
"default":"TLSv1.3, TLSv1.2",
"description":"The cryptographic protocol RADIUS agent would use for connecting to LDAP server for secure connections. Multiple protocols can be given separated by comma",
"type":"string"
},
"cipherSuites":{
"default":"None (Uses JVM defaults)",
"description":"Default cipher suites used out of the box",
"items":{
"type":"string"
},
"type":"array"
},
"referral":{
"default":"follow",
"description":"Specifies the behavior when a referral is returned by LDAP server. Check JNDI java.naming.referral for possible values.",
"type":"string"
},
"searchUserBeforeBind":{
"default":"true",
"description":"Lookup user in LDAP server to get their DN before initiating user login. This can be disabled if LDAP server supports bind using a mapped ID directly (for example: ID mapper in OUD, UPN bind in Active Directory etc.)",
"type":"boolean"
},
"enabled":{
"default":"true",
"description":"Flag to indicate if it is enabled",
"type":"boolean"
},
"properties":{
"readOnly":true,
"type":"object"
},
"retryCount":{
"default":"1",
"description":"If configured and a value > 0 indicates that the Operation will be retried for the configured number of times in case of a Connection Failure.\nRetry can be turned off if value = 0",
"format":"int32",
"type":"integer"
},
"retryInterval":{
"default":"0",
"description":"When number of retries is > 1, retry interval between two retries in ms",
"format":"int64",
"type":"integer"
},
"authWithoutMFACriteria":{
"description":"Based on this filter, matching users are allowed to login using primary factor only when user footprint is not present in MFA",
"type":"string"
},
"enableMemberOfQuery":{
"default":"false",
"description":"Enable memberof searches which relies on group membership to be resolved by the backend LDAP server. OID/OUD returns nested group/dynamic groups along with direct membership while AD returns only direct membership of the user",
"type":"boolean"
},
"groupNamingAttribute":{
"default":"cn",
"description":"Naming attribute for groups in LDAP",
"type":"string"
},
"maxGroupsToFetch":{
"default":"0",
"description":"Sets the maximum number of entries to be returned as a result of the search. A value of 0 indicates no limit. (Note: this only applies to the case when group membership query constructed by ORA, and this does not apply to memberof query)",
"format":"int32",
"type":"integer"
},
"maxNestedLevels":{
"default":"10",
"description":"Maximum depth search should happen for finding out groups a given user is member of in case if nested groups are configured. (Note: this only applies to the case when group membership query constructed by ORA, and this does not apply to memberof query)",
"format":"int32",
"type":"integer"
},
"memberAttr":{
"description":"LDAP attribute name to be used for group related queries. If not specified then uniquemember and member are used. For AD we need to provide 'member' as its value for nested group searches to work",
"example":"member",
"type":"string"
},
"memberFilteringCriteria":{
"description":"Additional filtering criteria for group searches. This condition when present is ANDed with the group membership query filter. Eg: For AD we need to provide (objectclass=group) for nested group search to work",
"example":"objectclass=group",
"type":"string"
},
"memberOfAttribute":{
"default":"memberof",
"description":"The attribute which returns groups a user is member of. OUD works with ismemberof, AD works with memberof while OID supports both memberof and ismemberof",
"type":"string"
},
"poolMaxConnectionIdleTime":{
"default":"1500000",
"description":"Time in milliseconds after which an idle connection is expired",
"format":"int64",
"type":"integer"
},
"poolMaxConnectionReuseTime":{
"default":"-1(No time limit)",
"description":"Time in milliseconds after which a connection is expired",
"format":"int64",
"type":"integer"
},
"reuseAddress":{
"default":"true",
"description":"Reuse ports even when it is in TIME_WAIT state",
"type":"boolean"
},
"soKeepAlive":{
"default":"true",
"description":"Enable keep alive probes for socket connection",
"type":"boolean"
},
"soTimeout":{
"default":"0",
"description":"Defines the socket timeout in milliseconds while waiting for data. A value of 0 indicates no timeout",
"format":"int32",
"type":"integer"
},
"tcpNoDelay":{
"default":"false",
"description":"Data is sent as soon as available",
"type":"boolean"
},
"userFilteringCriteria":{
"description":"Additional filtering criteria to search user. If specified, this filter gets appended with loginAttr (using AND condition)",
"type":"string"
}
},
"description":"LDAP configuration details",
"type":"object"
},
"custom":{
"required":[
"enabled",
"name"
],
"properties":{
"enabled":{
"default":"true",
"description":"Flag to indicate if it is enabled",
"type":"boolean"
},
"name":{
"description":"Name of the configuration",
"example":"<name of provider>",
"type":"string"
},
"retryCount":{
"default":"1",
"description":"If configured and a value > 0 indicates that the Operation will be retried for the configured number of times in case of a Connection Failure.\nRetry can be turned off if value = 0",
"format":"int32",
"type":"integer"
},
"retryInterval":{
"default":"0",
"description":"When number of retries is > 1, retry interval between two retries in ms",
"format":"int64",
"type":"integer"
},
"className":{
"description":"Custom authentication provider class name",
"type":"string"
},
"jarsLocation":{
"description":"Gets the jars directory for the custom provider",
"type":"string"
},
"properties":{
"description":"Defined properties",
"type":"object"
},
"unrecognizedFields":{
"readOnly":true,
"type":"object"
}
},
"description":"Custom Authenticator configuration details",
"type":"object"
}
},
"description":"Global primary authentication config details",
"type":"object"
},
"mfa":{
"required":[
"oaa",
"provider"
],
"properties":{
"oaa":{
"required":[
"name",
"enabled",
"oaaUrl",
"clientType",
"clientSecret",
"clientId"
],
"properties":{
"name":{
"description":"Name of the configuration",
"example":"<name of provider>",
"type":"string"
},
"enabled":{
"default":"true",
"description":"Flag to indicate if it is enabled",
"type":"boolean"
},
"oaaUrl":{
"description":"OAA Service Base URI",
"example":"https://127.0.0.1:37001/oaa/runtime",
"type":"string"
},
"clientType":{
"default":"radius",
"description":"Client Type used in OAA for RADIUS agent",
"type":"string"
},
"clientSecret":{
"description":"Client Secret in OAA for registered agent for RADIUS Agent",
"example":"secret1",
"type":"string"
},
"clientId":{
"description":"Client ID in OAA for registered agent for RADIUS Agent",
"example":"clientId1",
"type":"string"
},
"agentgid":{
"description":"Agent ID in OAA for registered RADIUS agent",
"example":"agent1",
"type":"string"
},
"timeToLiveInMs":{
"default":"300000",
"description":"Factor Token's Time To Live in MilliSecs",
"format":"int64",
"type":"integer"
},
"connectTimeout":{
"default":"2000",
"description":"OAA API Connection Timeout in Millisecs",
"format":"int32",
"type":"integer"
},
"readTimeout":{
"default":"10000",
"description":"OAA API Read Timeout in Millisecs",
"format":"int32",
"type":"integer"
},
"properties":{
"readOnly":true,
"type":"object"
},
"retryCount":{
"default":"1",
"description":"If configured and a value > 0 indicates that the Operation will be retried for the configured number of times in case of a Connection Failure.\nRetry can be turned off if value = 0",
"format":"int32",
"type":"integer"
},
"retryInterval":{
"default":"0",
"description":"When number of retries is > 1, retry interval between two retries in ms",
"format":"int64",
"type":"integer"
},
"oaaPolicyUrl":{
"description":"OAA Policy URL",
"example":"https://100.102.48.163:31223/oaa-policy",
"type":"string"
},
"policyUserName":{
"description":"OAA Policy Username",
"example":"oaa20210128t000000-oaa-policy",
"type":"string"
},
"policyUserPassword":{
"description":"OAA Policy Password",
"example":"oaaPolicyPassword1",
"type":"string"
}
},
"description":"OAA configuration details",
"type":"object"
},
"provider":{
"default":"OAA",
"description":"Provider name",
"type":"string"
}
},
"description":"Global multi factor authentication config details",
"type":"object"
},
"preferences":{
"properties":{
"allowSpecificFactorInPassword":{
"default":"false",
"description":"Indicates if directly invoking Specific Factor by enduser is enabled or not",
"type":"boolean"
},
"allowTokenInPassword":{
"default":"true",
"description":"Indicates if synchronous login mode (Password, delimiter, token concatenation) is enabled/disabled",
"type":"boolean"
},
"appendDelimiter":{
"default":";",
"description":"Delimiter used for synchronous mode ( Password+delimiter+token)",
"example":"password;123456",
"type":"string"
},
"defaultSecondFactor":{
"default":"ChallengeOMATOTP",
"description":"Default Second Factor. This Factor will be used when no preferred factor is available for the user from OAA's User Preferences and synchronous mode is used in the RADIUS Request",
"type":"string"
},
"defaultTokenLength":{
"default":"6",
"description":"Length of the token for synchronous login mode. This represents the token length of the DefaultSecondFactor configured",
"format":"int32",
"type":"integer"
},
"factorToTokenLengthMap":{
"default":"{\"ChallengeOMATOTP\": 6, \"ChallengeYubicoOTP\": 44}",
"description":"RADIUS Factor to factor token length mapping",
"type":"object"
},
"groupAsSingleString":{
"default":"false",
"description":"Returns group details as a single string in response separated by a delimiter that is configured if it's true",
"type":"boolean"
},
"groupAsSingleStringDelimiter":{
"default":",",
"description":"Delimiter used when groups are returned as single string",
"type":"string"
},
"groupAttrID":{
"default":"1 (for ORACLE)",
"description":"RADIUS attribute ID for the group mapping. Groups are returned as part of this RADIUS attribute",
"format":"int32",
"type":"integer"
},
"groupAttrVendorID":{
"default":"111 (for ORACLE_ROLE attribute)",
"description":"RADIUS vendor ID for the group mapping. Groups are returned as part of this RADIUS attribute. RADIUS Vendor ID 111 stands for Oracle and a value of -1 needs to be used in order to use any standard RADIUS attribute",
"format":"int32",
"type":"integer"
},
"groupNameMapping":{
"description":"Mappings to map group names in primary authenticator to different values",
"example":"{\"group1\":\"ORA_GRP_1\", \"group2\":\"ORA_GRP_2\"}",
"type":"object"
},
"mfaOptions":{
"default":"\"defaultGroup\": \"Default\"",
"description":"Additional OAA Provider specific options like \"assuranceLevel\", \"factorChoices\" (for auto-wiring of ORA and OAA), \"defaultGroup\" for setting default group name that is passed to OAA",
"example":" \"assuranceLevel\": \"Rad_CP0_%RNDM1%\"",
"type":"object"
},
"radiusFactorToMFAFactorMap":{
"default":"{\"totp\": \"ChallengeOMATOTP\", \"yubikey\": \"ChallengeYubicoOTP\", \"sms\": \"ChallengeSMS\", \"mail\": \"ChallengeEmail\"}",
"description":"RadiusAgent's Factor to MFA Provider's Factor mapping. These keywords can be used to invoke a specific factor for MFA",
"type":"object"
},
"returnGroups":{
"default":"false",
"description":"Indicates if groups need to be returned during authentication",
"example":"true/false",
"type":"boolean"
},
"userAttrMap":{
"description":"Represents mapping for user attributes from primary authenticator to specified RADIUS Attributes which are to be returned during authentication",
"example":"{\"userAttrVendorID\": 111, \"userAttrName\": \"cn\"}",
"items":{
"$ref":"#/components/schemas/UserAttrMapping"
},
"type":"array"
}
},
"description":"Global preferences config details",
"type":"object"
},
"application":{
"description":"RADIUS client configuration details",
"type":"object"
}
},
"type":"object"
}
ネストされたスキーマ: application
型: object
RADIUSクライアント構成詳細
ネストされたスキーマ: authentication
型: object
グローバル・プライマリ認証構成詳細
ソースを表示
{
"required":[
"provider"
],
"properties":{
"provider":{
"default":"LDAP",
"description":"Configured authentication provider type",
"type":"string"
},
"userCacheEntryTimeout":{
"default":"300000L",
"description":"User cache entry timeout value in ms",
"format":"int64",
"type":"integer"
},
"userCacheConcurrencyLevel":{
"default":"4",
"description":"User cache concurrency level",
"format":"int32",
"type":"integer"
},
"userCacheCleanupInterval":{
"default":"300000L",
"description":"User cache cleanup interval",
"format":"int64",
"type":"integer"
},
"userCacheCleanupPoolSize":{
"default":"1",
"description":"User cache cleanup thread pool size",
"format":"int32",
"type":"integer"
},
"userCacheCleanupInitialDelay":{
"default":"0L",
"description":"UserCache clean up initial delay after which the cleanup thread will start",
"format":"int64",
"type":"integer"
},
"ldap":{
"required":[
"name",
"dn",
"password",
"ldapUrl",
"baseDN",
"enabled"
],
"properties":{
"name":{
"description":"Name of the configuration",
"example":"<name of provider>",
"type":"string"
},
"initSize":{
"default":"5",
"description":"This property indicates the number of connections that are created when connection pool is initialized",
"format":"int32",
"type":"integer"
},
"maxSize":{
"default":"100",
"description":"The maximum number of connections the pool maintains. If minSize is greater than maxSize then minSize is set to maxSize",
"format":"int32",
"type":"integer"
},
"minSize":{
"default":"5",
"description":"The minimum number of connections the pool maintains. If initSize is less than minSize then connection pool is initialized with minSize connections",
"format":"int32",
"type":"integer"
},
"readTimeout":{
"default":"30000",
"description":"Time limit in milliseconds for which RADIUS agent will wait for LDAP server to respond back",
"format":"int64",
"type":"integer"
},
"connectTimeout":{
"default":"5000",
"description":"Time limit in milliseconds within which LDAP connection has to be made",
"format":"int64",
"type":"integer"
},
"searchTimeout":{
"default":"30000",
"description":"Time limit in milliseconds for LDAP searches",
"format":"int32",
"type":"integer"
},
"poolMaxWaitTime":{
"default":"20000",
"description":"Time limit in milliseconds for which client will wait for a LDAP connection to be made available",
"format":"int64",
"type":"integer"
},
"poolIncrementSize":{
"default":"5",
"description":"Number of connections to be made at a time when all existing connections are in use and number of connections are less than maxSize",
"format":"int32",
"type":"integer"
},
"poolMaintenanceInterval":{
"default":"600000",
"description":"Time interval in milliseconds when maintenance thread would run",
"format":"int64",
"type":"integer"
},
"dn":{
"description":"The DN of user which RADIUS agent uses to connect to LDAP server",
"example":"cn=Directory Manager",
"type":"string"
},
"password":{
"description":"The password of user which RADIUS agent uses to connect to LDAP server",
"example":"<password>",
"type":"string"
},
"ldapUrl":{
"description":"URL of the LDAP server",
"example":"ldaps://<hostname>:<port>",
"type":"string"
},
"baseDN":{
"description":"The base DN of the LDAP domain that is used by RADIUS Agent for searching users and groups",
"example":"dc=example,dc=com",
"type":"string"
},
"loginAttr":{
"default":"uid",
"description":"The login attribute name in LDAP for user. This is used to construct filter to lookup user during login",
"type":"string"
},
"truststore":{
"description":"Truststore file location in case a JKS file is used for certificates",
"type":"string"
},
"trustedCertificate":{
"description":"Trusted certificate in Base 64 format",
"example":"BASE 64 FORMAT",
"type":"string"
},
"trustedCertificateAliasName":{
"default":"ldap-server-trusted-cert",
"description":"Alias name to be used for referring to trusted certificate in JKS",
"example":"ldap-server-cert",
"type":"string"
},
"truststorePassword":{
"description":"Truststore password. This is optional and needs to be provided if truststore is used instead of a trustedCertificate",
"example":"<Password>",
"type":"string"
},
"keystore":{
"description":"Keystore file location to be used for SSL mutual authentication",
"type":"string"
},
"keystoreCertificateAliasName":{
"description":"Alias name used for referring to the certificate in keystore JKS",
"type":"string"
},
"keystorePassword":{
"description":"Password to the keystore file",
"type":"string"
},
"keyFactorAlgorithm":{
"default":"RSA",
"description":"Algorithm with which certificate has been signed",
"type":"string"
},
"keystoreTruststoreType":{
"description":"File type (JKS/PKCS12) when file based truststore/keystore is used. If null, it means certificate itself has been provided",
"type":"string"
},
"sslProtocol":{
"default":"TLSv1.3, TLSv1.2",
"description":"The cryptographic protocol RADIUS agent would use for connecting to LDAP server for secure connections. Multiple protocols can be given separated by comma",
"type":"string"
},
"cipherSuites":{
"default":"None (Uses JVM defaults)",
"description":"Default cipher suites used out of the box",
"items":{
"type":"string"
},
"type":"array"
},
"referral":{
"default":"follow",
"description":"Specifies the behavior when a referral is returned by LDAP server. Check JNDI java.naming.referral for possible values.",
"type":"string"
},
"searchUserBeforeBind":{
"default":"true",
"description":"Lookup user in LDAP server to get their DN before initiating user login. This can be disabled if LDAP server supports bind using a mapped ID directly (for example: ID mapper in OUD, UPN bind in Active Directory etc.)",
"type":"boolean"
},
"enabled":{
"default":"true",
"description":"Flag to indicate if it is enabled",
"type":"boolean"
},
"properties":{
"readOnly":true,
"type":"object"
},
"retryCount":{
"default":"1",
"description":"If configured and a value > 0 indicates that the Operation will be retried for the configured number of times in case of a Connection Failure.\nRetry can be turned off if value = 0",
"format":"int32",
"type":"integer"
},
"retryInterval":{
"default":"0",
"description":"When number of retries is > 1, retry interval between two retries in ms",
"format":"int64",
"type":"integer"
},
"authWithoutMFACriteria":{
"description":"Based on this filter, matching users are allowed to login using primary factor only when user footprint is not present in MFA",
"type":"string"
},
"enableMemberOfQuery":{
"default":"false",
"description":"Enable memberof searches which relies on group membership to be resolved by the backend LDAP server. OID/OUD returns nested group/dynamic groups along with direct membership while AD returns only direct membership of the user",
"type":"boolean"
},
"groupNamingAttribute":{
"default":"cn",
"description":"Naming attribute for groups in LDAP",
"type":"string"
},
"maxGroupsToFetch":{
"default":"0",
"description":"Sets the maximum number of entries to be returned as a result of the search. A value of 0 indicates no limit. (Note: this only applies to the case when group membership query constructed by ORA, and this does not apply to memberof query)",
"format":"int32",
"type":"integer"
},
"maxNestedLevels":{
"default":"10",
"description":"Maximum depth search should happen for finding out groups a given user is member of in case if nested groups are configured. (Note: this only applies to the case when group membership query constructed by ORA, and this does not apply to memberof query)",
"format":"int32",
"type":"integer"
},
"memberAttr":{
"description":"LDAP attribute name to be used for group related queries. If not specified then uniquemember and member are used. For AD we need to provide 'member' as its value for nested group searches to work",
"example":"member",
"type":"string"
},
"memberFilteringCriteria":{
"description":"Additional filtering criteria for group searches. This condition when present is ANDed with the group membership query filter. Eg: For AD we need to provide (objectclass=group) for nested group search to work",
"example":"objectclass=group",
"type":"string"
},
"memberOfAttribute":{
"default":"memberof",
"description":"The attribute which returns groups a user is member of. OUD works with ismemberof, AD works with memberof while OID supports both memberof and ismemberof",
"type":"string"
},
"poolMaxConnectionIdleTime":{
"default":"1500000",
"description":"Time in milliseconds after which an idle connection is expired",
"format":"int64",
"type":"integer"
},
"poolMaxConnectionReuseTime":{
"default":"-1(No time limit)",
"description":"Time in milliseconds after which a connection is expired",
"format":"int64",
"type":"integer"
},
"reuseAddress":{
"default":"true",
"description":"Reuse ports even when it is in TIME_WAIT state",
"type":"boolean"
},
"soKeepAlive":{
"default":"true",
"description":"Enable keep alive probes for socket connection",
"type":"boolean"
},
"soTimeout":{
"default":"0",
"description":"Defines the socket timeout in milliseconds while waiting for data. A value of 0 indicates no timeout",
"format":"int32",
"type":"integer"
},
"tcpNoDelay":{
"default":"false",
"description":"Data is sent as soon as available",
"type":"boolean"
},
"userFilteringCriteria":{
"description":"Additional filtering criteria to search user. If specified, this filter gets appended with loginAttr (using AND condition)",
"type":"string"
}
},
"description":"LDAP configuration details",
"type":"object"
},
"custom":{
"required":[
"enabled",
"name"
],
"properties":{
"enabled":{
"default":"true",
"description":"Flag to indicate if it is enabled",
"type":"boolean"
},
"name":{
"description":"Name of the configuration",
"example":"<name of provider>",
"type":"string"
},
"retryCount":{
"default":"1",
"description":"If configured and a value > 0 indicates that the Operation will be retried for the configured number of times in case of a Connection Failure.\nRetry can be turned off if value = 0",
"format":"int32",
"type":"integer"
},
"retryInterval":{
"default":"0",
"description":"When number of retries is > 1, retry interval between two retries in ms",
"format":"int64",
"type":"integer"
},
"className":{
"description":"Custom authentication provider class name",
"type":"string"
},
"jarsLocation":{
"description":"Gets the jars directory for the custom provider",
"type":"string"
},
"properties":{
"description":"Defined properties",
"type":"object"
},
"unrecognizedFields":{
"readOnly":true,
"type":"object"
}
},
"description":"Custom Authenticator configuration details",
"type":"object"
}
},
"description":"Global primary authentication config details",
"type":"object"
}
ネストされたスキーマ: logging
型: object
ロギングの詳細
ネストされたスキーマ: mfa
型: object
グローバル・マルチファクタ認証構成詳細
ソースを表示
{
"required":[
"oaa",
"provider"
],
"properties":{
"oaa":{
"required":[
"name",
"enabled",
"oaaUrl",
"clientType",
"clientSecret",
"clientId"
],
"properties":{
"name":{
"description":"Name of the configuration",
"example":"<name of provider>",
"type":"string"
},
"enabled":{
"default":"true",
"description":"Flag to indicate if it is enabled",
"type":"boolean"
},
"oaaUrl":{
"description":"OAA Service Base URI",
"example":"https://127.0.0.1:37001/oaa/runtime",
"type":"string"
},
"clientType":{
"default":"radius",
"description":"Client Type used in OAA for RADIUS agent",
"type":"string"
},
"clientSecret":{
"description":"Client Secret in OAA for registered agent for RADIUS Agent",
"example":"secret1",
"type":"string"
},
"clientId":{
"description":"Client ID in OAA for registered agent for RADIUS Agent",
"example":"clientId1",
"type":"string"
},
"agentgid":{
"description":"Agent ID in OAA for registered RADIUS agent",
"example":"agent1",
"type":"string"
},
"timeToLiveInMs":{
"default":"300000",
"description":"Factor Token's Time To Live in MilliSecs",
"format":"int64",
"type":"integer"
},
"connectTimeout":{
"default":"2000",
"description":"OAA API Connection Timeout in Millisecs",
"format":"int32",
"type":"integer"
},
"readTimeout":{
"default":"10000",
"description":"OAA API Read Timeout in Millisecs",
"format":"int32",
"type":"integer"
},
"properties":{
"readOnly":true,
"type":"object"
},
"retryCount":{
"default":"1",
"description":"If configured and a value > 0 indicates that the Operation will be retried for the configured number of times in case of a Connection Failure.\nRetry can be turned off if value = 0",
"format":"int32",
"type":"integer"
},
"retryInterval":{
"default":"0",
"description":"When number of retries is > 1, retry interval between two retries in ms",
"format":"int64",
"type":"integer"
},
"oaaPolicyUrl":{
"description":"OAA Policy URL",
"example":"https://100.102.48.163:31223/oaa-policy",
"type":"string"
},
"policyUserName":{
"description":"OAA Policy Username",
"example":"oaa20210128t000000-oaa-policy",
"type":"string"
},
"policyUserPassword":{
"description":"OAA Policy Password",
"example":"oaaPolicyPassword1",
"type":"string"
}
},
"description":"OAA configuration details",
"type":"object"
},
"provider":{
"default":"OAA",
"description":"Provider name",
"type":"string"
}
},
"description":"Global multi factor authentication config details",
"type":"object"
}
ネストされたスキーマ: preferences
型: object
グローバル・プリファレンス構成詳細
ソースを表示
{
"properties":{
"allowSpecificFactorInPassword":{
"default":"false",
"description":"Indicates if directly invoking Specific Factor by enduser is enabled or not",
"type":"boolean"
},
"allowTokenInPassword":{
"default":"true",
"description":"Indicates if synchronous login mode (Password, delimiter, token concatenation) is enabled/disabled",
"type":"boolean"
},
"appendDelimiter":{
"default":";",
"description":"Delimiter used for synchronous mode ( Password+delimiter+token)",
"example":"password;123456",
"type":"string"
},
"defaultSecondFactor":{
"default":"ChallengeOMATOTP",
"description":"Default Second Factor. This Factor will be used when no preferred factor is available for the user from OAA's User Preferences and synchronous mode is used in the RADIUS Request",
"type":"string"
},
"defaultTokenLength":{
"default":"6",
"description":"Length of the token for synchronous login mode. This represents the token length of the DefaultSecondFactor configured",
"format":"int32",
"type":"integer"
},
"factorToTokenLengthMap":{
"default":"{\"ChallengeOMATOTP\": 6, \"ChallengeYubicoOTP\": 44}",
"description":"RADIUS Factor to factor token length mapping",
"type":"object"
},
"groupAsSingleString":{
"default":"false",
"description":"Returns group details as a single string in response separated by a delimiter that is configured if it's true",
"type":"boolean"
},
"groupAsSingleStringDelimiter":{
"default":",",
"description":"Delimiter used when groups are returned as single string",
"type":"string"
},
"groupAttrID":{
"default":"1 (for ORACLE)",
"description":"RADIUS attribute ID for the group mapping. Groups are returned as part of this RADIUS attribute",
"format":"int32",
"type":"integer"
},
"groupAttrVendorID":{
"default":"111 (for ORACLE_ROLE attribute)",
"description":"RADIUS vendor ID for the group mapping. Groups are returned as part of this RADIUS attribute. RADIUS Vendor ID 111 stands for Oracle and a value of -1 needs to be used in order to use any standard RADIUS attribute",
"format":"int32",
"type":"integer"
},
"groupNameMapping":{
"description":"Mappings to map group names in primary authenticator to different values",
"example":"{\"group1\":\"ORA_GRP_1\", \"group2\":\"ORA_GRP_2\"}",
"type":"object"
},
"mfaOptions":{
"default":"\"defaultGroup\": \"Default\"",
"description":"Additional OAA Provider specific options like \"assuranceLevel\", \"factorChoices\" (for auto-wiring of ORA and OAA), \"defaultGroup\" for setting default group name that is passed to OAA",
"example":" \"assuranceLevel\": \"Rad_CP0_%RNDM1%\"",
"type":"object"
},
"radiusFactorToMFAFactorMap":{
"default":"{\"totp\": \"ChallengeOMATOTP\", \"yubikey\": \"ChallengeYubicoOTP\", \"sms\": \"ChallengeSMS\", \"mail\": \"ChallengeEmail\"}",
"description":"RadiusAgent's Factor to MFA Provider's Factor mapping. These keywords can be used to invoke a specific factor for MFA",
"type":"object"
},
"returnGroups":{
"default":"false",
"description":"Indicates if groups need to be returned during authentication",
"example":"true/false",
"type":"boolean"
},
"userAttrMap":{
"description":"Represents mapping for user attributes from primary authenticator to specified RADIUS Attributes which are to be returned during authentication",
"example":"{\"userAttrVendorID\": 111, \"userAttrName\": \"cn\"}",
"items":{
"$ref":"#/components/schemas/UserAttrMapping"
},
"type":"array"
}
},
"description":"Global preferences config details",
"type":"object"
}
ネストされたスキーマ: radiusAdminGroup
型: array
Oracle RADIUS Agentの構成およびRADIUSクライアントを管理するためのディレクトリに存在する管理グループのリスト。これは0日目では必須、それ以外ではオプションです
ソースを表示
{
"description":"List of admin groups that are present in directory to manage configurations and RADIUS clients for Oracle RADIUS Agent This is required for day-0 and optional for others",
"example":"[ \"cn=group1,ou=groups,dc=example,dc=com\",\"cn=group2,ou=groups,dc=example,dc=com\" ]\nOR\n[ \"group1\",\" + \"group2\" ]",
"items":{
"type":"string"
},
"type":"array"
}
例:
[ "cn=group1,ou=groups,dc=example,dc=com","cn=group2,ou=groups,dc=example,dc=com" ]
OR
[ "group1"," + "group2" ]
ネストされたスキーマ: radiusAdminUser
型: array
Oracle RADIUS Agentの構成およびRADIUSクライアントを管理するためのディレクトリに存在する管理ユーザーのリスト。これは0日目では必須、それ以外ではオプションです
ソースを表示
{
"description":"List of admin users that are present in directory to manage configurations and RADIUS clients for Oracle RADIUS Agent This is required for day-0 and optional for others",
"example":"[ \"cn=radiusAdminUser,ou=people,dc=example,dc=com\",\"cn=adminUser,ou=people,dc=example,dc=com\" ]\nOR\n[ \"radiusAdminUser\",\" + \"adminUser\" ]",
"items":{
"type":"string"
},
"type":"array"
}
例:
[ "cn=radiusAdminUser,ou=people,dc=example,dc=com","cn=adminUser,ou=people,dc=example,dc=com" ]
OR
[ "radiusAdminUser"," + "adminUser" ]
ネストされたスキーマ: radiusListener
型: object
グローバルRADIUSリスナー構成詳細
ソースを表示
{
"properties":{
"channelSelectTimeout":{
"default":"120000",
"description":"UDP NIO channel selection timeout in ms",
"format":"int64",
"type":"integer"
},
"coreThreadPoolSize":{
"default":"10",
"description":"CorePoolSize value for the underlying ThreadPoolExecutor of the worker threads",
"format":"int32",
"type":"integer"
},
"numberOfWorkerThreads":{
"default":"20",
"description":"The number of worker threads configured, maximum PoolSize value for the underlying ThreadPoolExecutor of the worker threads",
"format":"int32",
"type":"integer"
},
"requestCacheCleanupInitialDelay":{
"default":"0",
"description":"Request Cache Cleanup Thread's initial delay",
"format":"int64",
"type":"integer"
},
"requestCacheCleanupInterval":{
"default":"60000",
"description":"Request cache cleanup thread's interval",
"format":"int64",
"type":"integer"
},
"requestCacheCleanupPoolSize":{
"default":"0",
"description":"Request Cache Cleanup Thread Pool Size",
"format":"int32",
"type":"integer"
},
"requestCacheConcurrencyLevel":{
"default":"6",
"description":"Request Cache's concurrency level",
"format":"int32",
"type":"integer"
},
"requestCacheEntryTimeout":{
"default":"30000",
"description":"Request cache's entry timeout value in milliseconds",
"format":"int64",
"type":"integer"
},
"socketSOTimeout":{
"default":"1800000",
"description":"The underlying socket SO timeout in ms",
"format":"int32",
"type":"integer"
},
"threadPoolKeepAliveTime":{
"default":"10000",
"description":"Thread Pool Keep Alive Time for the underlying ThreadPoolExecutor of the worker threads",
"format":"int64",
"type":"integer"
},
"threadPoolMaxQueueSize":{
"default":"0",
"description":"Allowed maximum queue size value for the underlying queue used by ThreadPoolExecutor of the worker threads",
"format":"int32",
"type":"integer"
}
},
"description":"Global RADIUS Listener config details",
"type":"object"
}
ネストされたスキーマ: server
型: object
サーバー構成詳細
ソースを表示
{
"properties":{
"customDictionary":{
"description":"Custom RADIUS dictionary file that contain definitions for vendor specific attributes",
"type":"string"
},
"customDictionaryAsStream":{
"description":"Custom dictionary file as stream",
"items":{
"format":"byte",
"type":"string"
},
"type":"array"
},
"enableDynamicClients":{
"default":"false",
"description":"Indicates if dynamic clients are allowed or not",
"type":"boolean"
},
"enableMetrics":{
"default":"true",
"description":"Indicates if metrics is enabled",
"type":"boolean"
},
"heartBeatInterval":{
"default":"120000",
"description":"Configured heartbeat thread invocation interval in ms to check availability of authenticator like LDAP",
"format":"int32",
"type":"integer"
},
"stateCacheConcurrencyLevel":{
"default":"6",
"description":"State Attribute Cache's concurrency Level",
"format":"int32",
"type":"integer"
},
"stateCacheEntryTimeout":{
"default":"120000",
"description":"State Attribute Cache's Entry Timeout",
"format":"int64",
"type":"integer"
},
"validatedTokenCacheConcurrencyLevel":{
"default":"6",
"description":"Validated MFA Token Cache's concurrency Level",
"format":"int32",
"type":"integer"
},
"validatedTokenCacheEntryTimeout":{
"default":"60000",
"description":"Validated MFA Token Cache's Entry Timeout",
"format":"int64",
"type":"integer"
},
"customDictionaryFileAsStream":{
"items":{
"format":"byte",
"type":"string"
},
"type":"array"
}
},
"description":"Server config details",
"type":"object"
}
ネストされたスキーマ: custom
型: object
カスタム・オーセンティケータ構成の詳細
ソースを表示
{
"required":[
"enabled",
"name"
],
"properties":{
"enabled":{
"default":"true",
"description":"Flag to indicate if it is enabled",
"type":"boolean"
},
"name":{
"description":"Name of the configuration",
"example":"<name of provider>",
"type":"string"
},
"retryCount":{
"default":"1",
"description":"If configured and a value > 0 indicates that the Operation will be retried for the configured number of times in case of a Connection Failure.\nRetry can be turned off if value = 0",
"format":"int32",
"type":"integer"
},
"retryInterval":{
"default":"0",
"description":"When number of retries is > 1, retry interval between two retries in ms",
"format":"int64",
"type":"integer"
},
"className":{
"description":"Custom authentication provider class name",
"type":"string"
},
"jarsLocation":{
"description":"Gets the jars directory for the custom provider",
"type":"string"
},
"properties":{
"description":"Defined properties",
"type":"object"
},
"unrecognizedFields":{
"readOnly":true,
"type":"object"
}
},
"description":"Custom Authenticator configuration details",
"type":"object"
}
ネストされたスキーマ: ldap
型: object
LDAP構成の詳細
ソースを表示
{
"required":[
"name",
"dn",
"password",
"ldapUrl",
"baseDN",
"enabled"
],
"properties":{
"name":{
"description":"Name of the configuration",
"example":"<name of provider>",
"type":"string"
},
"initSize":{
"default":"5",
"description":"This property indicates the number of connections that are created when connection pool is initialized",
"format":"int32",
"type":"integer"
},
"maxSize":{
"default":"100",
"description":"The maximum number of connections the pool maintains. If minSize is greater than maxSize then minSize is set to maxSize",
"format":"int32",
"type":"integer"
},
"minSize":{
"default":"5",
"description":"The minimum number of connections the pool maintains. If initSize is less than minSize then connection pool is initialized with minSize connections",
"format":"int32",
"type":"integer"
},
"readTimeout":{
"default":"30000",
"description":"Time limit in milliseconds for which RADIUS agent will wait for LDAP server to respond back",
"format":"int64",
"type":"integer"
},
"connectTimeout":{
"default":"5000",
"description":"Time limit in milliseconds within which LDAP connection has to be made",
"format":"int64",
"type":"integer"
},
"searchTimeout":{
"default":"30000",
"description":"Time limit in milliseconds for LDAP searches",
"format":"int32",
"type":"integer"
},
"poolMaxWaitTime":{
"default":"20000",
"description":"Time limit in milliseconds for which client will wait for a LDAP connection to be made available",
"format":"int64",
"type":"integer"
},
"poolIncrementSize":{
"default":"5",
"description":"Number of connections to be made at a time when all existing connections are in use and number of connections are less than maxSize",
"format":"int32",
"type":"integer"
},
"poolMaintenanceInterval":{
"default":"600000",
"description":"Time interval in milliseconds when maintenance thread would run",
"format":"int64",
"type":"integer"
},
"dn":{
"description":"The DN of user which RADIUS agent uses to connect to LDAP server",
"example":"cn=Directory Manager",
"type":"string"
},
"password":{
"description":"The password of user which RADIUS agent uses to connect to LDAP server",
"example":"<password>",
"type":"string"
},
"ldapUrl":{
"description":"URL of the LDAP server",
"example":"ldaps://<hostname>:<port>",
"type":"string"
},
"baseDN":{
"description":"The base DN of the LDAP domain that is used by RADIUS Agent for searching users and groups",
"example":"dc=example,dc=com",
"type":"string"
},
"loginAttr":{
"default":"uid",
"description":"The login attribute name in LDAP for user. This is used to construct filter to lookup user during login",
"type":"string"
},
"truststore":{
"description":"Truststore file location in case a JKS file is used for certificates",
"type":"string"
},
"trustedCertificate":{
"description":"Trusted certificate in Base 64 format",
"example":"BASE 64 FORMAT",
"type":"string"
},
"trustedCertificateAliasName":{
"default":"ldap-server-trusted-cert",
"description":"Alias name to be used for referring to trusted certificate in JKS",
"example":"ldap-server-cert",
"type":"string"
},
"truststorePassword":{
"description":"Truststore password. This is optional and needs to be provided if truststore is used instead of a trustedCertificate",
"example":"<Password>",
"type":"string"
},
"keystore":{
"description":"Keystore file location to be used for SSL mutual authentication",
"type":"string"
},
"keystoreCertificateAliasName":{
"description":"Alias name used for referring to the certificate in keystore JKS",
"type":"string"
},
"keystorePassword":{
"description":"Password to the keystore file",
"type":"string"
},
"keyFactorAlgorithm":{
"default":"RSA",
"description":"Algorithm with which certificate has been signed",
"type":"string"
},
"keystoreTruststoreType":{
"description":"File type (JKS/PKCS12) when file based truststore/keystore is used. If null, it means certificate itself has been provided",
"type":"string"
},
"sslProtocol":{
"default":"TLSv1.3, TLSv1.2",
"description":"The cryptographic protocol RADIUS agent would use for connecting to LDAP server for secure connections. Multiple protocols can be given separated by comma",
"type":"string"
},
"cipherSuites":{
"default":"None (Uses JVM defaults)",
"description":"Default cipher suites used out of the box",
"items":{
"type":"string"
},
"type":"array"
},
"referral":{
"default":"follow",
"description":"Specifies the behavior when a referral is returned by LDAP server. Check JNDI java.naming.referral for possible values.",
"type":"string"
},
"searchUserBeforeBind":{
"default":"true",
"description":"Lookup user in LDAP server to get their DN before initiating user login. This can be disabled if LDAP server supports bind using a mapped ID directly (for example: ID mapper in OUD, UPN bind in Active Directory etc.)",
"type":"boolean"
},
"enabled":{
"default":"true",
"description":"Flag to indicate if it is enabled",
"type":"boolean"
},
"properties":{
"readOnly":true,
"type":"object"
},
"retryCount":{
"default":"1",
"description":"If configured and a value > 0 indicates that the Operation will be retried for the configured number of times in case of a Connection Failure.\nRetry can be turned off if value = 0",
"format":"int32",
"type":"integer"
},
"retryInterval":{
"default":"0",
"description":"When number of retries is > 1, retry interval between two retries in ms",
"format":"int64",
"type":"integer"
},
"authWithoutMFACriteria":{
"description":"Based on this filter, matching users are allowed to login using primary factor only when user footprint is not present in MFA",
"type":"string"
},
"enableMemberOfQuery":{
"default":"false",
"description":"Enable memberof searches which relies on group membership to be resolved by the backend LDAP server. OID/OUD returns nested group/dynamic groups along with direct membership while AD returns only direct membership of the user",
"type":"boolean"
},
"groupNamingAttribute":{
"default":"cn",
"description":"Naming attribute for groups in LDAP",
"type":"string"
},
"maxGroupsToFetch":{
"default":"0",
"description":"Sets the maximum number of entries to be returned as a result of the search. A value of 0 indicates no limit. (Note: this only applies to the case when group membership query constructed by ORA, and this does not apply to memberof query)",
"format":"int32",
"type":"integer"
},
"maxNestedLevels":{
"default":"10",
"description":"Maximum depth search should happen for finding out groups a given user is member of in case if nested groups are configured. (Note: this only applies to the case when group membership query constructed by ORA, and this does not apply to memberof query)",
"format":"int32",
"type":"integer"
},
"memberAttr":{
"description":"LDAP attribute name to be used for group related queries. If not specified then uniquemember and member are used. For AD we need to provide 'member' as its value for nested group searches to work",
"example":"member",
"type":"string"
},
"memberFilteringCriteria":{
"description":"Additional filtering criteria for group searches. This condition when present is ANDed with the group membership query filter. Eg: For AD we need to provide (objectclass=group) for nested group search to work",
"example":"objectclass=group",
"type":"string"
},
"memberOfAttribute":{
"default":"memberof",
"description":"The attribute which returns groups a user is member of. OUD works with ismemberof, AD works with memberof while OID supports both memberof and ismemberof",
"type":"string"
},
"poolMaxConnectionIdleTime":{
"default":"1500000",
"description":"Time in milliseconds after which an idle connection is expired",
"format":"int64",
"type":"integer"
},
"poolMaxConnectionReuseTime":{
"default":"-1(No time limit)",
"description":"Time in milliseconds after which a connection is expired",
"format":"int64",
"type":"integer"
},
"reuseAddress":{
"default":"true",
"description":"Reuse ports even when it is in TIME_WAIT state",
"type":"boolean"
},
"soKeepAlive":{
"default":"true",
"description":"Enable keep alive probes for socket connection",
"type":"boolean"
},
"soTimeout":{
"default":"0",
"description":"Defines the socket timeout in milliseconds while waiting for data. A value of 0 indicates no timeout",
"format":"int32",
"type":"integer"
},
"tcpNoDelay":{
"default":"false",
"description":"Data is sent as soon as available",
"type":"boolean"
},
"userFilteringCriteria":{
"description":"Additional filtering criteria to search user. If specified, this filter gets appended with loginAttr (using AND condition)",
"type":"string"
}
},
"description":"LDAP configuration details",
"type":"object"
}
ネストされたスキーマ: properties
型: object
定義済プロパティ
ネストされたスキーマ: unrecognizedFields
型: object
読取り専用: true
ネストされたスキーマ: cipherSuites
型: array
即時利用可能なデフォルトの暗号スイート
デフォルト値: None (JVMデフォルトを使用)
ソースを表示
{
"default":"None (Uses JVM defaults)",
"description":"Default cipher suites used out of the box",
"items":{
"type":"string"
},
"type":"array"
}
ネストされたスキーマ: properties
型: object
読取り専用: true
ネストされたスキーマ: oaa
型: object
OAA構成詳細
ソースを表示
{
"required":[
"name",
"enabled",
"oaaUrl",
"clientType",
"clientSecret",
"clientId"
],
"properties":{
"name":{
"description":"Name of the configuration",
"example":"<name of provider>",
"type":"string"
},
"enabled":{
"default":"true",
"description":"Flag to indicate if it is enabled",
"type":"boolean"
},
"oaaUrl":{
"description":"OAA Service Base URI",
"example":"https://127.0.0.1:37001/oaa/runtime",
"type":"string"
},
"clientType":{
"default":"radius",
"description":"Client Type used in OAA for RADIUS agent",
"type":"string"
},
"clientSecret":{
"description":"Client Secret in OAA for registered agent for RADIUS Agent",
"example":"secret1",
"type":"string"
},
"clientId":{
"description":"Client ID in OAA for registered agent for RADIUS Agent",
"example":"clientId1",
"type":"string"
},
"agentgid":{
"description":"Agent ID in OAA for registered RADIUS agent",
"example":"agent1",
"type":"string"
},
"timeToLiveInMs":{
"default":"300000",
"description":"Factor Token's Time To Live in MilliSecs",
"format":"int64",
"type":"integer"
},
"connectTimeout":{
"default":"2000",
"description":"OAA API Connection Timeout in Millisecs",
"format":"int32",
"type":"integer"
},
"readTimeout":{
"default":"10000",
"description":"OAA API Read Timeout in Millisecs",
"format":"int32",
"type":"integer"
},
"properties":{
"readOnly":true,
"type":"object"
},
"retryCount":{
"default":"1",
"description":"If configured and a value > 0 indicates that the Operation will be retried for the configured number of times in case of a Connection Failure.\nRetry can be turned off if value = 0",
"format":"int32",
"type":"integer"
},
"retryInterval":{
"default":"0",
"description":"When number of retries is > 1, retry interval between two retries in ms",
"format":"int64",
"type":"integer"
},
"oaaPolicyUrl":{
"description":"OAA Policy URL",
"example":"https://100.102.48.163:31223/oaa-policy",
"type":"string"
},
"policyUserName":{
"description":"OAA Policy Username",
"example":"oaa20210128t000000-oaa-policy",
"type":"string"
},
"policyUserPassword":{
"description":"OAA Policy Password",
"example":"oaaPolicyPassword1",
"type":"string"
}
},
"description":"OAA configuration details",
"type":"object"
}
ネストされたスキーマ: properties
型: object
読取り専用: true
ネストされたスキーマ: factorToTokenLengthMap
型: object
RADIUSファクタからファクタ・トークンの長さへのマッピング
デフォルト値: {"ChallengeOMATOTP": 6, "ChallengeYubicoOTP": 44}
ネストされたスキーマ: groupNameMapping
型: object
プライマリ・オーセンティケータのグループ名を別の値にマップするためのマッピング
例:
{"group1":"ORA_GRP_1", "group2":"ORA_GRP_2"}
ネストされたスキーマ: mfaOptions
型: object
"assuranceLevel"、"factorChoices" (ORAおよびOAAの自動関連付け用)、"defaultGroup" (OAAに渡されるデフォルト・グループ名の設定用)など、OAAプロバイダ固有の追加オプション
デフォルト値: "defaultGroup": "Default"
例:
"assuranceLevel": "Rad_CP0_%RNDM1%"
ネストされたスキーマ: radiusFactorToMFAFactorMap
型: object
RadiusAgentのファクタからMFAプロバイダのファクタへのマッピング。これらのキーワードを使用して、MFAの特定のファクタを起動できます
デフォルト値: {"totp": "ChallengeOMATOTP", "yubikey": "ChallengeYubicoOTP", "sms": "ChallengeSMS", "mail": "ChallengeEmail"}
ネストされたスキーマ: userAttrMap
型: array
プライマリ・オーセンティケータから、認証時に返される指定されたRADIUS属性へのユーザー属性のマッピングを表します
ソースを表示
{
"description":"Represents mapping for user attributes from primary authenticator to specified RADIUS Attributes which are to be returned during authentication",
"example":"{\"userAttrVendorID\": 111, \"userAttrName\": \"cn\"}",
"items":{
"$ref":"#/components/schemas/UserAttrMapping"
},
"type":"array"
}
例:
{"userAttrVendorID": 111, "userAttrName": "cn"}
ネストされたスキーマ: UserAttrMapping
型: object
ソースを表示
{
"properties":{
"attrId":{
"description":"Attribute id of the mapped RADIUS user attribute",
"example":"2",
"format":"int32",
"type":"integer"
},
"attrName":{
"description":"User attribute name in primary authenticator",
"example":"cn",
"type":"string"
},
"vendorId":{
"description":"Vendor ID associated with the mapped RADIUS user attribute",
"example":"111",
"format":"int32",
"type":"integer"
}
},
"type":"object"
}
ネストされたスキーマ: customDictionaryAsStream
型: array
ストリームとしてのカスタム辞書ファイル
ソースを表示
{
"description":"Custom dictionary file as stream",
"items":{
"format":"byte",
"type":"string"
},
"type":"array"
}
ネストされたスキーマ: customDictionaryFileAsStream
型: array
ソースを表示
{
"items":{
"format":"byte",
"type":"string"
},
"type":"array"
}