Creates Configuration
post
/radius-config/v1/configurations
Permits administrators to create global or application scoped configurations in Oracle RADIUS Agent. A global configuration is shared between multiple RADIUS clients and an application scoped configuration is restricted to a particular RADIUS client application.
Request
There are no request parameters for this operation.
Supported Media Types
- application/json
New configuration details
Root Schema : schema
Type:
Show Source
object
-
application: object
application
RADIUS client configuration details
-
authentication: object
authentication
Global primary authentication config details
-
logging: object
logging
Logging details
-
mfa: object
mfa
Global multi factor authentication config details
-
preferences: object
preferences
Global preferences config details
-
radiusAdminGroup(required): array
radiusAdminGroup
List of admin groups that are present in directory to manage configurations and RADIUS clients for Oracle RADIUS Agent This is required for day-0 and optional for others
-
radiusAdminUser(required): array
radiusAdminUser
List of admin users that are present in directory to manage configurations and RADIUS clients for Oracle RADIUS Agent This is required for day-0 and optional for others
-
radiusListener: object
radiusListener
Global RADIUS Listener config details
-
server: object
server
Server config details
Nested Schema : application
Type:
object
RADIUS client configuration details
Nested Schema : authentication
Type:
object
Global primary authentication config details
Show Source
-
custom: object
custom
Custom Authenticator configuration details
-
ldap: object
ldap
LDAP configuration details
-
provider(required): string
Default Value:
LDAP
Configured authentication provider type -
userCacheCleanupInitialDelay: integer
(int64)
Default Value:
0L
UserCache clean up initial delay after which the cleanup thread will start -
userCacheCleanupInterval: integer
(int64)
Default Value:
300000L
User cache cleanup interval -
userCacheCleanupPoolSize: integer
(int32)
Default Value:
1
User cache cleanup thread pool size -
userCacheConcurrencyLevel: integer
(int32)
Default Value:
4
User cache concurrency level -
userCacheEntryTimeout: integer
(int64)
Default Value:
300000L
User cache entry timeout value in ms
Nested Schema : logging
Type:
object
Logging details
Nested Schema : mfa
Type:
object
Global multi factor authentication config details
Show Source
-
oaa(required): object
oaa
OAA configuration details
-
provider(required): string
Default Value:
OAA
Provider name
Nested Schema : preferences
Type:
object
Global preferences config details
Show Source
-
allowSpecificFactorInPassword: boolean
Default Value:
false
Indicates if directly invoking Specific Factor by enduser is enabled or not -
allowTokenInPassword: boolean
Default Value:
true
Indicates if synchronous login mode (Password, delimiter, token concatenation) is enabled/disabled -
appendDelimiter: string
Default Value:
;
Delimiter used for synchronous mode ( Password+delimiter+token)Example:password;123456
-
defaultSecondFactor: string
Default Value:
ChallengeOMATOTP
Default Second Factor. This Factor will be used when no preferred factor is available for the user from OAA's User Preferences and synchronous mode is used in the RADIUS Request -
defaultTokenLength: integer
(int32)
Default Value:
6
Length of the token for synchronous login mode. This represents the token length of the DefaultSecondFactor configured -
factorToTokenLengthMap: object
factorToTokenLengthMap
RADIUS Factor to factor token length mapping
-
groupAsSingleString: boolean
Default Value:
false
Returns group details as a single string in response separated by a delimiter that is configured if it's true -
groupAsSingleStringDelimiter: string
Default Value:
,
Delimiter used when groups are returned as single string -
groupAttrID: integer
(int32)
Default Value:
1 (for ORACLE)
RADIUS attribute ID for the group mapping. Groups are returned as part of this RADIUS attribute -
groupAttrVendorID: integer
(int32)
Default Value:
111 (for ORACLE_ROLE attribute)
RADIUS vendor ID for the group mapping. Groups are returned as part of this RADIUS attribute. RADIUS Vendor ID 111 stands for Oracle and a value of -1 needs to be used in order to use any standard RADIUS attribute -
groupNameMapping: object
groupNameMapping
Mappings to map group names in primary authenticator to different values
-
mfaOptions: object
mfaOptions
Additional OAA Provider specific options like "assuranceLevel", "factorChoices" (for auto-wiring of ORA and OAA), "defaultGroup" for setting default group name that is passed to OAA
-
radiusFactorToMFAFactorMap: object
radiusFactorToMFAFactorMap
RadiusAgent's Factor to MFA Provider's Factor mapping. These keywords can be used to invoke a specific factor for MFA
-
returnGroups: boolean
Default Value:
false
Indicates if groups need to be returned during authenticationExample:true/false
-
userAttrMap: array
userAttrMap
Represents mapping for user attributes from primary authenticator to specified RADIUS Attributes which are to be returned during authentication
Nested Schema : radiusAdminGroup
Type:
array
List of admin groups that are present in directory to manage configurations and RADIUS clients for Oracle RADIUS Agent This is required for day-0 and optional for others
Show Source
Example:
[ "cn=group1,ou=groups,dc=example,dc=com","cn=group2,ou=groups,dc=example,dc=com" ]
OR
[ "group1"," + "group2" ]
Nested Schema : radiusAdminUser
Type:
array
List of admin users that are present in directory to manage configurations and RADIUS clients for Oracle RADIUS Agent This is required for day-0 and optional for others
Show Source
Example:
[ "cn=radiusAdminUser,ou=people,dc=example,dc=com","cn=adminUser,ou=people,dc=example,dc=com" ]
OR
[ "radiusAdminUser"," + "adminUser" ]
Nested Schema : radiusListener
Type:
object
Global RADIUS Listener config details
Show Source
-
channelSelectTimeout: integer
(int64)
Default Value:
120000
UDP NIO channel selection timeout in ms -
coreThreadPoolSize: integer
(int32)
Default Value:
10
CorePoolSize value for the underlying ThreadPoolExecutor of the worker threads -
numberOfWorkerThreads: integer
(int32)
Default Value:
20
The number of worker threads configured, maximum PoolSize value for the underlying ThreadPoolExecutor of the worker threads -
requestCacheCleanupInitialDelay: integer
(int64)
Default Value:
0
Request Cache Cleanup Thread's initial delay -
requestCacheCleanupInterval: integer
(int64)
Default Value:
60000
Request cache cleanup thread's interval -
requestCacheCleanupPoolSize: integer
(int32)
Default Value:
0
Request Cache Cleanup Thread Pool Size -
requestCacheConcurrencyLevel: integer
(int32)
Default Value:
6
Request Cache's concurrency level -
requestCacheEntryTimeout: integer
(int64)
Default Value:
30000
Request cache's entry timeout value in milliseconds -
socketSOTimeout: integer
(int32)
Default Value:
1800000
The underlying socket SO timeout in ms -
threadPoolKeepAliveTime: integer
(int64)
Default Value:
10000
Thread Pool Keep Alive Time for the underlying ThreadPoolExecutor of the worker threads -
threadPoolMaxQueueSize: integer
(int32)
Default Value:
0
Allowed maximum queue size value for the underlying queue used by ThreadPoolExecutor of the worker threads
Nested Schema : server
Type:
object
Server config details
Show Source
-
customDictionary: string
Custom RADIUS dictionary file that contain definitions for vendor specific attributes
-
customDictionaryAsStream: array
customDictionaryAsStream
Custom dictionary file as stream
-
customDictionaryFileAsStream: array
customDictionaryFileAsStream
-
enableDynamicClients: boolean
Default Value:
false
Indicates if dynamic clients are allowed or not -
enableMetrics: boolean
Default Value:
true
Indicates if metrics is enabled -
heartBeatInterval: integer
(int32)
Default Value:
120000
Configured heartbeat thread invocation interval in ms to check availability of authenticator like LDAP -
stateCacheConcurrencyLevel: integer
(int32)
Default Value:
6
State Attribute Cache's concurrency Level -
stateCacheEntryTimeout: integer
(int64)
Default Value:
120000
State Attribute Cache's Entry Timeout -
validatedTokenCacheConcurrencyLevel: integer
(int32)
Default Value:
6
Validated MFA Token Cache's concurrency Level -
validatedTokenCacheEntryTimeout: integer
(int64)
Default Value:
60000
Validated MFA Token Cache's Entry Timeout
Nested Schema : custom
Type:
object
Custom Authenticator configuration details
Show Source
-
className: string
Custom authentication provider class name
-
enabled(required): boolean
Default Value:
true
Flag to indicate if it is enabled -
jarsLocation: string
Gets the jars directory for the custom provider
-
name(required): string
Name of the configurationExample:
<name of provider>
-
properties: object
properties
Defined properties
-
retryCount: integer
(int32)
Default Value:
1
If configured and a value > 0 indicates that the Operation will be retried for the configured number of times in case of a Connection Failure. Retry can be turned off if value = 0 -
retryInterval: integer
(int64)
Default Value:
0
When number of retries is > 1, retry interval between two retries in ms -
unrecognizedFields: object
unrecognizedFields
Read Only:
true
Nested Schema : ldap
Type:
object
LDAP configuration details
Show Source
-
authWithoutMFACriteria: string
Based on this filter, matching users are allowed to login using primary factor only when user footprint is not present in MFA
-
baseDN(required): string
The base DN of the LDAP domain that is used by RADIUS Agent for searching users and groupsExample:
dc=example,dc=com
-
cipherSuites: array
cipherSuites
Default cipher suites used out of the box
-
connectTimeout: integer
(int64)
Default Value:
5000
Time limit in milliseconds within which LDAP connection has to be made -
dn(required): string
The DN of user which RADIUS agent uses to connect to LDAP serverExample:
cn=Directory Manager
-
enabled(required): boolean
Default Value:
true
Flag to indicate if it is enabled -
enableMemberOfQuery: boolean
Default Value:
false
Enable memberof searches which relies on group membership to be resolved by the backend LDAP server. OID/OUD returns nested group/dynamic groups along with direct membership while AD returns only direct membership of the user -
groupNamingAttribute: string
Default Value:
cn
Naming attribute for groups in LDAP -
initSize: integer
(int32)
Default Value:
5
This property indicates the number of connections that are created when connection pool is initialized -
keyFactorAlgorithm: string
Default Value:
RSA
Algorithm with which certificate has been signed -
keystore: string
Keystore file location to be used for SSL mutual authentication
-
keystoreCertificateAliasName: string
Alias name used for referring to the certificate in keystore JKS
-
keystorePassword: string
Password to the keystore file
-
keystoreTruststoreType: string
File type (JKS/PKCS12) when file based truststore/keystore is used. If null, it means certificate itself has been provided
-
ldapUrl(required): string
URL of the LDAP serverExample:
ldaps://<hostname>:<port>
-
loginAttr: string
Default Value:
uid
The login attribute name in LDAP for user. This is used to construct filter to lookup user during login -
maxGroupsToFetch: integer
(int32)
Default Value:
0
Sets the maximum number of entries to be returned as a result of the search. A value of 0 indicates no limit. (Note: this only applies to the case when group membership query constructed by ORA, and this does not apply to memberof query) -
maxNestedLevels: integer
(int32)
Default Value:
10
Maximum depth search should happen for finding out groups a given user is member of in case if nested groups are configured. (Note: this only applies to the case when group membership query constructed by ORA, and this does not apply to memberof query) -
maxSize: integer
(int32)
Default Value:
100
The maximum number of connections the pool maintains. If minSize is greater than maxSize then minSize is set to maxSize -
memberAttr: string
LDAP attribute name to be used for group related queries. If not specified then uniquemember and member are used. For AD we need to provide 'member' as its value for nested group searches to workExample:
member
-
memberFilteringCriteria: string
Additional filtering criteria for group searches. This condition when present is ANDed with the group membership query filter. Eg: For AD we need to provide (objectclass=group) for nested group search to workExample:
objectclass=group
-
memberOfAttribute: string
Default Value:
memberof
The attribute which returns groups a user is member of. OUD works with ismemberof, AD works with memberof while OID supports both memberof and ismemberof -
minSize: integer
(int32)
Default Value:
5
The minimum number of connections the pool maintains. If initSize is less than minSize then connection pool is initialized with minSize connections -
name(required): string
Name of the configurationExample:
<name of provider>
-
password(required): string
The password of user which RADIUS agent uses to connect to LDAP serverExample:
<password>
-
poolIncrementSize: integer
(int32)
Default Value:
5
Number of connections to be made at a time when all existing connections are in use and number of connections are less than maxSize -
poolMaintenanceInterval: integer
(int64)
Default Value:
600000
Time interval in milliseconds when maintenance thread would run -
poolMaxConnectionIdleTime: integer
(int64)
Default Value:
1500000
Time in milliseconds after which an idle connection is expired -
poolMaxConnectionReuseTime: integer
(int64)
Default Value:
-1(No time limit)
Time in milliseconds after which a connection is expired -
poolMaxWaitTime: integer
(int64)
Default Value:
20000
Time limit in milliseconds for which client will wait for a LDAP connection to be made available -
properties: object
properties
Read Only:
true
-
readTimeout: integer
(int64)
Default Value:
30000
Time limit in milliseconds for which RADIUS agent will wait for LDAP server to respond back -
referral: string
Default Value:
follow
Specifies the behavior when a referral is returned by LDAP server. Check JNDI java.naming.referral for possible values. -
retryCount: integer
(int32)
Default Value:
1
If configured and a value > 0 indicates that the Operation will be retried for the configured number of times in case of a Connection Failure. Retry can be turned off if value = 0 -
retryInterval: integer
(int64)
Default Value:
0
When number of retries is > 1, retry interval between two retries in ms -
reuseAddress: boolean
Default Value:
true
Reuse ports even when it is in TIME_WAIT state -
searchTimeout: integer
(int32)
Default Value:
30000
Time limit in milliseconds for LDAP searches -
searchUserBeforeBind: boolean
Default Value:
true
Lookup user in LDAP server to get their DN before initiating user login. This can be disabled if LDAP server supports bind using a mapped ID directly (for example: ID mapper in OUD, UPN bind in Active Directory etc.) -
soKeepAlive: boolean
Default Value:
true
Enable keep alive probes for socket connection -
soTimeout: integer
(int32)
Default Value:
0
Defines the socket timeout in milliseconds while waiting for data. A value of 0 indicates no timeout -
sslProtocol: string
Default Value:
TLSv1.3, TLSv1.2
The cryptographic protocol RADIUS agent would use for connecting to LDAP server for secure connections. Multiple protocols can be given separated by comma -
tcpNoDelay: boolean
Default Value:
false
Data is sent as soon as available -
trustedCertificate: string
Trusted certificate in Base 64 formatExample:
BASE 64 FORMAT
-
trustedCertificateAliasName: string
Default Value:
ldap-server-trusted-cert
Alias name to be used for referring to trusted certificate in JKSExample:ldap-server-cert
-
truststore: string
Truststore file location in case a JKS file is used for certificates
-
truststorePassword: string
Truststore password. This is optional and needs to be provided if truststore is used instead of a trustedCertificateExample:
<Password>
-
userFilteringCriteria: string
Additional filtering criteria to search user. If specified, this filter gets appended with loginAttr (using AND condition)
Nested Schema : properties
Type:
object
Defined properties
Nested Schema : unrecognizedFields
Type:
object
Read Only:
true
Nested Schema : cipherSuites
Type:
array
Default cipher suites used out of the box
Default Value:
Show Source
None (Uses JVM defaults)
Nested Schema : properties
Type:
object
Read Only:
true
Nested Schema : oaa
Type:
object
OAA configuration details
Show Source
-
agentgid: string
Agent ID in OAA for registered RADIUS agentExample:
agent1
-
clientId(required): string
Client ID in OAA for registered agent for RADIUS AgentExample:
clientId1
-
clientSecret(required): string
Client Secret in OAA for registered agent for RADIUS AgentExample:
secret1
-
clientType(required): string
Default Value:
radius
Client Type used in OAA for RADIUS agent -
connectTimeout: integer
(int32)
Default Value:
2000
OAA API Connection Timeout in Millisecs -
enabled(required): boolean
Default Value:
true
Flag to indicate if it is enabled -
name(required): string
Name of the configurationExample:
<name of provider>
-
oaaPolicyUrl: string
OAA Policy URLExample:
https://100.102.48.163:31223/oaa-policy
-
oaaUrl(required): string
OAA Service Base URIExample:
https://127.0.0.1:37001/oaa/runtime
-
policyUserName: string
OAA Policy UsernameExample:
oaa20210128t000000-oaa-policy
-
policyUserPassword: string
OAA Policy PasswordExample:
oaaPolicyPassword1
-
properties: object
properties
Read Only:
true
-
readTimeout: integer
(int32)
Default Value:
10000
OAA API Read Timeout in Millisecs -
retryCount: integer
(int32)
Default Value:
1
If configured and a value > 0 indicates that the Operation will be retried for the configured number of times in case of a Connection Failure. Retry can be turned off if value = 0 -
retryInterval: integer
(int64)
Default Value:
0
When number of retries is > 1, retry interval between two retries in ms -
timeToLiveInMs: integer
(int64)
Default Value:
300000
Factor Token's Time To Live in MilliSecs
Nested Schema : properties
Type:
object
Read Only:
true
Nested Schema : factorToTokenLengthMap
Type:
object
RADIUS Factor to factor token length mapping
Default Value:
{"ChallengeOMATOTP": 6, "ChallengeYubicoOTP": 44}
Nested Schema : groupNameMapping
Type:
object
Mappings to map group names in primary authenticator to different values
Example:
{"group1":"ORA_GRP_1", "group2":"ORA_GRP_2"}
Nested Schema : mfaOptions
Type:
object
Additional OAA Provider specific options like "assuranceLevel", "factorChoices" (for auto-wiring of ORA and OAA), "defaultGroup" for setting default group name that is passed to OAA
Default Value:
"defaultGroup": "Default"
Example:
"assuranceLevel": "Rad_CP0_%RNDM1%"
Nested Schema : radiusFactorToMFAFactorMap
Type:
object
RadiusAgent's Factor to MFA Provider's Factor mapping. These keywords can be used to invoke a specific factor for MFA
Default Value:
{"totp": "ChallengeOMATOTP", "yubikey": "ChallengeYubicoOTP", "sms": "ChallengeSMS", "mail": "ChallengeEmail"}
Nested Schema : userAttrMap
Type:
array
Represents mapping for user attributes from primary authenticator to specified RADIUS Attributes which are to be returned during authentication
Show Source
Example:
{"userAttrVendorID": 111, "userAttrName": "cn"}
Nested Schema : UserAttrMapping
Type:
Show Source
object
-
attrId: integer
(int32)
Attribute id of the mapped RADIUS user attributeExample:
2
-
attrName: string
User attribute name in primary authenticatorExample:
cn
-
vendorId: integer
(int32)
Vendor ID associated with the mapped RADIUS user attributeExample:
111
Response
Supported Media Types
- application/json
200 Response
Configuration added successfully.
400 Response
Bad request
Root Schema : ResponseMessage
Type:
Show Source
object
-
details: string
Details about the error occurredExample:
Detailed message about the cause of the error.
-
errorCode: string
The error code of the error occurredExample:
IRA-00001
-
message: string
Message of the success/errorExample:
Configuration is successfully updated.
-
timestamp: string
(date)
Timestamp at which success/error occurredExample:
2021-03-01T15:08:40.933Z[UTC]
409 Response
Given configuration already exists.
Root Schema : ResponseMessage
Type:
Show Source
object
-
details: string
Details about the error occurredExample:
Detailed message about the cause of the error.
-
errorCode: string
The error code of the error occurredExample:
IRA-00001
-
message: string
Message of the success/errorExample:
Configuration is successfully updated.
-
timestamp: string
(date)
Timestamp at which success/error occurredExample:
2021-03-01T15:08:40.933Z[UTC]