From 44605723527624aa061af92ccbaeebaa58059dd4 Mon Sep 17 00:00:00 2001 From: Preston Hales Date: Wed, 11 Dec 2024 14:43:12 -0700 Subject: [PATCH] Add new export flags to give options for including read only config and exporting only active realm or global config. --- src/cli/config/config-export.ts | 42 +- src/ops/ConfigOps.ts | 6 + src/utils/Config.ts | 3 + .../__snapshots__/config-export.test.js.snap | 35 +- .../en/__snapshots__/config.test.js.snap | 13 +- .../config-export.e2e.test.js.snap | 583036 +++++++-------- test/e2e/config-export.e2e.test.js | 52 +- test/e2e/config-import.e2e.test.js | 8 +- .../am_1076162899/recording.har | 0 .../environment_1072573434/recording.har | 0 .../oauth2_393036114/recording.har | 0 .../openidm_3290118515/recording.har | 0 .../saml2_3242371462/recording.har | 0 .../am_1076162899/recording.har | 0 .../saml2_3242371462/recording.har | 0 .../am_1076162899/recording.har | 0 .../environment_1072573434/recording.har | 0 .../oauth2_393036114/recording.har | 0 .../openidm_3290118515/recording.har | 0 .../saml2_3242371462/recording.har | 0 .../am_1076162899/recording.har | 0 .../saml2_3242371462/recording.har | 0 .../am_1076162899/recording.har | 1178 + .../environment_1072573434/recording.har | 212 + .../oauth2_393036114/recording.har | 146 + .../openidm_3290118515/recording.har | 10608 + .../am_1076162899/recording.har | 23785 + .../am_1076162899/recording.har | 31124 + .../oauth2_393036114/recording.har | 146 + .../openidm_3290118515/recording.har | 589 + .../saml2_3242371462/recording.har | 304 + .../am_1076162899/recording.har | 30840 + .../saml2_3242371462/recording.har | 142 + 33 files changed, 378111 insertions(+), 304158 deletions(-) rename test/e2e/mocks/config_603940551/export_4211608755/{0_AD_include-active-values_1052637288 => 0_RAD_include-active-values_1341669850}/am_1076162899/recording.har (100%) rename test/e2e/mocks/config_603940551/export_4211608755/{0_AD_include-active-values_1052637288 => 0_RAD_include-active-values_1341669850}/environment_1072573434/recording.har (100%) rename test/e2e/mocks/config_603940551/export_4211608755/{0_AD_include-active-values_1052637288 => 0_RAD_include-active-values_1341669850}/oauth2_393036114/recording.har (100%) rename test/e2e/mocks/config_603940551/export_4211608755/{0_AD_include-active-values_1052637288 => 0_RAD_include-active-values_1341669850}/openidm_3290118515/recording.har (100%) rename test/e2e/mocks/config_603940551/export_4211608755/{0_AD_include-active-values_1052637288 => 0_RAD_include-active-values_1341669850}/saml2_3242371462/recording.har (100%) rename test/e2e/mocks/config_603940551/export_4211608755/{0_AsxD_m_709008916 => 0_RAsxD_m_1035367322}/am_1076162899/recording.har (100%) rename test/e2e/mocks/config_603940551/export_4211608755/{0_AsxD_m_709008916 => 0_RAsxD_m_1035367322}/saml2_3242371462/recording.har (100%) rename test/e2e/mocks/config_603940551/export_4211608755/{0_all-separate_no-metadata_default_directory_use-string-arrays_no-decode_no-coords_extrac_1745344692 => 0_all-separate_read-only_no-metadata_default_directory_use-string-arrays_no-decode_no-coor_704286454}/am_1076162899/recording.har (100%) rename test/e2e/mocks/config_603940551/export_4211608755/{0_all-separate_no-metadata_default_directory_use-string-arrays_no-decode_no-coords_extrac_1745344692 => 0_all-separate_read-only_no-metadata_default_directory_use-string-arrays_no-decode_no-coor_704286454}/environment_1072573434/recording.har (100%) rename test/e2e/mocks/config_603940551/export_4211608755/{0_all-separate_no-metadata_default_directory_use-string-arrays_no-decode_no-coords_extrac_1745344692 => 0_all-separate_read-only_no-metadata_default_directory_use-string-arrays_no-decode_no-coor_704286454}/oauth2_393036114/recording.har (100%) rename test/e2e/mocks/config_603940551/export_4211608755/{0_all-separate_no-metadata_default_directory_use-string-arrays_no-decode_no-coords_extrac_1745344692 => 0_all-separate_read-only_no-metadata_default_directory_use-string-arrays_no-decode_no-coor_704286454}/openidm_3290118515/recording.har (100%) rename test/e2e/mocks/config_603940551/export_4211608755/{0_all-separate_no-metadata_default_directory_use-string-arrays_no-decode_no-coords_extrac_1745344692 => 0_all-separate_read-only_no-metadata_default_directory_use-string-arrays_no-decode_no-coor_704286454}/saml2_3242371462/recording.har (100%) rename test/e2e/mocks/config_603940551/export_4211608755/{0_all_file_include-active-values_use-string-arrays_no-decode_no-coords_type_134204241 => 0_all_read-only_file_include-active-values_use-string-arrays_no-decode_no-coords_type_2984323863}/am_1076162899/recording.har (100%) rename test/e2e/mocks/config_603940551/export_4211608755/{0_all_file_include-active-values_use-string-arrays_no-decode_no-coords_type_134204241 => 0_all_read-only_file_include-active-values_use-string-arrays_no-decode_no-coords_type_2984323863}/saml2_3242371462/recording.har (100%) create mode 100644 test/e2e/mocks/config_603940551/export_4211608755/0_gAD_515851240/am_1076162899/recording.har create mode 100644 test/e2e/mocks/config_603940551/export_4211608755/0_gAD_515851240/environment_1072573434/recording.har create mode 100644 test/e2e/mocks/config_603940551/export_4211608755/0_gAD_515851240/oauth2_393036114/recording.har create mode 100644 test/e2e/mocks/config_603940551/export_4211608755/0_gAD_515851240/openidm_3290118515/recording.har create mode 100644 test/e2e/mocks/config_603940551/export_4211608755/0_global-only_af_m_3851461146/am_1076162899/recording.har create mode 100644 test/e2e/mocks/config_603940551/export_4211608755/0_raf_3827736953/am_1076162899/recording.har create mode 100644 test/e2e/mocks/config_603940551/export_4211608755/0_raf_3827736953/oauth2_393036114/recording.har create mode 100644 test/e2e/mocks/config_603940551/export_4211608755/0_raf_3827736953/openidm_3290118515/recording.har create mode 100644 test/e2e/mocks/config_603940551/export_4211608755/0_raf_3827736953/saml2_3242371462/recording.har create mode 100644 test/e2e/mocks/config_603940551/export_4211608755/0_realm-only_AD_m_3495540868/am_1076162899/recording.har create mode 100644 test/e2e/mocks/config_603940551/export_4211608755/0_realm-only_AD_m_3495540868/saml2_3242371462/recording.har diff --git a/src/cli/config/config-export.ts b/src/cli/config/config-export.ts index a899c75c6..28c7383ef 100644 --- a/src/cli/config/config-export.ts +++ b/src/cli/config/config-export.ts @@ -15,7 +15,9 @@ export default function setup() { program .description( - 'Export full cloud configuration for all ops that currently support export.' + `Export full cloud configuration.\n` + + `By default, it only exports importable config (i.e. config that is not read-only) for the current deployment (e.g. if exporting from cloud, realm config would NOT be exported since it can't be imported back into cloud even though it can be imported into classic deployments). There is a flag to export all config including read only config.\n` + + `Additionally, there is a flag to export config for only the specified realm, a flag to export only global config, and many other flags to customize the export. Use the -h or --help to see them all and to also see usage examples.` ) .addOption(new Option('-f, --file ', 'Name of the export file.')) .addOption(new Option('-a, --all', 'Export everything to a single file.')) @@ -61,6 +63,24 @@ export default function setup() { 'Export all scripts including the default scripts.' ) ) + .addOption( + new Option( + '-R, --read-only', + 'Export read-only config (with the exception of default scripts) in addition to the importable config.' + ) + ) + .addOption( + new Option( + '-r, --realm-only', + 'Export only the config for the active realm. If -g, --global-only is also active, then the global config will also be exported.' + ) + ) + .addOption( + new Option( + '-g, --global-only', + 'Export only the global config. If -r, --realm-only is also active, then the corresponding active realm config will also be exported.' + ) + ) .addOption( new Option( '-s, --separate-mappings', @@ -86,15 +106,23 @@ export default function setup() { 'brightGreen' ] + `Usage Examples:\n` + - ` Backup global and active realm configuration including active secret values to a single file (Note: only values of active and loaded secrets can be exported):\n` + + ` Export global and realm configuration for version control (e.g. Git) into the current directory.\n` + + ` Note that -x and -s separates script and mapping config to better track changes made to them, and -N removes metadata since it changes every export (you may consider using --no-coords as well if you don't care to track node positions in journeys):\n` + + ` $ frodo config export -sxAND . ${s.connId}\n`['brightCyan'] + + ` Export global and realm configuration from cloud to be later imported into a classic, on-prem deployment.\n` + + ` Note -dR is used for exporting all read-only config from cloud since certain cloud read-only config (like the realm config) can be imported into a classic on-prem deployment:\n` + + ` $ frodo config export -adR ${s.connId}\n`['brightCyan'] + + ` Export only the bravo realm configuration:\n` + + ` $ frodo config export -ar ${s.connId} bravo\n`['brightCyan'] + + ` Backup global and realm configuration including active secret values to a single file (Note: only values of active and loaded secrets can be exported):\n` + ` $ frodo config export -a --include-active-values ${s.connId}\n`[ 'brightCyan' ] + - ` Backup global and active realm configuration including active secret values to individual files in a directory structure (Note: only values of active and loaded secrets can be exported):\n` + + ` Backup global and realm configuration including active secret values to individual files in a directory structure (Note: only values of active and loaded secrets can be exported):\n` + ` $ frodo config export -A -D ${s.connId}-backup --include-active-values ${s.connId}\n`[ 'brightCyan' ] + - ` Export global and active realm configuration including active secret values for import into another environment.\n` + + ` Export global and realm configuration including active secret values for import into another environment.\n` + ` The --target parameter instructs frodo to encrypt the exported secret values using the target environment so they can be imported into that target environment without requiring the source environment they were exported from.\n` + ` Using the --target parameter, the target environment must be available at the time of export and the person performing the export must have a connection profile for the target environment.\n` + ` Without the --target parameter, the source environment must be available at the time of import and the person performing the import must have a connection profile for the source environment.\n` + @@ -126,6 +154,9 @@ export default function setup() { includeDefault: options.default, includeActiveValues: options.includeActiveValues, target: options.target, + includeReadOnly: options.readOnly, + onlyRealm: options.realmOnly, + onlyGlobal: options.globalOnly, } ); if (!outcome) process.exitCode = 1; @@ -153,6 +184,9 @@ export default function setup() { includeDefault: options.default, includeActiveValues: options.includeActiveValues, target: options.target, + includeReadOnly: options.readOnly, + onlyRealm: options.realmOnly, + onlyGlobal: options.globalOnly, } ); if (!outcome) process.exitCode = 1; diff --git a/src/ops/ConfigOps.ts b/src/ops/ConfigOps.ts index c67372af5..84165fc23 100644 --- a/src/ops/ConfigOps.ts +++ b/src/ops/ConfigOps.ts @@ -48,6 +48,9 @@ export async function exportEverythingToFile( includeDefault: false, includeActiveValues: false, target: '', + includeReadOnly: false, + onlyRealm: false, + onlyGlobal: false, } ): Promise { try { @@ -87,6 +90,9 @@ export async function exportEverythingToFiles( includeDefault: false, includeActiveValues: false, target: '', + includeReadOnly: false, + onlyRealm: false, + onlyGlobal: false, } ): Promise { try { diff --git a/src/utils/Config.ts b/src/utils/Config.ts index d84e8a54c..3e581d46c 100644 --- a/src/utils/Config.ts +++ b/src/utils/Config.ts @@ -89,6 +89,9 @@ export async function getFullExportConfig( includeDefault: true, includeActiveValues: false, target: '', + includeReadOnly: true, + onlyRealm: false, + onlyGlobal: false, }); } // Go through files in the working directory and reconstruct the full export diff --git a/test/client_cli/en/__snapshots__/config-export.test.js.snap b/test/client_cli/en/__snapshots__/config-export.test.js.snap index 0027fa6d0..feb258bd0 100644 --- a/test/client_cli/en/__snapshots__/config-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-export.test.js.snap @@ -3,7 +3,15 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = ` "Usage: frodo config export [options] [host] [realm] [username] [password] -Export full cloud configuration for all ops that currently support export. +Export full cloud configuration. +By default, it only exports importable config (i.e. config that is not +read-only) for the current deployment (e.g. if exporting from cloud, realm +config would NOT be exported since it can't be imported back into cloud even +though it can be imported into classic deployments). There is a flag to export +all config including read only config. +Additionally, there is a flag to export config for only the specified realm, a +flag to export only global config, and many other flags to customize the +export. Use the -h or --help to see them all and to also see usage examples. Arguments: host AM base URL, e.g.: @@ -33,6 +41,10 @@ Options: troubleshooting. -f, --file Name of the export file. --flush-cache Flush token cache. + -g, --global-only Export only the global config. If -r, + --realm-only is also active, then the + corresponding active realm config will + also be exported. -h, --help Help --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use @@ -93,6 +105,13 @@ Options: positions of the journey/tree nodes. --no-decode Do not include decoded variable value in variable export + -r, --realm-only Export only the config for the active + realm. If -g, --global-only is also + active, then the global config will also + be exported. + -R, --read-only Export read-only config (with the + exception of default scripts) in + addition to the importable config. -s, --separate-mappings Export sync.idm.json mappings separately in their own directory. Ignored with -a. --sa-id Service account id. @@ -137,11 +156,19 @@ Environment Variables:  Frodo supports exporting and importing of ESV secret values. To leave stuartship of secret values with the cloud environment where they belong, frodo always encrypts values using either encryption keys from the source environment (default) or the target environment (--target parameter). Frodo never exports secrets in the clear. Usage Examples: - Backup global and active realm configuration including active secret values to a single file (Note: only values of active and loaded secrets can be exported): + Export global and realm configuration for version control (e.g. Git) into the current directory. + Note that -x and -s separates script and mapping config to better track changes made to them, and -N removes metadata since it changes every export (you may consider using --no-coords as well if you don't care to track node positions in journeys): + $ frodo config export -sxAND . matrix + Export global and realm configuration from cloud to be later imported into a classic, on-prem deployment. + Note -dR is used for exporting all read-only config from cloud since certain cloud read-only config (like the realm config) can be imported into a classic on-prem deployment: + $ frodo config export -adR matrix + Export only the bravo realm configuration: + $ frodo config export -ar matrix bravo + Backup global and realm configuration including active secret values to a single file (Note: only values of active and loaded secrets can be exported):  $ frodo config export -a --include-active-values matrix - Backup global and active realm configuration including active secret values to individual files in a directory structure (Note: only values of active and loaded secrets can be exported): + Backup global and realm configuration including active secret values to individual files in a directory structure (Note: only values of active and loaded secrets can be exported):  $ frodo config export -A -D matrix-backup --include-active-values matrix - Export global and active realm configuration including active secret values for import into another environment. + Export global and realm configuration including active secret values for import into another environment. The --target parameter instructs frodo to encrypt the exported secret values using the target environment so they can be imported into that target environment without requiring the source environment they were exported from. Using the --target parameter, the target environment must be available at the time of export and the person performing the export must have a connection profile for the target environment. Without the --target parameter, the source environment must be available at the time of import and the person performing the import must have a connection profile for the source environment. diff --git a/test/client_cli/en/__snapshots__/config.test.js.snap b/test/client_cli/en/__snapshots__/config.test.js.snap index 530b6efba..21053c7d6 100644 --- a/test/client_cli/en/__snapshots__/config.test.js.snap +++ b/test/client_cli/en/__snapshots__/config.test.js.snap @@ -9,8 +9,17 @@ Options: -h, --help Help Commands: - export Export full cloud configuration for all ops that currently - support export. + export Export full cloud configuration. + By default, it only exports importable config (i.e. config that + is not read-only) for the current deployment (e.g. if exporting + from cloud, realm config would NOT be exported since it can't be + imported back into cloud even though it can be imported into + classic deployments). There is a flag to export all config + including read only config. + Additionally, there is a flag to export config for only the + specified realm, a flag to export only global config, and many + other flags to customize the export. Use the -h or --help to see + them all and to also see usage examples. help display help for command import Import full cloud configuration. " diff --git a/test/e2e/__snapshots__/config-export.e2e.test.js.snap b/test/e2e/__snapshots__/config-export.e2e.test.js.snap index 20884724f..98d547bbd 100644 --- a/test/e2e/__snapshots__/config-export.e2e.test.js.snap +++ b/test/e2e/__snapshots__/config-export.e2e.test.js.snap @@ -13939,19281 +13939,8148 @@ a { }, }, }, - "realm": { - "L2FscGhh": { - "_id": "L2FscGhh", - "active": true, - "aliases": [], - "name": "alpha", - "parentPath": "/", + "secret": { + "esv-admin-token": { + "_id": "esv-admin-token", + "activeVersion": "1", + "description": "Long-lived admin token", + "encoding": "generic", + "lastChangeDate": "2024-03-20T14:46:13.461793Z", + "lastChangedBy": "ba58ff99-76d3-4c69-9c4a-7f150ac70e2c", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, }, - "L2JyYXZv": { - "_id": "L2JyYXZv", - "active": true, - "aliases": [], - "name": "bravo", - "parentPath": "/", + "esv-brando-pingone": { + "_id": "esv-brando-pingone", + "activeVersion": "4", + "description": "This is to show the connection between PingOne and AIC. ", + "encoding": "generic", + "lastChangeDate": "2024-06-24T00:44:06.154598Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "loadedVersion": "4", + "useInPlaceholders": true, + }, + "esv-secret-import-test1": { + "_id": "esv-secret-import-test1", + "activeVersion": "1", + "description": "Secret Import Test 1", + "encoding": "generic", + "lastChangeDate": "2024-06-22T01:13:13.904591Z", + "lastChangedBy": "volker.scheuber@forgerock.com", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, + }, + "esv-secret-import-test2": { + "_id": "esv-secret-import-test2", + "activeVersion": "1", + "description": "Secret Import Test 2", + "encoding": "generic", + "lastChangeDate": "2024-06-22T01:13:41.914076Z", + "lastChangedBy": "volker.scheuber@forgerock.com", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, + }, + "esv-test-secret": { + "_id": "esv-test-secret", + "activeVersion": "1", + "description": "This is a test secret containing a simple string value.", + "encoding": "generic", + "lastChangeDate": "2024-07-05T17:53:53.682578Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, + }, + "esv-test-secret-cert-pem": { + "_id": "esv-test-secret-cert-pem", + "activeVersion": "1", + "description": "This is a test secret from a pem encoded cert file.", + "encoding": "pem", + "lastChangeDate": "2024-01-20T03:48:49.005574Z", + "lastChangedBy": "6bac97fb-0665-4ba9-b66c-1cf70e074d72", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, + }, + "esv-test-secret-cert-pem-raw": { + "_id": "esv-test-secret-cert-pem-raw", + "activeVersion": "1", + "description": "This is a test secret from a pem encoded cert file (raw).", + "encoding": "pem", + "lastChangeDate": "2024-01-20T03:49:20.270526Z", + "lastChangedBy": "6bac97fb-0665-4ba9-b66c-1cf70e074d72", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, + }, + "esv-test-secret-euler": { + "_id": "esv-test-secret-euler", + "activeVersion": "1", + "description": "A test secret containing the value of Euler's number", + "encoding": "generic", + "lastChangeDate": "2023-12-14T15:27:34.607038Z", + "lastChangedBy": "phales@trivir.com", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, + }, + "esv-test-secret-file-base64hmac": { + "_id": "esv-test-secret-file-base64hmac", + "activeVersion": "1", + "description": "This is a test secret from base64 encoded hmac key file.", + "encoding": "base64hmac", + "lastChangeDate": "2024-01-20T03:46:37.42544Z", + "lastChangedBy": "6bac97fb-0665-4ba9-b66c-1cf70e074d72", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, + }, + "esv-test-secret-file-base64hmac-raw": { + "_id": "esv-test-secret-file-base64hmac-raw", + "activeVersion": "1", + "description": "This is a test secret from base64 encoded hmac key file (raw).", + "encoding": "base64hmac", + "lastChangeDate": "2024-01-20T03:47:03.695151Z", + "lastChangedBy": "6bac97fb-0665-4ba9-b66c-1cf70e074d72", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, + }, + "esv-test-secret-pi": { + "_id": "esv-test-secret-pi", + "activeVersion": "1", + "description": "Secret that contains the value of pi", + "encoding": "generic", + "lastChangeDate": "2023-12-14T15:22:28.519043Z", + "lastChangedBy": "phales@trivir.com", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, + }, + "esv-test-secret-pi-generic": { + "_id": "esv-test-secret-pi-generic", + "activeVersion": "3", + "description": "", + "encoding": "generic", + "lastChangeDate": "2024-07-15T03:20:09.136266Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "loadedVersion": "3", + "useInPlaceholders": true, + }, + "esv-volkers-test-secret": { + "_id": "esv-volkers-test-secret", + "activeVersion": "10", + "description": "Volker's test secret", + "encoding": "generic", + "lastChangeDate": "2024-06-26T01:37:06.116117Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "loadedVersion": "10", + "useInPlaceholders": true, }, }, - "scripttype": { - "AUTHENTICATION_CLIENT_SIDE": { - "_id": "AUTHENTICATION_CLIENT_SIDE", + "server": null, + "service": { + "CorsService": { + "_id": "", "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", - }, - "context": { - "_id": "AUTHENTICATION_CLIENT_SIDE", - "allowLists": [], - "bindings": [], - "evaluatorVersions": { - "GROOVY": [ - "1.0", - ], - "JAVASCRIPT": [ - "1.0", - ], - }, + "_id": "CorsService", + "collection": false, + "name": "CORS Service", }, - "defaultScript": "[Empty]", - "isHidden": false, - "languages": [ - "JAVASCRIPT", - "GROOVY", - ], + "enabled": true, + "location": "global", + "nextDescendents": [], }, - "AUTHENTICATION_SERVER_SIDE": { - "_id": "AUTHENTICATION_SERVER_SIDE", + "dashboard": { + "_id": "", "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", + "_id": "dashboard", + "collection": false, + "name": "Dashboard", }, - "context": { - "_id": "AUTHENTICATION_SERVER_SIDE", - "allowLists": [ - "java.util.ArrayList$Itr", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.http.protocol.Response", - "java.lang.Character$UnicodeBlock", - "org.forgerock.http.protocol.Form", - "org.forgerock.http.client.*", - "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "java.lang.StrictMath", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.lang.Long", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.lang.Boolean", - "java.lang.Character", - "java.util.LinkedHashMap", - "java.util.ArrayList", - "java.util.HashMap$KeyIterator", - "groovy.json.JsonSlurper", - "org.forgerock.http.protocol.Responses", - "java.util.LinkedHashSet", - "java.lang.Byte", - "java.lang.Math", - "java.util.List", - "org.forgerock.http.protocol.Entity", - "org.forgerock.http.protocol.Cookie", - "sun.security.ec.ECPrivateKeyImpl", - "org.codehaus.groovy.runtime.GStringImpl", - "org.forgerock.opendj.ldap.Dn", - "java.lang.String", - "java.lang.Void", - "org.forgerock.util.promise.Promise", - "java.lang.Integer", - "org.forgerock.http.protocol.Status", - "org.forgerock.json.JsonValue", - "com.sun.identity.shared.debug.Debug", - "java.lang.Character$Subset", - "org.forgerock.http.protocol.RequestCookies", - "java.lang.Float", - "org.forgerock.http.protocol.Header", - "org.forgerock.http.protocol.Headers", - "org.forgerock.http.protocol.Message", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.http.protocol.ResponseException", - "java.lang.Object", - "org.forgerock.http.protocol.Request", - "org.forgerock.openam.scripting.api.ScriptedSession", - "java.util.LinkedList", - "org.forgerock.openam.authentication.modules.scripted.*", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "java.util.Map", - "java.lang.Number", - "java.util.TreeMap", - "java.util.TreeSet", - "java.lang.Double", - "java.lang.Short", - "org.forgerock.util.promise.NeverThrowsException", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.JavaScriptException", - "java.util.HashMap", - "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", - "java.util.HashSet", - "java.util.Collections$UnmodifiableCollection$1", - ], - "bindings": [], - "evaluatorVersions": { - "GROOVY": [ - "1.0", - ], - "JAVASCRIPT": [ - "1.0", - ], - }, + "defaults": { + "assignedDashboard": [], }, - "defaultScript": "7e3d7067-d50f-4674-8c76-a3e13a810c33", - "engineConfiguration": { - "_id": "engineConfiguration", - "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", + "location": "global", + "nextDescendents": [ + { + "_id": "Google", + "_type": { + "_id": "instances", + "collection": true, + "name": "instance", + }, + "className": "SAML2ApplicationClass", + "displayName": "Google", + "icfIdentifier": "idm magic 34", + "icon": "images/logos/googleplus.png", + "login": "http://www.google.com", + "name": "Google", }, - "blackList": [ - "java.lang.Class", - "java.lang.Thread", - "java.lang.invoke.*", - "java.lang.reflect.*", - "java.security.AccessController", - ], - "coreThreads": { - "$int": "&{authentication.server.side.script.context.core.threads|10}", + { + "_id": "SalesForce", + "_type": { + "_id": "instances", + "collection": true, + "name": "instance", + }, + "className": "SAML2ApplicationClass", + "displayName": "SalesForce", + "icfIdentifier": "idm magic 12", + "icon": "images/logos/salesforce.png", + "login": "http://www.salesforce.com", + "name": "SalesForce", }, - "idleTimeout": 60, - "maxThreads": { - "$int": "&{authentication.server.side.script.context.max.threads|50}", + { + "_id": "ZenDesk", + "_type": { + "_id": "instances", + "collection": true, + "name": "instance", + }, + "className": "SAML2ApplicationClass", + "displayName": "ZenDesk", + "icfIdentifier": "idm magic 56", + "icon": "images/logos/zendesk.png", + "login": "http://www.ZenDesk.com", + "name": "ZenDesk", }, - "propertyNamePrefix": "esv.", - "queueSize": { - "$int": "&{authentication.server.side.script.context.queue.size|10}", + { + "_id": "2e4663b7-aed2-4521-8819-d379449d91b0", + "_type": { + "_id": "instances", + "collection": true, + "name": "instance", + }, + "className": "BookmarkApplicationClass", + "displayName": "Google", + "icon": "app-bookmark.svg", + "login": "https://www.google.com/", + "name": "Google", }, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "com.google.common.collect.ImmutableList", - "com.google.common.collect.Sets$1", - "com.iplanet.am.sdk.AMHashMap", - "com.iplanet.sso.providers.dpro.SSOTokenIDImpl", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.authentication.callbacks.HiddenValueCallback", - "com.sun.identity.authentication.callbacks.ReCaptchaCallback", - "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", - "com.sun.identity.authentication.spi.HttpCallback", - "com.sun.identity.authentication.spi.IdentifiableCallback", - "com.sun.identity.authentication.spi.MetadataCallback", - "com.sun.identity.authentication.spi.PagePropertiesCallback", - "com.sun.identity.authentication.spi.RedirectCallback", - "com.sun.identity.authentication.spi.X509CertificateCallback", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.common.CaseInsensitiveHashMap$Entry", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.idm.IdType", - "com.sun.identity.saml2.assertion.impl.AttributeImpl", - "com.sun.identity.saml2.common.SAML2Exception", - "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.StringEscapeUtils", - "groovy.json.internal.LazyMap", - "java.io.ByteArrayInputStream", - "java.io.ByteArrayOutputStream", - "java.io.UnsupportedEncodingException", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.NullPointerException", - "java.lang.Number", - "java.lang.Object", - "java.lang.RuntimeException", - "java.lang.SecurityException", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.math.BigDecimal", - "java.math.BigInteger", - "java.net.URI", - "java.security.KeyFactory", - "java.security.KeyPair", - "java.security.KeyPairGenerator", - "java.security.KeyPairGenerator$*", - "java.security.MessageDigest", - "java.security.MessageDigest$Delegate", - "java.security.MessageDigest$Delegate$CloneableDelegate", - "java.security.NoSuchAlgorithmException", - "java.security.PrivateKey", - "java.security.PublicKey", - "java.security.cert.CertificateFactory", - "java.security.cert.X509Certificate", - "java.security.spec.MGF1ParameterSpec", - "java.security.spec.PKCS8EncodedKeySpec", - "java.security.spec.X509EncodedKeySpec", - "java.text.SimpleDateFormat", - "java.time.Clock", - "java.time.Clock$FixedClock", - "java.time.Clock$OffsetClock", - "java.time.Clock$SystemClock", - "java.time.Clock$TickClock", - "java.time.temporal.ChronoUnit", - "java.util.AbstractMap$*", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Arrays", - "java.util.Collections", - "java.util.Collections$*", - "java.util.Date", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashMap$LinkedKeySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "java.util.UUID", - "javax.crypto.Cipher", - "javax.crypto.Mac", - "javax.crypto.spec.IvParameterSpec", - "javax.crypto.spec.OAEPParameterSpec", - "javax.crypto.spec.PSource", - "javax.crypto.spec.PSource$*", - "javax.crypto.spec.SecretKeySpec", - "javax.security.auth.callback.ChoiceCallback", - "javax.security.auth.callback.ConfirmationCallback", - "javax.security.auth.callback.LanguageCallback", - "javax.security.auth.callback.NameCallback", - "javax.security.auth.callback.PasswordCallback", - "javax.security.auth.callback.TextInputCallback", - "javax.security.auth.callback.TextOutputCallback", - "org.apache.groovy.json.internal.LazyMap", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.guice.core.IdentityProvider", - "org.forgerock.guice.core.InjectorHolder", - "org.forgerock.http.Client", - "org.forgerock.http.Context", - "org.forgerock.http.Handler", - "org.forgerock.http.client.*", - "org.forgerock.http.context.RootContext", - "org.forgerock.http.header.*", - "org.forgerock.http.header.authorization.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.json.jose.builders.EncryptedJwtBuilder", - "org.forgerock.json.jose.builders.EncryptedThenSignedJwtBuilder", - "org.forgerock.json.jose.builders.JweHeaderBuilder", - "org.forgerock.json.jose.builders.JwsHeaderBuilder", - "org.forgerock.json.jose.builders.JwtBuilderFactory", - "org.forgerock.json.jose.builders.SignedJwtBuilderImpl", - "org.forgerock.json.jose.builders.SignedThenEncryptedJwtBuilder", - "org.forgerock.json.jose.builders.SignedThenEncryptedJwtHeaderBuilder", - "org.forgerock.json.jose.jwe.EncryptedJwt", - "org.forgerock.json.jose.jwe.EncryptionMethod", - "org.forgerock.json.jose.jwe.JweAlgorithm", - "org.forgerock.json.jose.jwe.SignedThenEncryptedJwt", - "org.forgerock.json.jose.jwk.JWKSet", - "org.forgerock.json.jose.jwk.RsaJWK", - "org.forgerock.json.jose.jws.EncryptedThenSignedJwt", - "org.forgerock.json.jose.jws.JwsAlgorithm", - "org.forgerock.json.jose.jws.JwsHeader", - "org.forgerock.json.jose.jws.SignedEncryptedJwt", - "org.forgerock.json.jose.jws.SignedJwt", - "org.forgerock.json.jose.jws.SigningManager", - "org.forgerock.json.jose.jws.handlers.HmacSigningHandler", - "org.forgerock.json.jose.jws.handlers.RSASigningHandler", - "org.forgerock.json.jose.jws.handlers.SecretHmacSigningHandler", - "org.forgerock.json.jose.jws.handlers.SecretRSASigningHandler", - "org.forgerock.json.jose.jwt.JwtClaimsSet", - "org.forgerock.macaroons.Macaroon", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.GrantType", - "org.forgerock.oauth2.core.StatefulAccessToken", - "org.forgerock.oauth2.core.UserInfoClaims", - "org.forgerock.oauth2.core.exceptions.InvalidRequestException", - "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", - "org.forgerock.openam.auth.node.api.Action", - "org.forgerock.openam.auth.node.api.Action$ActionBuilder", - "org.forgerock.openam.auth.node.api.NodeState", - "org.forgerock.openam.auth.node.api.SuspendedTextOutputCallback", - "org.forgerock.openam.auth.nodes.IdentityProvider", - "org.forgerock.openam.auth.nodes.InjectorHolder", - "org.forgerock.openam.authentication.callbacks.AbstractValidatedCallback", - "org.forgerock.openam.authentication.callbacks.AttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.ConsentMappingCallback", - "org.forgerock.openam.authentication.callbacks.DeviceProfileCallback", - "org.forgerock.openam.authentication.callbacks.IdPCallback", - "org.forgerock.openam.authentication.callbacks.KbaCreateCallback", - "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", - "org.forgerock.openam.authentication.callbacks.SelectIdPCallback", - "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.TermsAndConditionsCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", - "org.forgerock.openam.authentication.modules.scripted.*", - "org.forgerock.openam.core.rest.authn.callbackhandlers.*", - "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", - "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", - "org.forgerock.openam.oauth2.OpenAMAccessToken", - "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", - "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", - "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.ScriptedIdentity", - "org.forgerock.openam.scripting.api.ScriptedSession", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.scripting.api.secrets.Secret", - "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", - "org.forgerock.openam.shared.security.ThreadLocalSecureRandom", - "org.forgerock.openidconnect.Claim", - "org.forgerock.openidconnect.OpenIdConnectToken", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.forgerock.secrets.SecretBuilder", - "org.forgerock.secrets.keys.SigningKey", - "org.forgerock.secrets.keys.VerificationKey", - "org.forgerock.util.encode.Base64", - "org.forgerock.util.encode.Base64url", - "org.forgerock.util.encode.Hex", - "org.forgerock.util.promise.NeverThrowsException", - "org.forgerock.util.promise.Promise", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.ConsString", - "org.mozilla.javascript.JavaScriptException", - "org.mozilla.javascript.WrappedException", - "sun.security.ec.ECPrivateKeyImpl", - "sun.security.rsa.RSAPrivateCrtKeyImpl", - "sun.security.rsa.RSAPublicKeyImpl", - "sun.security.x509.X500Name", - "sun.security.x509.X509CertImpl", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.openam.auth.nodes.VerifyTransactionsHelper", - ], - }, - "isHidden": false, - "languages": [ - "JAVASCRIPT", - "GROOVY", ], }, - "AUTHENTICATION_TREE_DECISION_NODE": { - "_id": "AUTHENTICATION_TREE_DECISION_NODE", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", + }, + "sync": { + "_id": "sync", + "mappings": [ + { + "_id": "sync/managedBravo_user_managedBravo_user", + "consentRequired": false, + "displayName": "managedBravo_user_managedBravo_user", + "icon": null, + "name": "managedBravo_user_managedBravo_user", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + ], + "properties": [], + "source": "managed/bravo_user", + "syncAfter": [], + "target": "managed/bravo_user", }, - "context": { - "_id": "AUTHENTICATION_TREE_DECISION_NODE", - "allowLists": [ - "javax.security.auth.callback.ChoiceCallback", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "groovy.json.JsonSlurper", - "java.security.PublicKey", - "org.forgerock.http.protocol.Form", - "org.forgerock.http.protocol.Request", - "java.lang.Number", - "java.util.AbstractMap$*", - "com.sun.identity.authentication.spi.MetadataCallback", - "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", - "org.forgerock.opendj.ldap.Dn", - "java.util.concurrent.TimeUnit", - "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", - "java.lang.String", - "com.sun.identity.authentication.callbacks.HiddenValueCallback", - "org.forgerock.http.protocol.Responses", - "org.forgerock.http.protocol.Header", - "javax.crypto.spec.PBEKeySpec", - "org.forgerock.openam.scripting.api.ScriptedSession", - "org.forgerock.openam.auth.nodes.VerifyTransactionsHelper", - "java.util.TreeSet", - "java.lang.Short", - "org.forgerock.util.promise.PromiseImpl", - "java.lang.Character", - "javax.crypto.spec.PSource", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "sun.security.ec.ECPrivateKeyImpl", - "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", - "javax.security.auth.callback.TextOutputCallback", - "java.util.concurrent.TimeoutException", - "java.lang.Object", - "java.security.spec.InvalidKeySpecException", - "org.forgerock.http.Client", - "org.forgerock.http.protocol.Response", - "org.forgerock.openam.auth.node.api.Action$ActionBuilder", - "java.util.Collections$UnmodifiableCollection$1", - "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", - "java.security.spec.X509EncodedKeySpec", - "org.forgerock.http.Context", - "java.util.HashMap", - "java.util.LinkedList", - "org.forgerock.http.protocol.Entity", - "org.forgerock.util.promise.Promise", - "java.util.LinkedHashMap", - "java.util.concurrent.ExecutionException", - "java.lang.Long", - "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", - "org.forgerock.openam.scripting.api.secrets.Secret", - "javax.security.auth.callback.ConfirmationCallback", - "org.forgerock.openam.auth.node.api.Action", - "java.security.PrivateKey", - "org.forgerock.opendj.ldap.Rdn", - "java.lang.Character$Subset", - "org.forgerock.http.Handler", - "org.forgerock.http.client.*", - "java.util.ArrayList", - "java.util.HashMap$KeyIterator", - "org.forgerock.openam.authentication.callbacks.IdPCallback", - "java.security.KeyPairGenerator$*", - "java.lang.Byte", - "org.forgerock.http.protocol.RequestCookies", - "com.sun.identity.authentication.spi.X509CertificateCallback", - "java.lang.Float", - "java.util.Collections$UnmodifiableRandomAccessList", - "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", - "javax.security.auth.callback.PasswordCallback", - "org.forgerock.util.promise.NeverThrowsException", - "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", - "java.lang.Boolean", - "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", - "org.forgerock.http.protocol.Status", - "org.forgerock.openam.core.rest.authn.callbackhandlers.*", - "org.codehaus.groovy.runtime.GStringImpl", - "javax.crypto.spec.PSource$*", - "java.lang.Math", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "com.sun.identity.authentication.spi.HttpCallback", - "javax.security.auth.callback.LanguageCallback", - "java.lang.Character$UnicodeBlock", - "java.lang.Integer", - "java.lang.StrictMath", - "java.security.spec.MGF1ParameterSpec", - "java.security.KeyPair", - "org.forgerock.http.protocol.Cookie", - "javax.security.auth.callback.NameCallback", - "javax.security.auth.callback.TextInputCallback", - "org.forgerock.http.protocol.ResponseException", - "java.util.HashSet", - "java.util.Collections", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.auth.node.api.NodeState", - "java.util.TreeMap", - "org.forgerock.http.header.authorization.*", - "javax.crypto.spec.OAEPParameterSpec", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "java.util.LinkedHashSet", - "java.util.Map", - "org.mozilla.javascript.JavaScriptException", - "java.lang.Void", - "com.sun.crypto.provider.PBKDF2KeyImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.mozilla.javascript.ConsString", - "org.forgerock.http.context.RootContext", - "javax.crypto.SecretKeyFactory", - "com.sun.identity.authentication.spi.RedirectCallback", - "java.lang.Double", - "org.forgerock.json.JsonValue", - "java.util.Collections$*", - "org.forgerock.http.header.*", - "org.forgerock.http.protocol.Message", - "java.util.List", - "com.sun.identity.shared.debug.Debug", - "org.forgerock.http.protocol.Headers", - "java.security.KeyPairGenerator", - "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + { + "_id": "sync/managedAlpha_user_managedBravo_user", + "consentRequired": true, + "displayName": "Test Mapping for Frodo", + "icon": null, + "name": "managedAlpha_user_managedBravo_user", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, ], - "bindings": [], - "evaluatorVersions": { - "GROOVY": [ - "1.0", - ], - "JAVASCRIPT": [ - "1.0", - ], - }, + "properties": [ + { + "condition": { + "globals": {}, + "source": "console.log("Hello World!");", + "type": "text/javascript", + }, + "default": [ + "Default value string", + ], + "source": "accountStatus", + "target": "applications", + "transform": { + "globals": {}, + "source": "console.log("hello");", + "type": "text/javascript", + }, + }, + ], + "source": "managed/alpha_user", + "syncAfter": [ + "managedBravo_user_managedBravo_user", + ], + "target": "managed/bravo_user", }, - "defaultScript": "01e1a3c0-038b-4c16-956a-6c9d89328cff", - "engineConfiguration": { - "_id": "engineConfiguration", - "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", - }, - "blackList": [ - "java.lang.Class", - "java.lang.Thread", - "java.lang.invoke.*", - "java.lang.reflect.*", - "java.security.AccessController", + { + "_id": "sync/managedBravo_user_managedAlpha_user", + "consentRequired": false, + "displayName": "Frodo test mapping", + "icon": null, + "name": "managedBravo_user_managedAlpha_user", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + ], + "properties": [], + "source": "managed/bravo_user", + "syncAfter": [ + "managedBravo_user_managedBravo_user", + "managedAlpha_user_managedBravo_user", ], - "coreThreads": { - "$int": "&{authentication.tree.decision.node.script.context.core.threads|10}", + "target": "managed/alpha_user", + }, + { + "_id": "sync/AlphaUser2GoogleApps", + "consentRequired": false, + "correlationQuery": [ + { + "expressionTree": { + "all": [ + "__NAME__", + ], + }, + "file": "ui/correlateTreeToQueryFilter.js", + "linkQualifier": "default", + "mapping": "AlphaUser2GoogleApps", + "type": "text/javascript", + }, + ], + "displayName": "AlphaUser2GoogleApps", + "enableSync": { + "$bool": "&{esv.gac.enable.mapping}", }, - "idleTimeout": 60, - "maxThreads": { - "$int": "&{authentication.tree.decision.node.script.context.max.threads|50}", + "icon": null, + "name": "AlphaUser2GoogleApps", + "onCreate": { + "globals": {}, + "source": "target.orgUnitPath = "/NewAccounts";", + "type": "text/javascript", }, - "propertyNamePrefix": "esv.", - "queueSize": { - "$int": "&{authentication.tree.decision.node.script.context.queue.size|10}", + "onUpdate": { + "globals": {}, + "source": "//testing1234 +target.givenName = oldTarget.givenName; +target.familyName = oldTarget.familyName; +target.__NAME__ = oldTarget.__NAME__;", + "type": "text/javascript", }, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "com.google.common.collect.ImmutableList", - "com.google.common.collect.Sets$1", - "com.iplanet.am.sdk.AMHashMap", - "com.iplanet.sso.providers.dpro.SSOTokenIDImpl", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.authentication.callbacks.HiddenValueCallback", - "com.sun.identity.authentication.callbacks.ReCaptchaCallback", - "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", - "com.sun.identity.authentication.spi.HttpCallback", - "com.sun.identity.authentication.spi.IdentifiableCallback", - "com.sun.identity.authentication.spi.MetadataCallback", - "com.sun.identity.authentication.spi.PagePropertiesCallback", - "com.sun.identity.authentication.spi.RedirectCallback", - "com.sun.identity.authentication.spi.X509CertificateCallback", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.common.CaseInsensitiveHashMap$Entry", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.idm.IdType", - "com.sun.identity.saml2.assertion.impl.AttributeImpl", - "com.sun.identity.saml2.common.SAML2Exception", - "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.StringEscapeUtils", - "groovy.json.internal.LazyMap", - "java.io.ByteArrayInputStream", - "java.io.ByteArrayOutputStream", - "java.io.UnsupportedEncodingException", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.NullPointerException", - "java.lang.Number", - "java.lang.Object", - "java.lang.RuntimeException", - "java.lang.SecurityException", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.math.BigDecimal", - "java.math.BigInteger", - "java.net.URI", - "java.security.KeyFactory", - "java.security.KeyPair", - "java.security.KeyPairGenerator", - "java.security.KeyPairGenerator$*", - "java.security.MessageDigest", - "java.security.MessageDigest$Delegate", - "java.security.MessageDigest$Delegate$CloneableDelegate", - "java.security.NoSuchAlgorithmException", - "java.security.PrivateKey", - "java.security.PublicKey", - "java.security.cert.CertificateFactory", - "java.security.cert.X509Certificate", - "java.security.spec.MGF1ParameterSpec", - "java.security.spec.PKCS8EncodedKeySpec", - "java.security.spec.X509EncodedKeySpec", - "java.text.SimpleDateFormat", - "java.time.Clock", - "java.time.Clock$FixedClock", - "java.time.Clock$OffsetClock", - "java.time.Clock$SystemClock", - "java.time.Clock$TickClock", - "java.time.temporal.ChronoUnit", - "java.util.AbstractMap$*", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Arrays", - "java.util.Collections", - "java.util.Collections$*", - "java.util.Date", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashMap$LinkedKeySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "java.util.UUID", - "javax.crypto.Cipher", - "javax.crypto.Mac", - "javax.crypto.spec.IvParameterSpec", - "javax.crypto.spec.OAEPParameterSpec", - "javax.crypto.spec.PSource", - "javax.crypto.spec.PSource$*", - "javax.crypto.spec.SecretKeySpec", - "javax.security.auth.callback.ChoiceCallback", - "javax.security.auth.callback.ConfirmationCallback", - "javax.security.auth.callback.LanguageCallback", - "javax.security.auth.callback.NameCallback", - "javax.security.auth.callback.PasswordCallback", - "javax.security.auth.callback.TextInputCallback", - "javax.security.auth.callback.TextOutputCallback", - "org.apache.groovy.json.internal.LazyMap", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.guice.core.IdentityProvider", - "org.forgerock.guice.core.InjectorHolder", - "org.forgerock.http.Client", - "org.forgerock.http.Context", - "org.forgerock.http.Handler", - "org.forgerock.http.client.*", - "org.forgerock.http.context.RootContext", - "org.forgerock.http.header.*", - "org.forgerock.http.header.authorization.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.json.jose.builders.EncryptedJwtBuilder", - "org.forgerock.json.jose.builders.EncryptedThenSignedJwtBuilder", - "org.forgerock.json.jose.builders.JweHeaderBuilder", - "org.forgerock.json.jose.builders.JwsHeaderBuilder", - "org.forgerock.json.jose.builders.JwtBuilderFactory", - "org.forgerock.json.jose.builders.SignedJwtBuilderImpl", - "org.forgerock.json.jose.builders.SignedThenEncryptedJwtBuilder", - "org.forgerock.json.jose.builders.SignedThenEncryptedJwtHeaderBuilder", - "org.forgerock.json.jose.jwe.EncryptedJwt", - "org.forgerock.json.jose.jwe.EncryptionMethod", - "org.forgerock.json.jose.jwe.JweAlgorithm", - "org.forgerock.json.jose.jwe.JweHeader", - "org.forgerock.json.jose.jwe.SignedThenEncryptedJwt", - "org.forgerock.json.jose.jwk.JWKSet", - "org.forgerock.json.jose.jwk.RsaJWK", - "org.forgerock.json.jose.jws.EncryptedThenSignedJwt", - "org.forgerock.json.jose.jws.JwsAlgorithm", - "org.forgerock.json.jose.jws.JwsHeader", - "org.forgerock.json.jose.jws.SignedEncryptedJwt", - "org.forgerock.json.jose.jws.SignedJwt", - "org.forgerock.json.jose.jws.SigningManager", - "org.forgerock.json.jose.jws.handlers.HmacSigningHandler", - "org.forgerock.json.jose.jws.handlers.RSASigningHandler", - "org.forgerock.json.jose.jws.handlers.SecretHmacSigningHandler", - "org.forgerock.json.jose.jws.handlers.SecretRSASigningHandler", - "org.forgerock.json.jose.jwt.JwtClaimsSet", - "org.forgerock.macaroons.Macaroon", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.GrantType", - "org.forgerock.oauth2.core.StatefulAccessToken", - "org.forgerock.oauth2.core.UserInfoClaims", - "org.forgerock.oauth2.core.exceptions.InvalidRequestException", - "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", - "org.forgerock.openam.auth.node.api.Action", - "org.forgerock.openam.auth.node.api.Action$ActionBuilder", - "org.forgerock.openam.auth.node.api.NodeState", - "org.forgerock.openam.auth.node.api.SuspendedTextOutputCallback", - "org.forgerock.openam.auth.nodes.IdentityProvider", - "org.forgerock.openam.auth.nodes.InjectorHolder", - "org.forgerock.openam.authentication.callbacks.AbstractValidatedCallback", - "org.forgerock.openam.authentication.callbacks.AttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.ConsentMappingCallback", - "org.forgerock.openam.authentication.callbacks.DeviceProfileCallback", - "org.forgerock.openam.authentication.callbacks.IdPCallback", - "org.forgerock.openam.authentication.callbacks.KbaCreateCallback", - "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", - "org.forgerock.openam.authentication.callbacks.SelectIdPCallback", - "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.TermsAndConditionsCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", - "org.forgerock.openam.authentication.modules.scripted.*", - "org.forgerock.openam.core.realms.impl.RealmImpl", - "org.forgerock.openam.core.realms.Realms", - "org.forgerock.openam.core.realms.RootRealm", - "org.forgerock.openam.core.rest.authn.callbackhandlers.*", - "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", - "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", - "org.forgerock.openam.oauth2.OpenAMAccessToken", - "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", - "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", - "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", - "org.forgerock.openam.placeholder.substitution.FbcPlaceholderSubstitution", - "org.forgerock.openam.placeholder.substitution.PlaceholderSubstitution", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.ScriptedIdentity", - "org.forgerock.openam.scripting.api.ScriptedSession", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.scripting.api.secrets.Secret", - "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", - "org.forgerock.openam.shared.security.ThreadLocalSecureRandom", - "org.forgerock.openam.social.idp.OpenIDConnectClientConfig", - "org.forgerock.openam.social.idp.OpenIDConnectClientConfig$ByteBuddy*", - "org.forgerock.openam.social.idp.SocialIdentityProviders", - "org.forgerock.openam.social.idp.SocialIdentityProvidersImpl", - "org.forgerock.openidconnect.Claim", - "org.forgerock.openidconnect.OpenIdConnectToken", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.forgerock.secrets.SecretBuilder", - "org.forgerock.secrets.keys.SigningKey", - "org.forgerock.secrets.keys.VerificationKey", - "org.forgerock.util.encode.Base64", - "org.forgerock.util.encode.Base64url", - "org.forgerock.util.encode.Hex", - "org.forgerock.util.promise.NeverThrowsException", - "org.forgerock.util.promise.Promise", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.ConsString", - "org.mozilla.javascript.JavaScriptException", - "org.mozilla.javascript.WrappedException", - "sun.security.ec.ECPrivateKeyImpl", - "sun.security.rsa.RSAPrivateCrtKeyImpl", - "sun.security.rsa.RSAPublicKeyImpl", - "sun.security.x509.X500Name", - "sun.security.x509.X509CertImpl", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.concurrent.TimeUnit", - "java.util.concurrent.ExecutionException", - "java.util.concurrent.TimeoutException", - "javax.crypto.SecretKeyFactory", - "javax.crypto.spec.PBEKeySpec", - "com.sun.crypto.provider.PBKDF2KeyImpl", - "java.security.spec.InvalidKeySpecException", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - ], - }, - "isHidden": false, - "languages": [ - "JAVASCRIPT", - "GROOVY", - ], - }, - "CONFIG_PROVIDER_NODE": { - "_id": "CONFIG_PROVIDER_NODE", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", - }, - "context": { - "_id": "CONFIG_PROVIDER_NODE", - "allowLists": [ - "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.mozilla.javascript.ConsString", - "java.util.List", - "javax.crypto.spec.PBEKeySpec", - "org.forgerock.openam.auth.node.api.Action", - "org.forgerock.http.protocol.Status", - "org.forgerock.http.context.RootContext", - "java.security.spec.InvalidKeySpecException", - "java.security.PrivateKey", - "javax.security.auth.callback.ConfirmationCallback", - "java.lang.Byte", - "java.util.Collections$*", - "com.sun.identity.authentication.spi.X509CertificateCallback", - "org.forgerock.http.Handler", - "java.util.TreeSet", - "org.forgerock.http.protocol.Header", - "org.forgerock.openam.auth.node.api.Action$ActionBuilder", - "java.util.LinkedHashMap", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.protocol.Entity", - "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", - "javax.crypto.spec.PSource$*", - "java.lang.Short", - "com.sun.identity.authentication.callbacks.HiddenValueCallback", - "java.util.HashSet", - "java.util.Map", - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.opendj.ldap.Rdn", - "java.lang.Character", - "org.forgerock.openam.auth.node.api.NodeState", - "org.forgerock.http.protocol.Message", - "org.forgerock.http.protocol.RequestCookies", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", - "java.security.spec.MGF1ParameterSpec", - "org.forgerock.http.Client", - "javax.crypto.SecretKeyFactory", - "java.security.PublicKey", - "javax.crypto.spec.PSource", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "javax.security.auth.callback.ChoiceCallback", - "javax.security.auth.callback.TextInputCallback", - "org.mozilla.javascript.JavaScriptException", - "java.security.KeyPair", - "java.lang.Void", - "java.lang.Number", - "java.util.LinkedList", - "org.forgerock.openam.scripting.api.ScriptedSession", - "org.forgerock.util.promise.Promise", - "org.forgerock.http.Context", - "javax.security.auth.callback.TextOutputCallback", - "javax.security.auth.callback.LanguageCallback", - "java.security.spec.X509EncodedKeySpec", - "org.forgerock.http.header.*", - "org.forgerock.http.protocol.Request", - "org.forgerock.http.protocol.Cookie", - "javax.security.auth.callback.PasswordCallback", - "org.forgerock.openam.core.rest.authn.callbackhandlers.*", - "java.lang.Character$UnicodeBlock", - "com.sun.crypto.provider.PBKDF2KeyImpl", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "java.util.HashMap$KeyIterator", - "java.util.TreeMap", - "java.lang.StrictMath", - "java.lang.Boolean", - "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", - "groovy.json.JsonSlurper", - "org.forgerock.openam.scripting.api.secrets.Secret", - "java.util.Collections$UnmodifiableRandomAccessList", - "javax.security.auth.callback.NameCallback", - "java.util.AbstractMap$*", - "java.lang.Character$Subset", - "java.util.HashMap", - "org.codehaus.groovy.runtime.GStringImpl", - "org.forgerock.http.protocol.Response", - "javax.crypto.spec.OAEPParameterSpec", - "org.forgerock.http.protocol.Headers", - "java.util.concurrent.TimeUnit", - "com.sun.identity.authentication.spi.MetadataCallback", - "java.lang.Integer", - "com.sun.identity.shared.debug.Debug", - "java.lang.Math", - "com.sun.identity.authentication.spi.RedirectCallback", - "com.sun.identity.authentication.spi.HttpCallback", - "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", - "org.forgerock.http.client.*", - "java.util.ArrayList", - "org.forgerock.openam.authentication.callbacks.IdPCallback", - "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", - "org.forgerock.http.protocol.ResponseException", - "java.util.Collections", - "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.util.promise.NeverThrowsException", - "java.util.Collections$UnmodifiableCollection$1", - "java.lang.Object", - "java.util.concurrent.ExecutionException", - "java.util.LinkedHashSet", - "java.lang.Long", - "java.security.KeyPairGenerator", - "org.forgerock.http.protocol.Form", - "org.forgerock.json.JsonValue", - "sun.security.ec.ECPrivateKeyImpl", - "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", - "org.forgerock.http.header.authorization.*", - "org.forgerock.http.protocol.Responses", - "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", - "java.security.KeyPairGenerator$*", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "java.util.concurrent.TimeoutException", - "java.lang.Double", - "java.lang.String", - "java.lang.Float", - ], - "bindings": [], - "evaluatorVersions": { - "GROOVY": [ - "1.0", - ], - "JAVASCRIPT": [ - "1.0", - ], - }, - }, - "defaultScript": "5e854779-6ec1-4c39-aeba-0477e0986646", - "engineConfiguration": { - "_id": "engineConfiguration", - "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", - }, - "blackList": [ - "java.lang.Class", - "java.lang.Thread", - "java.lang.invoke.*", - "java.lang.reflect.*", - "java.security.AccessController", - ], - "coreThreads": { - "$int": "&{config.provider.node.script.context.core.threads|10}", - }, - "idleTimeout": 60, - "maxThreads": { - "$int": "&{config.provider.node.script.context.max.threads|50}", - }, - "propertyNamePrefix": "esv.", - "queueSize": { - "$int": "&{config.provider.node.script.context.queue.size|10}", - }, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "com.google.common.collect.ImmutableList", - "com.google.common.collect.Sets$1", - "com.iplanet.am.sdk.AMHashMap", - "com.iplanet.sso.providers.dpro.SSOTokenIDImpl", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.authentication.callbacks.HiddenValueCallback", - "com.sun.identity.authentication.callbacks.ReCaptchaCallback", - "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", - "com.sun.identity.authentication.spi.HttpCallback", - "com.sun.identity.authentication.spi.IdentifiableCallback", - "com.sun.identity.authentication.spi.MetadataCallback", - "com.sun.identity.authentication.spi.PagePropertiesCallback", - "com.sun.identity.authentication.spi.RedirectCallback", - "com.sun.identity.authentication.spi.X509CertificateCallback", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.common.CaseInsensitiveHashMap$Entry", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.idm.IdType", - "com.sun.identity.saml2.assertion.impl.AttributeImpl", - "com.sun.identity.saml2.common.SAML2Exception", - "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.StringEscapeUtils", - "groovy.json.internal.LazyMap", - "java.io.ByteArrayInputStream", - "java.io.ByteArrayOutputStream", - "java.io.UnsupportedEncodingException", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.NullPointerException", - "java.lang.Number", - "java.lang.Object", - "java.lang.RuntimeException", - "java.lang.SecurityException", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.math.BigDecimal", - "java.math.BigInteger", - "java.net.URI", - "java.security.KeyFactory", - "java.security.KeyPair", - "java.security.KeyPairGenerator", - "java.security.KeyPairGenerator$*", - "java.security.MessageDigest", - "java.security.MessageDigest$Delegate", - "java.security.MessageDigest$Delegate$CloneableDelegate", - "java.security.NoSuchAlgorithmException", - "java.security.PrivateKey", - "java.security.PublicKey", - "java.security.cert.CertificateFactory", - "java.security.cert.X509Certificate", - "java.security.spec.MGF1ParameterSpec", - "java.security.spec.PKCS8EncodedKeySpec", - "java.security.spec.X509EncodedKeySpec", - "java.text.SimpleDateFormat", - "java.time.Clock", - "java.time.Clock$FixedClock", - "java.time.Clock$OffsetClock", - "java.time.Clock$SystemClock", - "java.time.Clock$TickClock", - "java.time.temporal.ChronoUnit", - "java.util.AbstractMap$*", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Arrays", - "java.util.Collections", - "java.util.Collections$*", - "java.util.Date", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashMap$LinkedKeySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "java.util.UUID", - "javax.crypto.Cipher", - "javax.crypto.Mac", - "javax.crypto.spec.IvParameterSpec", - "javax.crypto.spec.OAEPParameterSpec", - "javax.crypto.spec.PSource", - "javax.crypto.spec.PSource$*", - "javax.crypto.spec.SecretKeySpec", - "javax.security.auth.callback.ChoiceCallback", - "javax.security.auth.callback.ConfirmationCallback", - "javax.security.auth.callback.LanguageCallback", - "javax.security.auth.callback.NameCallback", - "javax.security.auth.callback.PasswordCallback", - "javax.security.auth.callback.TextInputCallback", - "javax.security.auth.callback.TextOutputCallback", - "org.apache.groovy.json.internal.LazyMap", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.guice.core.IdentityProvider", - "org.forgerock.guice.core.InjectorHolder", - "org.forgerock.http.Client", - "org.forgerock.http.Context", - "org.forgerock.http.Handler", - "org.forgerock.http.client.*", - "org.forgerock.http.context.RootContext", - "org.forgerock.http.header.*", - "org.forgerock.http.header.authorization.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.json.jose.builders.EncryptedJwtBuilder", - "org.forgerock.json.jose.builders.EncryptedThenSignedJwtBuilder", - "org.forgerock.json.jose.builders.JweHeaderBuilder", - "org.forgerock.json.jose.builders.JwsHeaderBuilder", - "org.forgerock.json.jose.builders.JwtBuilderFactory", - "org.forgerock.json.jose.builders.SignedJwtBuilderImpl", - "org.forgerock.json.jose.builders.SignedThenEncryptedJwtBuilder", - "org.forgerock.json.jose.builders.SignedThenEncryptedJwtHeaderBuilder", - "org.forgerock.json.jose.jwe.EncryptedJwt", - "org.forgerock.json.jose.jwe.EncryptionMethod", - "org.forgerock.json.jose.jwe.JweAlgorithm", - "org.forgerock.json.jose.jwe.JweHeader", - "org.forgerock.json.jose.jwe.SignedThenEncryptedJwt", - "org.forgerock.json.jose.jwk.JWKSet", - "org.forgerock.json.jose.jwk.RsaJWK", - "org.forgerock.json.jose.jws.EncryptedThenSignedJwt", - "org.forgerock.json.jose.jws.JwsAlgorithm", - "org.forgerock.json.jose.jws.JwsHeader", - "org.forgerock.json.jose.jws.SignedEncryptedJwt", - "org.forgerock.json.jose.jws.SignedJwt", - "org.forgerock.json.jose.jws.SigningManager", - "org.forgerock.json.jose.jws.handlers.HmacSigningHandler", - "org.forgerock.json.jose.jws.handlers.RSASigningHandler", - "org.forgerock.json.jose.jws.handlers.SecretHmacSigningHandler", - "org.forgerock.json.jose.jws.handlers.SecretRSASigningHandler", - "org.forgerock.json.jose.jwt.JwtClaimsSet", - "org.forgerock.macaroons.Macaroon", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.GrantType", - "org.forgerock.oauth2.core.StatefulAccessToken", - "org.forgerock.oauth2.core.UserInfoClaims", - "org.forgerock.oauth2.core.exceptions.InvalidRequestException", - "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", - "org.forgerock.openam.auth.node.api.Action", - "org.forgerock.openam.auth.node.api.Action$ActionBuilder", - "org.forgerock.openam.auth.node.api.NodeState", - "org.forgerock.openam.auth.node.api.SuspendedTextOutputCallback", - "org.forgerock.openam.auth.nodes.IdentityProvider", - "org.forgerock.openam.auth.nodes.InjectorHolder", - "org.forgerock.openam.authentication.callbacks.AbstractValidatedCallback", - "org.forgerock.openam.authentication.callbacks.AttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.ConsentMappingCallback", - "org.forgerock.openam.authentication.callbacks.DeviceProfileCallback", - "org.forgerock.openam.authentication.callbacks.IdPCallback", - "org.forgerock.openam.authentication.callbacks.KbaCreateCallback", - "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", - "org.forgerock.openam.authentication.callbacks.SelectIdPCallback", - "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.TermsAndConditionsCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", - "org.forgerock.openam.authentication.modules.scripted.*", - "org.forgerock.openam.core.rest.authn.callbackhandlers.*", - "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", - "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", - "org.forgerock.openam.oauth2.OpenAMAccessToken", - "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", - "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", - "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.ScriptedIdentity", - "org.forgerock.openam.scripting.api.ScriptedSession", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.scripting.api.secrets.Secret", - "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", - "org.forgerock.openam.shared.security.ThreadLocalSecureRandom", - "org.forgerock.openidconnect.Claim", - "org.forgerock.openidconnect.OpenIdConnectToken", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.forgerock.secrets.SecretBuilder", - "org.forgerock.secrets.keys.SigningKey", - "org.forgerock.secrets.keys.VerificationKey", - "org.forgerock.util.encode.Base64", - "org.forgerock.util.encode.Base64url", - "org.forgerock.util.encode.Hex", - "org.forgerock.util.promise.NeverThrowsException", - "org.forgerock.util.promise.Promise", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.ConsString", - "org.mozilla.javascript.JavaScriptException", - "org.mozilla.javascript.WrappedException", - "sun.security.ec.ECPrivateKeyImpl", - "sun.security.rsa.RSAPrivateCrtKeyImpl", - "sun.security.rsa.RSAPublicKeyImpl", - "sun.security.x509.X500Name", - "sun.security.x509.X509CertImpl", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "javax.crypto.SecretKeyFactory", - "javax.crypto.spec.PBEKeySpec", - "com.sun.crypto.provider.PBKDF2KeyImpl", - "java.util.concurrent.TimeUnit", - "java.util.concurrent.ExecutionException", - "java.util.concurrent.TimeoutException", - "java.security.spec.InvalidKeySpecException", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.openam.auth.nodes.VerifyTransactionsHelper", - ], - }, - "isHidden": false, - "languages": [ - "JAVASCRIPT", - "GROOVY", - ], - }, - "DEVICE_MATCH_NODE": { - "_id": "DEVICE_MATCH_NODE", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", - }, - "context": { - "_id": "DEVICE_MATCH_NODE", - "allowLists": [ - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.util.promise.Promises$*", - "java.lang.Object", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.AbstractMap$*", - "java.util.ArrayList", - "java.util.Collections", - "java.util.concurrent.TimeUnit", - "java.util.Collections$*", - "java.util.HashSet", - "java.util.HashMap$KeyIterator", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeSet", - "java.security.KeyPair", - "java.security.KeyPairGenerator", - "java.security.KeyPairGenerator$*", - "java.security.PrivateKey", - "java.security.PublicKey", - "java.security.spec.X509EncodedKeySpec", - "java.security.spec.MGF1ParameterSpec", - "javax.crypto.SecretKeyFactory", - "javax.crypto.spec.OAEPParameterSpec", - "javax.crypto.spec.PBEKeySpec", - "javax.crypto.spec.PSource", - "javax.crypto.spec.PSource$*", - "org.forgerock.json.JsonValue", - "org.forgerock.util.promise.NeverThrowsException", - "java.util.concurrent.ExecutionException", - "java.util.concurrent.TimeoutException", - "org.forgerock.openam.core.rest.authn.callbackhandlers.*", - "com.sun.crypto.provider.PBKDF2KeyImpl", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "sun.security.ec.ECPrivateKeyImpl", - "org.slf4j.Logger", - "com.sun.proxy.$*", - "java.util.Date", - "java.security.spec.InvalidKeySpecException", - "org.forgerock.openam.auth.nodes.VerifyTransactionsHelper", - ], - "bindings": [ + "policies": [ { - "elements": [ - { - "elementType": "method", - "name": "getDeviceProfiles", - "parameters": [ - { - "javaScriptType": "string", - "name": "username", - }, - { - "javaScriptType": "string", - "name": "realm", - }, - ], - "returnType": "array", - }, - { - "elementType": "method", - "name": "saveDeviceProfiles", - "parameters": [ - { - "javaScriptType": "string", - "name": "username", - }, - { - "javaScriptType": "string", - "name": "realm", - }, - { - "javaScriptType": "array", - "name": "deviceProfiles", - }, - ], - "returnType": "void", - }, - ], - "javaClass": "org.forgerock.openam.auth.nodes.script.DeviceProfilesDaoScriptWrapper", - "javaScriptType": "object", - "name": "deviceProfilesDao", + "action": "EXCEPTION", + "situation": "AMBIGUOUS", }, { - "elements": [ - { - "elementType": "method", - "name": "send", - "parameters": [ - { - "javaScriptType": "string", - "name": "uri", - }, - { - "javaScriptType": "object", - "name": "requestOptions", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "send", - "parameters": [ - { - "javaScriptType": "string", - "name": "uri", - }, - ], - "returnType": "object", - }, - ], - "javaClass": "org.forgerock.openam.scripting.wrappers.HttpClientScriptWrapper", - "javaScriptType": "object", - "name": "httpClient", + "action": "UNLINK", + "situation": "SOURCE_MISSING", }, { - "elements": [ - { - "elementType": "method", - "name": "getName", - "parameters": [], - "returnType": "string", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "isTraceEnabled", - "parameters": [], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "isDebugEnabled", - "parameters": [], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "isErrorEnabled", - "parameters": [], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "isInfoEnabled", - "parameters": [], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "isWarnEnabled", - "parameters": [], - "returnType": "boolean", - }, - ], - "javaClass": "org.forgerock.openam.scripting.logging.ScriptedLoggerWrapper", - "javaScriptType": "object", - "name": "logger", + "action": { + "globals": {}, + "source": "// Timing Constants +var ATTEMPT = 6; // Number of attempts to find the Google user. +var SLEEP_TIME = 500; // Milliseconds between retries. +var SYSTEM_ENDPOINT = "system/GoogleApps/__ACCOUNT__"; +var MAPPING_NAME = "AlphaUser2GoogleApps"; +var GOOGLE_DOMAIN = identityServer.getProperty("esv.gac.domain"); +var googleEmail = source.userName + "@" + GOOGLE_DOMAIN; +var frUserGUID = source._id; +var resultingAction = "ASYNC"; + +// Get the Google GUID +var linkQueryParams = {'_queryFilter': 'firstId eq "' + frUserGUID + '" and linkType eq "' + MAPPING_NAME + '"'}; +var linkResults = openidm.query("repo/link/", linkQueryParams, null); +var googleGUID; + +if (linkResults.resultCount === 1) { + googleGUID = linkResults.result[0].secondId; +} + +var queryResults; // Resulting query from looking for the Google user. +var params = {'_queryFilter': '__UID__ eq "' + googleGUID + '"'}; + +for (var i = 1; i <= ATTEMPT; i++) { + queryResults = openidm.query(SYSTEM_ENDPOINT, params); + if (queryResults.result && queryResults.result.length > 0) { + logger.info("idmlog: ---AlphaUser2GoogleApps - Missing->UPDATE - Result found in " + i + " attempts. Query result: " + JSON.stringify(queryResults)); + resultingAction = "UPDATE"; + break; + } + java.lang.Thread.sleep(SLEEP_TIME); // Wait before trying again. +} + +if (!queryResults.result || queryResults.resultCount === 0) { + logger.warn("idmlog: ---AlphaUser2GoogleApps - Missing->UNLINK - " + googleEmail + " not found after " + ATTEMPT + " attempts."); + resultingAction = "UNLINK"; +} +resultingAction; +", + "type": "text/javascript", + }, + "situation": "MISSING", }, { - "elements": [], - "javaScriptType": "object", - "name": "requestParameters", + "action": "EXCEPTION", + "situation": "FOUND_ALREADY_LINKED", }, { - "elements": [ - { - "elementType": "method", - "name": "isEmpty", - "parameters": [], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "getChoiceCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getNameCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getPasswordCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getHiddenValueCallbacks", - "parameters": [], - "returnType": "object", - }, - { - "elementType": "method", - "name": "getTextInputCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getStringAttributeInputCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getNumberAttributeInputCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getBooleanAttributeInputCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getConfirmationCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getLanguageCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getIdpCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getValidatedPasswordCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getValidatedUsernameCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getHttpCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getX509CertificateCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getConsentMappingCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getDeviceProfileCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getKbaCreateCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getSelectIdPCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getTermsAndConditionsCallbacks", - "parameters": [], - "returnType": "array", - }, - ], - "javaClass": "org.forgerock.openam.auth.nodes.script.ScriptedCallbacksWrapper", - "javaScriptType": "object", - "name": "callbacks", + "action": "IGNORE", + "situation": "UNQUALIFIED", }, { - "elements": [ - { - "elementType": "method", - "name": "getGenericSecret", - "parameters": [ - { - "javaScriptType": "string", - "name": "secretId", - }, - ], - "returnType": "object", - }, - ], - "javaClass": "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "javaScriptType": "object", - "name": "secrets", + "action": "IGNORE", + "situation": "UNASSIGNED", }, { - "elements": [ - { - "elementType": "method", - "name": "getIdentity", - "parameters": [ - { - "javaScriptType": "string", - "name": "userName", - }, - ], - "returnType": "object", - }, - ], - "javaClass": "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepositoryScriptWrapper", - "javaScriptType": "object", - "name": "idRepository", + "action": "UNLINK", + "situation": "LINK_ONLY", }, { - "elements": [], - "javaScriptType": "object", - "name": "requestHeaders", + "action": "IGNORE", + "situation": "TARGET_IGNORED", }, { - "elements": [ - { - "elementType": "method", - "name": "generateJwt", - "parameters": [ - { - "javaScriptType": "object", - "name": "jwtData", - }, - ], - "returnType": "string", - }, - ], - "javaClass": "org.forgerock.openam.auth.nodes.script.JwtAssertionScriptWrapper", - "javaScriptType": "object", - "name": "jwtAssertion", + "action": "IGNORE", + "situation": "SOURCE_IGNORED", }, { - "elements": [ - { - "elementType": "method", - "name": "remove", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "get", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "keys", - "parameters": [], - "returnType": "object", - }, - { - "elementType": "method", - "name": "getObject", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "isDefined", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - ], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "putShared", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - { - "javaScriptType": "object", - "name": "value", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "mergeShared", - "parameters": [ - { - "javaScriptType": "object", - "name": "object", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "mergeTransient", - "parameters": [ - { - "javaScriptType": "object", - "name": "object", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "putTransient", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - { - "javaScriptType": "object", - "name": "value", - }, - ], - "returnType": "object", - }, - ], - "javaClass": "org.forgerock.openam.auth.node.api.NodeStateScriptWrapper", - "javaScriptType": "object", - "name": "nodeState", + "action": "IGNORE", + "situation": "ALL_GONE", }, { - "javaScriptType": "boolean", - "name": "resumedFromSuspend", + "action": "UPDATE", + "situation": "CONFIRMED", }, { - "elements": [ - { - "elementType": "field", - "elements": [ - { - "elementType": "method", - "name": "randomUUID", - "parameters": [], - "returnType": "string", - }, - { - "elementType": "method", - "name": "getRandomValues", - "parameters": [ - { - "javaScriptType": "array", - "name": "array", - }, - ], - "returnType": "array", - }, - ], - "javaClass": "org.forgerock.openam.scripting.bindings.ScriptCryptoService", - "javaScriptType": "object", - "name": "crypto", - }, - { - "elementType": "field", - "elements": [ - { - "elementType": "method", - "name": "decode", - "parameters": [ - { - "javaScriptType": "string", - "name": "toDecode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "encode", - "parameters": [ - { - "javaScriptType": "string", - "name": "toEncode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "atob", - "parameters": [ - { - "javaScriptType": "string", - "name": "toDecode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "btoa", - "parameters": [ - { - "javaScriptType": "string", - "name": "toEncode", - }, - ], - "returnType": "string", - }, - ], - "javaClass": "org.forgerock.openam.scripting.bindings.ScriptBase64Service", - "javaScriptType": "object", - "name": "base64", - }, - { - "elementType": "field", - "elements": [ - { - "elementType": "method", - "name": "decode", - "parameters": [ - { - "javaScriptType": "string", - "name": "toDecode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "encode", - "parameters": [ - { - "javaScriptType": "string", - "name": "toEncode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "atob", - "parameters": [ - { - "javaScriptType": "string", - "name": "toDecode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "btoa", - "parameters": [ - { - "javaScriptType": "string", - "name": "toEncode", - }, - ], - "returnType": "string", - }, - ], - "javaClass": "org.forgerock.openam.scripting.bindings.ScriptBase64UrlService", - "javaScriptType": "object", - "name": "base64url", - }, - ], - "javaClass": "org.forgerock.openam.scripting.bindings.ScriptUtilityService", - "javaScriptType": "object", - "name": "utils", + "action": "LINK", + "situation": "FOUND", }, { - "elements": [ - { - "elementType": "method", - "name": "suspend", - "parameters": [ - { - "javaScriptType": "string", - "name": "callbackTextFormat", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "suspend", - "parameters": [ - { - "javaScriptType": "string", - "name": "callbackTextFormat", - }, - { - "javaScriptType": "object", - "name": "additionalLogic", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "withIdentifiedUser", - "parameters": [ - { - "javaScriptType": "string", - "name": "username", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "withIdentifiedAgent", - "parameters": [ - { - "javaScriptType": "string", - "name": "agentName", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "goTo", - "parameters": [ - { - "javaScriptType": "string", - "name": "outcome", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "putSessionProperty", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - { - "javaScriptType": "string", - "name": "value", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "withHeader", - "parameters": [ - { - "javaScriptType": "string", - "name": "header", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "withDescription", - "parameters": [ - { - "javaScriptType": "string", - "name": "description", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "withStage", - "parameters": [ - { - "javaScriptType": "string", - "name": "stage", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "withErrorMessage", - "parameters": [ - { - "javaScriptType": "string", - "name": "errorMessage", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "withLockoutMessage", - "parameters": [ - { - "javaScriptType": "string", - "name": "lockoutMessage", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "removeSessionProperty", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - ], - "returnType": "object", - }, - ], - "javaClass": "org.forgerock.openam.auth.nodes.script.ActionWrapper", - "javaScriptType": "object", - "name": "action", + "action": "CREATE", + "situation": "ABSENT", }, + ], + "properties": [ { - "javaScriptType": "string", - "name": "scriptName", + "condition": { + "globals": {}, + "source": "object.custom_password_encrypted != null", + "type": "text/javascript", + }, + "source": "custom_password_encrypted", + "target": "__PASSWORD__", + "transform": { + "globals": {}, + "source": "openidm.decrypt(source);", + "type": "text/javascript", + }, }, { - "javaScriptType": "string", - "name": "realm", + "source": "cn", + "target": "__NAME__", + "transform": { + "globals": {}, + "source": "source + "@" + identityServer.getProperty("esv.gac.domain");", + "type": "text/javascript", + }, }, { - "elements": [ - { - "elementType": "method", - "name": "validateJwtClaims", - "parameters": [ - { - "javaScriptType": "object", - "name": "jwtData", - }, - ], - "returnType": "object", - }, - ], - "javaClass": "org.forgerock.openam.auth.nodes.script.JwtValidatorScriptWrapper", - "javaScriptType": "object", - "name": "jwtValidator", + "source": "givenName", + "target": "givenName", }, { - "elements": [ - { - "elementType": "method", - "name": "httpCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "authRHeader", - }, - { - "javaScriptType": "string", - "name": "negoName", - }, - { - "javaScriptType": "string", - "name": "negoValue", - }, - { - "javaScriptType": "number", - "name": "errorCode", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "httpCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "authorizationHeader", - }, - { - "javaScriptType": "string", - "name": "negotiationHeader", - }, - { - "javaScriptType": "string", - "name": "errorCode", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "consentMappingCallback", - "parameters": [ - { - "javaScriptType": "object", - "name": "config", - }, - { - "javaScriptType": "string", - "name": "message", - }, - { - "javaScriptType": "boolean", - "name": "isRequired", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "consentMappingCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "displayName", - }, - { - "javaScriptType": "string", - "name": "icon", - }, - { - "javaScriptType": "string", - "name": "accessLevel", - }, - { - "javaScriptType": "array", - "name": "titles", - }, - { - "javaScriptType": "string", - "name": "message", - }, - { - "javaScriptType": "boolean", - "name": "isRequired", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "deviceProfileCallback", - "parameters": [ - { - "javaScriptType": "boolean", - "name": "metadata", - }, - { - "javaScriptType": "boolean", - "name": "location", - }, - { - "javaScriptType": "string", - "name": "message", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "kbaCreateCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "array", - "name": "predefinedQuestions", - }, - { - "javaScriptType": "boolean", - "name": "allowUserDefinedQuestions", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "selectIdPCallback", - "parameters": [ - { - "javaScriptType": "object", - "name": "providers", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "termsAndConditionsCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "version", - }, - { - "javaScriptType": "string", - "name": "terms", - }, - { - "javaScriptType": "string", - "name": "createDate", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "suspendedTextOutputCallback", - "parameters": [ - { - "javaScriptType": "number", - "name": "messageType", - }, - { - "javaScriptType": "string", - "name": "message", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "textInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "textInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "string", - "name": "defaultText", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "scriptTextOutputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "message", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "metadataCallback", - "parameters": [ - { - "javaScriptType": "object", - "name": "outputValue", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "stringAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "string", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - { - "javaScriptType": "array", - "name": "failedPolicies", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "stringAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "string", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "stringAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "string", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "stringAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "string", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - { - "javaScriptType": "array", - "name": "failedPolicies", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "numberAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "number", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "numberAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "number", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "numberAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "number", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - { - "javaScriptType": "array", - "name": "failedPolicies", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "numberAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "number", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - { - "javaScriptType": "array", - "name": "failedPolicies", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "booleanAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "boolean", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "booleanAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "boolean", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "booleanAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "boolean", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - { - "javaScriptType": "array", - "name": "failedPolicies", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "booleanAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "boolean", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - { - "javaScriptType": "array", - "name": "failedPolicies", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "languageCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "language", - }, - { - "javaScriptType": "string", - "name": "country", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "idPCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "provider", - }, - { - "javaScriptType": "string", - "name": "clientId", - }, - { - "javaScriptType": "string", - "name": "redirectUri", - }, - { - "javaScriptType": "array", - "name": "scope", - }, - { - "javaScriptType": "string", - "name": "nonce", - }, - { - "javaScriptType": "string", - "name": "request", - }, - { - "javaScriptType": "string", - "name": "requestUri", - }, - { - "javaScriptType": "array", - "name": "acrValues", - }, - { - "javaScriptType": "boolean", - "name": "requestNativeAppForUserInfo", - }, - { - "javaScriptType": "string", - "name": "token", - }, - { - "javaScriptType": "string", - "name": "tokenType", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "idPCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "provider", - }, - { - "javaScriptType": "string", - "name": "clientId", - }, - { - "javaScriptType": "string", - "name": "redirectUri", - }, - { - "javaScriptType": "array", - "name": "scope", - }, - { - "javaScriptType": "string", - "name": "nonce", - }, - { - "javaScriptType": "string", - "name": "request", - }, - { - "javaScriptType": "string", - "name": "requestUri", - }, - { - "javaScriptType": "array", - "name": "acrValues", - }, - { - "javaScriptType": "boolean", - "name": "requestNativeAppForUserInfo", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "x509CertificateCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "object", - "name": "certificate", - }, - { - "javaScriptType": "boolean", - "name": "requestSignature", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "x509CertificateCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "object", - "name": "certificate", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "x509CertificateCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "choiceCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "array", - "name": "choices", - }, - { - "javaScriptType": "number", - "name": "defaultChoice", - }, - { - "javaScriptType": "boolean", - "name": "multipleSelectionsAllowed", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "redirectCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "redirectUrl", - }, - { - "javaScriptType": "object", - "name": "redirectData", - }, - { - "javaScriptType": "string", - "name": "method", - }, - { - "javaScriptType": "boolean", - "name": "setTrackingCookie", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "redirectCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "redirectUrl", - }, - { - "javaScriptType": "object", - "name": "redirectData", - }, - { - "javaScriptType": "string", - "name": "method", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "redirectCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "redirectUrl", - }, - { - "javaScriptType": "object", - "name": "redirectData", - }, - { - "javaScriptType": "string", - "name": "method", - }, - { - "javaScriptType": "string", - "name": "statusParameter", - }, - { - "javaScriptType": "string", - "name": "redirectBackUrlCookie", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "redirectCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "redirectUrl", - }, - { - "javaScriptType": "object", - "name": "redirectData", - }, - { - "javaScriptType": "string", - "name": "method", - }, - { - "javaScriptType": "string", - "name": "statusParameter", - }, - { - "javaScriptType": "string", - "name": "redirectBackUrlCookie", - }, - { - "javaScriptType": "boolean", - "name": "setTrackingCookie", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "hiddenValueCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "id", - }, - { - "javaScriptType": "string", - "name": "value", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "nameCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "nameCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "string", - "name": "defaultName", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "passwordCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "boolean", - "name": "echoOn", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "confirmationCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "number", - "name": "messageType", - }, - { - "javaScriptType": "number", - "name": "optionType", - }, - { - "javaScriptType": "number", - "name": "defaultOption", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "confirmationCallback", - "parameters": [ - { - "javaScriptType": "number", - "name": "messageType", - }, - { - "javaScriptType": "number", - "name": "optionType", - }, - { - "javaScriptType": "number", - "name": "defaultOption", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "confirmationCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "number", - "name": "messageType", - }, - { - "javaScriptType": "array", - "name": "options", - }, - { - "javaScriptType": "number", - "name": "defaultOption", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "confirmationCallback", - "parameters": [ - { - "javaScriptType": "number", - "name": "messageType", - }, - { - "javaScriptType": "array", - "name": "options", - }, - { - "javaScriptType": "number", - "name": "defaultOption", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "pollingWaitCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "waitTime", - }, - { - "javaScriptType": "string", - "name": "message", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "textOutputCallback", - "parameters": [ - { - "javaScriptType": "number", - "name": "messageType", - }, - { - "javaScriptType": "string", - "name": "message", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "validatedPasswordCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "boolean", - "name": "echoOn", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - { - "javaScriptType": "array", - "name": "failedPolicies", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "validatedPasswordCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "boolean", - "name": "echoOn", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "validatedUsernameCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "validatedUsernameCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - { - "javaScriptType": "array", - "name": "failedPolicies", - }, - ], - "returnType": "void", - }, - ], - "javaClass": "org.forgerock.openam.auth.nodes.script.ScriptedCallbacksBuilder", - "javaScriptType": "object", - "name": "callbacksBuilder", - }, - { - "elements": [ - { - "elementType": "method", - "name": "update", - "parameters": [ - { - "javaScriptType": "string", - "name": "id", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "value", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "update", - "parameters": [ - { - "javaScriptType": "string", - "name": "id", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "value", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "update", - "parameters": [ - { - "javaScriptType": "string", - "name": "id", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "value", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "read", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "read", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "read", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "delete", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "delete", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "delete", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "action", - "parameters": [ - { - "javaScriptType": "string", - "name": "resource", - }, - { - "javaScriptType": "string", - "name": "actionName", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "action", - "parameters": [ - { - "javaScriptType": "string", - "name": "resource", - }, - { - "javaScriptType": "string", - "name": "actionName", - }, - { - "javaScriptType": "object", - "name": "content", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "action", - "parameters": [ - { - "javaScriptType": "string", - "name": "resource", - }, - { - "javaScriptType": "string", - "name": "actionName", - }, - { - "javaScriptType": "object", - "name": "content", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "action", - "parameters": [ - { - "javaScriptType": "string", - "name": "resource", - }, - { - "javaScriptType": "string", - "name": "actionName", - }, - { - "javaScriptType": "object", - "name": "content", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "query", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "query", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "create", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "newResourceId", - }, - { - "javaScriptType": "object", - "name": "content", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "create", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "newResourceId", - }, - { - "javaScriptType": "object", - "name": "content", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "create", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "newResourceId", - }, - { - "javaScriptType": "object", - "name": "content", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "patch", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "array", - "name": "patch", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "patch", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "array", - "name": "patch", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "patch", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "array", - "name": "patch", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - ], - "javaClass": "org.forgerock.openam.scripting.wrappers.IdmIntegrationServiceScriptWrapper", - "javaScriptType": "object", - "name": "openidm", - }, - { - "elements": [], - "javaScriptType": "object", - "name": "requestCookies", - }, - { - "javaScriptType": "string", - "name": "cookieName", + "source": "", + "target": "familyName", + "transform": { + "globals": {}, + "source": "if (source.frIndexedInteger1 > 2 && source.frIndexedInteger1 < 6) { + source.sn + " (Student)" +} else { + source.sn +}", + "type": "text/javascript", + }, }, ], - "evaluatorVersions": { - "JAVASCRIPT": [ - "2.0", - ], + "queuedSync": { + "enabled": true, + "maxQueueSize": 20000, + "maxRetries": 5, + "pageSize": 100, + "pollingInterval": 1000, + "postRetryAction": "logged-ignore", + "retryDelay": 1000, + }, + "source": "managed/alpha_user", + "syncAfter": [ + "managedBravo_user_managedBravo_user", + "managedAlpha_user_managedBravo_user", + "managedBravo_user_managedAlpha_user", + ], + "target": "system/GoogleApps/__ACCOUNT__", + "validSource": { + "globals": {}, + "source": "var isGoogleEligible = true; +//var logMsg = "idmlog: ---AplhaUser2GAC (username: " + source.userName + " - userType: " + source.frIndexedInteger1 + " cn: " + source.cn + ") -"; +var logMsg = "idmlog: ---AplhaUser2GAC (username: " + source.userName + " - userType: " + source.frIndexedInteger1 + ") -"; + +//Get Applicable userTypes (no Parent accounts) +if (source.frIndexedInteger1 !== 0 && source.frIndexedInteger1 !== 1 && source.frIndexedInteger1 !== 3 && source.frIndexedInteger1 !== 4 && source.frIndexedInteger1 !== 5) { + isGoogleEligible = false; + logMsg = logMsg + " Account type not eligible."; +} + +//Make sure the account has a valid encrypted password. +if (source.custom_password_encrypted == undefined || source.custom_password_encrypted == null) { + isGoogleEligible = false; + logMsg = logMsg + " No encrypted password yet."; +} + +//Check that CN exists and has no space. +if (source.cn && source.cn.includes(' ')) { + isGoogleEligible = false; + logMsg = logMsg + " CN with a space is not allowed."; +} + +if (!isGoogleEligible) { + logMsg = logMsg + " Not sent to Google." + logger.info(logMsg); +} + +if (isGoogleEligible) { + logMsg = logMsg + " Sent to Google." + logger.info(logMsg); +} + +isGoogleEligible; +", + "type": "text/javascript", }, }, - "defaultScript": "11e1a3c0-038b-4c16-956a-6c9d89328d00", - "engineConfiguration": { - "_id": "engineConfiguration", + ], + }, + "variable": { + "esv-blue-piller": { + "_id": "esv-blue-piller", + "description": "Zion membership criteria.", + "expressionType": "bool", + "lastChangeDate": "2024-07-05T20:01:11.78347Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "value": "false", + }, + "esv-ipv4-cidr-access-rules": { + "_id": "esv-ipv4-cidr-access-rules", + "description": "IPv4 CIDR access rules: { "allow": [ "address/mask" ] }", + "expressionType": "object", + "lastChangeDate": "2024-07-05T20:01:13.987057Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "value": "{ "allow": [ "145.118.0.0/16", "132.35.0.0/16", "101.226.0.0/16", "99.72.28.182/32" ] }", + }, + "esv-nebuchadnezzar-crew": { + "_id": "esv-nebuchadnezzar-crew", + "description": "The crew of the Nebuchadnezzar hovercraft.", + "expressionType": "array", + "lastChangeDate": "2024-07-05T20:01:05.216699Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "value": "["Morpheus","Trinity","Link","Tank","Dozer","Apoc","Cypher","Mouse","Neo","Switch"]", + }, + "esv-nebuchadnezzar-crew-structure": { + "_id": "esv-nebuchadnezzar-crew-structure", + "description": "The structure of the crew of the Nebuchadnezzar hovercraft.", + "expressionType": "object", + "lastChangeDate": "2024-07-05T20:01:07.343325Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "value": "{"Captain":"Morpheus","FirstMate":"Trinity","Operator":["Link","Tank"],"Medic":"Dozer","Crewmen":["Apoc","Cypher","Mouse","Neo","Switch"]}", + }, + "esv-neo-age": { + "_id": "esv-neo-age", + "description": "Neo's age in the matrix.", + "expressionType": "int", + "lastChangeDate": "2024-11-01T16:21:14.46187Z", + "lastChangedBy": "Frodo-SA-1730238488278", + "loaded": true, + "value": "28", + }, + "esv-number": { + "_id": "esv-number", + "description": "test number", + "expressionType": "number", + "lastChangeDate": "2024-07-05T19:42:20.943131Z", + "lastChangedBy": "volker.scheuber@forgerock.com", + "loaded": true, + "value": "1.134", + }, + "esv-test": { + "_id": "esv-test", + "description": "list", + "expressionType": "list", + "lastChangeDate": "2024-11-01T21:00:21.315828Z", + "lastChangedBy": "phales@trivir.com", + "loaded": true, + "value": "a,b,c,d", + }, + "esv-test-var": { + "_id": "esv-test-var", + "description": "this is a test description", + "expressionType": "string", + "lastChangeDate": "2024-11-01T16:21:15.469328Z", + "lastChangedBy": "Frodo-SA-1730238488278", + "loaded": true, + "value": "this is a test variable", + }, + "esv-test-var-pi": { + "_id": "esv-test-var-pi", + "description": "This is another test variable.", + "expressionType": "number", + "lastChangeDate": "2024-07-12T17:40:41.283412Z", + "lastChangedBy": "Frodo-SA-1720799681233", + "loaded": true, + "value": "3.1415926", + }, + "esv-test-var-pi-string": { + "_id": "esv-test-var-pi-string", + "description": "This is another test variable.", + "expressionType": "string", + "lastChangeDate": "2024-07-05T20:01:16.11117Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "value": "3.1415926", + }, + "esv-test-variable-light": { + "_id": "esv-test-variable-light", + "description": "Test variable containing the speed of light in meters per second (as an int).", + "expressionType": "int", + "lastChangeDate": "2023-12-14T15:34:13.446903Z", + "lastChangedBy": "phales@trivir.com", + "loaded": true, + "value": "299792458", + }, + "esv-trinity-phone": { + "_id": "esv-trinity-phone", + "description": "In the opening of The Matrix (1999), the phone number Trinity is calling from is traced to (312)-555-0690", + "expressionType": "string", + "lastChangeDate": "2024-07-05T20:01:03.141204Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "value": "(312)-555-0690", + }, + }, + }, + "meta": Any, + "realm": { + "root-alpha": { + "agent": { + "cdsso-ig-agent": { + "_id": "cdsso-ig-agent", "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents", }, - "blackList": [ - "java.lang.Class", - "java.lang.Thread", - "java.lang.invoke.*", - "java.lang.reflect.*", - "java.security.AccessController", + "agentgroup": null, + "igCdssoLoginUrlTemplate": null, + "igCdssoRedirectUrls": [ + "https://volker-demo.encore.forgerock.com:443/apps/hrlite/redirect", + "https://volker-demo.encore.forgerock.com/apps/hrlite/redirect", + "https://volker-demo.encore.forgerock.com:443/apps/hrlite-rest/redirect", + "https://volker-demo.encore.forgerock.com:443/apps/contractor/redirect", + "https://volker-demo.encore.forgerock.com/apps/hrlite-rest/redirect", + "https://volker-demo.encore.forgerock.com/apps/contractor/redirect", ], - "coreThreads": { - "$int": "&{device.match.node.script.context.core.threads|10}", - }, - "idleTimeout": 60, - "maxThreads": { - "$int": "&{device.match.node.script.context.max.threads|50}", - }, - "propertyNamePrefix": "esv.", - "queueSize": { - "$int": "&{device.match.node.script.context.queue.size|10}", + "igTokenIntrospection": "Realm_Subs", + "secretLabelIdentifier": null, + "status": "Active", + }, + "frodo-test-ig-agent": { + "_id": "frodo-test-ig-agent", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents", }, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "jdk.proxy*", - "org.mozilla.javascript.WrappedException", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.util.List", - "java.util.Map", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "org.mozilla.javascript.JavaScriptException", + "agentgroup": "test_ig_group", + "igCdssoLoginUrlTemplate": "http://testurl.com:8080/frodo", + "igCdssoRedirectUrls": [ + "http://testurl.com:8080/frodo", ], + "igTokenIntrospection": "Realm", + "secretLabelIdentifier": null, + "status": "Inactive", }, - "isHidden": false, - "languages": [ - "JAVASCRIPT", - ], - }, - "LIBRARY": { - "_id": "LIBRARY", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", - }, - "context": { - "_id": "LIBRARY", - "allowLists": [ - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.util.promise.Promises$*", - "java.lang.Object", + "frodo-test-ig-agent2": { + "_id": "frodo-test-ig-agent2", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents", + }, + "agentgroup": null, + "igCdssoLoginUrlTemplate": "http://testurl.com:8080/frodo", + "igCdssoRedirectUrls": [ + "http://testurl.com:8080/frodo", ], - "bindings": [ - { - "elements": [ - { - "elementType": "method", - "name": "send", - "parameters": [ - { - "javaScriptType": "string", - "name": "uri", - }, - { - "javaScriptType": "object", - "name": "requestOptions", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "send", - "parameters": [ - { - "javaScriptType": "string", - "name": "uri", - }, - ], - "returnType": "object", - }, - ], - "javaClass": "org.forgerock.openam.scripting.wrappers.HttpClientScriptWrapper", - "javaScriptType": "object", - "name": "httpClient", - }, - { - "elements": [ - { - "elementType": "field", - "elements": [ - { - "elementType": "method", - "name": "randomUUID", - "parameters": [], - "returnType": "string", - }, - { - "elementType": "method", - "name": "getRandomValues", - "parameters": [ - { - "javaScriptType": "array", - "name": "array", - }, - ], - "returnType": "array", - }, - ], - "javaClass": "org.forgerock.openam.scripting.bindings.ScriptCryptoService", - "javaScriptType": "object", - "name": "crypto", - }, - { - "elementType": "field", - "elements": [ - { - "elementType": "method", - "name": "decode", - "parameters": [ - { - "javaScriptType": "string", - "name": "toDecode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "encode", - "parameters": [ - { - "javaScriptType": "string", - "name": "toEncode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "atob", - "parameters": [ - { - "javaScriptType": "string", - "name": "toDecode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "btoa", - "parameters": [ - { - "javaScriptType": "string", - "name": "toEncode", - }, - ], - "returnType": "string", - }, - ], - "javaClass": "org.forgerock.openam.scripting.bindings.ScriptBase64Service", - "javaScriptType": "object", - "name": "base64", - }, - { - "elementType": "field", - "elements": [ - { - "elementType": "method", - "name": "decode", - "parameters": [ - { - "javaScriptType": "string", - "name": "toDecode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "encode", - "parameters": [ - { - "javaScriptType": "string", - "name": "toEncode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "atob", - "parameters": [ - { - "javaScriptType": "string", - "name": "toDecode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "btoa", - "parameters": [ - { - "javaScriptType": "string", - "name": "toEncode", - }, - ], - "returnType": "string", - }, - ], - "javaClass": "org.forgerock.openam.scripting.bindings.ScriptBase64UrlService", - "javaScriptType": "object", - "name": "base64url", - }, - ], - "javaClass": "org.forgerock.openam.scripting.bindings.ScriptUtilityService", - "javaScriptType": "object", - "name": "utils", + "igTokenIntrospection": "Realm", + "secretLabelIdentifier": null, + "status": "Inactive", + }, + "frodo-test-java-agent": { + "_id": "frodo-test-java-agent", + "_type": { + "_id": "J2EEAgent", + "collection": true, + "name": "J2EE Agents", + }, + "advancedJ2EEAgentConfig": { + "alternativeAgentHostname": null, + "alternativeAgentPort": null, + "alternativeAgentProtocol": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "expiredSessionCacheSize": 500, + "expiredSessionCacheTTL": 20, + "fragmentRelayUri": null, + "idleTimeRefreshWindow": 1, + "jwtCacheSize": 5000, + "jwtCacheTTL": 30, + "missingPostDataPreservationEntryUri": [ + "", + ], + "monitoringToCSV": false, + "policyCachePerUser": 50, + "policyCacheSize": 5000, + "policyClientPollingInterval": 3, + "possibleXssCodeElements": [ + "", + ], + "postDataCacheTtlMin": 5, + "postDataPreservation": false, + "postDataPreserveCacheEntryMaxEntries": 1000, + "postDataPreserveCacheEntryMaxTotalSizeMb": -1, + "postDataPreserveMultipartLimitBytes": 104857600, + "postDataPreserveMultipartParameterLimitBytes": 104857600, + "postDataStickySessionKeyValue": null, + "postDataStickySessionMode": "URL", + "retainPreviousOverrideBehavior": true, + "sessionCacheTTL": 15, + "ssoExchangeCacheSize": 100, + "ssoExchangeCacheTTL": 5, + "xssDetectionRedirectUri": {}, + }, + "amServicesJ2EEAgent": { + "agentAdviceEncode": false, + "amLoginUrl": [], + "authServiceHost": "testurl.com", + "authServicePort": 8080, + "authServiceProtocol": "http", + "authSuccessRedirectUrl": false, + "conditionalLoginUrl": [ + "", + ], + "conditionalLogoutUrl": [ + "", + ], + "customLoginEnabled": false, + "legacyLoginUrlList": [ + "", + ], + "overridePolicyEvaluationRealmEnabled": false, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "policyNotifications": true, + "restrictToRealm": {}, + "strategyWhenAMUnavailable": "EVAL_NER_USE_CACHE_UNTIL_EXPIRED_ELSE_503", + "urlPolicyEnvGetParameters": [ + "", + ], + "urlPolicyEnvJsessionParameters": [ + "", + ], + "urlPolicyEnvPostParameters": [ + "", + ], + }, + "applicationJ2EEAgentConfig": { + "applicationLogoutUris": {}, + "clientIpValidationMode": { + "": "OFF", }, - { - "elements": [ - { - "elementType": "method", - "name": "getName", - "parameters": [], - "returnType": "string", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "isTraceEnabled", - "parameters": [], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "isDebugEnabled", - "parameters": [], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "isErrorEnabled", - "parameters": [], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "isInfoEnabled", - "parameters": [], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "isWarnEnabled", - "parameters": [], - "returnType": "boolean", - }, - ], - "javaClass": "org.forgerock.openam.scripting.logging.ScriptedLoggerWrapper", - "javaScriptType": "object", - "name": "logger", - }, - { - "javaScriptType": "string", - "name": "scriptName", + "clientIpValidationRange": {}, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "cookieAttributeMultiValueSeparator": "|", + "cookieAttributeUrlEncoded": true, + "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", + "invertNotEnforcedIps": false, + "invertNotEnforcedUris": false, + "logoutEntryUri": {}, + "logoutIntrospection": false, + "logoutRequestParameters": {}, + "notEnforcedFavicon": true, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsCacheEnabled": true, + "notEnforcedIpsCacheSize": 1000, + "notEnforcedRuleCompoundSeparator": "|", + "notEnforcedUris": [ + "", + ], + "notEnforcedUrisCacheEnabled": true, + "notEnforcedUrisCacheSize": 1000, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "resourceAccessDeniedUri": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalJ2EEAgentConfig": { + "agentConfigChangeNotificationsEnabled": true, + "agentgroup": null, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testurl.com:8080/", + ], + "configurationReloadInterval": 0, + "customResponseHeader": {}, + "debugLevel": "error", + "debugLogfilePrefix": null, + "debugLogfileRetentionCount": -1, + "debugLogfileRotationMinutes": -1, + "debugLogfileRotationSize": 52428800, + "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", + "filterMode": { + "": "ALL", }, - { - "javaScriptType": "string", - "name": "realm", + "fqdnCheck": false, + "fqdnDefault": "testurl.com", + "fqdnMapping": {}, + "httpSessionBinding": true, + "jwtName": "am-auth-jwt", + "lbCookieEnabled": false, + "lbCookieName": "amlbcookie", + "localAuditLogRotation": false, + "localAuditLogfileRetentionCount": -1, + "localAuditRotationSize": 52428800, + "loginAttemptLimit": 0, + "loginAttemptLimitCookieName": "amFilterParam", + "preAuthCookieMaxAge": 300, + "preAuthCookieName": "amFilterCDSSORequest", + "recheckAmUnavailabilityInSeconds": 5, + "redirectAttemptLimit": 0, + "redirectAttemptLimitCookieName": "amFilterRDParam", + "repositoryLocation": "centralized", + "secretLabelIdentifier": null, + "status": "Inactive", + "userAttributeName": "employeenumber", + "userMappingMode": "USER_ID", + "userPrincipalFlag": false, + "userTokenName": "UserToken", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscJ2EEAgentConfig": { + "agent302RedirectContentType": "application/json", + "agent302RedirectEnabled": true, + "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", + "agent302RedirectInvertEnabled": false, + "agent302RedirectNerList": [ + "", + ], + "agent302RedirectStatusCode": 200, + "authFailReasonParameterName": null, + "authFailReasonParameterRemapper": {}, + "authFailReasonUrl": null, + "gotoParameterName": "goto", + "gotoUrl": null, + "ignorePathInfo": false, + "legacyRedirectUri": "/agent/sunwLegacySupportURI", + "legacyUserAgentList": [ + "Mozilla/4.7*", + ], + "legacyUserAgentSupport": false, + "localeCountry": "US", + "localeLanguage": "en", + "loginReasonMap": {}, + "loginReasonParameterName": null, + "portCheckEnabled": false, + "portCheckFile": "PortCheckContent.txt", + "portCheckSetting": { + "8080": "http", }, - { - "elements": [ - { - "elementType": "method", - "name": "update", - "parameters": [ - { - "javaScriptType": "string", - "name": "id", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "value", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "update", - "parameters": [ - { - "javaScriptType": "string", - "name": "id", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "value", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "update", - "parameters": [ - { - "javaScriptType": "string", - "name": "id", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "value", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "read", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "read", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "read", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "delete", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "delete", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "delete", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "action", - "parameters": [ - { - "javaScriptType": "string", - "name": "resource", - }, - { - "javaScriptType": "string", - "name": "actionName", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "action", - "parameters": [ - { - "javaScriptType": "string", - "name": "resource", - }, - { - "javaScriptType": "string", - "name": "actionName", - }, - { - "javaScriptType": "object", - "name": "content", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "action", - "parameters": [ - { - "javaScriptType": "string", - "name": "resource", - }, - { - "javaScriptType": "string", - "name": "actionName", - }, - { - "javaScriptType": "object", - "name": "content", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "action", - "parameters": [ - { - "javaScriptType": "string", - "name": "resource", - }, - { - "javaScriptType": "string", - "name": "actionName", - }, - { - "javaScriptType": "object", - "name": "content", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "query", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "query", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "create", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "newResourceId", - }, - { - "javaScriptType": "object", - "name": "content", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "create", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "newResourceId", - }, - { - "javaScriptType": "object", - "name": "content", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "create", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "newResourceId", - }, - { - "javaScriptType": "object", - "name": "content", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "patch", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "array", - "name": "patch", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "patch", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "array", - "name": "patch", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "patch", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "array", - "name": "patch", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - ], - "javaClass": "org.forgerock.openam.scripting.wrappers.IdmIntegrationServiceScriptWrapper", - "javaScriptType": "object", - "name": "openidm", + "unwantedHttpUrlParams": [ + "", + ], + "unwantedHttpUrlRegexParams": [ + "", + ], + "wantedHttpUrlParams": [ + "", + ], + "wantedHttpUrlRegexParams": [ + "", + ], + }, + "ssoJ2EEAgentConfig": { + "acceptIPDPCookie": false, + "acceptSsoTokenDomainList": [ + "", + ], + "acceptSsoTokenEnabled": false, + "authExchangeCookieName": null, + "authExchangeUri": null, + "cdssoDomainList": [ + "", + ], + "cdssoRedirectUri": "/agent/post-authn-redirect", + "cdssoSecureCookies": false, + "cookieResetDomains": {}, + "cookieResetEnabled": false, + "cookieResetNames": [ + "", + ], + "cookieResetPaths": {}, + "encodeCookies": false, + "excludedUserAgentsList": [], + "httpOnly": true, + "setCookieAttributeMap": {}, + "setCookieInternalMap": {}, + }, + }, + "frodo-test-java-agent2": { + "_id": "frodo-test-java-agent2", + "_type": { + "_id": "J2EEAgent", + "collection": true, + "name": "J2EE Agents", + }, + "advancedJ2EEAgentConfig": { + "alternativeAgentHostname": null, + "alternativeAgentPort": null, + "alternativeAgentProtocol": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "expiredSessionCacheSize": 500, + "expiredSessionCacheTTL": 20, + "fragmentRelayUri": null, + "idleTimeRefreshWindow": 1, + "jwtCacheSize": 5000, + "jwtCacheTTL": 30, + "missingPostDataPreservationEntryUri": [ + "", + ], + "monitoringToCSV": false, + "policyCachePerUser": 50, + "policyCacheSize": 5000, + "policyClientPollingInterval": 3, + "possibleXssCodeElements": [ + "", + ], + "postDataCacheTtlMin": 5, + "postDataPreservation": false, + "postDataPreserveCacheEntryMaxEntries": 1000, + "postDataPreserveCacheEntryMaxTotalSizeMb": -1, + "postDataPreserveMultipartLimitBytes": 104857600, + "postDataPreserveMultipartParameterLimitBytes": 104857600, + "postDataStickySessionKeyValue": null, + "postDataStickySessionMode": "URL", + "retainPreviousOverrideBehavior": true, + "sessionCacheTTL": 15, + "ssoExchangeCacheSize": 100, + "ssoExchangeCacheTTL": 5, + "xssDetectionRedirectUri": {}, + }, + "amServicesJ2EEAgent": { + "agentAdviceEncode": false, + "amLoginUrl": [], + "authServiceHost": "testurl.com", + "authServicePort": 8080, + "authServiceProtocol": "http", + "authSuccessRedirectUrl": false, + "conditionalLoginUrl": [ + "", + ], + "conditionalLogoutUrl": [ + "", + ], + "customLoginEnabled": false, + "legacyLoginUrlList": [ + "", + ], + "overridePolicyEvaluationRealmEnabled": false, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "policyNotifications": true, + "restrictToRealm": {}, + "strategyWhenAMUnavailable": "EVAL_NER_USE_CACHE_UNTIL_EXPIRED_ELSE_503", + "urlPolicyEnvGetParameters": [ + "", + ], + "urlPolicyEnvJsessionParameters": [ + "", + ], + "urlPolicyEnvPostParameters": [ + "", + ], + }, + "applicationJ2EEAgentConfig": { + "applicationLogoutUris": {}, + "clientIpValidationMode": { + "": "OFF", }, - { - "elements": [ - { - "elementType": "method", - "name": "getGenericSecret", - "parameters": [ - { - "javaScriptType": "string", - "name": "secretId", - }, - ], - "returnType": "object", - }, - ], - "javaClass": "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "javaScriptType": "object", - "name": "secrets", + "clientIpValidationRange": {}, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "cookieAttributeMultiValueSeparator": "|", + "cookieAttributeUrlEncoded": true, + "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", + "invertNotEnforcedIps": false, + "invertNotEnforcedUris": false, + "logoutEntryUri": {}, + "logoutIntrospection": false, + "logoutRequestParameters": {}, + "notEnforcedFavicon": true, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsCacheEnabled": true, + "notEnforcedIpsCacheSize": 1000, + "notEnforcedRuleCompoundSeparator": "|", + "notEnforcedUris": [ + "", + ], + "notEnforcedUrisCacheEnabled": true, + "notEnforcedUrisCacheSize": 1000, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "resourceAccessDeniedUri": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalJ2EEAgentConfig": { + "agentConfigChangeNotificationsEnabled": true, + "agentgroup": null, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testurl.com:8080/", + ], + "configurationReloadInterval": 0, + "customResponseHeader": {}, + "debugLevel": "error", + "debugLogfilePrefix": null, + "debugLogfileRetentionCount": -1, + "debugLogfileRotationMinutes": -1, + "debugLogfileRotationSize": 52428800, + "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", + "filterMode": { + "": "ALL", }, - { - "javaScriptType": "string", - "name": "cookieName", + "fqdnCheck": false, + "fqdnDefault": "testurl.com", + "fqdnMapping": {}, + "httpSessionBinding": true, + "jwtName": "am-auth-jwt", + "lbCookieEnabled": false, + "lbCookieName": "amlbcookie", + "localAuditLogRotation": false, + "localAuditLogfileRetentionCount": -1, + "localAuditRotationSize": 52428800, + "loginAttemptLimit": 0, + "loginAttemptLimitCookieName": "amFilterParam", + "preAuthCookieMaxAge": 300, + "preAuthCookieName": "amFilterCDSSORequest", + "recheckAmUnavailabilityInSeconds": 5, + "redirectAttemptLimit": 0, + "redirectAttemptLimitCookieName": "amFilterRDParam", + "repositoryLocation": "centralized", + "secretLabelIdentifier": null, + "status": "Inactive", + "userAttributeName": "employeenumber", + "userMappingMode": "USER_ID", + "userPrincipalFlag": false, + "userTokenName": "UserToken", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscJ2EEAgentConfig": { + "agent302RedirectContentType": "application/json", + "agent302RedirectEnabled": true, + "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", + "agent302RedirectInvertEnabled": false, + "agent302RedirectNerList": [ + "", + ], + "agent302RedirectStatusCode": 200, + "authFailReasonParameterName": null, + "authFailReasonParameterRemapper": {}, + "authFailReasonUrl": null, + "gotoParameterName": "goto", + "gotoUrl": null, + "ignorePathInfo": false, + "legacyRedirectUri": "/agent/sunwLegacySupportURI", + "legacyUserAgentList": [ + "Mozilla/4.7*", + ], + "legacyUserAgentSupport": false, + "localeCountry": "US", + "localeLanguage": "en", + "loginReasonMap": {}, + "loginReasonParameterName": null, + "portCheckEnabled": false, + "portCheckFile": "PortCheckContent.txt", + "portCheckSetting": { + "8080": "http", }, - ], - "evaluatorVersions": { - "JAVASCRIPT": [ - "2.0", + "unwantedHttpUrlParams": [ + "", + ], + "unwantedHttpUrlRegexParams": [ + "", + ], + "wantedHttpUrlParams": [ + "", + ], + "wantedHttpUrlRegexParams": [ + "", + ], + }, + "ssoJ2EEAgentConfig": { + "acceptIPDPCookie": false, + "acceptSsoTokenDomainList": [ + "", ], + "acceptSsoTokenEnabled": false, + "authExchangeCookieName": null, + "authExchangeUri": null, + "cdssoDomainList": [ + "", + ], + "cdssoRedirectUri": "/agent/post-authn-redirect", + "cdssoSecureCookies": false, + "cookieResetDomains": {}, + "cookieResetEnabled": false, + "cookieResetNames": [ + "", + ], + "cookieResetPaths": {}, + "encodeCookies": false, + "excludedUserAgentsList": [], + "httpOnly": true, + "setCookieAttributeMap": {}, + "setCookieInternalMap": {}, }, }, - "defaultScript": "[Empty]", - "engineConfiguration": { - "_id": "engineConfiguration", + "frodo-test-web-agent": { + "_id": "frodo-test-web-agent", "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", + "_id": "WebAgent", + "collection": true, + "name": "Web Agents", + }, + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "", + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false, + }, + "amServicesWebAgent": { + "amLoginUrl": [], + "amLogoutUrl": [ + "http://testserverurl.com:8080/UI/Logout", + ], + "applicationLogoutUrls": [ + "", + ], + "conditionalLoginUrl": [ + "", + ], + "customLoginMode": 0, + "enableLogoutRegex": false, + "fetchPoliciesFromRootResource": false, + "invalidateLogoutSession": true, + "logoutRedirectDisabled": false, + "logoutRedirectUrl": null, + "logoutResetCookies": [ + "", + ], + "logoutUrlRegex": null, + "policyCachePollingInterval": 3, + "policyClockSkew": 0, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "publicAmUrl": null, + "regexConditionalLoginPattern": [ + "", + ], + "regexConditionalLoginUrl": [ + "", + ], + "retrieveClientHostname": false, + "ssoCachePollingInterval": 3, + "userIdParameter": "UserToken", + "userIdParameterType": "session", + }, + "applicationWebAgentConfig": { + "attributeMultiValueSeparator": "|", + "clientIpValidation": false, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "fetchAttributesForNotEnforcedUrls": false, + "ignorePathInfoForNotEnforcedUrls": true, + "invertNotEnforcedUrls": false, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsList": [ + "", + ], + "notEnforcedIpsRegex": false, + "notEnforcedUrls": [ + "", + ], + "notEnforcedUrlsRegex": false, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalWebAgentConfig": { + "accessDeniedUrl": null, + "agentConfigChangeNotificationsEnabled": true, + "agentDebugLevel": "Error", + "agentUriPrefix": "http://testagenturl.com:8080/amagent", + "agentgroup": null, + "amLbCookieEnable": false, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testagenturl.com:8080/", + ], + "configurationPollingInterval": 60, + "disableJwtAudit": false, + "fqdnCheck": false, + "fqdnDefault": "testagenturl.com", + "fqdnMapping": {}, + "jwtAuditWhitelist": null, + "jwtName": "am-auth-jwt", + "notificationsEnabled": true, + "repositoryLocation": "centralized", + "resetIdleTime": false, + "secretLabelIdentifier": null, + "ssoOnlyMode": false, + "status": "Inactive", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscWebAgentConfig": { + "addCacheControlHeader": false, + "anonymousUserEnabled": false, + "anonymousUserId": "anonymous", + "caseInsensitiveUrlComparison": true, + "compositeAdviceEncode": false, + "compositeAdviceRedirect": false, + "encodeSpecialCharsInCookies": false, + "encodeUrlSpecialCharacters": false, + "gotoParameterName": "goto", + "headerJsonResponse": {}, + "ignorePathInfo": false, + "invalidUrlRegex": null, + "invertUrlJsonResponse": false, + "mineEncodeHeader": 0, + "profileAttributesCookieMaxAge": 300, + "profileAttributesCookiePrefix": "HTTP_", + "statusCodeJsonResponse": 202, + "urlJsonResponse": [ + "", + ], + }, + "ssoWebAgentConfig": { + "acceptSsoToken": false, + "cdssoCookieDomain": [ + "", + ], + "cdssoRedirectUri": "agent/cdsso-oauth2", + "cookieName": "iPlanetDirectoryPro", + "cookieResetEnabled": false, + "cookieResetList": [ + "", + ], + "cookieResetOnRedirect": false, + "httpOnly": true, + "multivaluePreAuthnCookie": false, + "persistentJwtCookie": false, + "sameSite": null, + "secureCookies": false, }, - "blackList": [ - "java.lang.Class", - "java.security.AccessController", - "java.lang.reflect.*", - ], - "coreThreads": 10, - "idleTimeout": 60, - "maxThreads": 50, - "propertyNamePrefix": "script", - "queueSize": 10, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "java.lang.Float", - "org.forgerock.http.protocol.Header", - "java.lang.Integer", - "org.forgerock.http.Client", - "java.lang.Character$UnicodeBlock", - "java.lang.Character", - "java.lang.Long", - "java.lang.Short", - "java.util.Map", - "org.forgerock.http.client.*", - "java.lang.Math", - "org.forgerock.opendj.ldap.Dn", - "java.lang.Byte", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "java.lang.StrictMath", - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.http.Context", - "java.lang.Void", - "org.codehaus.groovy.runtime.GStringImpl", - "groovy.json.JsonSlurper", - "org.forgerock.http.protocol.Request", - "org.forgerock.http.protocol.Entity", - "org.forgerock.http.context.RootContext", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "java.util.List", - "org.forgerock.http.protocol.RequestCookies", - "org.forgerock.http.protocol.Responses", - "org.forgerock.util.promise.Promise", - "java.util.HashMap$KeyIterator", - "com.sun.identity.shared.debug.Debug", - "java.lang.Double", - "org.forgerock.http.protocol.Headers", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.http.protocol.Status", - "java.util.HashMap", - "java.lang.Character$Subset", - "java.util.TreeSet", - "java.util.ArrayList", - "java.util.HashSet", - "java.util.LinkedHashMap", - "org.forgerock.http.protocol.ResponseException", - "java.util.Collections$UnmodifiableRandomAccessList", - "org.forgerock.http.protocol.Message", - "java.lang.Boolean", - "java.lang.String", - "java.lang.Number", - "java.util.LinkedList", - "java.util.LinkedHashSet", - "org.forgerock.http.protocol.Response", - "org.forgerock.util.promise.NeverThrowsException", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.util.TreeMap", - "java.util.Collections$EmptyList", - "org.forgerock.openam.scripting.api.ScriptedSession", - "java.util.Collections$UnmodifiableCollection$1", - "org.forgerock.http.Handler", - "java.lang.Object", - "org.forgerock.http.protocol.Form", - ], - }, - "isHidden": false, - "languages": [ - "JAVASCRIPT", - ], - }, - "NODE_DESIGNER": { - "_id": "NODE_DESIGNER", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", }, - "context": { - "_id": "NODE_DESIGNER", - "allowLists": [ - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.util.promise.Promises$*", - "java.lang.Object", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.AbstractMap$*", - "java.util.ArrayList", - "java.util.Collections", - "java.util.concurrent.TimeUnit", - "java.util.Collections$*", - "java.util.HashSet", - "java.util.HashMap$KeyIterator", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeSet", - "java.security.KeyPair", - "java.security.KeyPairGenerator", - "java.security.KeyPairGenerator$*", - "java.security.PrivateKey", - "java.security.PublicKey", - "java.security.spec.X509EncodedKeySpec", - "java.security.spec.MGF1ParameterSpec", - "javax.crypto.SecretKeyFactory", - "javax.crypto.spec.OAEPParameterSpec", - "javax.crypto.spec.PBEKeySpec", - "javax.crypto.spec.PSource", - "javax.crypto.spec.PSource$*", - "org.forgerock.json.JsonValue", - "org.forgerock.util.promise.NeverThrowsException", - "java.util.concurrent.ExecutionException", - "java.util.concurrent.TimeoutException", - "org.forgerock.openam.core.rest.authn.callbackhandlers.*", - "com.sun.crypto.provider.PBKDF2KeyImpl", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "sun.security.ec.ECPrivateKeyImpl", - "ch.qos.logback.classic.Logger", - "com.sun.proxy.$*", - "java.util.Date", - "java.security.spec.InvalidKeySpecException", - ], - "bindings": [ - { - "elements": [ - { - "elementType": "method", - "name": "send", - "parameters": [ - { - "javaScriptType": "string", - "name": "uri", - }, - { - "javaScriptType": "object", - "name": "requestOptions", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "send", - "parameters": [ - { - "javaScriptType": "string", - "name": "uri", - }, - ], - "returnType": "object", - }, - ], - "javaClass": "org.forgerock.openam.scripting.wrappers.HttpClientScriptWrapper", - "javaScriptType": "object", - "name": "httpClient", + "frodo-test-web-agent2": { + "_id": "frodo-test-web-agent2", + "_type": { + "_id": "WebAgent", + "collection": true, + "name": "Web Agents", + }, + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "", + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false, + }, + "amServicesWebAgent": { + "amLoginUrl": [], + "amLogoutUrl": [ + "http://testserverurl.com:8080/UI/Logout", + ], + "applicationLogoutUrls": [ + "", + ], + "conditionalLoginUrl": [ + "", + ], + "customLoginMode": 0, + "enableLogoutRegex": false, + "fetchPoliciesFromRootResource": false, + "invalidateLogoutSession": true, + "logoutRedirectDisabled": false, + "logoutRedirectUrl": null, + "logoutResetCookies": [ + "", + ], + "logoutUrlRegex": null, + "policyCachePollingInterval": 3, + "policyClockSkew": 0, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "publicAmUrl": null, + "regexConditionalLoginPattern": [ + "", + ], + "regexConditionalLoginUrl": [ + "", + ], + "retrieveClientHostname": false, + "ssoCachePollingInterval": 3, + "userIdParameter": "UserToken", + "userIdParameterType": "session", + }, + "applicationWebAgentConfig": { + "attributeMultiValueSeparator": "|", + "clientIpValidation": false, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "fetchAttributesForNotEnforcedUrls": false, + "ignorePathInfoForNotEnforcedUrls": true, + "invertNotEnforcedUrls": false, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsList": [ + "", + ], + "notEnforcedIpsRegex": false, + "notEnforcedUrls": [ + "", + ], + "notEnforcedUrlsRegex": false, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalWebAgentConfig": { + "accessDeniedUrl": null, + "agentConfigChangeNotificationsEnabled": true, + "agentDebugLevel": "Error", + "agentUriPrefix": "http://testagenturl.com:8080/amagent", + "agentgroup": null, + "amLbCookieEnable": false, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testagenturl.com:8080/", + ], + "configurationPollingInterval": 60, + "disableJwtAudit": false, + "fqdnCheck": false, + "fqdnDefault": "testagenturl.com", + "fqdnMapping": {}, + "jwtAuditWhitelist": null, + "jwtName": "am-auth-jwt", + "notificationsEnabled": true, + "repositoryLocation": "centralized", + "resetIdleTime": false, + "secretLabelIdentifier": null, + "ssoOnlyMode": false, + "status": "Inactive", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscWebAgentConfig": { + "addCacheControlHeader": false, + "anonymousUserEnabled": false, + "anonymousUserId": "anonymous", + "caseInsensitiveUrlComparison": true, + "compositeAdviceEncode": false, + "compositeAdviceRedirect": false, + "encodeSpecialCharsInCookies": false, + "encodeUrlSpecialCharacters": false, + "gotoParameterName": "goto", + "headerJsonResponse": {}, + "ignorePathInfo": false, + "invalidUrlRegex": null, + "invertUrlJsonResponse": false, + "mineEncodeHeader": 0, + "profileAttributesCookieMaxAge": 300, + "profileAttributesCookiePrefix": "HTTP_", + "statusCodeJsonResponse": 202, + "urlJsonResponse": [ + "", + ], + }, + "ssoWebAgentConfig": { + "acceptSsoToken": false, + "cdssoCookieDomain": [ + "", + ], + "cdssoRedirectUri": "agent/cdsso-oauth2", + "cookieName": "iPlanetDirectoryPro", + "cookieResetEnabled": false, + "cookieResetList": [ + "", + ], + "cookieResetOnRedirect": false, + "httpOnly": true, + "multivaluePreAuthnCookie": false, + "persistentJwtCookie": false, + "sameSite": null, + "secureCookies": false, + }, + }, + "ig-agent": { + "_id": "ig-agent", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents", + }, + "agentgroup": null, + "igCdssoLoginUrlTemplate": null, + "igCdssoRedirectUrls": [], + "igTokenIntrospection": "Realm_Subs", + "secretLabelIdentifier": null, + "status": "Active", + }, + "my-policy-agent": { + "_id": "my-policy-agent", + "_type": { + "_id": "2.2_Agent", + "collection": true, + "name": "Policy Agents", + }, + "cdssoRootUrl": [], + "description": null, + "status": "Active", + }, + "test": { + "_id": "test", + "_type": { + "_id": "RemoteConsentAgent", + "collection": true, + "name": "OAuth2 Remote Consent Service", + }, + "agentgroup": null, + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "publicKeyLocation": "jwks_uri", + "remoteConsentRedirectUrl": null, + "remoteConsentRequestEncryptionAlgorithm": "RSA-OAEP-256", + "remoteConsentRequestEncryptionEnabled": true, + "remoteConsentRequestEncryptionMethod": "A128GCM", + "remoteConsentRequestSigningAlgorithm": "RS256", + "remoteConsentResponseEncryptionAlgorithm": "RSA-OAEP-256", + "remoteConsentResponseEncryptionMethod": "A128GCM", + "remoteConsentResponseSigningAlg": "RS256", + "requestTimeLimit": 180, + }, + "test software publisher": { + "_id": "test software publisher", + "_type": { + "_id": "SoftwarePublisher", + "collection": true, + "name": "OAuth2 Software Publisher", + }, + "agentgroup": null, + "issuer": null, + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "publicKeyLocation": "jwks_uri", + "softwareStatementSigningAlgorithm": "RS256", + }, + }, + "agentGroup": { + "test_ig_group": { + "_id": "test_ig_group", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents", + }, + "igCdssoLoginUrlTemplate": null, + "igCdssoRedirectUrls": [], + "igTokenIntrospection": "None", + "status": "Active", + }, + "test_java_group": { + "_id": "test_java_group", + "_type": { + "_id": "J2EEAgent", + "collection": true, + "name": "J2EE Agents", + }, + "advancedJ2EEAgentConfig": { + "alternativeAgentHostname": null, + "alternativeAgentPort": null, + "alternativeAgentProtocol": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "expiredSessionCacheSize": 500, + "expiredSessionCacheTTL": 20, + "fragmentRelayUri": null, + "idleTimeRefreshWindow": 1, + "jwtCacheSize": 5000, + "jwtCacheTTL": 30, + "missingPostDataPreservationEntryUri": [ + "", + ], + "monitoringToCSV": false, + "policyCachePerUser": 50, + "policyCacheSize": 5000, + "policyClientPollingInterval": 3, + "possibleXssCodeElements": [ + "", + ], + "postDataCacheTtlMin": 5, + "postDataPreservation": false, + "postDataPreserveCacheEntryMaxEntries": 1000, + "postDataPreserveCacheEntryMaxTotalSizeMb": -1, + "postDataPreserveMultipartLimitBytes": 104857600, + "postDataPreserveMultipartParameterLimitBytes": 104857600, + "postDataStickySessionKeyValue": null, + "postDataStickySessionMode": "URL", + "retainPreviousOverrideBehavior": true, + "sessionCacheTTL": 15, + "ssoExchangeCacheSize": 100, + "ssoExchangeCacheTTL": 5, + "xssDetectionRedirectUri": {}, + }, + "amServicesJ2EEAgent": { + "agentAdviceEncode": false, + "amLoginUrl": [], + "authServiceHost": "testurl.com", + "authServicePort": 8080, + "authServiceProtocol": "http", + "authSuccessRedirectUrl": false, + "conditionalLoginUrl": [ + "", + ], + "conditionalLogoutUrl": [ + "", + ], + "customLoginEnabled": false, + "legacyLoginUrlList": [ + "", + ], + "overridePolicyEvaluationRealmEnabled": false, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "policyNotifications": true, + "restrictToRealm": {}, + "strategyWhenAMUnavailable": "EVAL_NER_USE_CACHE_UNTIL_EXPIRED_ELSE_503", + "urlPolicyEnvGetParameters": [ + "", + ], + "urlPolicyEnvJsessionParameters": [ + "", + ], + "urlPolicyEnvPostParameters": [ + "", + ], + }, + "applicationJ2EEAgentConfig": { + "applicationLogoutUris": {}, + "clientIpValidationMode": { + "": "OFF", }, - { - "elements": [ - { - "elementType": "method", - "name": "getName", - "parameters": [], - "returnType": "string", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "isTraceEnabled", - "parameters": [], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "isDebugEnabled", - "parameters": [], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "isErrorEnabled", - "parameters": [], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "isInfoEnabled", - "parameters": [], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "isWarnEnabled", - "parameters": [], - "returnType": "boolean", - }, - ], - "javaClass": "org.forgerock.openam.scripting.logging.ScriptedLoggerWrapper", - "javaScriptType": "object", - "name": "logger", + "clientIpValidationRange": {}, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "cookieAttributeMultiValueSeparator": "|", + "cookieAttributeUrlEncoded": true, + "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", + "invertNotEnforcedIps": false, + "invertNotEnforcedUris": false, + "logoutEntryUri": {}, + "logoutIntrospection": false, + "logoutRequestParameters": {}, + "notEnforcedFavicon": true, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsCacheEnabled": true, + "notEnforcedIpsCacheSize": 1000, + "notEnforcedRuleCompoundSeparator": "|", + "notEnforcedUris": [ + "", + ], + "notEnforcedUrisCacheEnabled": true, + "notEnforcedUrisCacheSize": 1000, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "resourceAccessDeniedUri": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalJ2EEAgentConfig": { + "agentConfigChangeNotificationsEnabled": true, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [], + "configurationReloadInterval": 0, + "customResponseHeader": {}, + "debugLevel": "error", + "debugLogfilePrefix": null, + "debugLogfileRetentionCount": -1, + "debugLogfileRotationMinutes": -1, + "debugLogfileRotationSize": 52428800, + "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", + "filterMode": { + "": "ALL", }, - { - "elements": [], - "javaScriptType": "object", - "name": "requestParameters", + "fqdnCheck": false, + "fqdnDefault": null, + "fqdnMapping": {}, + "httpSessionBinding": true, + "jwtName": "am-auth-jwt", + "lbCookieEnabled": false, + "lbCookieName": "amlbcookie", + "localAuditLogRotation": false, + "localAuditLogfileRetentionCount": -1, + "localAuditRotationSize": 52428800, + "loginAttemptLimit": 0, + "loginAttemptLimitCookieName": "amFilterParam", + "preAuthCookieMaxAge": 300, + "preAuthCookieName": "amFilterCDSSORequest", + "recheckAmUnavailabilityInSeconds": 5, + "redirectAttemptLimit": 0, + "redirectAttemptLimitCookieName": "amFilterRDParam", + "status": "Active", + "userAttributeName": "employeenumber", + "userMappingMode": "USER_ID", + "userPrincipalFlag": false, + "userTokenName": "UserToken", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscJ2EEAgentConfig": { + "agent302RedirectContentType": "application/json", + "agent302RedirectEnabled": true, + "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", + "agent302RedirectInvertEnabled": false, + "agent302RedirectNerList": [ + "", + ], + "agent302RedirectStatusCode": 200, + "authFailReasonParameterName": null, + "authFailReasonParameterRemapper": {}, + "authFailReasonUrl": null, + "gotoParameterName": "goto", + "gotoUrl": null, + "ignorePathInfo": false, + "legacyRedirectUri": null, + "legacyUserAgentList": [ + "Mozilla/4.7*", + ], + "legacyUserAgentSupport": false, + "localeCountry": "US", + "localeLanguage": "en", + "loginReasonMap": {}, + "loginReasonParameterName": null, + "portCheckEnabled": false, + "portCheckFile": "PortCheckContent.txt", + "portCheckSetting": {}, + "unwantedHttpUrlParams": [ + "", + ], + "unwantedHttpUrlRegexParams": [ + "", + ], + "wantedHttpUrlParams": [ + "", + ], + "wantedHttpUrlRegexParams": [ + "", + ], + }, + "ssoJ2EEAgentConfig": { + "acceptIPDPCookie": false, + "acceptSsoTokenDomainList": [ + "", + ], + "acceptSsoTokenEnabled": false, + "authExchangeCookieName": null, + "authExchangeUri": null, + "cdssoDomainList": [ + "", + ], + "cdssoRedirectUri": null, + "cdssoSecureCookies": false, + "cookieResetDomains": {}, + "cookieResetEnabled": false, + "cookieResetNames": [ + "", + ], + "cookieResetPaths": {}, + "encodeCookies": false, + "excludedUserAgentsList": [], + "httpOnly": true, + "setCookieAttributeMap": {}, + "setCookieInternalMap": {}, + }, + }, + "test_web_agent_group": { + "_id": "test_web_agent_group", + "_type": { + "_id": "WebAgent", + "collection": true, + "name": "Web Agents", + }, + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "", + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false, + }, + "amServicesWebAgent": { + "amLoginUrl": [], + "amLogoutUrl": [ + "http://testurl.com:8080/UI/Logout", + ], + "applicationLogoutUrls": [ + "", + ], + "conditionalLoginUrl": [ + "", + ], + "customLoginMode": 0, + "enableLogoutRegex": false, + "fetchPoliciesFromRootResource": false, + "invalidateLogoutSession": true, + "logoutRedirectDisabled": false, + "logoutRedirectUrl": null, + "logoutResetCookies": [ + "", + ], + "logoutUrlRegex": null, + "policyCachePollingInterval": 3, + "policyClockSkew": 0, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "publicAmUrl": null, + "regexConditionalLoginPattern": [ + "", + ], + "regexConditionalLoginUrl": [ + "", + ], + "retrieveClientHostname": false, + "ssoCachePollingInterval": 3, + "userIdParameter": "UserToken", + "userIdParameterType": "session", + }, + "applicationWebAgentConfig": { + "attributeMultiValueSeparator": "|", + "clientIpValidation": false, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "fetchAttributesForNotEnforcedUrls": false, + "ignorePathInfoForNotEnforcedUrls": true, + "invertNotEnforcedUrls": false, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsList": [ + "", + ], + "notEnforcedIpsRegex": false, + "notEnforcedUrls": [ + "", + ], + "notEnforcedUrlsRegex": false, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalWebAgentConfig": { + "accessDeniedUrl": null, + "agentConfigChangeNotificationsEnabled": true, + "agentDebugLevel": "Error", + "agentUriPrefix": null, + "amLbCookieEnable": false, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [], + "configurationPollingInterval": 60, + "disableJwtAudit": false, + "fqdnCheck": false, + "fqdnDefault": null, + "fqdnMapping": {}, + "jwtAuditWhitelist": null, + "jwtName": "am-auth-jwt", + "notificationsEnabled": true, + "resetIdleTime": false, + "ssoOnlyMode": false, + "status": "Active", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscWebAgentConfig": { + "addCacheControlHeader": false, + "anonymousUserEnabled": false, + "anonymousUserId": "anonymous", + "caseInsensitiveUrlComparison": true, + "compositeAdviceEncode": false, + "compositeAdviceRedirect": false, + "encodeSpecialCharsInCookies": false, + "encodeUrlSpecialCharacters": false, + "gotoParameterName": "goto", + "headerJsonResponse": {}, + "ignorePathInfo": false, + "invalidUrlRegex": null, + "invertUrlJsonResponse": false, + "mineEncodeHeader": 0, + "profileAttributesCookieMaxAge": 300, + "profileAttributesCookiePrefix": "HTTP_", + "statusCodeJsonResponse": 202, + "urlJsonResponse": [ + "", + ], + }, + "ssoWebAgentConfig": { + "acceptSsoToken": false, + "cdssoCookieDomain": [ + "", + ], + "cdssoRedirectUri": "agent/cdsso-oauth2", + "cookieName": "iPlanetDirectoryPro", + "cookieResetEnabled": false, + "cookieResetList": [ + "", + ], + "cookieResetOnRedirect": false, + "httpOnly": true, + "multivaluePreAuthnCookie": false, + "persistentJwtCookie": false, + "sameSite": null, + "secureCookies": false, + }, + }, + }, + "application": { + "0b48992b-a2dd-4ed5-8b07-1fc5d7306da8": { + "_id": "0b48992b-a2dd-4ed5-8b07-1fc5d7306da8", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider", }, - { - "elements": [ - { - "elementType": "method", - "name": "isEmpty", - "parameters": [], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "getChoiceCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getNameCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getPasswordCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getHiddenValueCallbacks", - "parameters": [], - "returnType": "object", - }, - { - "elementType": "method", - "name": "getTextInputCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getStringAttributeInputCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getNumberAttributeInputCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getBooleanAttributeInputCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getConfirmationCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getLanguageCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getIdpCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getValidatedPasswordCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getValidatedUsernameCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getHttpCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getX509CertificateCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getConsentMappingCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getDeviceProfileCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getKbaCreateCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getSelectIdPCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getTermsAndConditionsCallbacks", - "parameters": [], - "returnType": "array", - }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid", ], - "javaClass": "org.forgerock.openam.auth.nodes.script.ScriptedCallbacksWrapper", - "javaScriptType": "object", - "name": "callbacks", - }, - { - "elements": [ - { - "elementType": "method", - "name": "getGenericSecret", - "parameters": [ - { - "javaScriptType": "string", - "name": "secretId", - }, - ], - "returnType": "object", - }, + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email", ], - "javaClass": "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "javaScriptType": "object", - "name": "secrets", - }, - { - "elements": [ - { - "elementType": "method", - "name": "getIdentity", - "parameters": [ - { - "javaScriptType": "string", - "name": "userName", - }, - ], - "returnType": "object", - }, + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer", ], - "javaClass": "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepositoryScriptWrapper", - "javaScriptType": "object", - "name": "idRepository", - }, - { - "elements": [], - "javaScriptType": "object", - "name": "requestHeaders", - }, - { - "elements": [ - { - "elementType": "method", - "name": "generateJwt", - "parameters": [ - { - "javaScriptType": "object", - "name": "jwtData", - }, - ], - "returnType": "string", - }, + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens", + ], + "supportedSubjectTypes": [ + "public", + "pairwise", + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", ], - "javaClass": "org.forgerock.openam.auth.nodes.script.JwtAssertionScriptWrapper", - "javaScriptType": "object", - "name": "jwtAssertion", }, - { - "elements": [ - { - "elementType": "method", - "name": "remove", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "get", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "keys", - "parameters": [], - "returnType": "object", - }, - { - "elementType": "method", - "name": "getObject", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "isDefined", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - ], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "putShared", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - { - "javaScriptType": "object", - "name": "value", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "mergeShared", - "parameters": [ - { - "javaScriptType": "object", - "name": "object", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "mergeTransient", - "parameters": [ - { - "javaScriptType": "object", - "name": "object", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "putTransient", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - { - "javaScriptType": "object", - "name": "value", - }, - ], - "returnType": "object", - }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", ], - "javaClass": "org.forgerock.openam.auth.node.api.NodeStateScriptWrapper", - "javaScriptType": "object", - "name": "nodeState", + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false, }, - { - "javaScriptType": "boolean", - "name": "resumedFromSuspend", + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256", + ], }, - { - "elements": [ - { - "elementType": "field", - "elements": [ - { - "elementType": "method", - "name": "randomUUID", - "parameters": [], - "returnType": "string", - }, - { - "elementType": "method", - "name": "getRandomValues", - "parameters": [ - { - "javaScriptType": "array", - "name": "array", - }, - ], - "returnType": "array", - }, - ], - "javaClass": "org.forgerock.openam.scripting.bindings.ScriptCryptoService", - "javaScriptType": "object", - "name": "crypto", - }, - { - "elementType": "field", - "elements": [ - { - "elementType": "method", - "name": "decode", - "parameters": [ - { - "javaScriptType": "string", - "name": "toDecode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "encode", - "parameters": [ - { - "javaScriptType": "string", - "name": "toEncode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "atob", - "parameters": [ - { - "javaScriptType": "string", - "name": "toDecode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "btoa", - "parameters": [ - { - "javaScriptType": "string", - "name": "toEncode", - }, - ], - "returnType": "string", - }, - ], - "javaClass": "org.forgerock.openam.scripting.bindings.ScriptBase64Service", - "javaScriptType": "object", - "name": "base64", - }, - { - "elementType": "field", - "elements": [ - { - "elementType": "method", - "name": "decode", - "parameters": [ - { - "javaScriptType": "string", - "name": "toDecode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "encode", - "parameters": [ - { - "javaScriptType": "string", - "name": "toEncode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "atob", - "parameters": [ - { - "javaScriptType": "string", - "name": "toDecode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "btoa", - "parameters": [ - { - "javaScriptType": "string", - "name": "toEncode", - }, - ], - "returnType": "string", - }, - ], - "javaClass": "org.forgerock.openam.scripting.bindings.ScriptBase64UrlService", - "javaScriptType": "object", - "name": "base64url", - }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris", ], - "javaClass": "org.forgerock.openam.scripting.bindings.ScriptUtilityService", - "javaScriptType": "object", - "name": "utils", }, - { - "elements": [], - "javaScriptType": "object", - "name": "existingSession", + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], }, - { - "elements": [ - { - "elementType": "method", - "name": "suspend", - "parameters": [ - { - "javaScriptType": "string", - "name": "callbackTextFormat", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "suspend", - "parameters": [ - { - "javaScriptType": "string", - "name": "callbackTextFormat", - }, - { - "javaScriptType": "object", - "name": "additionalLogic", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "withIdentifiedUser", - "parameters": [ - { - "javaScriptType": "string", - "name": "username", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "withIdentifiedAgent", - "parameters": [ - { - "javaScriptType": "string", - "name": "agentName", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "goTo", - "parameters": [ - { - "javaScriptType": "string", - "name": "outcome", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "putSessionProperty", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - { - "javaScriptType": "string", - "name": "value", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "withHeader", - "parameters": [ - { - "javaScriptType": "string", - "name": "header", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "withDescription", - "parameters": [ - { - "javaScriptType": "string", - "name": "description", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "withStage", - "parameters": [ - { - "javaScriptType": "string", - "name": "stage", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "withErrorMessage", - "parameters": [ - { - "javaScriptType": "string", - "name": "errorMessage", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "withLockoutMessage", - "parameters": [ - { - "javaScriptType": "string", - "name": "lockoutMessage", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "removeSessionProperty", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - ], - "returnType": "object", - }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false, + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", ], - "javaClass": "org.forgerock.openam.auth.nodes.script.ActionWrapper", - "javaScriptType": "object", - "name": "action", }, - { - "javaScriptType": "string", - "name": "scriptName", + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8, }, - { - "elements": [], - "javaScriptType": "object", - "name": "attributes", + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]", }, - { - "javaScriptType": "string", - "name": "realm", + }, + "_type": { + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients", + }, + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [ + "Created by Frodo on 3/20/2024, 9:30:37 AM", + ], + "grantTypes": [ + "client_credentials", + ], + "isConsentImplied": true, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "token", + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "Public", + "tokenEndpointAuthMethod": "client_secret_basic", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null, + }, + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 315360000, + "authorizationCodeLifetime": 120, + "clientName": [ + "0b48992b-a2dd-4ed5-8b07-1fc5d7306da8", + ], + "clientType": "Confidential", + "defaultScopes": [ + "fr:idm:*", + ], + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 604800, + "scopes": [ + "fr:idm:*", + "fr:idc:esv:*", + "dynamic_client_registration", + ], + "status": "Active", + "userpassword": null, + }, + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 3600, + "postLogoutRedirectUri": [], + }, + "coreUmaClientConfig": { + "claimsRedirectionUris": [], + }, + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": false, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": false, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]", + }, + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null, + }, + }, + "49a2981c-e192-4739-a0e6-c7582168bdf5": { + "_id": "49a2981c-e192-4739-a0e6-c7582168bdf5", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider", }, - { - "elements": [ - { - "elementType": "method", - "name": "validateJwtClaims", - "parameters": [ - { - "javaScriptType": "object", - "name": "jwtData", - }, - ], - "returnType": "object", - }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid", + ], + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email", + ], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer", + ], + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens", + ], + "supportedSubjectTypes": [ + "public", + "pairwise", + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", ], - "javaClass": "org.forgerock.openam.auth.nodes.script.JwtValidatorScriptWrapper", - "javaScriptType": "object", - "name": "jwtValidator", }, - { - "elements": [ - { - "elementType": "method", - "name": "httpCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "authRHeader", - }, - { - "javaScriptType": "string", - "name": "negoName", - }, - { - "javaScriptType": "string", - "name": "negoValue", - }, - { - "javaScriptType": "number", - "name": "errorCode", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "httpCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "authorizationHeader", - }, - { - "javaScriptType": "string", - "name": "negotiationHeader", - }, - { - "javaScriptType": "string", - "name": "errorCode", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "consentMappingCallback", - "parameters": [ - { - "javaScriptType": "object", - "name": "config", - }, - { - "javaScriptType": "string", - "name": "message", - }, - { - "javaScriptType": "boolean", - "name": "isRequired", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "consentMappingCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "displayName", - }, - { - "javaScriptType": "string", - "name": "icon", - }, - { - "javaScriptType": "string", - "name": "accessLevel", - }, - { - "javaScriptType": "array", - "name": "titles", - }, - { - "javaScriptType": "string", - "name": "message", - }, - { - "javaScriptType": "boolean", - "name": "isRequired", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "deviceProfileCallback", - "parameters": [ - { - "javaScriptType": "boolean", - "name": "metadata", - }, - { - "javaScriptType": "boolean", - "name": "location", - }, - { - "javaScriptType": "string", - "name": "message", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "kbaCreateCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "array", - "name": "predefinedQuestions", - }, - { - "javaScriptType": "boolean", - "name": "allowUserDefinedQuestions", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "selectIdPCallback", - "parameters": [ - { - "javaScriptType": "object", - "name": "providers", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "termsAndConditionsCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "version", - }, - { - "javaScriptType": "string", - "name": "terms", - }, - { - "javaScriptType": "string", - "name": "createDate", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "suspendedTextOutputCallback", - "parameters": [ - { - "javaScriptType": "number", - "name": "messageType", - }, - { - "javaScriptType": "string", - "name": "message", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "textInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "textInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "string", - "name": "defaultText", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "scriptTextOutputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "message", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "metadataCallback", - "parameters": [ - { - "javaScriptType": "object", - "name": "outputValue", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "stringAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "string", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - { - "javaScriptType": "array", - "name": "failedPolicies", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "stringAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "string", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "stringAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "string", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "stringAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "string", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - { - "javaScriptType": "array", - "name": "failedPolicies", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "numberAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "number", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "numberAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "number", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "numberAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "number", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - { - "javaScriptType": "array", - "name": "failedPolicies", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "numberAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "number", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - { - "javaScriptType": "array", - "name": "failedPolicies", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "booleanAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "boolean", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "booleanAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "boolean", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "booleanAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "boolean", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - { - "javaScriptType": "array", - "name": "failedPolicies", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "booleanAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "boolean", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - { - "javaScriptType": "array", - "name": "failedPolicies", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "languageCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "language", - }, - { - "javaScriptType": "string", - "name": "country", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "idPCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "provider", - }, - { - "javaScriptType": "string", - "name": "clientId", - }, - { - "javaScriptType": "string", - "name": "redirectUri", - }, - { - "javaScriptType": "array", - "name": "scope", - }, - { - "javaScriptType": "string", - "name": "nonce", - }, - { - "javaScriptType": "string", - "name": "request", - }, - { - "javaScriptType": "string", - "name": "requestUri", - }, - { - "javaScriptType": "array", - "name": "acrValues", - }, - { - "javaScriptType": "boolean", - "name": "requestNativeAppForUserInfo", - }, - { - "javaScriptType": "string", - "name": "token", - }, - { - "javaScriptType": "string", - "name": "tokenType", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "idPCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "provider", - }, - { - "javaScriptType": "string", - "name": "clientId", - }, - { - "javaScriptType": "string", - "name": "redirectUri", - }, - { - "javaScriptType": "array", - "name": "scope", - }, - { - "javaScriptType": "string", - "name": "nonce", - }, - { - "javaScriptType": "string", - "name": "request", - }, - { - "javaScriptType": "string", - "name": "requestUri", - }, - { - "javaScriptType": "array", - "name": "acrValues", - }, - { - "javaScriptType": "boolean", - "name": "requestNativeAppForUserInfo", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "x509CertificateCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "object", - "name": "certificate", - }, - { - "javaScriptType": "boolean", - "name": "requestSignature", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "x509CertificateCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "object", - "name": "certificate", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "x509CertificateCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "choiceCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "array", - "name": "choices", - }, - { - "javaScriptType": "number", - "name": "defaultChoice", - }, - { - "javaScriptType": "boolean", - "name": "multipleSelectionsAllowed", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "redirectCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "redirectUrl", - }, - { - "javaScriptType": "object", - "name": "redirectData", - }, - { - "javaScriptType": "string", - "name": "method", - }, - { - "javaScriptType": "boolean", - "name": "setTrackingCookie", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "redirectCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "redirectUrl", - }, - { - "javaScriptType": "object", - "name": "redirectData", - }, - { - "javaScriptType": "string", - "name": "method", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "redirectCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "redirectUrl", - }, - { - "javaScriptType": "object", - "name": "redirectData", - }, - { - "javaScriptType": "string", - "name": "method", - }, - { - "javaScriptType": "string", - "name": "statusParameter", - }, - { - "javaScriptType": "string", - "name": "redirectBackUrlCookie", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "redirectCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "redirectUrl", - }, - { - "javaScriptType": "object", - "name": "redirectData", - }, - { - "javaScriptType": "string", - "name": "method", - }, - { - "javaScriptType": "string", - "name": "statusParameter", - }, - { - "javaScriptType": "string", - "name": "redirectBackUrlCookie", - }, - { - "javaScriptType": "boolean", - "name": "setTrackingCookie", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "hiddenValueCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "id", - }, - { - "javaScriptType": "string", - "name": "value", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "nameCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "nameCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "string", - "name": "defaultName", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "passwordCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "boolean", - "name": "echoOn", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "confirmationCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "number", - "name": "messageType", - }, - { - "javaScriptType": "number", - "name": "optionType", - }, - { - "javaScriptType": "number", - "name": "defaultOption", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "confirmationCallback", - "parameters": [ - { - "javaScriptType": "number", - "name": "messageType", - }, - { - "javaScriptType": "number", - "name": "optionType", - }, - { - "javaScriptType": "number", - "name": "defaultOption", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "confirmationCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "number", - "name": "messageType", - }, - { - "javaScriptType": "array", - "name": "options", - }, - { - "javaScriptType": "number", - "name": "defaultOption", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "confirmationCallback", - "parameters": [ - { - "javaScriptType": "number", - "name": "messageType", - }, - { - "javaScriptType": "array", - "name": "options", - }, - { - "javaScriptType": "number", - "name": "defaultOption", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "pollingWaitCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "waitTime", - }, - { - "javaScriptType": "string", - "name": "message", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "textOutputCallback", - "parameters": [ - { - "javaScriptType": "number", - "name": "messageType", - }, - { - "javaScriptType": "string", - "name": "message", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "validatedPasswordCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "boolean", - "name": "echoOn", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - { - "javaScriptType": "array", - "name": "failedPolicies", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "validatedPasswordCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "boolean", - "name": "echoOn", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "validatedUsernameCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "validatedUsernameCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - { - "javaScriptType": "array", - "name": "failedPolicies", - }, - ], - "returnType": "void", - }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", ], - "javaClass": "org.forgerock.openam.auth.nodes.script.ScriptedCallbacksBuilder", - "javaScriptType": "object", - "name": "callbacksBuilder", + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false, }, - { - "elements": [ - { - "elementType": "method", - "name": "update", - "parameters": [ - { - "javaScriptType": "string", - "name": "id", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "value", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "update", - "parameters": [ - { - "javaScriptType": "string", - "name": "id", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "value", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "update", - "parameters": [ - { - "javaScriptType": "string", - "name": "id", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "value", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "read", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "read", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "read", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "delete", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "delete", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "delete", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "action", - "parameters": [ - { - "javaScriptType": "string", - "name": "resource", - }, - { - "javaScriptType": "string", - "name": "actionName", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "action", - "parameters": [ - { - "javaScriptType": "string", - "name": "resource", - }, - { - "javaScriptType": "string", - "name": "actionName", - }, - { - "javaScriptType": "object", - "name": "content", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "action", - "parameters": [ - { - "javaScriptType": "string", - "name": "resource", - }, - { - "javaScriptType": "string", - "name": "actionName", - }, - { - "javaScriptType": "object", - "name": "content", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "action", - "parameters": [ - { - "javaScriptType": "string", - "name": "resource", - }, - { - "javaScriptType": "string", - "name": "actionName", - }, - { - "javaScriptType": "object", - "name": "content", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "query", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "query", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "create", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "newResourceId", - }, - { - "javaScriptType": "object", - "name": "content", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "create", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "newResourceId", - }, - { - "javaScriptType": "object", - "name": "content", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "create", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "newResourceId", - }, - { - "javaScriptType": "object", - "name": "content", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "patch", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "array", - "name": "patch", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "patch", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "array", - "name": "patch", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "patch", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "array", - "name": "patch", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256", ], - "javaClass": "org.forgerock.openam.scripting.wrappers.IdmIntegrationServiceScriptWrapper", - "javaScriptType": "object", - "name": "openidm", }, - { - "elements": [], - "javaScriptType": "object", - "name": "requestCookies", + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris", + ], }, - { - "javaScriptType": "string", - "name": "cookieName", + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false, + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8, + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]", }, - ], - "evaluatorVersions": { - "JAVASCRIPT": [ - "2.0", - ], }, - }, - "defaultScript": "[Empty]", - "engineConfiguration": { - "_id": "engineConfiguration", "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients", }, - "blackList": [ - "java.security.AccessController", - "java.lang.Class", - "java.lang.reflect.*", - ], - "coreThreads": 10, - "idleTimeout": 60, - "maxThreads": 50, - "propertyNamePrefix": "script", - "queueSize": 10, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.util.promise.Promises$*", - "java.lang.Object", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.AbstractMap$*", - "java.util.ArrayList", - "java.util.Collections", - "java.util.concurrent.TimeUnit", - "java.util.Collections$*", - "java.util.HashSet", - "java.util.HashMap$KeyIterator", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeSet", - "java.security.KeyPair", - "java.security.KeyPairGenerator", - "java.security.KeyPairGenerator$*", - "java.security.PrivateKey", - "java.security.PublicKey", - "java.security.spec.X509EncodedKeySpec", - "java.security.spec.MGF1ParameterSpec", - "javax.crypto.SecretKeyFactory", - "javax.crypto.spec.OAEPParameterSpec", - "javax.crypto.spec.PBEKeySpec", - "javax.crypto.spec.PSource", - "javax.crypto.spec.PSource$*", - "org.forgerock.json.JsonValue", - "org.forgerock.util.promise.NeverThrowsException", - "java.util.concurrent.ExecutionException", - "java.util.concurrent.TimeoutException", - "org.forgerock.openam.core.rest.authn.callbackhandlers.*", - "com.sun.crypto.provider.PBKDF2KeyImpl", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "sun.security.ec.ECPrivateKeyImpl", - "ch.qos.logback.classic.Logger", - "com.sun.proxy.$*", - "java.util.Date", - "java.security.spec.InvalidKeySpecException", - ], - }, - "isHidden": true, - "languages": [ - "JAVASCRIPT", - ], - }, - "OAUTH2_ACCESS_TOKEN_MODIFICATION": { - "_id": "OAUTH2_ACCESS_TOKEN_MODIFICATION", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", - }, - "context": { - "_id": "OAUTH2_ACCESS_TOKEN_MODIFICATION", - "allowLists": [ - "org.forgerock.openam.shared.security.crypto.CertificateService", - "java.util.Map", - "java.lang.Character$Subset", - "java.util.TreeSet", - "org.forgerock.openam.oauth2.OpenAMAccessToken", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.oauth2.core.StatefulAccessToken", - "org.mozilla.javascript.JavaScriptException", - "org.forgerock.json.JsonValue", - "org.codehaus.groovy.runtime.GStringImpl", - "org.forgerock.opendj.ldap.Dn", - "com.google.common.collect.Sets$1", - "java.util.ArrayList", - "java.util.LinkedHashMap$Entry", - "org.forgerock.opendj.ldap.Rdn", - "java.lang.StrictMath", - "java.util.HashMap$Entry", - "java.util.LinkedHashSet", - "java.util.AbstractMap$SimpleImmutableEntry", - "org.forgerock.oauth2.core.exceptions.InvalidRequestException", - "java.util.Locale", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.http.protocol.*", - "sun.security.ec.ECPrivateKeyImpl", - "java.lang.Float", - "java.util.Collections$EmptyList", - "java.lang.Double", - "com.sun.identity.common.CaseInsensitiveHashMap", - "groovy.json.JsonSlurper", - "com.sun.identity.idm.AMIdentity", - "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", - "org.forgerock.http.client.*", - "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "java.lang.Void", - "java.util.HashMap", - "java.lang.Long", - "java.lang.Math", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.lang.Integer", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.HashMap$KeyIterator", - "java.util.ArrayList$Itr", - "java.lang.String", - "java.util.Collections$UnmodifiableMap", - "java.lang.Object", - "java.lang.Boolean", - "org.forgerock.macaroons.Macaroon", - "org.forgerock.util.promise.PromiseImpl", - "java.lang.Short", - "java.util.TreeMap", - "java.lang.Character", - "com.sun.identity.shared.debug.Debug", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.HashMap$KeySet", - "java.util.List", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.HashMap$Node", - "org.forgerock.oauth.clients.oidc.Claim", - "java.util.Collections$SingletonList", - "java.util.HashSet", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", - "org.forgerock.oauth2.core.UserInfoClaims", - "java.net.URI", - "java.util.Collections$1", - "groovy.json.internal.LazyMap", - "java.util.LinkedHashMap", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openidconnect.Claim", - "java.lang.Number", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "java.util.LinkedList", - "java.lang.Byte", - "org.forgerock.http.Client", - "org.forgerock.oauth2.core.GrantType", - "java.lang.Character$UnicodeBlock", - "java.util.Collections$UnmodifiableSet", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - ], - "bindings": [], - "evaluatorVersions": { - "GROOVY": [ - "1.0", + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [ + "Created by Frodo on 5/13/2023, 8:07:37 PM", ], - "JAVASCRIPT": [ - "1.0", + "grantTypes": [ + "client_credentials", ], + "isConsentImplied": true, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "token", + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "Public", + "tokenEndpointAuthMethod": "client_secret_basic", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null, }, - }, - "defaultScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", - "engineConfiguration": { - "_id": "engineConfiguration", - "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", - }, - "blackList": [ - "java.lang.Class", - "java.lang.Thread", - "java.lang.invoke.*", - "java.lang.reflect.*", - "java.security.AccessController", - ], - "coreThreads": { - "$int": "&{oauth2.access.token.modification.script.context.core.threads|10}", + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 3600, + "agentgroup": null, + "authorizationCodeLifetime": 120, + "clientName": [ + "49a2981c-e192-4739-a0e6-c7582168bdf5", + ], + "clientType": "Confidential", + "defaultScopes": [ + "fr:idm:*", + ], + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 604800, + "scopes": [ + "fr:idm:*", + "fr:idc:esv:*", + "dynamic_client_registration", + ], + "status": "Active", }, - "idleTimeout": 60, - "maxThreads": { - "$int": "&{oauth2.access.token.modification.script.context.max.threads|50}", + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 3600, + "postLogoutRedirectUri": [], }, - "propertyNamePrefix": "esv.", - "queueSize": { - "$int": "&{oauth2.access.token.modification.script.context.queue.size|10}", + "coreUmaClientConfig": { + "claimsRedirectionUris": [], }, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "com.google.common.collect.ImmutableList", - "com.google.common.collect.Sets$1", - "com.iplanet.am.sdk.AMHashMap", - "com.iplanet.sso.providers.dpro.SSOTokenIDImpl", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.authentication.callbacks.HiddenValueCallback", - "com.sun.identity.authentication.callbacks.ReCaptchaCallback", - "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", - "com.sun.identity.authentication.spi.HttpCallback", - "com.sun.identity.authentication.spi.IdentifiableCallback", - "com.sun.identity.authentication.spi.MetadataCallback", - "com.sun.identity.authentication.spi.PagePropertiesCallback", - "com.sun.identity.authentication.spi.RedirectCallback", - "com.sun.identity.authentication.spi.X509CertificateCallback", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.common.CaseInsensitiveHashMap$Entry", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.idm.IdType", - "com.sun.identity.saml2.assertion.impl.AttributeImpl", - "com.sun.identity.saml2.common.SAML2Exception", - "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.StringEscapeUtils", - "groovy.json.internal.LazyMap", - "java.io.ByteArrayInputStream", - "java.io.ByteArrayOutputStream", - "java.io.UnsupportedEncodingException", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.NullPointerException", - "java.lang.Number", - "java.lang.Object", - "java.lang.RuntimeException", - "java.lang.SecurityException", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.math.BigDecimal", - "java.math.BigInteger", - "java.net.URI", - "java.security.KeyFactory", - "java.security.KeyPair", - "java.security.KeyPairGenerator", - "java.security.KeyPairGenerator$*", - "java.security.MessageDigest", - "java.security.MessageDigest$Delegate", - "java.security.MessageDigest$Delegate$CloneableDelegate", - "java.security.NoSuchAlgorithmException", - "java.security.PrivateKey", - "java.security.PublicKey", - "java.security.cert.CertificateFactory", - "java.security.cert.X509Certificate", - "java.security.spec.MGF1ParameterSpec", - "java.security.spec.PKCS8EncodedKeySpec", - "java.security.spec.X509EncodedKeySpec", - "java.text.SimpleDateFormat", - "java.time.Clock", - "java.time.Clock$FixedClock", - "java.time.Clock$OffsetClock", - "java.time.Clock$SystemClock", - "java.time.Clock$TickClock", - "java.time.temporal.ChronoUnit", - "java.util.AbstractMap$*", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Arrays", - "java.util.Collections", - "java.util.Collections$*", - "java.util.Date", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashMap$LinkedKeySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "java.util.UUID", - "javax.crypto.Cipher", - "javax.crypto.Mac", - "javax.crypto.spec.IvParameterSpec", - "javax.crypto.spec.OAEPParameterSpec", - "javax.crypto.spec.PSource", - "javax.crypto.spec.PSource$*", - "javax.crypto.spec.SecretKeySpec", - "javax.security.auth.callback.ChoiceCallback", - "javax.security.auth.callback.ConfirmationCallback", - "javax.security.auth.callback.LanguageCallback", - "javax.security.auth.callback.NameCallback", - "javax.security.auth.callback.PasswordCallback", - "javax.security.auth.callback.TextInputCallback", - "javax.security.auth.callback.TextOutputCallback", - "org.apache.groovy.json.internal.LazyMap", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.guice.core.IdentityProvider", - "org.forgerock.guice.core.InjectorHolder", - "org.forgerock.http.Client", - "org.forgerock.http.Context", - "org.forgerock.http.Handler", - "org.forgerock.http.client.*", - "org.forgerock.http.context.RootContext", - "org.forgerock.http.header.*", - "org.forgerock.http.header.authorization.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.json.jose.builders.EncryptedJwtBuilder", - "org.forgerock.json.jose.builders.EncryptedThenSignedJwtBuilder", - "org.forgerock.json.jose.builders.JweHeaderBuilder", - "org.forgerock.json.jose.builders.JwsHeaderBuilder", - "org.forgerock.json.jose.builders.JwtBuilderFactory", - "org.forgerock.json.jose.builders.SignedJwtBuilderImpl", - "org.forgerock.json.jose.builders.SignedThenEncryptedJwtBuilder", - "org.forgerock.json.jose.builders.SignedThenEncryptedJwtHeaderBuilder", - "org.forgerock.json.jose.jwe.EncryptedJwt", - "org.forgerock.json.jose.jwe.EncryptionMethod", - "org.forgerock.json.jose.jwe.JweAlgorithm", - "org.forgerock.json.jose.jwe.SignedThenEncryptedJwt", - "org.forgerock.json.jose.jwk.JWKSet", - "org.forgerock.json.jose.jwk.RsaJWK", - "org.forgerock.json.jose.jws.EncryptedThenSignedJwt", - "org.forgerock.json.jose.jws.JwsAlgorithm", - "org.forgerock.json.jose.jws.JwsHeader", - "org.forgerock.json.jose.jws.SignedEncryptedJwt", - "org.forgerock.json.jose.jws.SignedJwt", - "org.forgerock.json.jose.jws.SigningManager", - "org.forgerock.json.jose.jws.handlers.HmacSigningHandler", - "org.forgerock.json.jose.jws.handlers.RSASigningHandler", - "org.forgerock.json.jose.jws.handlers.SecretHmacSigningHandler", - "org.forgerock.json.jose.jws.handlers.SecretRSASigningHandler", - "org.forgerock.json.jose.jwt.JwtClaimsSet", - "org.forgerock.macaroons.Macaroon", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.GrantType", - "org.forgerock.oauth2.core.StatefulAccessToken", - "org.forgerock.oauth2.core.UserInfoClaims", - "org.forgerock.oauth2.core.exceptions.InvalidRequestException", - "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", - "org.forgerock.openam.auth.node.api.Action", - "org.forgerock.openam.auth.node.api.Action$ActionBuilder", - "org.forgerock.openam.auth.node.api.NodeState", - "org.forgerock.openam.auth.node.api.SuspendedTextOutputCallback", - "org.forgerock.openam.auth.nodes.IdentityProvider", - "org.forgerock.openam.auth.nodes.InjectorHolder", - "org.forgerock.openam.authentication.callbacks.AbstractValidatedCallback", - "org.forgerock.openam.authentication.callbacks.AttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.ConsentMappingCallback", - "org.forgerock.openam.authentication.callbacks.DeviceProfileCallback", - "org.forgerock.openam.authentication.callbacks.IdPCallback", - "org.forgerock.openam.authentication.callbacks.KbaCreateCallback", - "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", - "org.forgerock.openam.authentication.callbacks.SelectIdPCallback", - "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.TermsAndConditionsCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", - "org.forgerock.openam.authentication.modules.scripted.*", - "org.forgerock.openam.core.rest.authn.callbackhandlers.*", - "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", - "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", - "org.forgerock.openam.oauth2.OpenAMAccessToken", - "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", - "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", - "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.ScriptedIdentity", - "org.forgerock.openam.scripting.api.ScriptedSession", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.scripting.api.secrets.Secret", - "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", - "org.forgerock.openam.shared.security.ThreadLocalSecureRandom", - "org.forgerock.openidconnect.Claim", - "org.forgerock.openidconnect.OpenIdConnectToken", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.forgerock.secrets.SecretBuilder", - "org.forgerock.secrets.keys.SigningKey", - "org.forgerock.secrets.keys.VerificationKey", - "org.forgerock.util.encode.Base64", - "org.forgerock.util.encode.Base64url", - "org.forgerock.util.encode.Hex", - "org.forgerock.util.promise.NeverThrowsException", - "org.forgerock.util.promise.Promise", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.ConsString", - "org.mozilla.javascript.JavaScriptException", - "org.mozilla.javascript.WrappedException", - "sun.security.ec.ECPrivateKeyImpl", - "sun.security.rsa.RSAPrivateCrtKeyImpl", - "sun.security.rsa.RSAPublicKeyImpl", - "sun.security.x509.X500Name", - "sun.security.x509.X509CertImpl", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableMap", - "java.util.Collections$UnmodifiableSet", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.openam.auth.nodes.VerifyTransactionsHelper", - ], - }, - "isHidden": false, - "languages": [ - "JAVASCRIPT", - "GROOVY", - ], - }, - "OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER": { - "_id": "OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", - }, - "context": { - "_id": "OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER", - "allowLists": [ - "groovy.json.JsonSlurper", - "org.forgerock.oauth2.core.exceptions.ServerException", - "sun.security.ec.ECPrivateKeyImpl", - "java.lang.Double", - "org.forgerock.opendj.ldap.Rdn", - "com.sun.identity.shared.debug.Debug", - "org.forgerock.util.promise.PromiseImpl", - "java.lang.Character", - "java.util.HashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.Collections$EmptyList", - "java.util.TreeSet", - "java.lang.Float", - "java.lang.Object", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "java.lang.Character$UnicodeBlock", - "java.util.LinkedHashMap", - "org.forgerock.http.client.*", - "java.util.HashMap$KeySet", - "org.forgerock.http.protocol.*", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.HashMap$KeyIterator", - "java.lang.Character$Subset", - "java.util.Collections$UnmodifiableSet", - "org.forgerock.json.JsonValue", - "com.sun.identity.idm.AMIdentity", - "org.forgerock.oauth.clients.oidc.Claim", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "java.lang.Short", - "java.util.HashSet", - "java.lang.Void", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "java.util.ArrayList", - "org.forgerock.http.Client", - "java.util.HashMap$Node", - "java.util.Collections$UnmodifiableCollection$1", - "groovy.json.internal.LazyMap", - "java.lang.StrictMath", - "java.lang.Long", - "java.lang.Byte", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "java.util.Collections$UnmodifiableRandomAccessList", - "org.forgerock.opendj.ldap.Dn", - "java.util.TreeMap", - "java.lang.Number", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "java.lang.Integer", - "java.util.Collections$SingletonList", - "java.net.URI", - "java.util.LinkedHashMap$Entry", - "java.util.List", - "java.util.LinkedHashSet", - "java.util.Map", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.Collections$UnmodifiableMap", - "com.sun.identity.common.CaseInsensitiveHashMap", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "java.util.LinkedList", - "java.lang.Boolean", - "java.util.HashMap", - "com.google.common.collect.Sets$1", - "java.util.Locale", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.lang.String", - "java.lang.Math", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.codehaus.groovy.runtime.GStringImpl", - "org.mozilla.javascript.JavaScriptException", - ], - "bindings": [], - "evaluatorVersions": { - "GROOVY": [ - "1.0", - ], - "JAVASCRIPT": [ - "1.0", - ], + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "accessTokenModifierClass": null, + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": false, + "customLoginUrlTemplate": null, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsClass": null, + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": false, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]", }, - }, - "defaultScript": "[Empty]", - "engineConfiguration": { - "_id": "engineConfiguration", - "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null, }, - "blackList": [ - "java.lang.Class", - "java.lang.Thread", - "java.lang.invoke.*", - "java.lang.reflect.*", - "java.security.AccessController", - ], - "coreThreads": { - "$int": "&{oauth2.authorize.endpoint.data.provider.script.context.core.threads|10}", + }, + "60b7b032-68fc-45ed-98ca-262c1985fb7e": { + "_id": "60b7b032-68fc-45ed-98ca-262c1985fb7e", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider", + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid", + ], + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email", + ], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer", + ], + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens", + ], + "supportedSubjectTypes": [ + "public", + "pairwise", + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", + ], + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false, + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256", + ], + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris", + ], + }, + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false, + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8, + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]", + }, }, - "idleTimeout": 60, - "maxThreads": { - "$int": "&{oauth2.authorize.endpoint.data.provider.script.context.max.threads|50}", + "_type": { + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients", }, - "propertyNamePrefix": "esv.", - "queueSize": { - "$int": "&{oauth2.authorize.endpoint.data.provider.script.context.queue.size|10}", + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [ + "Created by Frodo on 3/20/2024, 8:09:47 AM", + ], + "grantTypes": [ + "client_credentials", + ], + "isConsentImplied": true, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "token", + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "Public", + "tokenEndpointAuthMethod": "client_secret_basic", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null, }, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "com.google.common.collect.ImmutableList", - "com.google.common.collect.Sets$1", - "com.iplanet.am.sdk.AMHashMap", - "com.iplanet.sso.providers.dpro.SSOTokenIDImpl", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.authentication.callbacks.HiddenValueCallback", - "com.sun.identity.authentication.callbacks.ReCaptchaCallback", - "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", - "com.sun.identity.authentication.spi.HttpCallback", - "com.sun.identity.authentication.spi.IdentifiableCallback", - "com.sun.identity.authentication.spi.MetadataCallback", - "com.sun.identity.authentication.spi.PagePropertiesCallback", - "com.sun.identity.authentication.spi.RedirectCallback", - "com.sun.identity.authentication.spi.X509CertificateCallback", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.common.CaseInsensitiveHashMap$Entry", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.idm.IdType", - "com.sun.identity.saml2.assertion.impl.AttributeImpl", - "com.sun.identity.saml2.common.SAML2Exception", - "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.StringEscapeUtils", - "groovy.json.internal.LazyMap", - "java.io.ByteArrayInputStream", - "java.io.ByteArrayOutputStream", - "java.io.UnsupportedEncodingException", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.NullPointerException", - "java.lang.Number", - "java.lang.Object", - "java.lang.RuntimeException", - "java.lang.SecurityException", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.math.BigDecimal", - "java.math.BigInteger", - "java.net.URI", - "java.security.KeyFactory", - "java.security.KeyPair", - "java.security.KeyPairGenerator", - "java.security.KeyPairGenerator$*", - "java.security.MessageDigest", - "java.security.MessageDigest$Delegate", - "java.security.MessageDigest$Delegate$CloneableDelegate", - "java.security.NoSuchAlgorithmException", - "java.security.PrivateKey", - "java.security.PublicKey", - "java.security.cert.CertificateFactory", - "java.security.cert.X509Certificate", - "java.security.spec.MGF1ParameterSpec", - "java.security.spec.PKCS8EncodedKeySpec", - "java.security.spec.X509EncodedKeySpec", - "java.text.SimpleDateFormat", - "java.time.Clock", - "java.time.Clock$FixedClock", - "java.time.Clock$OffsetClock", - "java.time.Clock$SystemClock", - "java.time.Clock$TickClock", - "java.time.temporal.ChronoUnit", - "java.util.AbstractMap$*", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Arrays", - "java.util.Collections", - "java.util.Collections$*", - "java.util.Date", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashMap$LinkedKeySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "java.util.UUID", - "javax.crypto.Cipher", - "javax.crypto.Mac", - "javax.crypto.spec.IvParameterSpec", - "javax.crypto.spec.OAEPParameterSpec", - "javax.crypto.spec.PSource", - "javax.crypto.spec.PSource$*", - "javax.crypto.spec.SecretKeySpec", - "javax.security.auth.callback.ChoiceCallback", - "javax.security.auth.callback.ConfirmationCallback", - "javax.security.auth.callback.LanguageCallback", - "javax.security.auth.callback.NameCallback", - "javax.security.auth.callback.PasswordCallback", - "javax.security.auth.callback.TextInputCallback", - "javax.security.auth.callback.TextOutputCallback", - "org.apache.groovy.json.internal.LazyMap", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.guice.core.IdentityProvider", - "org.forgerock.guice.core.InjectorHolder", - "org.forgerock.http.Client", - "org.forgerock.http.Context", - "org.forgerock.http.Handler", - "org.forgerock.http.client.*", - "org.forgerock.http.context.RootContext", - "org.forgerock.http.header.*", - "org.forgerock.http.header.authorization.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.json.jose.builders.EncryptedJwtBuilder", - "org.forgerock.json.jose.builders.EncryptedThenSignedJwtBuilder", - "org.forgerock.json.jose.builders.JweHeaderBuilder", - "org.forgerock.json.jose.builders.JwsHeaderBuilder", - "org.forgerock.json.jose.builders.JwtBuilderFactory", - "org.forgerock.json.jose.builders.SignedJwtBuilderImpl", - "org.forgerock.json.jose.builders.SignedThenEncryptedJwtBuilder", - "org.forgerock.json.jose.builders.SignedThenEncryptedJwtHeaderBuilder", - "org.forgerock.json.jose.jwe.EncryptedJwt", - "org.forgerock.json.jose.jwe.EncryptionMethod", - "org.forgerock.json.jose.jwe.JweAlgorithm", - "org.forgerock.json.jose.jwe.SignedThenEncryptedJwt", - "org.forgerock.json.jose.jwk.JWKSet", - "org.forgerock.json.jose.jwk.RsaJWK", - "org.forgerock.json.jose.jws.EncryptedThenSignedJwt", - "org.forgerock.json.jose.jws.JwsAlgorithm", - "org.forgerock.json.jose.jws.JwsHeader", - "org.forgerock.json.jose.jws.SignedEncryptedJwt", - "org.forgerock.json.jose.jws.SignedJwt", - "org.forgerock.json.jose.jws.SigningManager", - "org.forgerock.json.jose.jws.handlers.HmacSigningHandler", - "org.forgerock.json.jose.jws.handlers.RSASigningHandler", - "org.forgerock.json.jose.jws.handlers.SecretHmacSigningHandler", - "org.forgerock.json.jose.jws.handlers.SecretRSASigningHandler", - "org.forgerock.json.jose.jwt.JwtClaimsSet", - "org.forgerock.macaroons.Macaroon", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.GrantType", - "org.forgerock.oauth2.core.StatefulAccessToken", - "org.forgerock.oauth2.core.UserInfoClaims", - "org.forgerock.oauth2.core.exceptions.InvalidRequestException", - "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", - "org.forgerock.openam.auth.node.api.Action", - "org.forgerock.openam.auth.node.api.Action$ActionBuilder", - "org.forgerock.openam.auth.node.api.NodeState", - "org.forgerock.openam.auth.node.api.SuspendedTextOutputCallback", - "org.forgerock.openam.auth.nodes.IdentityProvider", - "org.forgerock.openam.auth.nodes.InjectorHolder", - "org.forgerock.openam.authentication.callbacks.AbstractValidatedCallback", - "org.forgerock.openam.authentication.callbacks.AttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.ConsentMappingCallback", - "org.forgerock.openam.authentication.callbacks.DeviceProfileCallback", - "org.forgerock.openam.authentication.callbacks.IdPCallback", - "org.forgerock.openam.authentication.callbacks.KbaCreateCallback", - "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", - "org.forgerock.openam.authentication.callbacks.SelectIdPCallback", - "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.TermsAndConditionsCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", - "org.forgerock.openam.authentication.modules.scripted.*", - "org.forgerock.openam.core.rest.authn.callbackhandlers.*", - "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", - "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", - "org.forgerock.openam.oauth2.OpenAMAccessToken", - "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", - "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", - "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.ScriptedIdentity", - "org.forgerock.openam.scripting.api.ScriptedSession", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.scripting.api.secrets.Secret", - "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", - "org.forgerock.openam.shared.security.ThreadLocalSecureRandom", - "org.forgerock.openidconnect.Claim", - "org.forgerock.openidconnect.OpenIdConnectToken", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.forgerock.secrets.SecretBuilder", - "org.forgerock.secrets.keys.SigningKey", - "org.forgerock.secrets.keys.VerificationKey", - "org.forgerock.util.encode.Base64", - "org.forgerock.util.encode.Base64url", - "org.forgerock.util.encode.Hex", - "org.forgerock.util.promise.NeverThrowsException", - "org.forgerock.util.promise.Promise", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.ConsString", - "org.mozilla.javascript.JavaScriptException", - "org.mozilla.javascript.WrappedException", - "sun.security.ec.ECPrivateKeyImpl", - "sun.security.rsa.RSAPrivateCrtKeyImpl", - "sun.security.rsa.RSAPublicKeyImpl", - "sun.security.x509.X500Name", - "sun.security.x509.X509CertImpl", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableMap", - "java.util.Collections$UnmodifiableSet", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.openam.auth.nodes.VerifyTransactionsHelper", - ], - }, - "isHidden": false, - "languages": [ - "JAVASCRIPT", - "GROOVY", - ], - }, - "OAUTH2_EVALUATE_SCOPE": { - "_id": "OAUTH2_EVALUATE_SCOPE", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", - }, - "context": { - "_id": "OAUTH2_EVALUATE_SCOPE", - "allowLists": [ - "org.forgerock.openam.shared.security.crypto.CertificateService", - "java.util.Map", - "java.lang.Character$Subset", - "java.util.TreeSet", - "org.forgerock.openam.oauth2.OpenAMAccessToken", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.oauth2.core.StatefulAccessToken", - "org.mozilla.javascript.JavaScriptException", - "org.forgerock.json.JsonValue", - "org.codehaus.groovy.runtime.GStringImpl", - "org.forgerock.opendj.ldap.Dn", - "com.google.common.collect.Sets$1", - "java.util.ArrayList", - "java.util.LinkedHashMap$Entry", - "org.forgerock.opendj.ldap.Rdn", - "java.lang.StrictMath", - "java.util.HashMap$Entry", - "java.util.LinkedHashSet", - "java.util.AbstractMap$SimpleImmutableEntry", - "org.forgerock.oauth2.core.exceptions.InvalidRequestException", - "java.util.Locale", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.http.protocol.*", - "sun.security.ec.ECPrivateKeyImpl", - "java.lang.Float", - "java.util.Collections$EmptyList", - "java.lang.Double", - "com.sun.identity.common.CaseInsensitiveHashMap", - "groovy.json.JsonSlurper", - "com.sun.identity.idm.AMIdentity", - "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", - "org.forgerock.http.client.*", - "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "java.lang.Void", - "java.util.HashMap", - "java.lang.Long", - "java.lang.Math", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.lang.Integer", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.HashMap$KeyIterator", - "java.util.ArrayList$Itr", - "java.lang.String", - "java.util.Collections$UnmodifiableMap", - "java.lang.Object", - "java.lang.Boolean", - "org.forgerock.macaroons.Macaroon", - "org.forgerock.util.promise.PromiseImpl", - "java.lang.Short", - "java.util.TreeMap", - "java.lang.Character", - "com.sun.identity.shared.debug.Debug", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.HashMap$KeySet", - "java.util.List", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.HashMap$Node", - "org.forgerock.oauth.clients.oidc.Claim", - "java.util.Collections$SingletonList", - "java.util.HashSet", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", - "org.forgerock.oauth2.core.UserInfoClaims", - "java.net.URI", - "java.util.Collections$1", - "groovy.json.internal.LazyMap", - "java.util.LinkedHashMap", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openidconnect.Claim", - "java.lang.Number", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "java.util.LinkedList", - "java.lang.Byte", - "org.forgerock.http.Client", - "org.forgerock.oauth2.core.GrantType", - "java.lang.Character$UnicodeBlock", - "java.util.Collections$UnmodifiableSet", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - ], - "bindings": [], - "evaluatorVersions": { - "GROOVY": [ - "1.0", + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 315360000, + "authorizationCodeLifetime": 120, + "clientName": [ + "60b7b032-68fc-45ed-98ca-262c1985fb7e", ], - "JAVASCRIPT": [ - "1.0", + "clientType": "Confidential", + "defaultScopes": [ + "fr:idm:*", + ], + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 604800, + "scopes": [ + "fr:idm:*", + "fr:idc:esv:*", + "dynamic_client_registration", ], + "status": "Active", + "userpassword": null, }, - }, - "defaultScript": "[Empty]", - "engineConfiguration": { - "_id": "engineConfiguration", - "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 3600, + "postLogoutRedirectUri": [], }, - "blackList": [ - "java.lang.Class", - "java.lang.Thread", - "java.lang.invoke.*", - "java.lang.reflect.*", - "java.security.AccessController", - ], - "coreThreads": { - "$int": "&{oauth2.evaluate.scope.script.context.core.threads|10}", + "coreUmaClientConfig": { + "claimsRedirectionUris": [], }, - "idleTimeout": 60, - "maxThreads": { - "$int": "&{oauth2.evaluate.scope.script.context.max.threads|50}", + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": false, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": false, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]", }, - "propertyNamePrefix": "esv.", - "queueSize": { - "$int": "&{oauth2.evaluate.scope.script.context.queue.size|10}", + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null, }, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "com.google.common.collect.ImmutableList", - "com.google.common.collect.Sets$1", - "com.iplanet.am.sdk.AMHashMap", - "com.iplanet.sso.providers.dpro.SSOTokenIDImpl", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.authentication.callbacks.HiddenValueCallback", - "com.sun.identity.authentication.callbacks.ReCaptchaCallback", - "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", - "com.sun.identity.authentication.spi.HttpCallback", - "com.sun.identity.authentication.spi.IdentifiableCallback", - "com.sun.identity.authentication.spi.MetadataCallback", - "com.sun.identity.authentication.spi.PagePropertiesCallback", - "com.sun.identity.authentication.spi.RedirectCallback", - "com.sun.identity.authentication.spi.X509CertificateCallback", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.common.CaseInsensitiveHashMap$Entry", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.idm.IdType", - "com.sun.identity.saml2.assertion.impl.AttributeImpl", - "com.sun.identity.saml2.common.SAML2Exception", - "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.StringEscapeUtils", - "groovy.json.internal.LazyMap", - "java.io.ByteArrayInputStream", - "java.io.ByteArrayOutputStream", - "java.io.UnsupportedEncodingException", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.NullPointerException", - "java.lang.Number", - "java.lang.Object", - "java.lang.RuntimeException", - "java.lang.SecurityException", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.math.BigDecimal", - "java.math.BigInteger", - "java.net.URI", - "java.security.KeyFactory", - "java.security.KeyPair", - "java.security.KeyPairGenerator", - "java.security.KeyPairGenerator$*", - "java.security.MessageDigest", - "java.security.MessageDigest$Delegate", - "java.security.MessageDigest$Delegate$CloneableDelegate", - "java.security.NoSuchAlgorithmException", - "java.security.PrivateKey", - "java.security.PublicKey", - "java.security.cert.CertificateFactory", - "java.security.cert.X509Certificate", - "java.security.spec.MGF1ParameterSpec", - "java.security.spec.PKCS8EncodedKeySpec", - "java.security.spec.X509EncodedKeySpec", - "java.text.SimpleDateFormat", - "java.time.Clock", - "java.time.Clock$FixedClock", - "java.time.Clock$OffsetClock", - "java.time.Clock$SystemClock", - "java.time.Clock$TickClock", - "java.time.temporal.ChronoUnit", - "java.util.AbstractMap$*", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Arrays", - "java.util.Collections", - "java.util.Collections$*", - "java.util.Date", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashMap$LinkedKeySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "java.util.UUID", - "javax.crypto.Cipher", - "javax.crypto.Mac", - "javax.crypto.spec.IvParameterSpec", - "javax.crypto.spec.OAEPParameterSpec", - "javax.crypto.spec.PSource", - "javax.crypto.spec.PSource$*", - "javax.crypto.spec.SecretKeySpec", - "javax.security.auth.callback.ChoiceCallback", - "javax.security.auth.callback.ConfirmationCallback", - "javax.security.auth.callback.LanguageCallback", - "javax.security.auth.callback.NameCallback", - "javax.security.auth.callback.PasswordCallback", - "javax.security.auth.callback.TextInputCallback", - "javax.security.auth.callback.TextOutputCallback", - "org.apache.groovy.json.internal.LazyMap", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.guice.core.IdentityProvider", - "org.forgerock.guice.core.InjectorHolder", - "org.forgerock.http.Client", - "org.forgerock.http.Context", - "org.forgerock.http.Handler", - "org.forgerock.http.client.*", - "org.forgerock.http.context.RootContext", - "org.forgerock.http.header.*", - "org.forgerock.http.header.authorization.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.json.jose.builders.EncryptedJwtBuilder", - "org.forgerock.json.jose.builders.EncryptedThenSignedJwtBuilder", - "org.forgerock.json.jose.builders.JweHeaderBuilder", - "org.forgerock.json.jose.builders.JwsHeaderBuilder", - "org.forgerock.json.jose.builders.JwtBuilderFactory", - "org.forgerock.json.jose.builders.SignedJwtBuilderImpl", - "org.forgerock.json.jose.builders.SignedThenEncryptedJwtBuilder", - "org.forgerock.json.jose.builders.SignedThenEncryptedJwtHeaderBuilder", - "org.forgerock.json.jose.jwe.EncryptedJwt", - "org.forgerock.json.jose.jwe.EncryptionMethod", - "org.forgerock.json.jose.jwe.JweAlgorithm", - "org.forgerock.json.jose.jwe.SignedThenEncryptedJwt", - "org.forgerock.json.jose.jwk.JWKSet", - "org.forgerock.json.jose.jwk.RsaJWK", - "org.forgerock.json.jose.jws.EncryptedThenSignedJwt", - "org.forgerock.json.jose.jws.JwsAlgorithm", - "org.forgerock.json.jose.jws.JwsHeader", - "org.forgerock.json.jose.jws.SignedEncryptedJwt", - "org.forgerock.json.jose.jws.SignedJwt", - "org.forgerock.json.jose.jws.SigningManager", - "org.forgerock.json.jose.jws.handlers.HmacSigningHandler", - "org.forgerock.json.jose.jws.handlers.RSASigningHandler", - "org.forgerock.json.jose.jws.handlers.SecretHmacSigningHandler", - "org.forgerock.json.jose.jws.handlers.SecretRSASigningHandler", - "org.forgerock.json.jose.jwt.JwtClaimsSet", - "org.forgerock.macaroons.Macaroon", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.GrantType", - "org.forgerock.oauth2.core.StatefulAccessToken", - "org.forgerock.oauth2.core.UserInfoClaims", - "org.forgerock.oauth2.core.exceptions.InvalidRequestException", - "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", - "org.forgerock.openam.auth.node.api.Action", - "org.forgerock.openam.auth.node.api.Action$ActionBuilder", - "org.forgerock.openam.auth.node.api.NodeState", - "org.forgerock.openam.auth.node.api.SuspendedTextOutputCallback", - "org.forgerock.openam.auth.nodes.IdentityProvider", - "org.forgerock.openam.auth.nodes.InjectorHolder", - "org.forgerock.openam.authentication.callbacks.AbstractValidatedCallback", - "org.forgerock.openam.authentication.callbacks.AttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.ConsentMappingCallback", - "org.forgerock.openam.authentication.callbacks.DeviceProfileCallback", - "org.forgerock.openam.authentication.callbacks.IdPCallback", - "org.forgerock.openam.authentication.callbacks.KbaCreateCallback", - "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", - "org.forgerock.openam.authentication.callbacks.SelectIdPCallback", - "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.TermsAndConditionsCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", - "org.forgerock.openam.authentication.modules.scripted.*", - "org.forgerock.openam.core.rest.authn.callbackhandlers.*", - "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", - "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", - "org.forgerock.openam.oauth2.OpenAMAccessToken", - "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", - "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", - "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.ScriptedIdentity", - "org.forgerock.openam.scripting.api.ScriptedSession", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.scripting.api.secrets.Secret", - "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", - "org.forgerock.openam.shared.security.ThreadLocalSecureRandom", - "org.forgerock.openidconnect.Claim", - "org.forgerock.openidconnect.OpenIdConnectToken", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.forgerock.secrets.SecretBuilder", - "org.forgerock.secrets.keys.SigningKey", - "org.forgerock.secrets.keys.VerificationKey", - "org.forgerock.util.encode.Base64", - "org.forgerock.util.encode.Base64url", - "org.forgerock.util.encode.Hex", - "org.forgerock.util.promise.NeverThrowsException", - "org.forgerock.util.promise.Promise", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.ConsString", - "org.mozilla.javascript.JavaScriptException", - "org.mozilla.javascript.WrappedException", - "sun.security.ec.ECPrivateKeyImpl", - "sun.security.rsa.RSAPrivateCrtKeyImpl", - "sun.security.rsa.RSAPublicKeyImpl", - "sun.security.x509.X500Name", - "sun.security.x509.X509CertImpl", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableMap", - "java.util.Collections$UnmodifiableSet", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.openam.auth.nodes.VerifyTransactionsHelper", - ], - }, - "isHidden": false, - "languages": [ - "JAVASCRIPT", - "GROOVY", - ], - }, - "OAUTH2_MAY_ACT": { - "_id": "OAUTH2_MAY_ACT", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", }, - "context": { - "_id": "OAUTH2_MAY_ACT", - "allowLists": [ - "java.lang.Short", - "java.util.HashMap$Node", - "java.lang.Number", - "java.util.ArrayList$Itr", - "java.lang.Double", - "java.lang.Void", - "java.util.Collections$1", - "java.lang.Character$UnicodeBlock", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "java.net.URI", - "com.sun.identity.idm.AMIdentity", - "java.util.Collections$UnmodifiableCollection$1", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.util.TreeSet", - "java.util.Collections$UnmodifiableSet", - "java.lang.Object", - "java.util.HashSet", - "org.forgerock.oauth2.core.GrantType", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "java.util.Collections$SingletonList", - "java.util.List", - "java.util.LinkedList", - "org.forgerock.oauth2.core.exceptions.InvalidRequestException", - "org.forgerock.http.client.*", - "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", - "org.mozilla.javascript.JavaScriptException", - "java.lang.Long", - "java.util.LinkedHashMap$LinkedEntrySet", - "org.forgerock.http.protocol.*", - "groovy.json.internal.LazyMap", - "java.lang.Character", - "java.util.HashMap$KeySet", - "org.forgerock.oauth2.core.StatefulAccessToken", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.oauth2.core.UserInfoClaims", - "sun.security.ec.ECPrivateKeyImpl", - "java.util.Locale", - "java.util.LinkedHashMap", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openidconnect.Claim", - "com.sun.identity.common.CaseInsensitiveHashMap", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "java.lang.Boolean", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.HashMap$Entry", - "org.codehaus.groovy.runtime.GStringImpl", - "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", - "org.forgerock.openidconnect.OpenIdConnectToken", - "java.util.HashMap$KeyIterator", - "java.util.Collections$EmptyList", - "java.util.TreeMap", - "com.google.common.collect.Sets$1", - "java.util.Collections$UnmodifiableMap", - "java.util.HashMap", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.opendj.ldap.Dn", - "java.lang.Byte", - "java.util.Map", - "com.sun.identity.shared.debug.Debug", - "java.lang.Float", - "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", - "java.lang.StrictMath", - "java.lang.Character$Subset", - "java.util.ArrayList", - "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", - "org.forgerock.openam.oauth2.OpenAMAccessToken", - "org.forgerock.oauth.clients.oidc.Claim", - "java.lang.Integer", - "groovy.json.JsonSlurper", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "java.lang.Math", - "org.forgerock.json.JsonValue", - "java.util.LinkedHashMap$Entry", - "java.lang.String", - "org.forgerock.http.Client", - "java.util.AbstractMap$SimpleImmutableEntry", - "org.forgerock.macaroons.Macaroon", - "java.util.LinkedHashSet", - ], - "bindings": [], - "evaluatorVersions": { - "GROOVY": [ - "1.0", + "EncoreRCSClient": { + "_id": "EncoreRCSClient", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider", + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid", + ], + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email", + ], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer", + ], + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens", + ], + "supportedSubjectTypes": [ + "public", + "pairwise", + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", + ], + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false, + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256", + ], + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris", + ], + }, + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false, + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8, + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]", + }, + }, + "_type": { + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients", + }, + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [], + "grantTypes": [ + "client_credentials", ], - "JAVASCRIPT": [ - "1.0", + "isConsentImplied": false, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "code", + "token", + "id_token", + "code token", + "token id_token", + "code id_token", + "code token id_token", + "device_code", + "device_code id_token", ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "pairwise", + "tokenEndpointAuthMethod": "client_secret_basic", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null, }, - }, - "defaultScript": "[Empty]", - "engineConfiguration": { - "_id": "engineConfiguration", - "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 0, + "authorizationCodeLifetime": 0, + "clientName": [], + "clientType": "Confidential", + "defaultScopes": [], + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 0, + "scopes": [ + "fr:idm:*", + ], + "status": "Active", }, - "blackList": [ - "java.lang.Class", - "java.lang.Thread", - "java.lang.invoke.*", - "java.lang.reflect.*", - "java.security.AccessController", - ], - "coreThreads": { - "$int": "&{oauth2.may.act.script.context.core.threads|10}", + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 0, + "postLogoutRedirectUri": [], }, - "idleTimeout": 60, - "maxThreads": { - "$int": "&{oauth2.may.act.script.context.max.threads|50}", + "coreUmaClientConfig": { + "claimsRedirectionUris": [], }, - "propertyNamePrefix": "esv.", - "queueSize": { - "$int": "&{oauth2.may.act.script.context.queue.size|10}", + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": false, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": false, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]", + }, + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null, }, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "com.google.common.collect.ImmutableList", - "com.google.common.collect.Sets$1", - "com.iplanet.am.sdk.AMHashMap", - "com.iplanet.sso.providers.dpro.SSOTokenIDImpl", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.authentication.callbacks.HiddenValueCallback", - "com.sun.identity.authentication.callbacks.ReCaptchaCallback", - "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", - "com.sun.identity.authentication.spi.HttpCallback", - "com.sun.identity.authentication.spi.IdentifiableCallback", - "com.sun.identity.authentication.spi.MetadataCallback", - "com.sun.identity.authentication.spi.PagePropertiesCallback", - "com.sun.identity.authentication.spi.RedirectCallback", - "com.sun.identity.authentication.spi.X509CertificateCallback", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.common.CaseInsensitiveHashMap$Entry", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.idm.IdType", - "com.sun.identity.saml2.assertion.impl.AttributeImpl", - "com.sun.identity.saml2.common.SAML2Exception", - "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.StringEscapeUtils", - "groovy.json.internal.LazyMap", - "java.io.ByteArrayInputStream", - "java.io.ByteArrayOutputStream", - "java.io.UnsupportedEncodingException", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.NullPointerException", - "java.lang.Number", - "java.lang.Object", - "java.lang.RuntimeException", - "java.lang.SecurityException", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.math.BigDecimal", - "java.math.BigInteger", - "java.net.URI", - "java.security.KeyFactory", - "java.security.KeyPair", - "java.security.KeyPairGenerator", - "java.security.KeyPairGenerator$*", - "java.security.MessageDigest", - "java.security.MessageDigest$Delegate", - "java.security.MessageDigest$Delegate$CloneableDelegate", - "java.security.NoSuchAlgorithmException", - "java.security.PrivateKey", - "java.security.PublicKey", - "java.security.cert.CertificateFactory", - "java.security.cert.X509Certificate", - "java.security.spec.MGF1ParameterSpec", - "java.security.spec.PKCS8EncodedKeySpec", - "java.security.spec.X509EncodedKeySpec", - "java.text.SimpleDateFormat", - "java.time.Clock", - "java.time.Clock$FixedClock", - "java.time.Clock$OffsetClock", - "java.time.Clock$SystemClock", - "java.time.Clock$TickClock", - "java.time.temporal.ChronoUnit", - "java.util.AbstractMap$*", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Arrays", - "java.util.Collections", - "java.util.Collections$*", - "java.util.Date", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashMap$LinkedKeySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "java.util.UUID", - "javax.crypto.Cipher", - "javax.crypto.Mac", - "javax.crypto.spec.IvParameterSpec", - "javax.crypto.spec.OAEPParameterSpec", - "javax.crypto.spec.PSource", - "javax.crypto.spec.PSource$*", - "javax.crypto.spec.SecretKeySpec", - "javax.security.auth.callback.ChoiceCallback", - "javax.security.auth.callback.ConfirmationCallback", - "javax.security.auth.callback.LanguageCallback", - "javax.security.auth.callback.NameCallback", - "javax.security.auth.callback.PasswordCallback", - "javax.security.auth.callback.TextInputCallback", - "javax.security.auth.callback.TextOutputCallback", - "org.apache.groovy.json.internal.LazyMap", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.guice.core.IdentityProvider", - "org.forgerock.guice.core.InjectorHolder", - "org.forgerock.http.Client", - "org.forgerock.http.Context", - "org.forgerock.http.Handler", - "org.forgerock.http.client.*", - "org.forgerock.http.context.RootContext", - "org.forgerock.http.header.*", - "org.forgerock.http.header.authorization.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.json.jose.builders.EncryptedJwtBuilder", - "org.forgerock.json.jose.builders.EncryptedThenSignedJwtBuilder", - "org.forgerock.json.jose.builders.JweHeaderBuilder", - "org.forgerock.json.jose.builders.JwsHeaderBuilder", - "org.forgerock.json.jose.builders.JwtBuilderFactory", - "org.forgerock.json.jose.builders.SignedJwtBuilderImpl", - "org.forgerock.json.jose.builders.SignedThenEncryptedJwtBuilder", - "org.forgerock.json.jose.builders.SignedThenEncryptedJwtHeaderBuilder", - "org.forgerock.json.jose.jwe.EncryptedJwt", - "org.forgerock.json.jose.jwe.EncryptionMethod", - "org.forgerock.json.jose.jwe.JweAlgorithm", - "org.forgerock.json.jose.jwe.SignedThenEncryptedJwt", - "org.forgerock.json.jose.jwk.JWKSet", - "org.forgerock.json.jose.jwk.RsaJWK", - "org.forgerock.json.jose.jws.EncryptedThenSignedJwt", - "org.forgerock.json.jose.jws.JwsAlgorithm", - "org.forgerock.json.jose.jws.JwsHeader", - "org.forgerock.json.jose.jws.SignedEncryptedJwt", - "org.forgerock.json.jose.jws.SignedJwt", - "org.forgerock.json.jose.jws.SigningManager", - "org.forgerock.json.jose.jws.handlers.HmacSigningHandler", - "org.forgerock.json.jose.jws.handlers.RSASigningHandler", - "org.forgerock.json.jose.jws.handlers.SecretHmacSigningHandler", - "org.forgerock.json.jose.jws.handlers.SecretRSASigningHandler", - "org.forgerock.json.jose.jwt.JwtClaimsSet", - "org.forgerock.macaroons.Macaroon", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.GrantType", - "org.forgerock.oauth2.core.StatefulAccessToken", - "org.forgerock.oauth2.core.UserInfoClaims", - "org.forgerock.oauth2.core.exceptions.InvalidRequestException", - "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", - "org.forgerock.openam.auth.node.api.Action", - "org.forgerock.openam.auth.node.api.Action$ActionBuilder", - "org.forgerock.openam.auth.node.api.NodeState", - "org.forgerock.openam.auth.node.api.SuspendedTextOutputCallback", - "org.forgerock.openam.auth.nodes.IdentityProvider", - "org.forgerock.openam.auth.nodes.InjectorHolder", - "org.forgerock.openam.authentication.callbacks.AbstractValidatedCallback", - "org.forgerock.openam.authentication.callbacks.AttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.ConsentMappingCallback", - "org.forgerock.openam.authentication.callbacks.DeviceProfileCallback", - "org.forgerock.openam.authentication.callbacks.IdPCallback", - "org.forgerock.openam.authentication.callbacks.KbaCreateCallback", - "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", - "org.forgerock.openam.authentication.callbacks.SelectIdPCallback", - "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.TermsAndConditionsCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", - "org.forgerock.openam.authentication.modules.scripted.*", - "org.forgerock.openam.core.rest.authn.callbackhandlers.*", - "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", - "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", - "org.forgerock.openam.oauth2.OpenAMAccessToken", - "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", - "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", - "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.ScriptedIdentity", - "org.forgerock.openam.scripting.api.ScriptedSession", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.scripting.api.secrets.Secret", - "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", - "org.forgerock.openam.shared.security.ThreadLocalSecureRandom", - "org.forgerock.openidconnect.Claim", - "org.forgerock.openidconnect.OpenIdConnectToken", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.forgerock.secrets.SecretBuilder", - "org.forgerock.secrets.keys.SigningKey", - "org.forgerock.secrets.keys.VerificationKey", - "org.forgerock.util.encode.Base64", - "org.forgerock.util.encode.Base64url", - "org.forgerock.util.encode.Hex", - "org.forgerock.util.promise.NeverThrowsException", - "org.forgerock.util.promise.Promise", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.ConsString", - "org.mozilla.javascript.JavaScriptException", - "org.mozilla.javascript.WrappedException", - "sun.security.ec.ECPrivateKeyImpl", - "sun.security.rsa.RSAPrivateCrtKeyImpl", - "sun.security.rsa.RSAPublicKeyImpl", - "sun.security.x509.X500Name", - "sun.security.x509.X509CertImpl", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableMap", - "java.util.Collections$UnmodifiableSet", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.openam.auth.nodes.VerifyTransactionsHelper", - ], - }, - "isHidden": false, - "languages": [ - "JAVASCRIPT", - "GROOVY", - ], - }, - "OAUTH2_SCRIPTED_JWT_ISSUER": { - "_id": "OAUTH2_SCRIPTED_JWT_ISSUER", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", }, - "context": { - "_id": "OAUTH2_SCRIPTED_JWT_ISSUER", - "allowLists": [ - "java.lang.Integer", - "java.util.ArrayList$Itr", - "java.lang.Character$Subset", - "java.util.LinkedHashMap$Entry", - "java.lang.StrictMath", - "java.util.Collections$UnmodifiableSet", - "com.sun.identity.idm.AMIdentity", - "java.lang.Short", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "java.util.Collections$SingletonList", - "java.util.Locale", - "java.net.URI", - "java.util.Collections$UnmodifiableMap", - "org.forgerock.opendj.ldap.Dn", - "java.util.TreeSet", - "java.lang.Double", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$Node", - "java.util.LinkedHashMap$LinkedEntryIterator", - "org.forgerock.util.promise.PromiseImpl", - "java.lang.Number", - "java.util.TreeMap", - "org.forgerock.http.protocol.*", - "com.sun.identity.shared.debug.Debug", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.util.Collections$1", - "java.lang.Object", - "java.lang.Boolean", - "org.forgerock.oauth2.core.TrustedJwtIssuerConfig", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.opendj.ldap.Rdn", - "java.util.LinkedHashMap$LinkedEntrySet", - "groovy.json.JsonSlurper", - "org.mozilla.javascript.JavaScriptException", - "java.util.AbstractMap$SimpleImmutableEntry", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "org.forgerock.http.Client", - "java.util.ArrayList", - "java.lang.Void", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "java.util.LinkedHashSet", - "java.lang.Math", - "java.util.HashMap$Entry", - "org.forgerock.json.JsonValue", - "org.forgerock.http.client.*", - "org.codehaus.groovy.runtime.GStringImpl", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "java.util.LinkedHashMap", - "java.util.Collections$UnmodifiableCollection$1", - "java.lang.Float", - "java.util.HashMap$KeySet", - "sun.security.ec.ECPrivateKeyImpl", - "java.lang.Character", - "java.lang.String", - "java.util.LinkedList", - "java.util.Collections$EmptyList", - "java.util.List", - "com.sun.identity.common.CaseInsensitiveHashMap", - "java.lang.Long", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "java.util.HashSet", - "org.forgerock.oauth2.core.exceptions.ServerException", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "java.util.Map", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "java.util.HashMap", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.lang.Byte", - "com.google.common.collect.Sets$1", - "groovy.json.internal.LazyMap", - "java.lang.Character$UnicodeBlock", - ], - "bindings": [], - "evaluatorVersions": { - "GROOVY": [ - "1.0", - ], - "JAVASCRIPT": [ - "1.0", - ], + "EncoreWindowsRCSClient": { + "_id": "EncoreWindowsRCSClient", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider", + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid", + ], + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email", + ], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer", + ], + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens", + ], + "supportedSubjectTypes": [ + "public", + "pairwise", + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", + ], + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false, + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256", + ], + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris", + ], + }, + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false, + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8, + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]", + }, }, - }, - "defaultScript": "400e48ba-3f13-4144-ac7b-f824ea8e98c5", - "engineConfiguration": { - "_id": "engineConfiguration", "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", - }, - "blackList": [ - "java.lang.Class", - "java.lang.Thread", - "java.lang.invoke.*", - "java.lang.reflect.*", - "java.security.AccessController", - ], - "coreThreads": { - "$int": "&{oauth2.scripted.jwt.issuer.script.context.core.threads|10}", - }, - "idleTimeout": 60, - "maxThreads": { - "$int": "&{oauth2.scripted.jwt.issuer.script.context.max.threads|50}", - }, - "propertyNamePrefix": "esv.", - "queueSize": { - "$int": "&{oauth2.scripted.jwt.issuer.script.context.queue.size|10}", + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients", }, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "com.google.common.collect.Sets$1", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.internal.LazyMap", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.net.URI", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.Collections$UnmodifiableMap", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableSet", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.TrustedJwtIssuerConfig", - "org.forgerock.oauth2.core.exceptions.ServerException", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "org.forgerock.openam.scripting.api.ScriptedIdentity", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - ], - }, - "isHidden": false, - "languages": [ - "JAVASCRIPT", - "GROOVY", - ], - }, - "OAUTH2_VALIDATE_SCOPE": { - "_id": "OAUTH2_VALIDATE_SCOPE", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", - }, - "context": { - "_id": "OAUTH2_VALIDATE_SCOPE", - "allowLists": [ - "java.util.ArrayList", - "java.util.Collections$EmptyList", - "java.util.HashSet", - "java.util.ArrayList$Itr", - "java.lang.Object", - "org.mozilla.javascript.JavaScriptException", - "java.util.Collections$1", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "java.util.LinkedHashMap", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "java.lang.StrictMath", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.HashMap$Node", - "java.util.LinkedHashSet", - "org.forgerock.http.protocol.*", - "java.lang.Character$UnicodeBlock", - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.http.client.*", - "org.forgerock.oauth.clients.oidc.Claim", - "java.lang.Character$Subset", - "java.lang.Double", - "java.util.LinkedHashMap$Entry", - "com.sun.identity.shared.debug.Debug", - "java.lang.Number", - "org.forgerock.oauth2.core.exceptions.InvalidScopeException", - "java.lang.String", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.util.HashMap$KeySet", - "java.lang.Integer", - "java.util.LinkedList", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "groovy.json.JsonSlurper", - "java.util.Collections$SingletonList", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.Locale", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "java.util.HashMap$Entry", - "com.google.common.collect.Sets$1", - "org.forgerock.opendj.ldap.Dn", - "com.sun.identity.common.CaseInsensitiveHashMap", - "org.forgerock.opendj.ldap.Rdn", - "java.lang.Character", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "java.util.List", - "java.lang.Float", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.lang.Void", - "groovy.json.internal.LazyMap", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.Collections$UnmodifiableMap", - "java.net.URI", - "java.lang.Short", - "java.util.HashMap$KeyIterator", - "java.util.Collections$UnmodifiableSet", - "org.codehaus.groovy.runtime.GStringImpl", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "java.util.Map", - "java.util.TreeMap", - "java.lang.Long", - "java.lang.Byte", - "java.lang.Math", - "java.util.LinkedHashMap$LinkedEntrySet", - "sun.security.ec.ECPrivateKeyImpl", - "org.forgerock.json.JsonValue", - "java.util.TreeSet", - "java.util.HashMap", - "java.lang.Boolean", - ], - "bindings": [], - "evaluatorVersions": { - "GROOVY": [ - "1.0", + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [], + "grantTypes": [ + "client_credentials", ], - "JAVASCRIPT": [ - "1.0", + "isConsentImplied": false, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "code", + "token", + "id_token", + "code token", + "token id_token", + "code id_token", + "code token id_token", + "device_code", + "device_code id_token", + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "pairwise", + "tokenEndpointAuthMethod": "client_secret_basic", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null, + }, + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 0, + "authorizationCodeLifetime": 0, + "clientName": [], + "clientType": "Confidential", + "defaultScopes": [], + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 0, + "scopes": [ + "fr:idm:*", ], + "status": "Active", }, - }, - "defaultScript": "[Empty]", - "engineConfiguration": { - "_id": "engineConfiguration", - "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 0, + "postLogoutRedirectUri": [], }, - "blackList": [ - "java.lang.Class", - "java.lang.Thread", - "java.lang.invoke.*", - "java.lang.reflect.*", - "java.security.AccessController", - ], - "coreThreads": { - "$int": "&{oauth2.validate.scope.script.context.core.threads|10}", + "coreUmaClientConfig": { + "claimsRedirectionUris": [], }, - "idleTimeout": 60, - "maxThreads": { - "$int": "&{oauth2.validate.scope.script.context.max.threads|50}", + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": false, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": false, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]", }, - "propertyNamePrefix": "esv.", - "queueSize": { - "$int": "&{oauth2.validate.scope.script.context.queue.size|10}", + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null, }, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "com.google.common.collect.ImmutableList", - "com.google.common.collect.Sets$1", - "com.iplanet.am.sdk.AMHashMap", - "com.iplanet.sso.providers.dpro.SSOTokenIDImpl", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.authentication.callbacks.HiddenValueCallback", - "com.sun.identity.authentication.callbacks.ReCaptchaCallback", - "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", - "com.sun.identity.authentication.spi.HttpCallback", - "com.sun.identity.authentication.spi.IdentifiableCallback", - "com.sun.identity.authentication.spi.MetadataCallback", - "com.sun.identity.authentication.spi.PagePropertiesCallback", - "com.sun.identity.authentication.spi.RedirectCallback", - "com.sun.identity.authentication.spi.X509CertificateCallback", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.common.CaseInsensitiveHashMap$Entry", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.idm.IdType", - "com.sun.identity.saml2.assertion.impl.AttributeImpl", - "com.sun.identity.saml2.common.SAML2Exception", - "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.StringEscapeUtils", - "groovy.json.internal.LazyMap", - "java.io.ByteArrayInputStream", - "java.io.ByteArrayOutputStream", - "java.io.UnsupportedEncodingException", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.NullPointerException", - "java.lang.Number", - "java.lang.Object", - "java.lang.RuntimeException", - "java.lang.SecurityException", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.math.BigDecimal", - "java.math.BigInteger", - "java.net.URI", - "java.security.KeyFactory", - "java.security.KeyPair", - "java.security.KeyPairGenerator", - "java.security.KeyPairGenerator$*", - "java.security.MessageDigest", - "java.security.MessageDigest$Delegate", - "java.security.MessageDigest$Delegate$CloneableDelegate", - "java.security.NoSuchAlgorithmException", - "java.security.PrivateKey", - "java.security.PublicKey", - "java.security.cert.CertificateFactory", - "java.security.cert.X509Certificate", - "java.security.spec.MGF1ParameterSpec", - "java.security.spec.PKCS8EncodedKeySpec", - "java.security.spec.X509EncodedKeySpec", - "java.text.SimpleDateFormat", - "java.time.Clock", - "java.time.Clock$FixedClock", - "java.time.Clock$OffsetClock", - "java.time.Clock$SystemClock", - "java.time.Clock$TickClock", - "java.time.temporal.ChronoUnit", - "java.util.AbstractMap$*", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Arrays", - "java.util.Collections", - "java.util.Collections$*", - "java.util.Date", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashMap$LinkedKeySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "java.util.UUID", - "javax.crypto.Cipher", - "javax.crypto.Mac", - "javax.crypto.spec.IvParameterSpec", - "javax.crypto.spec.OAEPParameterSpec", - "javax.crypto.spec.PSource", - "javax.crypto.spec.PSource$*", - "javax.crypto.spec.SecretKeySpec", - "javax.security.auth.callback.ChoiceCallback", - "javax.security.auth.callback.ConfirmationCallback", - "javax.security.auth.callback.LanguageCallback", - "javax.security.auth.callback.NameCallback", - "javax.security.auth.callback.PasswordCallback", - "javax.security.auth.callback.TextInputCallback", - "javax.security.auth.callback.TextOutputCallback", - "org.apache.groovy.json.internal.LazyMap", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.guice.core.IdentityProvider", - "org.forgerock.guice.core.InjectorHolder", - "org.forgerock.http.Client", - "org.forgerock.http.Context", - "org.forgerock.http.Handler", - "org.forgerock.http.client.*", - "org.forgerock.http.context.RootContext", - "org.forgerock.http.header.*", - "org.forgerock.http.header.authorization.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.json.jose.builders.EncryptedJwtBuilder", - "org.forgerock.json.jose.builders.EncryptedThenSignedJwtBuilder", - "org.forgerock.json.jose.builders.JweHeaderBuilder", - "org.forgerock.json.jose.builders.JwsHeaderBuilder", - "org.forgerock.json.jose.builders.JwtBuilderFactory", - "org.forgerock.json.jose.builders.SignedJwtBuilderImpl", - "org.forgerock.json.jose.builders.SignedThenEncryptedJwtBuilder", - "org.forgerock.json.jose.builders.SignedThenEncryptedJwtHeaderBuilder", - "org.forgerock.json.jose.jwe.EncryptedJwt", - "org.forgerock.json.jose.jwe.EncryptionMethod", - "org.forgerock.json.jose.jwe.JweAlgorithm", - "org.forgerock.json.jose.jwe.SignedThenEncryptedJwt", - "org.forgerock.json.jose.jwk.JWKSet", - "org.forgerock.json.jose.jwk.RsaJWK", - "org.forgerock.json.jose.jws.EncryptedThenSignedJwt", - "org.forgerock.json.jose.jws.JwsAlgorithm", - "org.forgerock.json.jose.jws.JwsHeader", - "org.forgerock.json.jose.jws.SignedEncryptedJwt", - "org.forgerock.json.jose.jws.SignedJwt", - "org.forgerock.json.jose.jws.SigningManager", - "org.forgerock.json.jose.jws.handlers.HmacSigningHandler", - "org.forgerock.json.jose.jws.handlers.RSASigningHandler", - "org.forgerock.json.jose.jws.handlers.SecretHmacSigningHandler", - "org.forgerock.json.jose.jws.handlers.SecretRSASigningHandler", - "org.forgerock.json.jose.jwt.JwtClaimsSet", - "org.forgerock.macaroons.Macaroon", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.GrantType", - "org.forgerock.oauth2.core.StatefulAccessToken", - "org.forgerock.oauth2.core.UserInfoClaims", - "org.forgerock.oauth2.core.exceptions.InvalidRequestException", - "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", - "org.forgerock.openam.auth.node.api.Action", - "org.forgerock.openam.auth.node.api.Action$ActionBuilder", - "org.forgerock.openam.auth.node.api.NodeState", - "org.forgerock.openam.auth.node.api.SuspendedTextOutputCallback", - "org.forgerock.openam.auth.nodes.IdentityProvider", - "org.forgerock.openam.auth.nodes.InjectorHolder", - "org.forgerock.openam.authentication.callbacks.AbstractValidatedCallback", - "org.forgerock.openam.authentication.callbacks.AttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.ConsentMappingCallback", - "org.forgerock.openam.authentication.callbacks.DeviceProfileCallback", - "org.forgerock.openam.authentication.callbacks.IdPCallback", - "org.forgerock.openam.authentication.callbacks.KbaCreateCallback", - "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", - "org.forgerock.openam.authentication.callbacks.SelectIdPCallback", - "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.TermsAndConditionsCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", - "org.forgerock.openam.authentication.modules.scripted.*", - "org.forgerock.openam.core.rest.authn.callbackhandlers.*", - "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", - "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", - "org.forgerock.openam.oauth2.OpenAMAccessToken", - "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", - "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", - "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.ScriptedIdentity", - "org.forgerock.openam.scripting.api.ScriptedSession", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.scripting.api.secrets.Secret", - "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", - "org.forgerock.openam.shared.security.ThreadLocalSecureRandom", - "org.forgerock.openidconnect.Claim", - "org.forgerock.openidconnect.OpenIdConnectToken", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.forgerock.secrets.SecretBuilder", - "org.forgerock.secrets.keys.SigningKey", - "org.forgerock.secrets.keys.VerificationKey", - "org.forgerock.util.encode.Base64", - "org.forgerock.util.encode.Base64url", - "org.forgerock.util.encode.Hex", - "org.forgerock.util.promise.NeverThrowsException", - "org.forgerock.util.promise.Promise", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.ConsString", - "org.mozilla.javascript.JavaScriptException", - "org.mozilla.javascript.WrappedException", - "sun.security.ec.ECPrivateKeyImpl", - "sun.security.rsa.RSAPrivateCrtKeyImpl", - "sun.security.rsa.RSAPublicKeyImpl", - "sun.security.x509.X500Name", - "sun.security.x509.X509CertImpl", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableMap", - "java.util.Collections$UnmodifiableSet", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.openam.auth.nodes.VerifyTransactionsHelper", - ], - }, - "isHidden": false, - "languages": [ - "JAVASCRIPT", - "GROOVY", - ], - }, - "OIDC_CLAIMS": { - "_id": "OIDC_CLAIMS", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", }, - "context": { - "_id": "OIDC_CLAIMS", - "allowLists": [ - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.opendj.ldap.Rdn", - "java.util.HashMap$KeyIterator", - "java.lang.Math", - "java.util.HashMap$KeySet", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedList", - "java.util.ArrayList", - "org.forgerock.oauth2.core.UserInfoClaims", - "java.lang.Long", - "java.util.HashSet", - "org.codehaus.groovy.runtime.GStringImpl", - "java.util.TreeSet", - "org.forgerock.openam.oauth2.OpenAMAccessToken", - "java.util.Collections$1", - "com.sun.identity.common.CaseInsensitiveHashMap", - "java.lang.Boolean", - "java.util.HashMap$Entry", - "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", - "java.lang.Byte", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.lang.Integer", - "java.util.ArrayList$Itr", - "java.lang.Short", - "java.util.Collections$UnmodifiableSet", - "java.util.Locale", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "com.google.common.collect.Sets$1", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "com.sun.identity.idm.AMIdentity", - "java.lang.Character$UnicodeBlock", - "java.lang.Character$Subset", - "java.lang.String", - "java.net.URI", - "java.util.HashMap", - "org.forgerock.http.client.*", - "java.util.TreeMap", - "org.forgerock.oauth2.core.exceptions.InvalidRequestException", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "java.util.Collections$UnmodifiableMap", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "sun.security.ec.ECPrivateKeyImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.macaroons.Macaroon", - "java.util.Map", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.forgerock.openidconnect.Claim", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "java.util.Collections$UnmodifiableCollection$1", - "java.lang.Float", - "java.util.HashMap$Node", - "java.util.LinkedHashSet", - "java.lang.Number", - "java.lang.StrictMath", - "org.forgerock.http.Client", - "com.sun.identity.shared.debug.Debug", - "java.lang.Double", - "java.util.Collections$SingletonList", - "org.forgerock.oauth2.core.GrantType", - "org.forgerock.oauth.clients.oidc.Claim", - "org.mozilla.javascript.JavaScriptException", - "groovy.json.JsonSlurper", - "groovy.json.internal.LazyMap", - "java.lang.Void", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.Collections$EmptyList", - "java.util.List", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.json.JsonValue", - "org.forgerock.http.protocol.*", - "java.util.LinkedHashMap", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "java.lang.Character", - "java.lang.Object", - "java.util.LinkedHashMap$LinkedEntryIterator", - ], - "bindings": [], - "evaluatorVersions": { - "GROOVY": [ - "1.0", - ], - "JAVASCRIPT": [ - "1.0", - ], - }, - }, - "defaultScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", - "engineConfiguration": { - "_id": "engineConfiguration", - "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", - }, - "blackList": [ - "java.lang.Class", - "java.lang.Thread", - "java.lang.invoke.*", - "java.lang.reflect.*", - "java.security.AccessController", - ], - "coreThreads": { - "$int": "&{oidc.claims.script.context.core.threads|10}", - }, - "idleTimeout": 60, - "maxThreads": { - "$int": "&{oidc.claims.script.context.max.threads|50}", - }, - "propertyNamePrefix": "esv.", - "queueSize": { - "$int": "&{oidc.claims.script.context.queue.size|10}", - }, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "com.google.common.collect.ImmutableList", - "com.google.common.collect.Sets$1", - "com.iplanet.am.sdk.AMHashMap", - "com.iplanet.sso.providers.dpro.SSOTokenIDImpl", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.authentication.callbacks.HiddenValueCallback", - "com.sun.identity.authentication.callbacks.ReCaptchaCallback", - "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", - "com.sun.identity.authentication.spi.HttpCallback", - "com.sun.identity.authentication.spi.IdentifiableCallback", - "com.sun.identity.authentication.spi.MetadataCallback", - "com.sun.identity.authentication.spi.PagePropertiesCallback", - "com.sun.identity.authentication.spi.RedirectCallback", - "com.sun.identity.authentication.spi.X509CertificateCallback", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.common.CaseInsensitiveHashMap$Entry", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.idm.IdType", - "com.sun.identity.saml2.assertion.impl.AttributeImpl", - "com.sun.identity.saml2.common.SAML2Exception", - "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.StringEscapeUtils", - "groovy.json.internal.LazyMap", - "java.io.ByteArrayInputStream", - "java.io.ByteArrayOutputStream", - "java.io.UnsupportedEncodingException", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.NullPointerException", - "java.lang.Number", - "java.lang.Object", - "java.lang.RuntimeException", - "java.lang.SecurityException", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.math.BigDecimal", - "java.math.BigInteger", - "java.net.URI", - "java.security.KeyFactory", - "java.security.KeyPair", - "java.security.KeyPairGenerator", - "java.security.KeyPairGenerator$*", - "java.security.MessageDigest", - "java.security.MessageDigest$Delegate", - "java.security.MessageDigest$Delegate$CloneableDelegate", - "java.security.NoSuchAlgorithmException", - "java.security.PrivateKey", - "java.security.PublicKey", - "java.security.cert.CertificateFactory", - "java.security.cert.X509Certificate", - "java.security.spec.MGF1ParameterSpec", - "java.security.spec.PKCS8EncodedKeySpec", - "java.security.spec.X509EncodedKeySpec", - "java.text.SimpleDateFormat", - "java.time.Clock", - "java.time.Clock$FixedClock", - "java.time.Clock$OffsetClock", - "java.time.Clock$SystemClock", - "java.time.Clock$TickClock", - "java.time.temporal.ChronoUnit", - "java.util.AbstractMap$*", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Arrays", - "java.util.Collections", - "java.util.Collections$*", - "java.util.Date", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashMap$LinkedKeySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "java.util.UUID", - "javax.crypto.Cipher", - "javax.crypto.Mac", - "javax.crypto.spec.IvParameterSpec", - "javax.crypto.spec.OAEPParameterSpec", - "javax.crypto.spec.PSource", - "javax.crypto.spec.PSource$*", - "javax.crypto.spec.SecretKeySpec", - "javax.security.auth.callback.ChoiceCallback", - "javax.security.auth.callback.ConfirmationCallback", - "javax.security.auth.callback.LanguageCallback", - "javax.security.auth.callback.NameCallback", - "javax.security.auth.callback.PasswordCallback", - "javax.security.auth.callback.TextInputCallback", - "javax.security.auth.callback.TextOutputCallback", - "org.apache.groovy.json.internal.LazyMap", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.guice.core.IdentityProvider", - "org.forgerock.guice.core.InjectorHolder", - "org.forgerock.http.Client", - "org.forgerock.http.Context", - "org.forgerock.http.Handler", - "org.forgerock.http.client.*", - "org.forgerock.http.context.RootContext", - "org.forgerock.http.header.*", - "org.forgerock.http.header.authorization.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.json.jose.builders.EncryptedJwtBuilder", - "org.forgerock.json.jose.builders.EncryptedThenSignedJwtBuilder", - "org.forgerock.json.jose.builders.JweHeaderBuilder", - "org.forgerock.json.jose.builders.JwsHeaderBuilder", - "org.forgerock.json.jose.builders.JwtBuilderFactory", - "org.forgerock.json.jose.builders.SignedJwtBuilderImpl", - "org.forgerock.json.jose.builders.SignedThenEncryptedJwtBuilder", - "org.forgerock.json.jose.builders.SignedThenEncryptedJwtHeaderBuilder", - "org.forgerock.json.jose.jwe.EncryptedJwt", - "org.forgerock.json.jose.jwe.EncryptionMethod", - "org.forgerock.json.jose.jwe.JweAlgorithm", - "org.forgerock.json.jose.jwe.SignedThenEncryptedJwt", - "org.forgerock.json.jose.jwk.JWKSet", - "org.forgerock.json.jose.jwk.RsaJWK", - "org.forgerock.json.jose.jws.EncryptedThenSignedJwt", - "org.forgerock.json.jose.jws.JwsAlgorithm", - "org.forgerock.json.jose.jws.JwsHeader", - "org.forgerock.json.jose.jws.SignedEncryptedJwt", - "org.forgerock.json.jose.jws.SignedJwt", - "org.forgerock.json.jose.jws.SigningManager", - "org.forgerock.json.jose.jws.handlers.HmacSigningHandler", - "org.forgerock.json.jose.jws.handlers.RSASigningHandler", - "org.forgerock.json.jose.jws.handlers.SecretHmacSigningHandler", - "org.forgerock.json.jose.jws.handlers.SecretRSASigningHandler", - "org.forgerock.json.jose.jwt.JwtClaimsSet", - "org.forgerock.macaroons.Macaroon", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.GrantType", - "org.forgerock.oauth2.core.StatefulAccessToken", - "org.forgerock.oauth2.core.UserInfoClaims", - "org.forgerock.oauth2.core.exceptions.InvalidRequestException", - "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", - "org.forgerock.openam.auth.node.api.Action", - "org.forgerock.openam.auth.node.api.Action$ActionBuilder", - "org.forgerock.openam.auth.node.api.NodeState", - "org.forgerock.openam.auth.node.api.SuspendedTextOutputCallback", - "org.forgerock.openam.auth.nodes.IdentityProvider", - "org.forgerock.openam.auth.nodes.InjectorHolder", - "org.forgerock.openam.authentication.callbacks.AbstractValidatedCallback", - "org.forgerock.openam.authentication.callbacks.AttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.ConsentMappingCallback", - "org.forgerock.openam.authentication.callbacks.DeviceProfileCallback", - "org.forgerock.openam.authentication.callbacks.IdPCallback", - "org.forgerock.openam.authentication.callbacks.KbaCreateCallback", - "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", - "org.forgerock.openam.authentication.callbacks.SelectIdPCallback", - "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.TermsAndConditionsCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", - "org.forgerock.openam.authentication.modules.scripted.*", - "org.forgerock.openam.core.rest.authn.callbackhandlers.*", - "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", - "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", - "org.forgerock.openam.oauth2.OpenAMAccessToken", - "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", - "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", - "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.ScriptedIdentity", - "org.forgerock.openam.scripting.api.ScriptedSession", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.scripting.api.secrets.Secret", - "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", - "org.forgerock.openam.shared.security.ThreadLocalSecureRandom", - "org.forgerock.openidconnect.Claim", - "org.forgerock.openidconnect.OpenIdConnectToken", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.forgerock.secrets.SecretBuilder", - "org.forgerock.secrets.keys.SigningKey", - "org.forgerock.secrets.keys.VerificationKey", - "org.forgerock.util.encode.Base64", - "org.forgerock.util.encode.Base64url", - "org.forgerock.util.encode.Hex", - "org.forgerock.util.promise.NeverThrowsException", - "org.forgerock.util.promise.Promise", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.ConsString", - "org.mozilla.javascript.JavaScriptException", - "org.mozilla.javascript.WrappedException", - "sun.security.ec.ECPrivateKeyImpl", - "sun.security.rsa.RSAPrivateCrtKeyImpl", - "sun.security.rsa.RSAPublicKeyImpl", - "sun.security.x509.X500Name", - "sun.security.x509.X509CertImpl", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableMap", - "java.util.Collections$UnmodifiableSet", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.openam.auth.nodes.VerifyTransactionsHelper", - ], - }, - "isHidden": false, - "languages": [ - "JAVASCRIPT", - "GROOVY", - ], - }, - "PINGONE_VERIFY_COMPLETION_DECISION_NODE": { - "_id": "PINGONE_VERIFY_COMPLETION_DECISION_NODE", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", - }, - "context": { - "_id": "PINGONE_VERIFY_COMPLETION_DECISION_NODE", - "allowLists": [ - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.util.promise.Promises$*", - "java.lang.Object", - ], - "bindings": [ - { - "elements": [ - { - "elementType": "method", - "name": "send", - "parameters": [ - { - "javaScriptType": "string", - "name": "uri", - }, - { - "javaScriptType": "object", - "name": "requestOptions", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "send", - "parameters": [ - { - "javaScriptType": "string", - "name": "uri", - }, - ], - "returnType": "object", - }, + "RCSClient": { + "_id": "RCSClient", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider", + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid", + ], + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email", + ], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer", + ], + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens", + ], + "supportedSubjectTypes": [ + "public", + "pairwise", + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", ], - "javaClass": "org.forgerock.openam.scripting.wrappers.HttpClientScriptWrapper", - "javaScriptType": "object", - "name": "httpClient", }, - { - "elements": [ - { - "elementType": "method", - "name": "remove", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "get", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "keys", - "parameters": [], - "returnType": "object", - }, - { - "elementType": "method", - "name": "getObject", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "isDefined", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - ], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "putShared", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - { - "javaScriptType": "object", - "name": "value", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "mergeShared", - "parameters": [ - { - "javaScriptType": "object", - "name": "object", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "mergeTransient", - "parameters": [ - { - "javaScriptType": "object", - "name": "object", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "putTransient", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - { - "javaScriptType": "object", - "name": "value", - }, - ], - "returnType": "object", - }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", ], - "javaClass": "org.forgerock.openam.auth.node.api.NodeStateScriptWrapper", - "javaScriptType": "object", - "name": "nodeState", + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false, }, - { - "javaScriptType": "unknown", - "name": "verifyTransactionsHelper", + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256", + ], }, - { - "elements": [ - { - "elementType": "field", - "elements": [ - { - "elementType": "method", - "name": "randomUUID", - "parameters": [], - "returnType": "string", - }, - { - "elementType": "method", - "name": "getRandomValues", - "parameters": [ - { - "javaScriptType": "array", - "name": "array", - }, - ], - "returnType": "array", - }, - ], - "javaClass": "org.forgerock.openam.scripting.bindings.ScriptCryptoService", - "javaScriptType": "object", - "name": "crypto", - }, - { - "elementType": "field", - "elements": [ - { - "elementType": "method", - "name": "decode", - "parameters": [ - { - "javaScriptType": "string", - "name": "toDecode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "encode", - "parameters": [ - { - "javaScriptType": "string", - "name": "toEncode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "atob", - "parameters": [ - { - "javaScriptType": "string", - "name": "toDecode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "btoa", - "parameters": [ - { - "javaScriptType": "string", - "name": "toEncode", - }, - ], - "returnType": "string", - }, - ], - "javaClass": "org.forgerock.openam.scripting.bindings.ScriptBase64Service", - "javaScriptType": "object", - "name": "base64", - }, - { - "elementType": "field", - "elements": [ - { - "elementType": "method", - "name": "decode", - "parameters": [ - { - "javaScriptType": "string", - "name": "toDecode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "encode", - "parameters": [ - { - "javaScriptType": "string", - "name": "toEncode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "atob", - "parameters": [ - { - "javaScriptType": "string", - "name": "toDecode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "btoa", - "parameters": [ - { - "javaScriptType": "string", - "name": "toEncode", - }, - ], - "returnType": "string", - }, - ], - "javaClass": "org.forgerock.openam.scripting.bindings.ScriptBase64UrlService", - "javaScriptType": "object", - "name": "base64url", - }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris", ], - "javaClass": "org.forgerock.openam.scripting.bindings.ScriptUtilityService", - "javaScriptType": "object", - "name": "utils", }, - { - "elements": [ - { - "elementType": "method", - "name": "getName", - "parameters": [], - "returnType": "string", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "isTraceEnabled", - "parameters": [], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "isDebugEnabled", - "parameters": [], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "isErrorEnabled", - "parameters": [], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "isInfoEnabled", - "parameters": [], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "isWarnEnabled", - "parameters": [], - "returnType": "boolean", - }, + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", ], - "javaClass": "org.forgerock.openam.scripting.logging.ScriptedLoggerWrapper", - "javaScriptType": "object", - "name": "logger", }, - { - "elements": [ - { - "elementType": "method", - "name": "suspend", - "parameters": [ - { - "javaScriptType": "string", - "name": "callbackTextFormat", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "suspend", - "parameters": [ - { - "javaScriptType": "string", - "name": "callbackTextFormat", - }, - { - "javaScriptType": "object", - "name": "additionalLogic", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "withIdentifiedUser", - "parameters": [ - { - "javaScriptType": "string", - "name": "username", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "withIdentifiedAgent", - "parameters": [ - { - "javaScriptType": "string", - "name": "agentName", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "goTo", - "parameters": [ - { - "javaScriptType": "string", - "name": "outcome", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "putSessionProperty", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - { - "javaScriptType": "string", - "name": "value", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "withHeader", - "parameters": [ - { - "javaScriptType": "string", - "name": "header", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "withDescription", - "parameters": [ - { - "javaScriptType": "string", - "name": "description", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "withStage", - "parameters": [ - { - "javaScriptType": "string", - "name": "stage", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "withErrorMessage", - "parameters": [ - { - "javaScriptType": "string", - "name": "errorMessage", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "withLockoutMessage", - "parameters": [ - { - "javaScriptType": "string", - "name": "lockoutMessage", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "removeSessionProperty", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - ], - "returnType": "object", - }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false, + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", ], - "javaClass": "org.forgerock.openam.auth.nodes.script.ActionWrapper", - "javaScriptType": "object", - "name": "action", }, - { - "javaScriptType": "string", - "name": "scriptName", + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8, }, - { - "javaScriptType": "string", - "name": "realm", + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]", }, - { - "elements": [ - { - "elementType": "method", - "name": "update", - "parameters": [ - { - "javaScriptType": "string", - "name": "id", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "value", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "update", - "parameters": [ - { - "javaScriptType": "string", - "name": "id", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "value", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "update", - "parameters": [ - { - "javaScriptType": "string", - "name": "id", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "value", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "read", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "read", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "read", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "delete", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "delete", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "delete", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "action", - "parameters": [ - { - "javaScriptType": "string", - "name": "resource", - }, - { - "javaScriptType": "string", - "name": "actionName", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "action", - "parameters": [ - { - "javaScriptType": "string", - "name": "resource", - }, - { - "javaScriptType": "string", - "name": "actionName", - }, - { - "javaScriptType": "object", - "name": "content", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "action", - "parameters": [ - { - "javaScriptType": "string", - "name": "resource", - }, - { - "javaScriptType": "string", - "name": "actionName", - }, - { - "javaScriptType": "object", - "name": "content", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "action", - "parameters": [ - { - "javaScriptType": "string", - "name": "resource", - }, - { - "javaScriptType": "string", - "name": "actionName", - }, - { - "javaScriptType": "object", - "name": "content", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "query", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "query", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "create", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "newResourceId", - }, - { - "javaScriptType": "object", - "name": "content", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "create", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "newResourceId", - }, - { - "javaScriptType": "object", - "name": "content", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "create", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "newResourceId", - }, - { - "javaScriptType": "object", - "name": "content", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "patch", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "array", - "name": "patch", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "patch", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "array", - "name": "patch", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "patch", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "array", - "name": "patch", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, + }, + "_type": { + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients", + }, + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [], + "grantTypes": [ + "client_credentials", + ], + "isConsentImplied": false, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "code", + "token", + "id_token", + "code token", + "token id_token", + "code id_token", + "code token id_token", + "device_code", + "device_code id_token", + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "Public", + "tokenEndpointAuthMethod": "client_secret_basic", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null, + }, + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 0, + "agentgroup": null, + "authorizationCodeLifetime": 0, + "clientName": [], + "clientType": "Confidential", + "defaultScopes": [], + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 0, + "scopes": [ + "fr:idm:*", + ], + "status": "Active", + }, + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 0, + "postLogoutRedirectUri": [], + }, + "coreUmaClientConfig": { + "claimsRedirectionUris": [], + }, + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "c234ba0b-58a1-4cfd-9567-09edde980745", + "accessTokenModifierClass": null, + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": true, + "customLoginUrlTemplate": null, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsClass": null, + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "1f389a3d-21cf-417c-a6d3-42ea620071f0", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": true, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]", + }, + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": "http://am.fr-platform:80/am/oauth2/connect/jwk_uri", + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null, + }, + }, + "baseline-ciba": { + "_id": "baseline-ciba", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider", + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid", + ], + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email", + ], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer", + ], + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens", + ], + "supportedSubjectTypes": [ + "public", + "pairwise", + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", ], - "javaClass": "org.forgerock.openam.scripting.wrappers.IdmIntegrationServiceScriptWrapper", - "javaScriptType": "object", - "name": "openidm", }, - { - "elements": [ - { - "elementType": "method", - "name": "getGenericSecret", - "parameters": [ - { - "javaScriptType": "string", - "name": "secretId", - }, - ], - "returnType": "object", - }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", ], - "javaClass": "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "javaScriptType": "object", - "name": "secrets", + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false, }, - { - "javaScriptType": "string", - "name": "cookieName", + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256", + ], + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris", + ], + }, + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false, + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8, + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]", }, - ], - "evaluatorVersions": { - "JAVASCRIPT": [ - "2.0", - ], }, - }, - "defaultScript": "[Empty]", - "engineConfiguration": { - "_id": "engineConfiguration", "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients", }, - "blackList": [ - "java.security.AccessController", - "java.lang.Class", - "java.lang.reflect.*", - ], - "coreThreads": 10, - "idleTimeout": 60, - "maxThreads": 50, - "propertyNamePrefix": "script", - "queueSize": 10, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.util.promise.Promises$*", - "java.lang.Object", - ], - }, - "isHidden": false, - "languages": [ - "JAVASCRIPT", - ], - }, - "POLICY_CONDITION": { - "_id": "POLICY_CONDITION", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", - }, - "context": { - "_id": "POLICY_CONDITION", - "allowLists": [], - "bindings": [], - "evaluatorVersions": { - "GROOVY": [ - "1.0", + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [], + "grantTypes": [ + "urn:openid:params:grant-type:ciba", + "authorization_code", ], - "JAVASCRIPT": [ - "1.0", + "isConsentImplied": false, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "token", + "id_token", ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "public", + "tokenEndpointAuthMethod": "client_secret_basic", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null, }, - }, - "defaultScript": "9de3eb62-f131-4fac-a294-7bd170fd4acb", - "engineConfiguration": { - "_id": "engineConfiguration", - "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 0, + "agentgroup": null, + "authorizationCodeLifetime": 0, + "clientName": [], + "clientType": "Confidential", + "defaultScopes": [], + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 0, + "scopes": [ + "openid", + "profile", + ], + "status": "Active", }, - "blackList": [ - "java.lang.Class", - "java.lang.Thread", - "java.lang.invoke.*", - "java.lang.reflect.*", - "java.security.AccessController", - ], - "coreThreads": { - "$int": "&{policy.condition.script.context.core.threads|10}", + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 0, + "postLogoutRedirectUri": [], }, - "idleTimeout": 60, - "maxThreads": { - "$int": "&{policy.condition.script.context.max.threads|50}", + "coreUmaClientConfig": { + "claimsRedirectionUris": [], }, - "propertyNamePrefix": "esv.", - "queueSize": { - "$int": "&{policy.condition.script.context.queue.size|10}", + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "accessTokenModifierClass": null, + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": false, + "customLoginUrlTemplate": null, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsClass": null, + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": false, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]", + }, + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": "{"keys" :[{ "kty": "EC", "d": "bXhBnmXPav9lgPPs6zavwlqbSmaMpdyeh564d0uNI8k", "use": "sig", "crv": "P-256", "kid": "mykey", "x": "E8IyIrUIBdMVAFhRIcNtDVUI8OTDDSs-LRziuBthM4s", "y": "1jH5o5B5hBeqARhYTMPl5l8CVNOFIVrvYd_TiFH6FkQ" }]}", + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null, }, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "com.google.common.collect.ImmutableList", - "com.google.common.collect.Sets$1", - "com.iplanet.am.sdk.AMHashMap", - "com.iplanet.sso.providers.dpro.SSOTokenIDImpl", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.authentication.callbacks.HiddenValueCallback", - "com.sun.identity.authentication.callbacks.ReCaptchaCallback", - "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", - "com.sun.identity.authentication.spi.HttpCallback", - "com.sun.identity.authentication.spi.IdentifiableCallback", - "com.sun.identity.authentication.spi.MetadataCallback", - "com.sun.identity.authentication.spi.PagePropertiesCallback", - "com.sun.identity.authentication.spi.RedirectCallback", - "com.sun.identity.authentication.spi.X509CertificateCallback", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.common.CaseInsensitiveHashMap$Entry", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.idm.IdType", - "com.sun.identity.saml2.assertion.impl.AttributeImpl", - "com.sun.identity.saml2.common.SAML2Exception", - "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.StringEscapeUtils", - "groovy.json.internal.LazyMap", - "java.io.ByteArrayInputStream", - "java.io.ByteArrayOutputStream", - "java.io.UnsupportedEncodingException", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.NullPointerException", - "java.lang.Number", - "java.lang.Object", - "java.lang.RuntimeException", - "java.lang.SecurityException", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.math.BigDecimal", - "java.math.BigInteger", - "java.net.URI", - "java.security.KeyFactory", - "java.security.KeyPair", - "java.security.KeyPairGenerator", - "java.security.KeyPairGenerator$*", - "java.security.MessageDigest", - "java.security.MessageDigest$Delegate", - "java.security.MessageDigest$Delegate$CloneableDelegate", - "java.security.NoSuchAlgorithmException", - "java.security.PrivateKey", - "java.security.PublicKey", - "java.security.cert.CertificateFactory", - "java.security.cert.X509Certificate", - "java.security.spec.MGF1ParameterSpec", - "java.security.spec.PKCS8EncodedKeySpec", - "java.security.spec.X509EncodedKeySpec", - "java.text.SimpleDateFormat", - "java.time.Clock", - "java.time.Clock$FixedClock", - "java.time.Clock$OffsetClock", - "java.time.Clock$SystemClock", - "java.time.Clock$TickClock", - "java.time.temporal.ChronoUnit", - "java.util.AbstractMap$*", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Arrays", - "java.util.Collections", - "java.util.Collections$*", - "java.util.Date", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashMap$LinkedKeySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "java.util.UUID", - "javax.crypto.Cipher", - "javax.crypto.Mac", - "javax.crypto.spec.IvParameterSpec", - "javax.crypto.spec.OAEPParameterSpec", - "javax.crypto.spec.PSource", - "javax.crypto.spec.PSource$*", - "javax.crypto.spec.SecretKeySpec", - "javax.security.auth.callback.ChoiceCallback", - "javax.security.auth.callback.ConfirmationCallback", - "javax.security.auth.callback.LanguageCallback", - "javax.security.auth.callback.NameCallback", - "javax.security.auth.callback.PasswordCallback", - "javax.security.auth.callback.TextInputCallback", - "javax.security.auth.callback.TextOutputCallback", - "org.apache.groovy.json.internal.LazyMap", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.guice.core.IdentityProvider", - "org.forgerock.guice.core.InjectorHolder", - "org.forgerock.http.Client", - "org.forgerock.http.Context", - "org.forgerock.http.Handler", - "org.forgerock.http.client.*", - "org.forgerock.http.context.RootContext", - "org.forgerock.http.header.*", - "org.forgerock.http.header.authorization.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.json.jose.builders.EncryptedJwtBuilder", - "org.forgerock.json.jose.builders.EncryptedThenSignedJwtBuilder", - "org.forgerock.json.jose.builders.JweHeaderBuilder", - "org.forgerock.json.jose.builders.JwsHeaderBuilder", - "org.forgerock.json.jose.builders.JwtBuilderFactory", - "org.forgerock.json.jose.builders.SignedJwtBuilderImpl", - "org.forgerock.json.jose.builders.SignedThenEncryptedJwtBuilder", - "org.forgerock.json.jose.builders.SignedThenEncryptedJwtHeaderBuilder", - "org.forgerock.json.jose.jwe.EncryptedJwt", - "org.forgerock.json.jose.jwe.EncryptionMethod", - "org.forgerock.json.jose.jwe.JweAlgorithm", - "org.forgerock.json.jose.jwe.SignedThenEncryptedJwt", - "org.forgerock.json.jose.jwk.JWKSet", - "org.forgerock.json.jose.jwk.RsaJWK", - "org.forgerock.json.jose.jws.EncryptedThenSignedJwt", - "org.forgerock.json.jose.jws.JwsAlgorithm", - "org.forgerock.json.jose.jws.JwsHeader", - "org.forgerock.json.jose.jws.SignedEncryptedJwt", - "org.forgerock.json.jose.jws.SignedJwt", - "org.forgerock.json.jose.jws.SigningManager", - "org.forgerock.json.jose.jws.handlers.HmacSigningHandler", - "org.forgerock.json.jose.jws.handlers.RSASigningHandler", - "org.forgerock.json.jose.jws.handlers.SecretHmacSigningHandler", - "org.forgerock.json.jose.jws.handlers.SecretRSASigningHandler", - "org.forgerock.json.jose.jwt.JwtClaimsSet", - "org.forgerock.macaroons.Macaroon", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.GrantType", - "org.forgerock.oauth2.core.StatefulAccessToken", - "org.forgerock.oauth2.core.UserInfoClaims", - "org.forgerock.oauth2.core.exceptions.InvalidRequestException", - "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", - "org.forgerock.openam.auth.node.api.Action", - "org.forgerock.openam.auth.node.api.Action$ActionBuilder", - "org.forgerock.openam.auth.node.api.NodeState", - "org.forgerock.openam.auth.node.api.SuspendedTextOutputCallback", - "org.forgerock.openam.auth.nodes.IdentityProvider", - "org.forgerock.openam.auth.nodes.InjectorHolder", - "org.forgerock.openam.authentication.callbacks.AbstractValidatedCallback", - "org.forgerock.openam.authentication.callbacks.AttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.ConsentMappingCallback", - "org.forgerock.openam.authentication.callbacks.DeviceProfileCallback", - "org.forgerock.openam.authentication.callbacks.IdPCallback", - "org.forgerock.openam.authentication.callbacks.KbaCreateCallback", - "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", - "org.forgerock.openam.authentication.callbacks.SelectIdPCallback", - "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.TermsAndConditionsCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", - "org.forgerock.openam.authentication.modules.scripted.*", - "org.forgerock.openam.core.rest.authn.callbackhandlers.*", - "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", - "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", - "org.forgerock.openam.oauth2.OpenAMAccessToken", - "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", - "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", - "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.ScriptedIdentity", - "org.forgerock.openam.scripting.api.ScriptedSession", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.scripting.api.secrets.Secret", - "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", - "org.forgerock.openam.shared.security.ThreadLocalSecureRandom", - "org.forgerock.openidconnect.Claim", - "org.forgerock.openidconnect.OpenIdConnectToken", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.forgerock.secrets.SecretBuilder", - "org.forgerock.secrets.keys.SigningKey", - "org.forgerock.secrets.keys.VerificationKey", - "org.forgerock.util.encode.Base64", - "org.forgerock.util.encode.Base64url", - "org.forgerock.util.encode.Hex", - "org.forgerock.util.promise.NeverThrowsException", - "org.forgerock.util.promise.Promise", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.ConsString", - "org.mozilla.javascript.JavaScriptException", - "org.mozilla.javascript.WrappedException", - "sun.security.ec.ECPrivateKeyImpl", - "sun.security.rsa.RSAPrivateCrtKeyImpl", - "sun.security.rsa.RSAPublicKeyImpl", - "sun.security.x509.X500Name", - "sun.security.x509.X509CertImpl", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.openam.auth.nodes.VerifyTransactionsHelper", - ], }, - "isHidden": false, - "languages": [ - "JAVASCRIPT", - "GROOVY", - ], - }, - "SAML2_IDP_ADAPTER": { - "_id": "SAML2_IDP_ADAPTER", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", - }, - "context": { - "_id": "SAML2_IDP_ADAPTER", - "allowLists": [ - "java.lang.Character$UnicodeBlock", - "groovy.json.JsonSlurper", - "java.util.LinkedList", - "com.sun.identity.saml2.plugins.scripted.ScriptEntitlementInfo", - "java.util.HashMap$Entry", - "com.sun.identity.shared.debug.Debug", - "java.util.HashMap$KeySet", - "java.util.HashMap$KeyIterator", - "java.net.URI", - "java.util.LinkedHashMap$Entry", - "com.sun.identity.common.CaseInsensitiveHashMap", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.lang.StrictMath", - "java.util.Collections$EmptyMap", - "java.lang.String", - "java.lang.Long", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.TreeMap", - "com.sun.identity.saml2.plugins.scripted.IdpAdapterScriptHelper", - "java.util.HashMap", - "org.forgerock.http.client.*", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.lang.Float", - "java.util.Collections$EmptyList", - "java.util.LinkedHashMap", - "java.util.ArrayList", - "com.sun.identity.saml2.assertion.*", - "org.forgerock.http.Client", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.saml2.protocol.impl.*", - "com.sun.identity.saml2.assertion.impl.*", - "com.sun.identity.saml2.common.SAML2Exception", - "java.lang.Character$Subset", - "java.lang.Character", - "java.lang.Double", - "java.lang.Object", - "java.util.TreeSet", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "java.lang.Void", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.util.promise.PromiseImpl", - "java.util.HashSet", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.HashMap$Node", - "org.mozilla.javascript.JavaScriptException", - "java.util.Collections$SingletonList", - "org.codehaus.groovy.runtime.GStringImpl", - "javax.servlet.http.HttpServletResponseWrapper", - "java.util.LinkedHashSet", - "java.io.PrintWriter", - "java.lang.Byte", - "com.iplanet.am.sdk.AMHashMap", - "java.lang.Math", - "java.lang.Short", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.lang.Number", - "com.sun.identity.saml2.protocol.*", - "javax.security.auth.Subject", - "java.lang.Integer", - "java.lang.Boolean", - "javax.servlet.http.HttpServletRequestWrapper", - "groovy.json.internal.LazyMap", - "org.forgerock.json.JsonValue", - "sun.security.ec.ECPrivateKeyImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - ], - "bindings": [], - "evaluatorVersions": { - "GROOVY": [ - "1.0", - ], - "JAVASCRIPT": [ - "1.0", - ], + "baseline-device": { + "_id": "baseline-device", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider", + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid", + ], + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email", + ], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer", + ], + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens", + ], + "supportedSubjectTypes": [ + "public", + "pairwise", + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", + ], + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false, + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256", + ], + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris", + ], + }, + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false, + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8, + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]", + }, }, - }, - "defaultScript": "[Empty]", - "engineConfiguration": { - "_id": "engineConfiguration", "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", - }, - "blackList": [ - "java.lang.Class", - "java.lang.Thread", - "java.lang.invoke.*", - "java.lang.reflect.*", - "java.security.AccessController", - ], - "coreThreads": { - "$int": "&{saml2.idp.adapter.script.context.core.threads|10}", - }, - "idleTimeout": 60, - "maxThreads": { - "$int": "&{saml2.idp.adapter.script.context.max.threads|50}", + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients", }, - "propertyNamePrefix": "esv.", - "queueSize": { - "$int": "&{saml2.idp.adapter.script.context.queue.size|10}", + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [], + "grantTypes": [ + "urn:ietf:params:oauth:grant-type:device_code", + ], + "isConsentImplied": true, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "code", + "token", + "id_token", + "code token", + "token id_token", + "code id_token", + "code token id_token", + "device_code", + "device_code id_token", + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "public", + "tokenEndpointAuthMethod": "none", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null, }, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "com.iplanet.am.sdk.AMHashMap", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.saml2.assertion.*", - "com.sun.identity.saml2.assertion.impl.*", - "com.sun.identity.saml2.common.SAML2Exception", - "com.sun.identity.saml2.plugins.scripted.ScriptEntitlementInfo", - "com.sun.identity.saml2.protocol.*", - "com.sun.identity.saml2.protocol.impl.*", - "com.sun.identity.shared.debug.Debug", - "java.io.PrintWriter", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.util.Collections$EmptyMap", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeMap", - "java.util.TreeSet", - "java.net.URI", - "javax.security.auth.Subject", - "javax.servlet.http.HttpServletRequestWrapper", - "javax.servlet.http.HttpServletResponseWrapper", - "groovy.json.internal.LazyMap", - "groovy.json.JsonSlurper", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.json.JsonValue", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "com.sun.identity.saml2.plugins.scripted.IdpAdapterScriptHelper", - "java.util.List", - "java.util.Map", - "javax.servlet.http.Cookie", - "javax.xml.parsers.DocumentBuilder", - "javax.xml.parsers.DocumentBuilderFactory", - "org.w3c.dom.Document", - "org.w3c.dom.Element", - "org.xml.sax.InputSource", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - ], - }, - "isHidden": false, - "languages": [ - "JAVASCRIPT", - "GROOVY", - ], - }, - "SAML2_IDP_ATTRIBUTE_MAPPER": { - "_id": "SAML2_IDP_ATTRIBUTE_MAPPER", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", - }, - "context": { - "_id": "SAML2_IDP_ATTRIBUTE_MAPPER", - "allowLists": [ - "java.lang.Integer", - "java.lang.Long", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "java.util.HashMap$Entry", - "java.lang.Math", - "org.forgerock.http.client.*", - "com.sun.identity.saml2.assertion.impl.AttributeImpl", - "java.lang.Character", - "java.util.Collections$SingletonList", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "java.lang.Short", - "groovy.json.internal.LazyMap", - "java.util.Collections$EmptyMap", - "org.w3c.dom.Element", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.HashMap$Node", - "java.lang.String", - "java.util.HashMap", - "java.net.URI", - "org.mozilla.javascript.JavaScriptException", - "java.util.HashMap$KeySet", - "javax.xml.parsers.DocumentBuilder", - "java.util.LinkedList", - "java.util.ArrayList$Itr", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.ArrayList", - "java.lang.Void", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.Collections$EmptyList", - "java.util.LinkedHashMap$LinkedEntryIterator", - "org.forgerock.util.promise.PromiseImpl", - "javax.xml.parsers.DocumentBuilderFactory", - "java.util.Collections$1", - "java.lang.Number", - "java.util.LinkedHashMap", - "java.util.TreeMap", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "groovy.json.JsonSlurper", - "com.sun.identity.saml2.common.SAML2Exception", - "java.util.HashSet", - "java.lang.Character$UnicodeBlock", - "java.lang.Float", - "org.xml.sax.InputSource", - "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", - "javax.servlet.http.Cookie", - "java.lang.Character$Subset", - "java.lang.Boolean", - "java.lang.StrictMath", - "com.sun.identity.shared.debug.Debug", - "java.lang.Byte", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "java.util.Collections$UnmodifiableRandomAccessList", - "org.w3c.dom.Document", - "java.lang.Object", - "java.util.LinkedHashSet", - "com.iplanet.am.sdk.AMHashMap", - "org.codehaus.groovy.runtime.GStringImpl", - "java.util.TreeSet", - "org.forgerock.json.JsonValue", - "com.sun.identity.common.CaseInsensitiveHashMap", - "org.forgerock.http.Client", - "java.util.HashMap$KeyIterator", - "java.lang.Double", - "java.util.LinkedHashMap$Entry", - ], - "bindings": [], - "evaluatorVersions": { - "GROOVY": [ - "1.0", + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 0, + "agentgroup": null, + "authorizationCodeLifetime": 0, + "clientName": [ + "Streaming Services", ], - "JAVASCRIPT": [ - "1.0", + "clientType": "Public", + "defaultScopes": [], + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 0, + "scopes": [ + "openid", + "profile", ], + "status": "Active", }, - }, - "defaultScript": "[Empty]", - "engineConfiguration": { - "_id": "engineConfiguration", - "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 0, + "postLogoutRedirectUri": [], }, - "blackList": [ - "java.lang.Class", - "java.lang.Thread", - "java.lang.invoke.*", - "java.lang.reflect.*", - "java.security.AccessController", - ], - "coreThreads": { - "$int": "&{saml2.idp.attribute.mapper.script.context.core.threads|10}", + "coreUmaClientConfig": { + "claimsRedirectionUris": [], }, - "idleTimeout": 60, - "maxThreads": { - "$int": "&{saml2.idp.attribute.mapper.script.context.max.threads|50}", + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "accessTokenModifierClass": null, + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": false, + "customLoginUrlTemplate": null, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsClass": null, + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": false, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]", }, - "propertyNamePrefix": "esv.", - "queueSize": { - "$int": "&{saml2.idp.attribute.mapper.script.context.queue.size|10}", + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null, }, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "com.google.common.collect.ImmutableList", - "com.google.common.collect.Sets$1", - "com.iplanet.am.sdk.AMHashMap", - "com.iplanet.sso.providers.dpro.SSOTokenIDImpl", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.authentication.callbacks.HiddenValueCallback", - "com.sun.identity.authentication.callbacks.ReCaptchaCallback", - "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", - "com.sun.identity.authentication.spi.HttpCallback", - "com.sun.identity.authentication.spi.IdentifiableCallback", - "com.sun.identity.authentication.spi.MetadataCallback", - "com.sun.identity.authentication.spi.PagePropertiesCallback", - "com.sun.identity.authentication.spi.RedirectCallback", - "com.sun.identity.authentication.spi.X509CertificateCallback", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.common.CaseInsensitiveHashMap$Entry", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.idm.IdType", - "com.sun.identity.saml2.assertion.impl.AttributeImpl", - "com.sun.identity.saml2.common.SAML2Exception", - "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.StringEscapeUtils", - "groovy.json.internal.LazyMap", - "java.io.ByteArrayInputStream", - "java.io.ByteArrayOutputStream", - "java.io.UnsupportedEncodingException", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.NullPointerException", - "java.lang.Number", - "java.lang.Object", - "java.lang.RuntimeException", - "java.lang.SecurityException", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.math.BigDecimal", - "java.math.BigInteger", - "java.net.URI", - "java.security.KeyFactory", - "java.security.KeyPair", - "java.security.KeyPairGenerator", - "java.security.KeyPairGenerator$*", - "java.security.MessageDigest", - "java.security.MessageDigest$Delegate", - "java.security.MessageDigest$Delegate$CloneableDelegate", - "java.security.NoSuchAlgorithmException", - "java.security.PrivateKey", - "java.security.PublicKey", - "java.security.cert.CertificateFactory", - "java.security.cert.X509Certificate", - "java.security.spec.MGF1ParameterSpec", - "java.security.spec.PKCS8EncodedKeySpec", - "java.security.spec.X509EncodedKeySpec", - "java.text.SimpleDateFormat", - "java.time.Clock", - "java.time.Clock$FixedClock", - "java.time.Clock$OffsetClock", - "java.time.Clock$SystemClock", - "java.time.Clock$TickClock", - "java.time.temporal.ChronoUnit", - "java.util.AbstractMap$*", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Arrays", - "java.util.Collections", - "java.util.Collections$*", - "java.util.Date", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashMap$LinkedKeySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "java.util.UUID", - "javax.crypto.Cipher", - "javax.crypto.Mac", - "javax.crypto.spec.IvParameterSpec", - "javax.crypto.spec.OAEPParameterSpec", - "javax.crypto.spec.PSource", - "javax.crypto.spec.PSource$*", - "javax.crypto.spec.SecretKeySpec", - "javax.security.auth.callback.ChoiceCallback", - "javax.security.auth.callback.ConfirmationCallback", - "javax.security.auth.callback.LanguageCallback", - "javax.security.auth.callback.NameCallback", - "javax.security.auth.callback.PasswordCallback", - "javax.security.auth.callback.TextInputCallback", - "javax.security.auth.callback.TextOutputCallback", - "org.apache.groovy.json.internal.LazyMap", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.guice.core.IdentityProvider", - "org.forgerock.guice.core.InjectorHolder", - "org.forgerock.http.Client", - "org.forgerock.http.Context", - "org.forgerock.http.Handler", - "org.forgerock.http.client.*", - "org.forgerock.http.context.RootContext", - "org.forgerock.http.header.*", - "org.forgerock.http.header.authorization.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.json.jose.builders.EncryptedJwtBuilder", - "org.forgerock.json.jose.builders.EncryptedThenSignedJwtBuilder", - "org.forgerock.json.jose.builders.JweHeaderBuilder", - "org.forgerock.json.jose.builders.JwsHeaderBuilder", - "org.forgerock.json.jose.builders.JwtBuilderFactory", - "org.forgerock.json.jose.builders.SignedJwtBuilderImpl", - "org.forgerock.json.jose.builders.SignedThenEncryptedJwtBuilder", - "org.forgerock.json.jose.builders.SignedThenEncryptedJwtHeaderBuilder", - "org.forgerock.json.jose.jwe.EncryptedJwt", - "org.forgerock.json.jose.jwe.EncryptionMethod", - "org.forgerock.json.jose.jwe.JweAlgorithm", - "org.forgerock.json.jose.jwe.SignedThenEncryptedJwt", - "org.forgerock.json.jose.jwk.JWKSet", - "org.forgerock.json.jose.jwk.RsaJWK", - "org.forgerock.json.jose.jws.EncryptedThenSignedJwt", - "org.forgerock.json.jose.jws.JwsAlgorithm", - "org.forgerock.json.jose.jws.JwsHeader", - "org.forgerock.json.jose.jws.SignedEncryptedJwt", - "org.forgerock.json.jose.jws.SignedJwt", - "org.forgerock.json.jose.jws.SigningManager", - "org.forgerock.json.jose.jws.handlers.HmacSigningHandler", - "org.forgerock.json.jose.jws.handlers.RSASigningHandler", - "org.forgerock.json.jose.jws.handlers.SecretHmacSigningHandler", - "org.forgerock.json.jose.jws.handlers.SecretRSASigningHandler", - "org.forgerock.json.jose.jwt.JwtClaimsSet", - "org.forgerock.macaroons.Macaroon", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.GrantType", - "org.forgerock.oauth2.core.StatefulAccessToken", - "org.forgerock.oauth2.core.UserInfoClaims", - "org.forgerock.oauth2.core.exceptions.InvalidRequestException", - "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", - "org.forgerock.openam.auth.node.api.Action", - "org.forgerock.openam.auth.node.api.Action$ActionBuilder", - "org.forgerock.openam.auth.node.api.NodeState", - "org.forgerock.openam.auth.node.api.SuspendedTextOutputCallback", - "org.forgerock.openam.auth.nodes.IdentityProvider", - "org.forgerock.openam.auth.nodes.InjectorHolder", - "org.forgerock.openam.authentication.callbacks.AbstractValidatedCallback", - "org.forgerock.openam.authentication.callbacks.AttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.ConsentMappingCallback", - "org.forgerock.openam.authentication.callbacks.DeviceProfileCallback", - "org.forgerock.openam.authentication.callbacks.IdPCallback", - "org.forgerock.openam.authentication.callbacks.KbaCreateCallback", - "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", - "org.forgerock.openam.authentication.callbacks.SelectIdPCallback", - "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.TermsAndConditionsCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", - "org.forgerock.openam.authentication.modules.scripted.*", - "org.forgerock.openam.core.rest.authn.callbackhandlers.*", - "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", - "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", - "org.forgerock.openam.oauth2.OpenAMAccessToken", - "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", - "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", - "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.ScriptedIdentity", - "org.forgerock.openam.scripting.api.ScriptedSession", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.scripting.api.secrets.Secret", - "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", - "org.forgerock.openam.shared.security.ThreadLocalSecureRandom", - "org.forgerock.openidconnect.Claim", - "org.forgerock.openidconnect.OpenIdConnectToken", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.forgerock.secrets.SecretBuilder", - "org.forgerock.secrets.keys.SigningKey", - "org.forgerock.secrets.keys.VerificationKey", - "org.forgerock.util.encode.Base64", - "org.forgerock.util.encode.Base64url", - "org.forgerock.util.encode.Hex", - "org.forgerock.util.promise.NeverThrowsException", - "org.forgerock.util.promise.Promise", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.ConsString", - "org.mozilla.javascript.JavaScriptException", - "org.mozilla.javascript.WrappedException", - "sun.security.ec.ECPrivateKeyImpl", - "sun.security.rsa.RSAPrivateCrtKeyImpl", - "sun.security.rsa.RSAPublicKeyImpl", - "sun.security.x509.X500Name", - "sun.security.x509.X509CertImpl", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.openam.auth.nodes.VerifyTransactionsHelper", - ], - }, - "isHidden": false, - "languages": [ - "JAVASCRIPT", - "GROOVY", - ], - }, - "SAML2_NAMEID_MAPPER": { - "_id": "SAML2_NAMEID_MAPPER", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", }, - "context": { - "_id": "SAML2_NAMEID_MAPPER", - "allowLists": [ - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.util.promise.Promises$*", - "java.lang.Object", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$EmptyMap", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeMap", - "java.util.TreeSet", - "java.net.URI", - "com.sun.identity.common.CaseInsensitiveHashMap", - "org.forgerock.json.JsonValue", - "org.mozilla.javascript.JavaScriptException", - "javax.servlet.http.Cookie", - "org.xml.sax.InputSource", - "java.security.cert.CertificateFactory", - "com.iplanet.am.sdk.AMHashMap", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.io.PrintWriter", - "javax.security.auth.Subject", - "javax.servlet.http.HttpServletRequestWrapper", - "javax.servlet.http.HttpServletResponseWrapper", - "sun.security.ec.ECPrivateKeyImpl", - ], - "bindings": [ - { - "elements": [ - { - "elementType": "method", - "name": "send", - "parameters": [ - { - "javaScriptType": "string", - "name": "uri", - }, - { - "javaScriptType": "object", - "name": "requestOptions", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "send", - "parameters": [ - { - "javaScriptType": "string", - "name": "uri", - }, - ], - "returnType": "object", - }, - ], - "javaClass": "org.forgerock.openam.scripting.wrappers.HttpClientScriptWrapper", - "javaScriptType": "object", - "name": "httpClient", + "baseline-ios-sdk": { + "_id": "baseline-ios-sdk", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider", }, - { - "elements": [ - { - "elementType": "method", - "name": "getName", - "parameters": [], - "returnType": "string", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "isTraceEnabled", - "parameters": [], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "isDebugEnabled", - "parameters": [], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "isErrorEnabled", - "parameters": [], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "isInfoEnabled", - "parameters": [], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "isWarnEnabled", - "parameters": [], - "returnType": "boolean", - }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid", ], - "javaClass": "org.forgerock.openam.scripting.logging.ScriptedLoggerWrapper", - "javaScriptType": "object", - "name": "logger", - }, - { - "elements": [ - { - "elementType": "method", - "name": "getGenericSecret", - "parameters": [ - { - "javaScriptType": "string", - "name": "secretId", - }, - ], - "returnType": "object", - }, + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email", ], - "javaClass": "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "javaScriptType": "object", - "name": "secrets", - }, - { - "javaScriptType": "unknown", - "name": "nameIDScriptHelper", - }, - { - "elements": [ - { - "elementType": "method", - "name": "getName", - "parameters": [], - "returnType": "string", - }, - { - "elementType": "method", - "name": "store", - "parameters": [], - "returnType": "void", - }, - { - "elementType": "method", - "name": "setAttribute", - "parameters": [ - { - "javaScriptType": "string", - "name": "attributeName", - }, - { - "javaScriptType": "array", - "name": "attributeValues", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "addAttribute", - "parameters": [ - { - "javaScriptType": "string", - "name": "attributeName", - }, - { - "javaScriptType": "string", - "name": "attributeValue", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "getAttributeValues", - "parameters": [ - { - "javaScriptType": "string", - "name": "attributeName", - }, - ], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getUniversalId", - "parameters": [], - "returnType": "string", - }, + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer", + ], + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens", + ], + "supportedSubjectTypes": [ + "public", + "pairwise", + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", ], - "javaClass": "org.forgerock.openam.scripting.api.identity.ScriptedIdentityScriptWrapper", - "javaScriptType": "object", - "name": "identity", }, - { - "elements": [ - { - "elementType": "field", - "elements": [ - { - "elementType": "method", - "name": "randomUUID", - "parameters": [], - "returnType": "string", - }, - { - "elementType": "method", - "name": "getRandomValues", - "parameters": [ - { - "javaScriptType": "array", - "name": "array", - }, - ], - "returnType": "array", - }, - ], - "javaClass": "org.forgerock.openam.scripting.bindings.ScriptCryptoService", - "javaScriptType": "object", - "name": "crypto", - }, - { - "elementType": "field", - "elements": [ - { - "elementType": "method", - "name": "decode", - "parameters": [ - { - "javaScriptType": "string", - "name": "toDecode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "encode", - "parameters": [ - { - "javaScriptType": "string", - "name": "toEncode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "atob", - "parameters": [ - { - "javaScriptType": "string", - "name": "toDecode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "btoa", - "parameters": [ - { - "javaScriptType": "string", - "name": "toEncode", - }, - ], - "returnType": "string", - }, - ], - "javaClass": "org.forgerock.openam.scripting.bindings.ScriptBase64Service", - "javaScriptType": "object", - "name": "base64", - }, - { - "elementType": "field", - "elements": [ - { - "elementType": "method", - "name": "decode", - "parameters": [ - { - "javaScriptType": "string", - "name": "toDecode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "encode", - "parameters": [ - { - "javaScriptType": "string", - "name": "toEncode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "atob", - "parameters": [ - { - "javaScriptType": "string", - "name": "toDecode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "btoa", - "parameters": [ - { - "javaScriptType": "string", - "name": "toEncode", - }, - ], - "returnType": "string", - }, - ], - "javaClass": "org.forgerock.openam.scripting.bindings.ScriptBase64UrlService", - "javaScriptType": "object", - "name": "base64url", - }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", ], - "javaClass": "org.forgerock.openam.scripting.bindings.ScriptUtilityService", - "javaScriptType": "object", - "name": "utils", + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false, }, - { - "javaScriptType": "string", - "name": "nameIDFormat", + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256", + ], }, - { - "javaScriptType": "string", - "name": "scriptName", + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris", + ], }, - { - "javaScriptType": "string", - "name": "realm", + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], }, - { - "javaScriptType": "string", - "name": "remoteEntityId", + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false, }, - { - "elements": [ - { - "elementType": "method", - "name": "update", - "parameters": [ - { - "javaScriptType": "string", - "name": "id", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "value", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "update", - "parameters": [ - { - "javaScriptType": "string", - "name": "id", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "value", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "update", - "parameters": [ - { - "javaScriptType": "string", - "name": "id", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "value", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "read", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "read", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "read", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "delete", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "delete", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "delete", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "action", - "parameters": [ - { - "javaScriptType": "string", - "name": "resource", - }, - { - "javaScriptType": "string", - "name": "actionName", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "action", - "parameters": [ - { - "javaScriptType": "string", - "name": "resource", - }, - { - "javaScriptType": "string", - "name": "actionName", - }, - { - "javaScriptType": "object", - "name": "content", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "action", - "parameters": [ - { - "javaScriptType": "string", - "name": "resource", - }, - { - "javaScriptType": "string", - "name": "actionName", - }, - { - "javaScriptType": "object", - "name": "content", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "action", - "parameters": [ - { - "javaScriptType": "string", - "name": "resource", - }, - { - "javaScriptType": "string", - "name": "actionName", - }, - { - "javaScriptType": "object", - "name": "content", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "query", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "query", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "create", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "newResourceId", - }, - { - "javaScriptType": "object", - "name": "content", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "create", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "newResourceId", - }, - { - "javaScriptType": "object", - "name": "content", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "create", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "newResourceId", - }, - { - "javaScriptType": "object", - "name": "content", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "patch", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "array", - "name": "patch", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "patch", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "array", - "name": "patch", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "patch", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "array", - "name": "patch", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", ], - "javaClass": "org.forgerock.openam.scripting.wrappers.IdmIntegrationServiceScriptWrapper", - "javaScriptType": "object", - "name": "openidm", }, - { - "javaScriptType": "string", - "name": "hostedEntityId", + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8, }, - { - "javaScriptType": "string", - "name": "cookieName", + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]", }, - ], - "evaluatorVersions": { - "JAVASCRIPT": [ - "2.0", - ], }, - }, - "defaultScript": "[Empty]", - "engineConfiguration": { - "_id": "engineConfiguration", "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients", }, - "blackList": [ - "java.lang.Class", - "java.security.AccessController", - "java.lang.reflect.*", - ], - "coreThreads": 10, - "idleTimeout": 60, - "maxThreads": 50, - "propertyNamePrefix": "script", - "queueSize": 10, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "java.lang.Float", - "org.forgerock.http.protocol.Header", - "java.lang.Integer", - "org.forgerock.http.Client", - "java.lang.Character$UnicodeBlock", - "java.lang.Character", - "java.lang.Long", - "java.lang.Short", - "java.util.Map", - "org.forgerock.http.client.*", - "java.lang.Math", - "org.forgerock.opendj.ldap.Dn", - "java.lang.Byte", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "java.lang.StrictMath", - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.http.Context", - "java.lang.Void", - "org.codehaus.groovy.runtime.GStringImpl", - "groovy.json.JsonSlurper", - "org.forgerock.http.protocol.Request", - "org.forgerock.http.protocol.Entity", - "org.forgerock.http.context.RootContext", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "java.util.List", - "org.forgerock.http.protocol.RequestCookies", - "org.forgerock.http.protocol.Responses", - "org.forgerock.util.promise.Promise", - "java.util.HashMap$KeyIterator", - "com.sun.identity.shared.debug.Debug", - "java.lang.Double", - "org.forgerock.http.protocol.Headers", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.http.protocol.Status", - "java.util.HashMap", - "java.lang.Character$Subset", - "java.util.TreeSet", - "java.util.ArrayList", - "java.util.HashSet", - "java.util.LinkedHashMap", - "org.forgerock.http.protocol.ResponseException", - "java.util.Collections$UnmodifiableRandomAccessList", - "org.forgerock.http.protocol.Message", - "java.lang.Boolean", - "java.lang.String", - "java.lang.Number", - "java.util.LinkedList", - "java.util.LinkedHashSet", - "org.forgerock.http.protocol.Response", - "org.forgerock.util.promise.NeverThrowsException", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.util.TreeMap", - "java.util.Collections$EmptyList", - "org.forgerock.openam.scripting.api.ScriptedSession", - "java.util.Collections$UnmodifiableCollection$1", - "org.forgerock.http.Handler", - "java.lang.Object", - "org.forgerock.http.protocol.Form", - ], - }, - "isHidden": false, - "languages": [ - "JAVASCRIPT", - ], - }, - "SAML2_SP_ADAPTER": { - "_id": "SAML2_SP_ADAPTER", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", - }, - "context": { - "_id": "SAML2_SP_ADAPTER", - "allowLists": [ - "java.lang.Character$UnicodeBlock", - "groovy.json.JsonSlurper", - "java.util.LinkedList", - "com.sun.identity.saml2.plugins.scripted.ScriptEntitlementInfo", - "java.util.HashMap$Entry", - "com.sun.identity.shared.debug.Debug", - "java.util.HashMap$KeySet", - "java.util.HashMap$KeyIterator", - "java.net.URI", - "java.util.LinkedHashMap$Entry", - "com.sun.identity.common.CaseInsensitiveHashMap", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.lang.StrictMath", - "java.util.Collections$EmptyMap", - "java.lang.String", - "java.lang.Long", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.TreeMap", - "com.sun.identity.saml2.plugins.scripted.SpAdapterScriptHelper", - "java.util.HashMap", - "org.forgerock.http.client.*", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.lang.Float", - "java.util.Collections$EmptyList", - "java.util.LinkedHashMap", - "java.util.ArrayList", - "com.sun.identity.saml2.assertion.*", - "org.forgerock.http.Client", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.saml2.protocol.impl.*", - "com.sun.identity.saml2.assertion.impl.*", - "com.sun.identity.saml2.common.SAML2Exception", - "java.lang.Character$Subset", - "java.lang.Character", - "java.lang.Double", - "java.lang.Object", - "java.util.TreeSet", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "java.lang.Void", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.util.promise.PromiseImpl", - "java.util.HashSet", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.HashMap$Node", - "org.mozilla.javascript.JavaScriptException", - "java.util.Collections$SingletonList", - "org.codehaus.groovy.runtime.GStringImpl", - "javax.servlet.http.HttpServletResponseWrapper", - "java.util.LinkedHashSet", - "java.io.PrintWriter", - "java.lang.Byte", - "com.iplanet.am.sdk.AMHashMap", - "java.lang.Math", - "java.lang.Short", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.lang.Number", - "com.sun.identity.saml2.protocol.*", - "javax.security.auth.Subject", - "java.lang.Integer", - "java.lang.Boolean", - "javax.servlet.http.HttpServletRequestWrapper", - "groovy.json.internal.LazyMap", - "org.forgerock.json.JsonValue", - "sun.security.ec.ECPrivateKeyImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - ], - "bindings": [], - "evaluatorVersions": { - "GROOVY": [ - "1.0", + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [], + "grantTypes": [ + "authorization_code", + "refresh_token", ], - "JAVASCRIPT": [ - "1.0", + "isConsentImplied": true, + "javascriptOrigins": [ + "forgerock://oidc_callback", + ], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "code", + "token", + "id_token", ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "public", + "tokenEndpointAuthMethod": "none", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null, }, - }, - "defaultScript": "[Empty]", - "engineConfiguration": { - "_id": "engineConfiguration", - "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 0, + "agentgroup": null, + "authorizationCodeLifetime": 0, + "clientName": [], + "clientType": "Public", + "defaultScopes": [], + "loopbackInterfaceRedirection": false, + "redirectionUris": [ + "forgerock://oidc_callback", + ], + "refreshTokenLifetime": 0, + "scopes": [ + "openid", + "profile", + "address", + "phone", + "email", + "fr:idm:*", + ], + "status": "Active", }, - "blackList": [ - "java.lang.Class", - "java.lang.Thread", - "java.lang.invoke.*", - "java.lang.reflect.*", - "java.security.AccessController", - ], - "coreThreads": { - "$int": "&{saml2.sp.adapter.script.context.core.threads|10}", + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 0, + "postLogoutRedirectUri": [], }, - "idleTimeout": 60, - "maxThreads": { - "$int": "&{saml2.sp.adapter.script.context.max.threads|50}", + "coreUmaClientConfig": { + "claimsRedirectionUris": [], }, - "propertyNamePrefix": "esv.", - "queueSize": { - "$int": "&{saml2.sp.adapter.script.context.queue.size|10}", + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "accessTokenModifierClass": null, + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": false, + "customLoginUrlTemplate": null, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsClass": null, + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": false, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]", + }, + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null, }, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "com.iplanet.am.sdk.AMHashMap", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.saml2.assertion.*", - "com.sun.identity.saml2.assertion.impl.*", - "com.sun.identity.saml2.common.SAML2Exception", - "com.sun.identity.saml2.plugins.scripted.ScriptEntitlementInfo", - "com.sun.identity.saml2.protocol.*", - "com.sun.identity.saml2.protocol.impl.*", - "com.sun.identity.shared.debug.Debug", - "java.io.PrintWriter", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.util.Collections$EmptyMap", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeMap", - "java.util.TreeSet", - "java.net.URI", - "javax.security.auth.Subject", - "javax.servlet.http.HttpServletRequestWrapper", - "javax.servlet.http.HttpServletResponseWrapper", - "groovy.json.internal.LazyMap", - "groovy.json.JsonSlurper", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.json.JsonValue", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "com.sun.identity.saml2.plugins.scripted.SpAdapterScriptHelper", - "java.util.List", - "java.util.Map", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - ], - }, - "isHidden": false, - "languages": [ - "JAVASCRIPT", - ], - }, - "SCRIPTED_DECISION_NODE": { - "_id": "SCRIPTED_DECISION_NODE", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", }, - "context": { - "_id": "SCRIPTED_DECISION_NODE", - "allowLists": [ - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.util.promise.Promises$*", - "java.lang.Object", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.AbstractMap$*", - "java.util.ArrayList", - "java.util.Collections", - "java.util.concurrent.TimeUnit", - "java.util.Collections$*", - "java.util.HashSet", - "java.util.HashMap$KeyIterator", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeSet", - "java.security.KeyPair", - "java.security.KeyPairGenerator", - "java.security.KeyPairGenerator$*", - "java.security.PrivateKey", - "java.security.PublicKey", - "java.security.spec.X509EncodedKeySpec", - "java.security.spec.MGF1ParameterSpec", - "javax.crypto.SecretKeyFactory", - "javax.crypto.spec.OAEPParameterSpec", - "javax.crypto.spec.PBEKeySpec", - "javax.crypto.spec.PSource", - "javax.crypto.spec.PSource$*", - "org.forgerock.json.JsonValue", - "org.forgerock.util.promise.NeverThrowsException", - "java.util.concurrent.ExecutionException", - "java.util.concurrent.TimeoutException", - "org.forgerock.openam.core.rest.authn.callbackhandlers.*", - "com.sun.crypto.provider.PBKDF2KeyImpl", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "sun.security.ec.ECPrivateKeyImpl", - "ch.qos.logback.classic.Logger", - "com.sun.proxy.$*", - "java.util.Date", - "java.security.spec.InvalidKeySpecException", - "org.forgerock.openam.auth.nodes.VerifyTransactionsHelper", - ], - "bindings": [ - { - "elements": [ - { - "elementType": "method", - "name": "getAuthnRequest", - "parameters": [], - "returnType": "object", - }, - { - "elementType": "method", - "name": "getIdpAttributes", - "parameters": [], - "returnType": "object", - }, - { - "elementType": "method", - "name": "getSpAttributes", - "parameters": [], - "returnType": "object", - }, - { - "elementType": "method", - "name": "getFlowInitiator", - "parameters": [], - "returnType": "string", - }, - ], - "javaClass": "org.forgerock.openam.saml2.SAMLScriptedBindingObjectImpl", - "javaScriptType": "object", - "name": "samlApplication", + "baseline-web": { + "_id": "baseline-web", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider", }, - { - "elements": [ - { - "elementType": "method", - "name": "send", - "parameters": [ - { - "javaScriptType": "string", - "name": "uri", - }, - { - "javaScriptType": "object", - "name": "requestOptions", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "send", - "parameters": [ - { - "javaScriptType": "string", - "name": "uri", - }, - ], - "returnType": "object", - }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid", ], - "javaClass": "org.forgerock.openam.scripting.wrappers.HttpClientScriptWrapper", - "javaScriptType": "object", - "name": "httpClient", - }, - { - "elements": [ - { - "elementType": "method", - "name": "getName", - "parameters": [], - "returnType": "string", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "info", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "trace", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "debug", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "error", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "array", - "name": "arguments", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - { - "javaScriptType": "object", - "name": "t", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "msg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg1", - }, - { - "javaScriptType": "object", - "name": "arg2", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "warn", - "parameters": [ - { - "javaScriptType": "string", - "name": "format", - }, - { - "javaScriptType": "object", - "name": "arg", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "isTraceEnabled", - "parameters": [], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "isDebugEnabled", - "parameters": [], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "isErrorEnabled", - "parameters": [], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "isInfoEnabled", - "parameters": [], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "isWarnEnabled", - "parameters": [], - "returnType": "boolean", - }, + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email", ], - "javaClass": "org.forgerock.openam.scripting.logging.ScriptedLoggerWrapper", - "javaScriptType": "object", - "name": "logger", - }, - { - "elements": [], - "javaScriptType": "object", - "name": "requestParameters", - }, - { - "elements": [ - { - "elementType": "method", - "name": "isEmpty", - "parameters": [], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "getChoiceCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getNameCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getPasswordCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getHiddenValueCallbacks", - "parameters": [], - "returnType": "object", - }, - { - "elementType": "method", - "name": "getTextInputCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getStringAttributeInputCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getNumberAttributeInputCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getBooleanAttributeInputCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getConfirmationCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getLanguageCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getIdpCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getValidatedPasswordCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getValidatedUsernameCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getHttpCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getX509CertificateCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getConsentMappingCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getDeviceProfileCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getKbaCreateCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getSelectIdPCallbacks", - "parameters": [], - "returnType": "array", - }, - { - "elementType": "method", - "name": "getTermsAndConditionsCallbacks", - "parameters": [], - "returnType": "array", - }, + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer", ], - "javaClass": "org.forgerock.openam.auth.nodes.script.ScriptedCallbacksWrapper", - "javaScriptType": "object", - "name": "callbacks", - }, - { - "elements": [ - { - "elementType": "method", - "name": "getGenericSecret", - "parameters": [ - { - "javaScriptType": "string", - "name": "secretId", - }, - ], - "returnType": "object", - }, + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens", + ], + "supportedSubjectTypes": [ + "public", + "pairwise", + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", ], - "javaClass": "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "javaScriptType": "object", - "name": "secrets", }, - { - "elements": [ - { - "elementType": "method", - "name": "getIdentity", - "parameters": [ - { - "javaScriptType": "string", - "name": "userName", - }, - ], - "returnType": "object", - }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", ], - "javaClass": "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepositoryScriptWrapper", - "javaScriptType": "object", - "name": "idRepository", + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false, }, - { - "elements": [], - "javaScriptType": "object", - "name": "requestHeaders", + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256", + ], }, - { - "elements": [ - { - "elementType": "method", - "name": "generateJwt", - "parameters": [ - { - "javaScriptType": "object", - "name": "jwtData", - }, - ], - "returnType": "string", - }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris", ], - "javaClass": "org.forgerock.openam.auth.nodes.script.JwtAssertionScriptWrapper", - "javaScriptType": "object", - "name": "jwtAssertion", }, - { - "elements": [ - { - "elementType": "method", - "name": "remove", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "get", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "keys", - "parameters": [], - "returnType": "object", - }, - { - "elementType": "method", - "name": "getObject", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "isDefined", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - ], - "returnType": "boolean", - }, - { - "elementType": "method", - "name": "putShared", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - { - "javaScriptType": "object", - "name": "value", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "mergeShared", - "parameters": [ - { - "javaScriptType": "object", - "name": "object", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "mergeTransient", - "parameters": [ - { - "javaScriptType": "object", - "name": "object", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "putTransient", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - { - "javaScriptType": "object", - "name": "value", - }, - ], - "returnType": "object", - }, + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", ], - "javaClass": "org.forgerock.openam.auth.node.api.NodeStateScriptWrapper", - "javaScriptType": "object", - "name": "nodeState", }, - { - "javaScriptType": "boolean", - "name": "resumedFromSuspend", + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false, }, - { - "elements": [ - { - "elementType": "field", - "elements": [ - { - "elementType": "method", - "name": "randomUUID", - "parameters": [], - "returnType": "string", - }, - { - "elementType": "method", - "name": "getRandomValues", - "parameters": [ - { - "javaScriptType": "array", - "name": "array", - }, - ], - "returnType": "array", - }, - ], - "javaClass": "org.forgerock.openam.scripting.bindings.ScriptCryptoService", - "javaScriptType": "object", - "name": "crypto", - }, - { - "elementType": "field", - "elements": [ - { - "elementType": "method", - "name": "decode", - "parameters": [ - { - "javaScriptType": "string", - "name": "toDecode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "encode", - "parameters": [ - { - "javaScriptType": "string", - "name": "toEncode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "atob", - "parameters": [ - { - "javaScriptType": "string", - "name": "toDecode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "btoa", - "parameters": [ - { - "javaScriptType": "string", - "name": "toEncode", - }, - ], - "returnType": "string", - }, - ], - "javaClass": "org.forgerock.openam.scripting.bindings.ScriptBase64Service", - "javaScriptType": "object", - "name": "base64", - }, - { - "elementType": "field", - "elements": [ - { - "elementType": "method", - "name": "decode", - "parameters": [ - { - "javaScriptType": "string", - "name": "toDecode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "encode", - "parameters": [ - { - "javaScriptType": "string", - "name": "toEncode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "atob", - "parameters": [ - { - "javaScriptType": "string", - "name": "toDecode", - }, - ], - "returnType": "string", - }, - { - "elementType": "method", - "name": "btoa", - "parameters": [ - { - "javaScriptType": "string", - "name": "toEncode", - }, - ], - "returnType": "string", - }, - ], - "javaClass": "org.forgerock.openam.scripting.bindings.ScriptBase64UrlService", - "javaScriptType": "object", - "name": "base64url", - }, - ], - "javaClass": "org.forgerock.openam.scripting.bindings.ScriptUtilityService", - "javaScriptType": "object", - "name": "utils", - }, - { - "elements": [ - { - "elementType": "method", - "name": "suspend", - "parameters": [ - { - "javaScriptType": "string", - "name": "callbackTextFormat", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "suspend", - "parameters": [ - { - "javaScriptType": "string", - "name": "callbackTextFormat", - }, - { - "javaScriptType": "object", - "name": "additionalLogic", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "withIdentifiedUser", - "parameters": [ - { - "javaScriptType": "string", - "name": "username", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "withIdentifiedAgent", - "parameters": [ - { - "javaScriptType": "string", - "name": "agentName", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "goTo", - "parameters": [ - { - "javaScriptType": "string", - "name": "outcome", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "putSessionProperty", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - { - "javaScriptType": "string", - "name": "value", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "withHeader", - "parameters": [ - { - "javaScriptType": "string", - "name": "header", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "withDescription", - "parameters": [ - { - "javaScriptType": "string", - "name": "description", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "withStage", - "parameters": [ - { - "javaScriptType": "string", - "name": "stage", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "withErrorMessage", - "parameters": [ - { - "javaScriptType": "string", - "name": "errorMessage", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "withLockoutMessage", - "parameters": [ - { - "javaScriptType": "string", - "name": "lockoutMessage", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "removeSessionProperty", - "parameters": [ - { - "javaScriptType": "string", - "name": "key", - }, - ], - "returnType": "object", - }, - ], - "javaClass": "org.forgerock.openam.auth.nodes.script.ActionWrapper", - "javaScriptType": "object", - "name": "action", - }, - { - "javaScriptType": "string", - "name": "scriptName", - }, - { - "javaScriptType": "string", - "name": "realm", - }, - { - "elements": [ - { - "elementType": "method", - "name": "validateJwtClaims", - "parameters": [ - { - "javaScriptType": "object", - "name": "jwtData", - }, - ], - "returnType": "object", - }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", ], - "javaClass": "org.forgerock.openam.auth.nodes.script.JwtValidatorScriptWrapper", - "javaScriptType": "object", - "name": "jwtValidator", - }, - { - "elements": [ - { - "elementType": "method", - "name": "httpCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "authRHeader", - }, - { - "javaScriptType": "string", - "name": "negoName", - }, - { - "javaScriptType": "string", - "name": "negoValue", - }, - { - "javaScriptType": "number", - "name": "errorCode", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "httpCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "authorizationHeader", - }, - { - "javaScriptType": "string", - "name": "negotiationHeader", - }, - { - "javaScriptType": "string", - "name": "errorCode", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "consentMappingCallback", - "parameters": [ - { - "javaScriptType": "object", - "name": "config", - }, - { - "javaScriptType": "string", - "name": "message", - }, - { - "javaScriptType": "boolean", - "name": "isRequired", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "consentMappingCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "displayName", - }, - { - "javaScriptType": "string", - "name": "icon", - }, - { - "javaScriptType": "string", - "name": "accessLevel", - }, - { - "javaScriptType": "array", - "name": "titles", - }, - { - "javaScriptType": "string", - "name": "message", - }, - { - "javaScriptType": "boolean", - "name": "isRequired", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "deviceProfileCallback", - "parameters": [ - { - "javaScriptType": "boolean", - "name": "metadata", - }, - { - "javaScriptType": "boolean", - "name": "location", - }, - { - "javaScriptType": "string", - "name": "message", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "kbaCreateCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "array", - "name": "predefinedQuestions", - }, - { - "javaScriptType": "boolean", - "name": "allowUserDefinedQuestions", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "selectIdPCallback", - "parameters": [ - { - "javaScriptType": "object", - "name": "providers", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "termsAndConditionsCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "version", - }, - { - "javaScriptType": "string", - "name": "terms", - }, - { - "javaScriptType": "string", - "name": "createDate", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "suspendedTextOutputCallback", - "parameters": [ - { - "javaScriptType": "number", - "name": "messageType", - }, - { - "javaScriptType": "string", - "name": "message", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "textInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "textInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "string", - "name": "defaultText", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "scriptTextOutputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "message", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "metadataCallback", - "parameters": [ - { - "javaScriptType": "object", - "name": "outputValue", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "stringAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "string", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - { - "javaScriptType": "array", - "name": "failedPolicies", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "stringAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "string", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "stringAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "string", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "stringAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "string", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - { - "javaScriptType": "array", - "name": "failedPolicies", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "numberAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "number", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "numberAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "number", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "numberAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "number", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - { - "javaScriptType": "array", - "name": "failedPolicies", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "numberAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "number", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - { - "javaScriptType": "array", - "name": "failedPolicies", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "booleanAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "boolean", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "booleanAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "boolean", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "booleanAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "boolean", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - { - "javaScriptType": "array", - "name": "failedPolicies", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "booleanAttributeInputCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "name", - }, - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "boolean", - "name": "value", - }, - { - "javaScriptType": "boolean", - "name": "required", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - { - "javaScriptType": "array", - "name": "failedPolicies", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "languageCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "language", - }, - { - "javaScriptType": "string", - "name": "country", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "idPCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "provider", - }, - { - "javaScriptType": "string", - "name": "clientId", - }, - { - "javaScriptType": "string", - "name": "redirectUri", - }, - { - "javaScriptType": "array", - "name": "scope", - }, - { - "javaScriptType": "string", - "name": "nonce", - }, - { - "javaScriptType": "string", - "name": "request", - }, - { - "javaScriptType": "string", - "name": "requestUri", - }, - { - "javaScriptType": "array", - "name": "acrValues", - }, - { - "javaScriptType": "boolean", - "name": "requestNativeAppForUserInfo", - }, - { - "javaScriptType": "string", - "name": "token", - }, - { - "javaScriptType": "string", - "name": "tokenType", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "idPCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "provider", - }, - { - "javaScriptType": "string", - "name": "clientId", - }, - { - "javaScriptType": "string", - "name": "redirectUri", - }, - { - "javaScriptType": "array", - "name": "scope", - }, - { - "javaScriptType": "string", - "name": "nonce", - }, - { - "javaScriptType": "string", - "name": "request", - }, - { - "javaScriptType": "string", - "name": "requestUri", - }, - { - "javaScriptType": "array", - "name": "acrValues", - }, - { - "javaScriptType": "boolean", - "name": "requestNativeAppForUserInfo", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "x509CertificateCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "object", - "name": "certificate", - }, - { - "javaScriptType": "boolean", - "name": "requestSignature", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "x509CertificateCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "object", - "name": "certificate", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "x509CertificateCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "choiceCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "array", - "name": "choices", - }, - { - "javaScriptType": "number", - "name": "defaultChoice", - }, - { - "javaScriptType": "boolean", - "name": "multipleSelectionsAllowed", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "redirectCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "redirectUrl", - }, - { - "javaScriptType": "object", - "name": "redirectData", - }, - { - "javaScriptType": "string", - "name": "method", - }, - { - "javaScriptType": "boolean", - "name": "setTrackingCookie", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "redirectCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "redirectUrl", - }, - { - "javaScriptType": "object", - "name": "redirectData", - }, - { - "javaScriptType": "string", - "name": "method", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "redirectCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "redirectUrl", - }, - { - "javaScriptType": "object", - "name": "redirectData", - }, - { - "javaScriptType": "string", - "name": "method", - }, - { - "javaScriptType": "string", - "name": "statusParameter", - }, - { - "javaScriptType": "string", - "name": "redirectBackUrlCookie", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "redirectCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "redirectUrl", - }, - { - "javaScriptType": "object", - "name": "redirectData", - }, - { - "javaScriptType": "string", - "name": "method", - }, - { - "javaScriptType": "string", - "name": "statusParameter", - }, - { - "javaScriptType": "string", - "name": "redirectBackUrlCookie", - }, - { - "javaScriptType": "boolean", - "name": "setTrackingCookie", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "hiddenValueCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "id", - }, - { - "javaScriptType": "string", - "name": "value", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "nameCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "nameCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "string", - "name": "defaultName", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "passwordCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "boolean", - "name": "echoOn", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "confirmationCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "number", - "name": "messageType", - }, - { - "javaScriptType": "number", - "name": "optionType", - }, - { - "javaScriptType": "number", - "name": "defaultOption", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "confirmationCallback", - "parameters": [ - { - "javaScriptType": "number", - "name": "messageType", - }, - { - "javaScriptType": "number", - "name": "optionType", - }, - { - "javaScriptType": "number", - "name": "defaultOption", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "confirmationCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "number", - "name": "messageType", - }, - { - "javaScriptType": "array", - "name": "options", - }, - { - "javaScriptType": "number", - "name": "defaultOption", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "confirmationCallback", - "parameters": [ - { - "javaScriptType": "number", - "name": "messageType", - }, - { - "javaScriptType": "array", - "name": "options", - }, - { - "javaScriptType": "number", - "name": "defaultOption", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "pollingWaitCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "waitTime", - }, - { - "javaScriptType": "string", - "name": "message", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "textOutputCallback", - "parameters": [ - { - "javaScriptType": "number", - "name": "messageType", - }, - { - "javaScriptType": "string", - "name": "message", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "validatedPasswordCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "boolean", - "name": "echoOn", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - { - "javaScriptType": "array", - "name": "failedPolicies", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "validatedPasswordCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "boolean", - "name": "echoOn", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "validatedUsernameCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - ], - "returnType": "void", - }, - { - "elementType": "method", - "name": "validatedUsernameCallback", - "parameters": [ - { - "javaScriptType": "string", - "name": "prompt", - }, - { - "javaScriptType": "object", - "name": "policies", - }, - { - "javaScriptType": "boolean", - "name": "validateOnly", - }, - { - "javaScriptType": "array", - "name": "failedPolicies", - }, - ], - "returnType": "void", - }, + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", ], - "javaClass": "org.forgerock.openam.auth.nodes.script.ScriptedCallbacksBuilder", - "javaScriptType": "object", - "name": "callbacksBuilder", - }, - { - "elements": [ - { - "elementType": "method", - "name": "update", - "parameters": [ - { - "javaScriptType": "string", - "name": "id", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "value", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "update", - "parameters": [ - { - "javaScriptType": "string", - "name": "id", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "value", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "update", - "parameters": [ - { - "javaScriptType": "string", - "name": "id", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "value", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "read", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "read", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "read", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "delete", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "delete", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "delete", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "action", - "parameters": [ - { - "javaScriptType": "string", - "name": "resource", - }, - { - "javaScriptType": "string", - "name": "actionName", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "action", - "parameters": [ - { - "javaScriptType": "string", - "name": "resource", - }, - { - "javaScriptType": "string", - "name": "actionName", - }, - { - "javaScriptType": "object", - "name": "content", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "action", - "parameters": [ - { - "javaScriptType": "string", - "name": "resource", - }, - { - "javaScriptType": "string", - "name": "actionName", - }, - { - "javaScriptType": "object", - "name": "content", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "action", - "parameters": [ - { - "javaScriptType": "string", - "name": "resource", - }, - { - "javaScriptType": "string", - "name": "actionName", - }, - { - "javaScriptType": "object", - "name": "content", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "query", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "query", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "create", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "newResourceId", - }, - { - "javaScriptType": "object", - "name": "content", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "create", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "newResourceId", - }, - { - "javaScriptType": "object", - "name": "content", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "create", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "newResourceId", - }, - { - "javaScriptType": "object", - "name": "content", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "patch", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "array", - "name": "patch", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "patch", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "array", - "name": "patch", - }, - { - "javaScriptType": "object", - "name": "params", - }, - { - "javaScriptType": "array", - "name": "fields", - }, - ], - "returnType": "object", - }, - { - "elementType": "method", - "name": "patch", - "parameters": [ - { - "javaScriptType": "string", - "name": "resourceName", - }, - { - "javaScriptType": "string", - "name": "rev", - }, - { - "javaScriptType": "array", - "name": "patch", - }, - { - "javaScriptType": "object", - "name": "params", - }, - ], - "returnType": "object", - }, + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", ], - "javaClass": "org.forgerock.openam.scripting.wrappers.IdmIntegrationServiceScriptWrapper", - "javaScriptType": "object", - "name": "openidm", }, - { - "elements": [], - "javaScriptType": "object", - "name": "requestCookies", + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8, }, - { - "javaScriptType": "string", - "name": "cookieName", + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]", }, - ], - "evaluatorVersions": { - "JAVASCRIPT": [ - "2.0", - ], }, - }, - "defaultScript": "11e1a3c0-038b-4c16-956a-6c9d89328cff", - "engineConfiguration": { - "_id": "engineConfiguration", "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients", }, - "blackList": [ - "java.lang.Class", - "java.lang.Thread", - "java.lang.invoke.*", - "java.lang.reflect.*", - "java.security.AccessController", - ], - "coreThreads": { - "$int": "&{scripted.decision.node.script.context.core.threads|&{authentication.tree.decision.node.script.context.core.threads|10}}", + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [], + "grantTypes": [ + "authorization_code", + "refresh_token", + ], + "isConsentImplied": true, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "code", + "token", + "id_token", + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "public", + "tokenEndpointAuthMethod": "none", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null, }, - "idleTimeout": 60, - "maxThreads": { - "$int": "&{scripted.decision.node.script.context.max.threads|&{authentication.tree.decision.node.script.context.max.threads|50}}", + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 0, + "agentgroup": null, + "authorizationCodeLifetime": 0, + "clientName": [], + "clientType": "Public", + "defaultScopes": [], + "loopbackInterfaceRedirection": false, + "redirectionUris": [ + "https://sdkapp.example.com:8443", + "https://volker-demo.encore.forgerock.com/demo/webapp/en/home", + "https://volker-demo.encore.forgerock.com/demo/sdks", + "forgerock://oidc_callback", + ], + "refreshTokenLifetime": 0, + "scopes": [ + "openid", + "profile", + "address", + "phone", + "email", + "fr:idm:*", + ], + "status": "Active", }, - "propertyNamePrefix": "esv.", - "queueSize": { - "$int": "&{scripted.decision.node.script.context.queue.size|&{authentication.tree.decision.node.script.context.queue.size|10}}", + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 0, + "postLogoutRedirectUri": [ + "https://sdkapp.example.com:8443", + "https://volker-demo.encore.forgerock.com/demo/webapp/en/home", + "https://volker-demo.encore.forgerock.com/demo/sdks", + "forgerock://oidc_callback", + ], }, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "jdk.proxy*", - "org.mozilla.javascript.WrappedException", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.util.List", - "java.util.Map", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "org.mozilla.javascript.JavaScriptException", - ], - }, - "isHidden": false, - "languages": [ - "JAVASCRIPT", - ], - }, - "SOCIAL_IDP_PROFILE_TRANSFORMATION": { - "_id": "SOCIAL_IDP_PROFILE_TRANSFORMATION", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", - }, - "context": { - "_id": "SOCIAL_IDP_PROFILE_TRANSFORMATION", - "allowLists": [ - "com.sun.identity.shared.debug.Debug", - "java.lang.Long", - "java.lang.String", - "java.util.LinkedList", - "org.forgerock.json.JsonValue", - "com.sun.identity.idm.AMIdentity", - "java.util.ArrayList$Itr", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.TreeMap", - "java.util.ArrayList", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashMap", - "sun.security.ec.ECPrivateKeyImpl", - "java.lang.Void", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.lang.Integer", - "java.util.HashMap", - "java.lang.Math", - "org.mozilla.javascript.JavaScriptException", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "java.util.List", - "org.forgerock.oauth2.core.UserInfoClaims", - "java.lang.Character", - "java.lang.Float", - "groovy.json.JsonSlurper", - "java.lang.Short", - "org.forgerock.util.promise.PromiseImpl", - "java.util.Map", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "java.lang.Byte", - "java.lang.Double", - "org.forgerock.http.client.*", - "java.util.HashMap$KeyIterator", - "java.lang.Character$Subset", - "java.lang.StrictMath", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "java.util.Collections$UnmodifiableCollection$1", - "org.forgerock.opendj.ldap.Rdn", - "java.util.Collections$EmptyList", - "java.util.HashMap$Node", - "org.forgerock.oauth.clients.oidc.Claim", - "java.util.HashMap$Entry", - "java.util.Locale", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.codehaus.groovy.runtime.GStringImpl", - "java.util.Collections$1", - "java.util.TreeSet", - "java.util.LinkedHashSet", - "java.util.AbstractMap$SimpleImmutableEntry", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "java.util.Collections$SingletonList", - "java.lang.Boolean", - "java.util.HashSet", - "java.lang.Number", - "java.lang.Object", - "java.util.LinkedHashMap$Entry", - "org.forgerock.http.protocol.Entity", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.lang.Character$UnicodeBlock", - "org.forgerock.http.protocol.Request", - "org.forgerock.http.protocol.Response", - ], - "bindings": [], - "evaluatorVersions": { - "GROOVY": [ - "1.0", - ], - "JAVASCRIPT": [ - "1.0", - ], - }, - }, - "defaultScript": "1d475815-72cb-42eb-aafd-4026989d28a7", - "engineConfiguration": { - "_id": "engineConfiguration", - "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", - }, - "blackList": [ - "java.lang.Class", - "java.lang.Thread", - "java.lang.invoke.*", - "java.lang.reflect.*", - "java.security.AccessController", - ], - "coreThreads": { - "$int": "&{social.idp.profile.transformation.script.context.core.threads|10}", + "coreUmaClientConfig": { + "claimsRedirectionUris": [], }, - "idleTimeout": 60, - "maxThreads": { - "$int": "&{social.idp.profile.transformation.script.context.max.threads|50}", + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "accessTokenModifierClass": null, + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": false, + "customLoginUrlTemplate": null, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsClass": null, + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": false, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]", }, - "propertyNamePrefix": "esv.", - "queueSize": { - "$int": "&{social.idp.profile.transformation.script.context.queue.size|10}", + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null, }, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "com.google.common.collect.ImmutableList", - "com.google.common.collect.Sets$1", - "com.iplanet.am.sdk.AMHashMap", - "com.iplanet.sso.providers.dpro.SSOTokenIDImpl", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.authentication.callbacks.HiddenValueCallback", - "com.sun.identity.authentication.callbacks.ReCaptchaCallback", - "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", - "com.sun.identity.authentication.spi.HttpCallback", - "com.sun.identity.authentication.spi.IdentifiableCallback", - "com.sun.identity.authentication.spi.MetadataCallback", - "com.sun.identity.authentication.spi.PagePropertiesCallback", - "com.sun.identity.authentication.spi.RedirectCallback", - "com.sun.identity.authentication.spi.X509CertificateCallback", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.common.CaseInsensitiveHashMap$Entry", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.idm.IdType", - "com.sun.identity.saml2.assertion.impl.AttributeImpl", - "com.sun.identity.saml2.common.SAML2Exception", - "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.StringEscapeUtils", - "groovy.json.internal.LazyMap", - "java.io.ByteArrayInputStream", - "java.io.ByteArrayOutputStream", - "java.io.UnsupportedEncodingException", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.NullPointerException", - "java.lang.Number", - "java.lang.Object", - "java.lang.RuntimeException", - "java.lang.SecurityException", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.math.BigDecimal", - "java.math.BigInteger", - "java.net.URI", - "java.security.KeyFactory", - "java.security.KeyPair", - "java.security.KeyPairGenerator", - "java.security.KeyPairGenerator$*", - "java.security.MessageDigest", - "java.security.MessageDigest$Delegate", - "java.security.MessageDigest$Delegate$CloneableDelegate", - "java.security.NoSuchAlgorithmException", - "java.security.PrivateKey", - "java.security.PublicKey", - "java.security.cert.CertificateFactory", - "java.security.cert.X509Certificate", - "java.security.spec.MGF1ParameterSpec", - "java.security.spec.PKCS8EncodedKeySpec", - "java.security.spec.X509EncodedKeySpec", - "java.text.SimpleDateFormat", - "java.time.Clock", - "java.time.Clock$FixedClock", - "java.time.Clock$OffsetClock", - "java.time.Clock$SystemClock", - "java.time.Clock$TickClock", - "java.time.temporal.ChronoUnit", - "java.util.AbstractMap$*", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Arrays", - "java.util.Collections", - "java.util.Collections$*", - "java.util.Date", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashMap$LinkedKeySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "java.util.UUID", - "javax.crypto.Cipher", - "javax.crypto.Mac", - "javax.crypto.spec.IvParameterSpec", - "javax.crypto.spec.OAEPParameterSpec", - "javax.crypto.spec.PSource", - "javax.crypto.spec.PSource$*", - "javax.crypto.spec.SecretKeySpec", - "javax.security.auth.callback.ChoiceCallback", - "javax.security.auth.callback.ConfirmationCallback", - "javax.security.auth.callback.LanguageCallback", - "javax.security.auth.callback.NameCallback", - "javax.security.auth.callback.PasswordCallback", - "javax.security.auth.callback.TextInputCallback", - "javax.security.auth.callback.TextOutputCallback", - "org.apache.groovy.json.internal.LazyMap", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.guice.core.IdentityProvider", - "org.forgerock.guice.core.InjectorHolder", - "org.forgerock.http.Client", - "org.forgerock.http.Context", - "org.forgerock.http.Handler", - "org.forgerock.http.client.*", - "org.forgerock.http.context.RootContext", - "org.forgerock.http.header.*", - "org.forgerock.http.header.authorization.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.json.jose.builders.EncryptedJwtBuilder", - "org.forgerock.json.jose.builders.EncryptedThenSignedJwtBuilder", - "org.forgerock.json.jose.builders.JweHeaderBuilder", - "org.forgerock.json.jose.builders.JwsHeaderBuilder", - "org.forgerock.json.jose.builders.JwtBuilderFactory", - "org.forgerock.json.jose.builders.SignedJwtBuilderImpl", - "org.forgerock.json.jose.builders.SignedThenEncryptedJwtBuilder", - "org.forgerock.json.jose.builders.SignedThenEncryptedJwtHeaderBuilder", - "org.forgerock.json.jose.jwe.EncryptedJwt", - "org.forgerock.json.jose.jwe.EncryptionMethod", - "org.forgerock.json.jose.jwe.JweAlgorithm", - "org.forgerock.json.jose.jwe.SignedThenEncryptedJwt", - "org.forgerock.json.jose.jwk.JWKSet", - "org.forgerock.json.jose.jwk.RsaJWK", - "org.forgerock.json.jose.jws.EncryptedThenSignedJwt", - "org.forgerock.json.jose.jws.JwsAlgorithm", - "org.forgerock.json.jose.jws.JwsHeader", - "org.forgerock.json.jose.jws.SignedEncryptedJwt", - "org.forgerock.json.jose.jws.SignedJwt", - "org.forgerock.json.jose.jws.SigningManager", - "org.forgerock.json.jose.jws.handlers.HmacSigningHandler", - "org.forgerock.json.jose.jws.handlers.RSASigningHandler", - "org.forgerock.json.jose.jws.handlers.SecretHmacSigningHandler", - "org.forgerock.json.jose.jws.handlers.SecretRSASigningHandler", - "org.forgerock.json.jose.jwt.JwtClaimsSet", - "org.forgerock.macaroons.Macaroon", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.GrantType", - "org.forgerock.oauth2.core.StatefulAccessToken", - "org.forgerock.oauth2.core.UserInfoClaims", - "org.forgerock.oauth2.core.exceptions.InvalidRequestException", - "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", - "org.forgerock.openam.auth.node.api.Action", - "org.forgerock.openam.auth.node.api.Action$ActionBuilder", - "org.forgerock.openam.auth.node.api.NodeState", - "org.forgerock.openam.auth.node.api.SuspendedTextOutputCallback", - "org.forgerock.openam.auth.nodes.IdentityProvider", - "org.forgerock.openam.auth.nodes.InjectorHolder", - "org.forgerock.openam.authentication.callbacks.AbstractValidatedCallback", - "org.forgerock.openam.authentication.callbacks.AttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.ConsentMappingCallback", - "org.forgerock.openam.authentication.callbacks.DeviceProfileCallback", - "org.forgerock.openam.authentication.callbacks.IdPCallback", - "org.forgerock.openam.authentication.callbacks.KbaCreateCallback", - "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", - "org.forgerock.openam.authentication.callbacks.SelectIdPCallback", - "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.TermsAndConditionsCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", - "org.forgerock.openam.authentication.modules.scripted.*", - "org.forgerock.openam.core.rest.authn.callbackhandlers.*", - "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", - "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", - "org.forgerock.openam.oauth2.OpenAMAccessToken", - "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", - "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", - "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.ScriptedIdentity", - "org.forgerock.openam.scripting.api.ScriptedSession", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.scripting.api.secrets.Secret", - "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", - "org.forgerock.openam.shared.security.ThreadLocalSecureRandom", - "org.forgerock.openidconnect.Claim", - "org.forgerock.openidconnect.OpenIdConnectToken", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.forgerock.secrets.SecretBuilder", - "org.forgerock.secrets.keys.SigningKey", - "org.forgerock.secrets.keys.VerificationKey", - "org.forgerock.util.encode.Base64", - "org.forgerock.util.encode.Base64url", - "org.forgerock.util.encode.Hex", - "org.forgerock.util.promise.NeverThrowsException", - "org.forgerock.util.promise.Promise", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.ConsString", - "org.mozilla.javascript.JavaScriptException", - "org.mozilla.javascript.WrappedException", - "sun.security.ec.ECPrivateKeyImpl", - "sun.security.rsa.RSAPrivateCrtKeyImpl", - "sun.security.rsa.RSAPublicKeyImpl", - "sun.security.x509.X500Name", - "sun.security.x509.X509CertImpl", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.openam.auth.nodes.VerifyTransactionsHelper", - ], - }, - "isHidden": false, - "languages": [ - "JAVASCRIPT", - "GROOVY", - ], - }, - }, - "secret": { - "esv-admin-token": { - "_id": "esv-admin-token", - "activeVersion": "1", - "description": "Long-lived admin token", - "encoding": "generic", - "lastChangeDate": "2024-03-20T14:46:13.461793Z", - "lastChangedBy": "ba58ff99-76d3-4c69-9c4a-7f150ac70e2c", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, - }, - "esv-brando-pingone": { - "_id": "esv-brando-pingone", - "activeVersion": "4", - "description": "This is to show the connection between PingOne and AIC. ", - "encoding": "generic", - "lastChangeDate": "2024-06-24T00:44:06.154598Z", - "lastChangedBy": "Frodo-SA-1701393386423", - "loaded": true, - "loadedVersion": "4", - "useInPlaceholders": true, - }, - "esv-secret-import-test1": { - "_id": "esv-secret-import-test1", - "activeVersion": "1", - "description": "Secret Import Test 1", - "encoding": "generic", - "lastChangeDate": "2024-06-22T01:13:13.904591Z", - "lastChangedBy": "volker.scheuber@forgerock.com", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, - }, - "esv-secret-import-test2": { - "_id": "esv-secret-import-test2", - "activeVersion": "1", - "description": "Secret Import Test 2", - "encoding": "generic", - "lastChangeDate": "2024-06-22T01:13:41.914076Z", - "lastChangedBy": "volker.scheuber@forgerock.com", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, - }, - "esv-test-secret": { - "_id": "esv-test-secret", - "activeVersion": "1", - "description": "This is a test secret containing a simple string value.", - "encoding": "generic", - "lastChangeDate": "2024-07-05T17:53:53.682578Z", - "lastChangedBy": "Frodo-SA-1701393386423", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, - }, - "esv-test-secret-cert-pem": { - "_id": "esv-test-secret-cert-pem", - "activeVersion": "1", - "description": "This is a test secret from a pem encoded cert file.", - "encoding": "pem", - "lastChangeDate": "2024-01-20T03:48:49.005574Z", - "lastChangedBy": "6bac97fb-0665-4ba9-b66c-1cf70e074d72", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, - }, - "esv-test-secret-cert-pem-raw": { - "_id": "esv-test-secret-cert-pem-raw", - "activeVersion": "1", - "description": "This is a test secret from a pem encoded cert file (raw).", - "encoding": "pem", - "lastChangeDate": "2024-01-20T03:49:20.270526Z", - "lastChangedBy": "6bac97fb-0665-4ba9-b66c-1cf70e074d72", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, - }, - "esv-test-secret-euler": { - "_id": "esv-test-secret-euler", - "activeVersion": "1", - "description": "A test secret containing the value of Euler's number", - "encoding": "generic", - "lastChangeDate": "2023-12-14T15:27:34.607038Z", - "lastChangedBy": "phales@trivir.com", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, - }, - "esv-test-secret-file-base64hmac": { - "_id": "esv-test-secret-file-base64hmac", - "activeVersion": "1", - "description": "This is a test secret from base64 encoded hmac key file.", - "encoding": "base64hmac", - "lastChangeDate": "2024-01-20T03:46:37.42544Z", - "lastChangedBy": "6bac97fb-0665-4ba9-b66c-1cf70e074d72", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, - }, - "esv-test-secret-file-base64hmac-raw": { - "_id": "esv-test-secret-file-base64hmac-raw", - "activeVersion": "1", - "description": "This is a test secret from base64 encoded hmac key file (raw).", - "encoding": "base64hmac", - "lastChangeDate": "2024-01-20T03:47:03.695151Z", - "lastChangedBy": "6bac97fb-0665-4ba9-b66c-1cf70e074d72", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, - }, - "esv-test-secret-pi": { - "_id": "esv-test-secret-pi", - "activeVersion": "1", - "description": "Secret that contains the value of pi", - "encoding": "generic", - "lastChangeDate": "2023-12-14T15:22:28.519043Z", - "lastChangedBy": "phales@trivir.com", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, - }, - "esv-test-secret-pi-generic": { - "_id": "esv-test-secret-pi-generic", - "activeVersion": "3", - "description": "", - "encoding": "generic", - "lastChangeDate": "2024-07-15T03:20:09.136266Z", - "lastChangedBy": "Frodo-SA-1701393386423", - "loaded": true, - "loadedVersion": "3", - "useInPlaceholders": true, - }, - "esv-volkers-test-secret": { - "_id": "esv-volkers-test-secret", - "activeVersion": "10", - "description": "Volker's test secret", - "encoding": "generic", - "lastChangeDate": "2024-06-26T01:37:06.116117Z", - "lastChangedBy": "Frodo-SA-1701393386423", - "loaded": true, - "loadedVersion": "10", - "useInPlaceholders": true, - }, - }, - "server": null, - "serverInformation": { - "*": { - "_id": "*", - "cookieName": "6ac6499e9da2071", - "domains": [], - "fileBasedConfiguration": true, - "forgotPassword": "false", - "forgotUsername": "false", - "kbaEnabled": "false", - "lang": "en-US", - "protectedUserAttributes": [ - "telephoneNumber", - "mail", - ], - "realm": "/", - "referralsEnabled": "false", - "secureCookie": true, - "selfRegistration": "false", - "socialImplementations": [], - "successfulUserRegistrationDestination": "default", - "userIdAttributes": [], - "xuiUserSessionValidationEnabled": true, - "zeroPageLogin": { - "allowedWithoutReferer": true, - "enabled": false, - "refererWhitelist": [], - }, - }, - }, - "serverVersion": { - "version": { - "_id": "version", - "date": "2024-October-29 11:05", - "fullVersion": "ForgeRock Access Management 7.6.0-SNAPSHOT Build 811ccc8cd2adb016ebe7d3365b0d10e45e2aead3 (2024-October-29 11:05)", - "revision": "811ccc8cd2adb016ebe7d3365b0d10e45e2aead3", - "version": "7.6.0-SNAPSHOT", - }, - }, - "service": { - "CorsService": { - "_id": "", - "_type": { - "_id": "CorsService", - "collection": false, - "name": "CORS Service", - }, - "enabled": true, - "location": "global", - "nextDescendents": [], - }, - "dashboard": { - "_id": "", - "_type": { - "_id": "dashboard", - "collection": false, - "name": "Dashboard", - }, - "defaults": { - "assignedDashboard": [], }, - "location": "global", - "nextDescendents": [ - { - "_id": "Google", - "_type": { - "_id": "instances", - "collection": true, - "name": "instance", - }, - "className": "SAML2ApplicationClass", - "displayName": "Google", - "icfIdentifier": "idm magic 34", - "icon": "images/logos/googleplus.png", - "login": "http://www.google.com", - "name": "Google", - }, - { - "_id": "SalesForce", - "_type": { - "_id": "instances", - "collection": true, - "name": "instance", - }, - "className": "SAML2ApplicationClass", - "displayName": "SalesForce", - "icfIdentifier": "idm magic 12", - "icon": "images/logos/salesforce.png", - "login": "http://www.salesforce.com", - "name": "SalesForce", - }, - { - "_id": "ZenDesk", - "_type": { - "_id": "instances", - "collection": true, - "name": "instance", - }, - "className": "SAML2ApplicationClass", - "displayName": "ZenDesk", - "icfIdentifier": "idm magic 56", - "icon": "images/logos/zendesk.png", - "login": "http://www.ZenDesk.com", - "name": "ZenDesk", - }, - { - "_id": "2e4663b7-aed2-4521-8819-d379449d91b0", + "da190d6b-0fcc-42aa-b890-0cef7486e6d4": { + "_id": "da190d6b-0fcc-42aa-b890-0cef7486e6d4", + "_provider": { + "_id": "", "_type": { - "_id": "instances", - "collection": true, - "name": "instance", - }, - "className": "BookmarkApplicationClass", - "displayName": "Google", - "icon": "app-bookmark.svg", - "login": "https://www.google.com/", - "name": "Google", - }, - ], - }, - }, - "sync": { - "_id": "sync", - "mappings": [ - { - "_id": "sync/managedBravo_user_managedBravo_user", - "consentRequired": false, - "displayName": "managedBravo_user_managedBravo_user", - "icon": null, - "name": "managedBravo_user_managedBravo_user", - "policies": [ - { - "action": "ASYNC", - "situation": "ABSENT", - }, - { - "action": "ASYNC", - "situation": "ALL_GONE", - }, - { - "action": "ASYNC", - "situation": "AMBIGUOUS", - }, - { - "action": "ASYNC", - "situation": "CONFIRMED", - }, - { - "action": "ASYNC", - "situation": "FOUND", - }, - { - "action": "ASYNC", - "situation": "FOUND_ALREADY_LINKED", + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider", }, - { - "action": "ASYNC", - "situation": "LINK_ONLY", + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid", + ], + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email", + ], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer", + ], + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens", + ], + "supportedSubjectTypes": [ + "public", + "pairwise", + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", + ], }, - { - "action": "ASYNC", - "situation": "MISSING", + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false, }, - { - "action": "ASYNC", - "situation": "SOURCE_IGNORED", + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256", + ], }, - { - "action": "ASYNC", - "situation": "SOURCE_MISSING", + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris", + ], }, - { - "action": "ASYNC", - "situation": "TARGET_IGNORED", + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], }, - { - "action": "ASYNC", - "situation": "UNASSIGNED", + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false, }, - { - "action": "ASYNC", - "situation": "UNQUALIFIED", + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], }, - ], - "properties": [], - "source": "managed/bravo_user", - "syncAfter": [], - "target": "managed/bravo_user", - }, - { - "_id": "sync/managedAlpha_user_managedBravo_user", - "consentRequired": true, - "displayName": "Test Mapping for Frodo", - "icon": null, - "name": "managedAlpha_user_managedBravo_user", - "policies": [ - { - "action": "ASYNC", - "situation": "ABSENT", + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8, }, - { - "action": "ASYNC", - "situation": "ALL_GONE", + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]", }, - { - "action": "ASYNC", - "situation": "AMBIGUOUS", - }, - { - "action": "ASYNC", - "situation": "CONFIRMED", - }, - { - "action": "ASYNC", - "situation": "FOUND", - }, - { - "action": "ASYNC", - "situation": "FOUND_ALREADY_LINKED", - }, - { - "action": "ASYNC", - "situation": "LINK_ONLY", - }, - { - "action": "ASYNC", - "situation": "MISSING", - }, - { - "action": "ASYNC", - "situation": "SOURCE_IGNORED", - }, - { - "action": "ASYNC", - "situation": "SOURCE_MISSING", - }, - { - "action": "ASYNC", - "situation": "TARGET_IGNORED", - }, - { - "action": "ASYNC", - "situation": "UNASSIGNED", - }, - { - "action": "ASYNC", - "situation": "UNQUALIFIED", - }, - ], - "properties": [ - { - "condition": { - "globals": {}, - "source": "console.log("Hello World!");", - "type": "text/javascript", - }, - "default": [ - "Default value string", - ], - "source": "accountStatus", - "target": "applications", - "transform": { - "globals": {}, - "source": "console.log("hello");", - "type": "text/javascript", - }, - }, - ], - "source": "managed/alpha_user", - "syncAfter": [ - "managedBravo_user_managedBravo_user", - ], - "target": "managed/bravo_user", - }, - { - "_id": "sync/managedBravo_user_managedAlpha_user", - "consentRequired": false, - "displayName": "Frodo test mapping", - "icon": null, - "name": "managedBravo_user_managedAlpha_user", - "policies": [ - { - "action": "ASYNC", - "situation": "ABSENT", - }, - { - "action": "ASYNC", - "situation": "ALL_GONE", - }, - { - "action": "ASYNC", - "situation": "AMBIGUOUS", - }, - { - "action": "ASYNC", - "situation": "CONFIRMED", - }, - { - "action": "ASYNC", - "situation": "FOUND", - }, - { - "action": "ASYNC", - "situation": "FOUND_ALREADY_LINKED", - }, - { - "action": "ASYNC", - "situation": "LINK_ONLY", - }, - { - "action": "ASYNC", - "situation": "MISSING", - }, - { - "action": "ASYNC", - "situation": "SOURCE_IGNORED", - }, - { - "action": "ASYNC", - "situation": "SOURCE_MISSING", - }, - { - "action": "ASYNC", - "situation": "TARGET_IGNORED", - }, - { - "action": "ASYNC", - "situation": "UNASSIGNED", - }, - { - "action": "ASYNC", - "situation": "UNQUALIFIED", - }, - ], - "properties": [], - "source": "managed/bravo_user", - "syncAfter": [ - "managedBravo_user_managedBravo_user", - "managedAlpha_user_managedBravo_user", - ], - "target": "managed/alpha_user", - }, - { - "_id": "sync/AlphaUser2GoogleApps", - "consentRequired": false, - "correlationQuery": [ - { - "expressionTree": { - "all": [ - "__NAME__", - ], - }, - "file": "ui/correlateTreeToQueryFilter.js", - "linkQualifier": "default", - "mapping": "AlphaUser2GoogleApps", - "type": "text/javascript", - }, - ], - "displayName": "AlphaUser2GoogleApps", - "enableSync": { - "$bool": "&{esv.gac.enable.mapping}", - }, - "icon": null, - "name": "AlphaUser2GoogleApps", - "onCreate": { - "globals": {}, - "source": "target.orgUnitPath = "/NewAccounts";", - "type": "text/javascript", - }, - "onUpdate": { - "globals": {}, - "source": "//testing1234 -target.givenName = oldTarget.givenName; -target.familyName = oldTarget.familyName; -target.__NAME__ = oldTarget.__NAME__;", - "type": "text/javascript", - }, - "policies": [ - { - "action": "EXCEPTION", - "situation": "AMBIGUOUS", - }, - { - "action": "UNLINK", - "situation": "SOURCE_MISSING", - }, - { - "action": { - "globals": {}, - "source": "// Timing Constants -var ATTEMPT = 6; // Number of attempts to find the Google user. -var SLEEP_TIME = 500; // Milliseconds between retries. -var SYSTEM_ENDPOINT = "system/GoogleApps/__ACCOUNT__"; -var MAPPING_NAME = "AlphaUser2GoogleApps"; -var GOOGLE_DOMAIN = identityServer.getProperty("esv.gac.domain"); -var googleEmail = source.userName + "@" + GOOGLE_DOMAIN; -var frUserGUID = source._id; -var resultingAction = "ASYNC"; - -// Get the Google GUID -var linkQueryParams = {'_queryFilter': 'firstId eq "' + frUserGUID + '" and linkType eq "' + MAPPING_NAME + '"'}; -var linkResults = openidm.query("repo/link/", linkQueryParams, null); -var googleGUID; - -if (linkResults.resultCount === 1) { - googleGUID = linkResults.result[0].secondId; -} - -var queryResults; // Resulting query from looking for the Google user. -var params = {'_queryFilter': '__UID__ eq "' + googleGUID + '"'}; - -for (var i = 1; i <= ATTEMPT; i++) { - queryResults = openidm.query(SYSTEM_ENDPOINT, params); - if (queryResults.result && queryResults.result.length > 0) { - logger.info("idmlog: ---AlphaUser2GoogleApps - Missing->UPDATE - Result found in " + i + " attempts. Query result: " + JSON.stringify(queryResults)); - resultingAction = "UPDATE"; - break; - } - java.lang.Thread.sleep(SLEEP_TIME); // Wait before trying again. -} - -if (!queryResults.result || queryResults.resultCount === 0) { - logger.warn("idmlog: ---AlphaUser2GoogleApps - Missing->UNLINK - " + googleEmail + " not found after " + ATTEMPT + " attempts."); - resultingAction = "UNLINK"; -} -resultingAction; -", - "type": "text/javascript", - }, - "situation": "MISSING", - }, - { - "action": "EXCEPTION", - "situation": "FOUND_ALREADY_LINKED", - }, - { - "action": "IGNORE", - "situation": "UNQUALIFIED", - }, - { - "action": "IGNORE", - "situation": "UNASSIGNED", - }, - { - "action": "UNLINK", - "situation": "LINK_ONLY", - }, - { - "action": "IGNORE", - "situation": "TARGET_IGNORED", - }, - { - "action": "IGNORE", - "situation": "SOURCE_IGNORED", - }, - { - "action": "IGNORE", - "situation": "ALL_GONE", - }, - { - "action": "UPDATE", - "situation": "CONFIRMED", - }, - { - "action": "LINK", - "situation": "FOUND", - }, - { - "action": "CREATE", - "situation": "ABSENT", - }, - ], - "properties": [ - { - "condition": { - "globals": {}, - "source": "object.custom_password_encrypted != null", - "type": "text/javascript", - }, - "source": "custom_password_encrypted", - "target": "__PASSWORD__", - "transform": { - "globals": {}, - "source": "openidm.decrypt(source);", - "type": "text/javascript", - }, - }, - { - "source": "cn", - "target": "__NAME__", - "transform": { - "globals": {}, - "source": "source + "@" + identityServer.getProperty("esv.gac.domain");", - "type": "text/javascript", - }, - }, - { - "source": "givenName", - "target": "givenName", - }, - { - "source": "", - "target": "familyName", - "transform": { - "globals": {}, - "source": "if (source.frIndexedInteger1 > 2 && source.frIndexedInteger1 < 6) { - source.sn + " (Student)" -} else { - source.sn -}", - "type": "text/javascript", - }, - }, - ], - "queuedSync": { - "enabled": true, - "maxQueueSize": 20000, - "maxRetries": 5, - "pageSize": 100, - "pollingInterval": 1000, - "postRetryAction": "logged-ignore", - "retryDelay": 1000, - }, - "source": "managed/alpha_user", - "syncAfter": [ - "managedBravo_user_managedBravo_user", - "managedAlpha_user_managedBravo_user", - "managedBravo_user_managedAlpha_user", - ], - "target": "system/GoogleApps/__ACCOUNT__", - "validSource": { - "globals": {}, - "source": "var isGoogleEligible = true; -//var logMsg = "idmlog: ---AplhaUser2GAC (username: " + source.userName + " - userType: " + source.frIndexedInteger1 + " cn: " + source.cn + ") -"; -var logMsg = "idmlog: ---AplhaUser2GAC (username: " + source.userName + " - userType: " + source.frIndexedInteger1 + ") -"; - -//Get Applicable userTypes (no Parent accounts) -if (source.frIndexedInteger1 !== 0 && source.frIndexedInteger1 !== 1 && source.frIndexedInteger1 !== 3 && source.frIndexedInteger1 !== 4 && source.frIndexedInteger1 !== 5) { - isGoogleEligible = false; - logMsg = logMsg + " Account type not eligible."; -} - -//Make sure the account has a valid encrypted password. -if (source.custom_password_encrypted == undefined || source.custom_password_encrypted == null) { - isGoogleEligible = false; - logMsg = logMsg + " No encrypted password yet."; -} - -//Check that CN exists and has no space. -if (source.cn && source.cn.includes(' ')) { - isGoogleEligible = false; - logMsg = logMsg + " CN with a space is not allowed."; -} - -if (!isGoogleEligible) { - logMsg = logMsg + " Not sent to Google." - logger.info(logMsg); -} - -if (isGoogleEligible) { - logMsg = logMsg + " Sent to Google." - logger.info(logMsg); -} - -isGoogleEligible; -", - "type": "text/javascript", - }, - }, - ], - }, - "variable": { - "esv-blue-piller": { - "_id": "esv-blue-piller", - "description": "Zion membership criteria.", - "expressionType": "bool", - "lastChangeDate": "2024-07-05T20:01:11.78347Z", - "lastChangedBy": "Frodo-SA-1701393386423", - "loaded": true, - "value": "false", - }, - "esv-ipv4-cidr-access-rules": { - "_id": "esv-ipv4-cidr-access-rules", - "description": "IPv4 CIDR access rules: { "allow": [ "address/mask" ] }", - "expressionType": "object", - "lastChangeDate": "2024-07-05T20:01:13.987057Z", - "lastChangedBy": "Frodo-SA-1701393386423", - "loaded": true, - "value": "{ "allow": [ "145.118.0.0/16", "132.35.0.0/16", "101.226.0.0/16", "99.72.28.182/32" ] }", - }, - "esv-nebuchadnezzar-crew": { - "_id": "esv-nebuchadnezzar-crew", - "description": "The crew of the Nebuchadnezzar hovercraft.", - "expressionType": "array", - "lastChangeDate": "2024-07-05T20:01:05.216699Z", - "lastChangedBy": "Frodo-SA-1701393386423", - "loaded": true, - "value": "["Morpheus","Trinity","Link","Tank","Dozer","Apoc","Cypher","Mouse","Neo","Switch"]", - }, - "esv-nebuchadnezzar-crew-structure": { - "_id": "esv-nebuchadnezzar-crew-structure", - "description": "The structure of the crew of the Nebuchadnezzar hovercraft.", - "expressionType": "object", - "lastChangeDate": "2024-07-05T20:01:07.343325Z", - "lastChangedBy": "Frodo-SA-1701393386423", - "loaded": true, - "value": "{"Captain":"Morpheus","FirstMate":"Trinity","Operator":["Link","Tank"],"Medic":"Dozer","Crewmen":["Apoc","Cypher","Mouse","Neo","Switch"]}", - }, - "esv-neo-age": { - "_id": "esv-neo-age", - "description": "Neo's age in the matrix.", - "expressionType": "int", - "lastChangeDate": "2024-11-01T16:21:14.46187Z", - "lastChangedBy": "Frodo-SA-1730238488278", - "loaded": true, - "value": "28", - }, - "esv-number": { - "_id": "esv-number", - "description": "test number", - "expressionType": "number", - "lastChangeDate": "2024-07-05T19:42:20.943131Z", - "lastChangedBy": "volker.scheuber@forgerock.com", - "loaded": true, - "value": "1.134", - }, - "esv-test": { - "_id": "esv-test", - "description": "list", - "expressionType": "list", - "lastChangeDate": "2024-11-01T21:00:21.315828Z", - "lastChangedBy": "phales@trivir.com", - "loaded": true, - "value": "a,b,c,d", - }, - "esv-test-var": { - "_id": "esv-test-var", - "description": "this is a test description", - "expressionType": "string", - "lastChangeDate": "2024-11-01T16:21:15.469328Z", - "lastChangedBy": "Frodo-SA-1730238488278", - "loaded": true, - "value": "this is a test variable", - }, - "esv-test-var-pi": { - "_id": "esv-test-var-pi", - "description": "This is another test variable.", - "expressionType": "number", - "lastChangeDate": "2024-07-12T17:40:41.283412Z", - "lastChangedBy": "Frodo-SA-1720799681233", - "loaded": true, - "value": "3.1415926", - }, - "esv-test-var-pi-string": { - "_id": "esv-test-var-pi-string", - "description": "This is another test variable.", - "expressionType": "string", - "lastChangeDate": "2024-07-05T20:01:16.11117Z", - "lastChangedBy": "Frodo-SA-1701393386423", - "loaded": true, - "value": "3.1415926", - }, - "esv-test-variable-light": { - "_id": "esv-test-variable-light", - "description": "Test variable containing the speed of light in meters per second (as an int).", - "expressionType": "int", - "lastChangeDate": "2023-12-14T15:34:13.446903Z", - "lastChangedBy": "phales@trivir.com", - "loaded": true, - "value": "299792458", - }, - "esv-trinity-phone": { - "_id": "esv-trinity-phone", - "description": "In the opening of The Matrix (1999), the phone number Trinity is calling from is traced to (312)-555-0690", - "expressionType": "string", - "lastChangeDate": "2024-07-05T20:01:03.141204Z", - "lastChangedBy": "Frodo-SA-1701393386423", - "loaded": true, - "value": "(312)-555-0690", - }, - }, - }, - "meta": Any, - "realm": { - "root-alpha": { - "agent": { - "cdsso-ig-agent": { - "_id": "cdsso-ig-agent", - "_type": { - "_id": "IdentityGatewayAgent", - "collection": true, - "name": "Identity Gateway Agents", - }, - "agentgroup": null, - "igCdssoLoginUrlTemplate": null, - "igCdssoRedirectUrls": [ - "https://volker-demo.encore.forgerock.com:443/apps/hrlite/redirect", - "https://volker-demo.encore.forgerock.com/apps/hrlite/redirect", - "https://volker-demo.encore.forgerock.com:443/apps/hrlite-rest/redirect", - "https://volker-demo.encore.forgerock.com:443/apps/contractor/redirect", - "https://volker-demo.encore.forgerock.com/apps/hrlite-rest/redirect", - "https://volker-demo.encore.forgerock.com/apps/contractor/redirect", - ], - "igTokenIntrospection": "Realm_Subs", - "secretLabelIdentifier": null, - "status": "Active", - }, - "frodo-test-ig-agent": { - "_id": "frodo-test-ig-agent", - "_type": { - "_id": "IdentityGatewayAgent", - "collection": true, - "name": "Identity Gateway Agents", - }, - "agentgroup": "test_ig_group", - "igCdssoLoginUrlTemplate": "http://testurl.com:8080/frodo", - "igCdssoRedirectUrls": [ - "http://testurl.com:8080/frodo", - ], - "igTokenIntrospection": "Realm", - "secretLabelIdentifier": null, - "status": "Inactive", - }, - "frodo-test-ig-agent2": { - "_id": "frodo-test-ig-agent2", - "_type": { - "_id": "IdentityGatewayAgent", - "collection": true, - "name": "Identity Gateway Agents", }, - "agentgroup": null, - "igCdssoLoginUrlTemplate": "http://testurl.com:8080/frodo", - "igCdssoRedirectUrls": [ - "http://testurl.com:8080/frodo", - ], - "igTokenIntrospection": "Realm", - "secretLabelIdentifier": null, - "status": "Inactive", - }, - "frodo-test-java-agent": { - "_id": "frodo-test-java-agent", "_type": { - "_id": "J2EEAgent", + "_id": "OAuth2Client", "collection": true, - "name": "J2EE Agents", + "name": "OAuth2 Clients", }, - "advancedJ2EEAgentConfig": { - "alternativeAgentHostname": null, - "alternativeAgentPort": null, - "alternativeAgentProtocol": null, - "clientHostnameHeader": null, - "clientIpHeader": null, + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], "customProperties": [], - "expiredSessionCacheSize": 500, - "expiredSessionCacheTTL": 20, - "fragmentRelayUri": null, - "idleTimeRefreshWindow": 1, - "jwtCacheSize": 5000, - "jwtCacheTTL": 30, - "missingPostDataPreservationEntryUri": [ - "", - ], - "monitoringToCSV": false, - "policyCachePerUser": 50, - "policyCacheSize": 5000, - "policyClientPollingInterval": 3, - "possibleXssCodeElements": [ - "", - ], - "postDataCacheTtlMin": 5, - "postDataPreservation": false, - "postDataPreserveCacheEntryMaxEntries": 1000, - "postDataPreserveCacheEntryMaxTotalSizeMb": -1, - "postDataPreserveMultipartLimitBytes": 104857600, - "postDataPreserveMultipartParameterLimitBytes": 104857600, - "postDataStickySessionKeyValue": null, - "postDataStickySessionMode": "URL", - "retainPreviousOverrideBehavior": true, - "sessionCacheTTL": 15, - "ssoExchangeCacheSize": 100, - "ssoExchangeCacheTTL": 5, - "xssDetectionRedirectUri": {}, - }, - "amServicesJ2EEAgent": { - "agentAdviceEncode": false, - "amLoginUrl": [], - "authServiceHost": "testurl.com", - "authServicePort": 8080, - "authServiceProtocol": "http", - "authSuccessRedirectUrl": false, - "conditionalLoginUrl": [ - "", - ], - "conditionalLogoutUrl": [ - "", - ], - "customLoginEnabled": false, - "legacyLoginUrlList": [ - "", - ], - "overridePolicyEvaluationRealmEnabled": false, - "policyEvaluationApplication": "iPlanetAMWebAgentService", - "policyEvaluationRealm": "/", - "policyNotifications": true, - "restrictToRealm": {}, - "strategyWhenAMUnavailable": "EVAL_NER_USE_CACHE_UNTIL_EXPIRED_ELSE_503", - "urlPolicyEnvGetParameters": [ - "", - ], - "urlPolicyEnvJsessionParameters": [ - "", - ], - "urlPolicyEnvPostParameters": [ - "", - ], - }, - "applicationJ2EEAgentConfig": { - "applicationLogoutUris": {}, - "clientIpValidationMode": { - "": "OFF", - }, - "clientIpValidationRange": {}, - "continuousSecurityCookies": {}, - "continuousSecurityHeaders": {}, - "cookieAttributeMultiValueSeparator": "|", - "cookieAttributeUrlEncoded": true, - "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", - "invertNotEnforcedIps": false, - "invertNotEnforcedUris": false, - "logoutEntryUri": {}, - "logoutIntrospection": false, - "logoutRequestParameters": {}, - "notEnforcedFavicon": true, - "notEnforcedIps": [ - "", - ], - "notEnforcedIpsCacheEnabled": true, - "notEnforcedIpsCacheSize": 1000, - "notEnforcedRuleCompoundSeparator": "|", - "notEnforcedUris": [ - "", - ], - "notEnforcedUrisCacheEnabled": true, - "notEnforcedUrisCacheSize": 1000, - "profileAttributeFetchMode": "NONE", - "profileAttributeMap": {}, - "resourceAccessDeniedUri": {}, - "responseAttributeFetchMode": "NONE", - "responseAttributeMap": {}, - "sessionAttributeFetchMode": "NONE", - "sessionAttributeMap": {}, - }, - "globalJ2EEAgentConfig": { - "agentConfigChangeNotificationsEnabled": true, - "agentgroup": null, - "auditAccessType": "LOG_NONE", - "auditLogLocation": "REMOTE", - "cdssoRootUrl": [ - "agentRootURL=http://testurl.com:8080/", - ], - "configurationReloadInterval": 0, - "customResponseHeader": {}, - "debugLevel": "error", - "debugLogfilePrefix": null, - "debugLogfileRetentionCount": -1, - "debugLogfileRotationMinutes": -1, - "debugLogfileRotationSize": 52428800, - "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", - "filterMode": { - "": "ALL", - }, - "fqdnCheck": false, - "fqdnDefault": "testurl.com", - "fqdnMapping": {}, - "httpSessionBinding": true, - "jwtName": "am-auth-jwt", - "lbCookieEnabled": false, - "lbCookieName": "amlbcookie", - "localAuditLogRotation": false, - "localAuditLogfileRetentionCount": -1, - "localAuditRotationSize": 52428800, - "loginAttemptLimit": 0, - "loginAttemptLimitCookieName": "amFilterParam", - "preAuthCookieMaxAge": 300, - "preAuthCookieName": "amFilterCDSSORequest", - "recheckAmUnavailabilityInSeconds": 5, - "redirectAttemptLimit": 0, - "redirectAttemptLimitCookieName": "amFilterRDParam", - "repositoryLocation": "centralized", - "secretLabelIdentifier": null, - "status": "Inactive", - "userAttributeName": "employeenumber", - "userMappingMode": "USER_ID", - "userPrincipalFlag": false, - "userTokenName": "UserToken", - "webSocketConnectionIntervalInMinutes": 30, - }, - "miscJ2EEAgentConfig": { - "agent302RedirectContentType": "application/json", - "agent302RedirectEnabled": true, - "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", - "agent302RedirectInvertEnabled": false, - "agent302RedirectNerList": [ - "", - ], - "agent302RedirectStatusCode": 200, - "authFailReasonParameterName": null, - "authFailReasonParameterRemapper": {}, - "authFailReasonUrl": null, - "gotoParameterName": "goto", - "gotoUrl": null, - "ignorePathInfo": false, - "legacyRedirectUri": "/agent/sunwLegacySupportURI", - "legacyUserAgentList": [ - "Mozilla/4.7*", - ], - "legacyUserAgentSupport": false, - "localeCountry": "US", - "localeLanguage": "en", - "loginReasonMap": {}, - "loginReasonParameterName": null, - "portCheckEnabled": false, - "portCheckFile": "PortCheckContent.txt", - "portCheckSetting": { - "8080": "http", - }, - "unwantedHttpUrlParams": [ - "", - ], - "unwantedHttpUrlRegexParams": [ - "", + "descriptions": [ + "Created by Frodo on 3/20/2024, 9:46:11 AM", ], - "wantedHttpUrlParams": [ - "", + "grantTypes": [ + "client_credentials", ], - "wantedHttpUrlRegexParams": [ - "", + "isConsentImplied": true, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "token", ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "Public", + "tokenEndpointAuthMethod": "client_secret_basic", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null, }, - "ssoJ2EEAgentConfig": { - "acceptIPDPCookie": false, - "acceptSsoTokenDomainList": [ - "", + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 3600, + "authorizationCodeLifetime": 120, + "clientName": [ + "da190d6b-0fcc-42aa-b890-0cef7486e6d4", ], - "acceptSsoTokenEnabled": false, - "authExchangeCookieName": null, - "authExchangeUri": null, - "cdssoDomainList": [ - "", + "clientType": "Confidential", + "defaultScopes": [ + "fr:idm:*", ], - "cdssoRedirectUri": "/agent/post-authn-redirect", - "cdssoSecureCookies": false, - "cookieResetDomains": {}, - "cookieResetEnabled": false, - "cookieResetNames": [ - "", + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 604800, + "scopes": [ + "fr:idm:*", + "fr:idc:esv:*", + "dynamic_client_registration", ], - "cookieResetPaths": {}, - "encodeCookies": false, - "excludedUserAgentsList": [], - "httpOnly": true, - "setCookieAttributeMap": {}, - "setCookieInternalMap": {}, + "status": "Active", + "userpassword": null, }, - }, - "frodo-test-java-agent2": { - "_id": "frodo-test-java-agent2", - "_type": { - "_id": "J2EEAgent", - "collection": true, - "name": "J2EE Agents", + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 3600, + "postLogoutRedirectUri": [], }, - "advancedJ2EEAgentConfig": { - "alternativeAgentHostname": null, - "alternativeAgentPort": null, - "alternativeAgentProtocol": null, - "clientHostnameHeader": null, - "clientIpHeader": null, - "customProperties": [], - "expiredSessionCacheSize": 500, - "expiredSessionCacheTTL": 20, - "fragmentRelayUri": null, - "idleTimeRefreshWindow": 1, - "jwtCacheSize": 5000, - "jwtCacheTTL": 30, - "missingPostDataPreservationEntryUri": [ - "", - ], - "monitoringToCSV": false, - "policyCachePerUser": 50, - "policyCacheSize": 5000, - "policyClientPollingInterval": 3, - "possibleXssCodeElements": [ - "", - ], - "postDataCacheTtlMin": 5, - "postDataPreservation": false, - "postDataPreserveCacheEntryMaxEntries": 1000, - "postDataPreserveCacheEntryMaxTotalSizeMb": -1, - "postDataPreserveMultipartLimitBytes": 104857600, - "postDataPreserveMultipartParameterLimitBytes": 104857600, - "postDataStickySessionKeyValue": null, - "postDataStickySessionMode": "URL", - "retainPreviousOverrideBehavior": true, - "sessionCacheTTL": 15, - "ssoExchangeCacheSize": 100, - "ssoExchangeCacheTTL": 5, - "xssDetectionRedirectUri": {}, + "coreUmaClientConfig": { + "claimsRedirectionUris": [], }, - "amServicesJ2EEAgent": { - "agentAdviceEncode": false, - "amLoginUrl": [], - "authServiceHost": "testurl.com", - "authServicePort": 8080, - "authServiceProtocol": "http", - "authSuccessRedirectUrl": false, - "conditionalLoginUrl": [ - "", - ], - "conditionalLogoutUrl": [ - "", - ], - "customLoginEnabled": false, - "legacyLoginUrlList": [ - "", - ], - "overridePolicyEvaluationRealmEnabled": false, - "policyEvaluationApplication": "iPlanetAMWebAgentService", - "policyEvaluationRealm": "/", - "policyNotifications": true, - "restrictToRealm": {}, - "strategyWhenAMUnavailable": "EVAL_NER_USE_CACHE_UNTIL_EXPIRED_ELSE_503", - "urlPolicyEnvGetParameters": [ - "", - ], - "urlPolicyEnvJsessionParameters": [ - "", - ], - "urlPolicyEnvPostParameters": [ - "", - ], + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": false, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": false, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]", }, - "applicationJ2EEAgentConfig": { - "applicationLogoutUris": {}, - "clientIpValidationMode": { - "": "OFF", - }, - "clientIpValidationRange": {}, - "continuousSecurityCookies": {}, - "continuousSecurityHeaders": {}, - "cookieAttributeMultiValueSeparator": "|", - "cookieAttributeUrlEncoded": true, - "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", - "invertNotEnforcedIps": false, - "invertNotEnforcedUris": false, - "logoutEntryUri": {}, - "logoutIntrospection": false, - "logoutRequestParameters": {}, - "notEnforcedFavicon": true, - "notEnforcedIps": [ - "", - ], - "notEnforcedIpsCacheEnabled": true, - "notEnforcedIpsCacheSize": 1000, - "notEnforcedRuleCompoundSeparator": "|", - "notEnforcedUris": [ - "", - ], - "notEnforcedUrisCacheEnabled": true, - "notEnforcedUrisCacheSize": 1000, - "profileAttributeFetchMode": "NONE", - "profileAttributeMap": {}, - "resourceAccessDeniedUri": {}, - "responseAttributeFetchMode": "NONE", - "responseAttributeMap": {}, - "sessionAttributeFetchMode": "NONE", - "sessionAttributeMap": {}, + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null, }, - "globalJ2EEAgentConfig": { - "agentConfigChangeNotificationsEnabled": true, - "agentgroup": null, - "auditAccessType": "LOG_NONE", - "auditLogLocation": "REMOTE", - "cdssoRootUrl": [ - "agentRootURL=http://testurl.com:8080/", - ], - "configurationReloadInterval": 0, - "customResponseHeader": {}, - "debugLevel": "error", - "debugLogfilePrefix": null, - "debugLogfileRetentionCount": -1, - "debugLogfileRotationMinutes": -1, - "debugLogfileRotationSize": 52428800, - "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", - "filterMode": { - "": "ALL", - }, - "fqdnCheck": false, - "fqdnDefault": "testurl.com", - "fqdnMapping": {}, - "httpSessionBinding": true, - "jwtName": "am-auth-jwt", - "lbCookieEnabled": false, - "lbCookieName": "amlbcookie", - "localAuditLogRotation": false, - "localAuditLogfileRetentionCount": -1, - "localAuditRotationSize": 52428800, - "loginAttemptLimit": 0, - "loginAttemptLimitCookieName": "amFilterParam", - "preAuthCookieMaxAge": 300, - "preAuthCookieName": "amFilterCDSSORequest", - "recheckAmUnavailabilityInSeconds": 5, - "redirectAttemptLimit": 0, - "redirectAttemptLimitCookieName": "amFilterRDParam", - "repositoryLocation": "centralized", - "secretLabelIdentifier": null, - "status": "Inactive", - "userAttributeName": "employeenumber", - "userMappingMode": "USER_ID", - "userPrincipalFlag": false, - "userTokenName": "UserToken", - "webSocketConnectionIntervalInMinutes": 30, - }, - "miscJ2EEAgentConfig": { - "agent302RedirectContentType": "application/json", - "agent302RedirectEnabled": true, - "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", - "agent302RedirectInvertEnabled": false, - "agent302RedirectNerList": [ - "", - ], - "agent302RedirectStatusCode": 200, - "authFailReasonParameterName": null, - "authFailReasonParameterRemapper": {}, - "authFailReasonUrl": null, - "gotoParameterName": "goto", - "gotoUrl": null, - "ignorePathInfo": false, - "legacyRedirectUri": "/agent/sunwLegacySupportURI", - "legacyUserAgentList": [ - "Mozilla/4.7*", - ], - "legacyUserAgentSupport": false, - "localeCountry": "US", - "localeLanguage": "en", - "loginReasonMap": {}, - "loginReasonParameterName": null, - "portCheckEnabled": false, - "portCheckFile": "PortCheckContent.txt", - "portCheckSetting": { - "8080": "http", - }, - "unwantedHttpUrlParams": [ - "", - ], - "unwantedHttpUrlRegexParams": [ - "", - ], - "wantedHttpUrlParams": [ - "", - ], - "wantedHttpUrlRegexParams": [ - "", - ], - }, - "ssoJ2EEAgentConfig": { - "acceptIPDPCookie": false, - "acceptSsoTokenDomainList": [ - "", - ], - "acceptSsoTokenEnabled": false, - "authExchangeCookieName": null, - "authExchangeUri": null, - "cdssoDomainList": [ - "", - ], - "cdssoRedirectUri": "/agent/post-authn-redirect", - "cdssoSecureCookies": false, - "cookieResetDomains": {}, - "cookieResetEnabled": false, - "cookieResetNames": [ - "", - ], - "cookieResetPaths": {}, - "encodeCookies": false, - "excludedUserAgentsList": [], - "httpOnly": true, - "setCookieAttributeMap": {}, - "setCookieInternalMap": {}, - }, - }, - "frodo-test-web-agent": { - "_id": "frodo-test-web-agent", - "_type": { - "_id": "WebAgent", - "collection": true, - "name": "Web Agents", - }, - "advancedWebAgentConfig": { - "apacheAuthDirectives": null, - "clientHostnameHeader": null, - "clientIpHeader": null, - "customProperties": [], - "fragmentRedirectEnabled": false, - "hostnameToIpAddress": [], - "logonAndImpersonation": false, - "overrideRequestHost": false, - "overrideRequestPort": false, - "overrideRequestProtocol": false, - "pdpJavascriptRepost": false, - "pdpSkipPostUrl": [ - "", - ], - "pdpStickySessionCookieName": null, - "pdpStickySessionMode": "OFF", - "pdpStickySessionValue": null, - "postDataCachePeriod": 10, - "postDataPreservation": false, - "replayPasswordKey": null, - "retainSessionCache": false, - "showPasswordInHeader": false, - }, - "amServicesWebAgent": { - "amLoginUrl": [], - "amLogoutUrl": [ - "http://testserverurl.com:8080/UI/Logout", - ], - "applicationLogoutUrls": [ - "", - ], - "conditionalLoginUrl": [ - "", - ], - "customLoginMode": 0, - "enableLogoutRegex": false, - "fetchPoliciesFromRootResource": false, - "invalidateLogoutSession": true, - "logoutRedirectDisabled": false, - "logoutRedirectUrl": null, - "logoutResetCookies": [ - "", - ], - "logoutUrlRegex": null, - "policyCachePollingInterval": 3, - "policyClockSkew": 0, - "policyEvaluationApplication": "iPlanetAMWebAgentService", - "policyEvaluationRealm": "/", - "publicAmUrl": null, - "regexConditionalLoginPattern": [ - "", - ], - "regexConditionalLoginUrl": [ - "", - ], - "retrieveClientHostname": false, - "ssoCachePollingInterval": 3, - "userIdParameter": "UserToken", - "userIdParameterType": "session", - }, - "applicationWebAgentConfig": { - "attributeMultiValueSeparator": "|", - "clientIpValidation": false, - "continuousSecurityCookies": {}, - "continuousSecurityHeaders": {}, - "fetchAttributesForNotEnforcedUrls": false, - "ignorePathInfoForNotEnforcedUrls": true, - "invertNotEnforcedUrls": false, - "notEnforcedIps": [ - "", - ], - "notEnforcedIpsList": [ - "", - ], - "notEnforcedIpsRegex": false, - "notEnforcedUrls": [ - "", - ], - "notEnforcedUrlsRegex": false, - "profileAttributeFetchMode": "NONE", - "profileAttributeMap": {}, - "responseAttributeFetchMode": "NONE", - "responseAttributeMap": {}, - "sessionAttributeFetchMode": "NONE", - "sessionAttributeMap": {}, - }, - "globalWebAgentConfig": { - "accessDeniedUrl": null, - "agentConfigChangeNotificationsEnabled": true, - "agentDebugLevel": "Error", - "agentUriPrefix": "http://testagenturl.com:8080/amagent", - "agentgroup": null, - "amLbCookieEnable": false, - "auditAccessType": "LOG_NONE", - "auditLogLocation": "REMOTE", - "cdssoRootUrl": [ - "agentRootURL=http://testagenturl.com:8080/", - ], - "configurationPollingInterval": 60, - "disableJwtAudit": false, - "fqdnCheck": false, - "fqdnDefault": "testagenturl.com", - "fqdnMapping": {}, - "jwtAuditWhitelist": null, - "jwtName": "am-auth-jwt", - "notificationsEnabled": true, - "repositoryLocation": "centralized", - "resetIdleTime": false, - "secretLabelIdentifier": null, - "ssoOnlyMode": false, - "status": "Inactive", - "webSocketConnectionIntervalInMinutes": 30, - }, - "miscWebAgentConfig": { - "addCacheControlHeader": false, - "anonymousUserEnabled": false, - "anonymousUserId": "anonymous", - "caseInsensitiveUrlComparison": true, - "compositeAdviceEncode": false, - "compositeAdviceRedirect": false, - "encodeSpecialCharsInCookies": false, - "encodeUrlSpecialCharacters": false, - "gotoParameterName": "goto", - "headerJsonResponse": {}, - "ignorePathInfo": false, - "invalidUrlRegex": null, - "invertUrlJsonResponse": false, - "mineEncodeHeader": 0, - "profileAttributesCookieMaxAge": 300, - "profileAttributesCookiePrefix": "HTTP_", - "statusCodeJsonResponse": 202, - "urlJsonResponse": [ - "", - ], - }, - "ssoWebAgentConfig": { - "acceptSsoToken": false, - "cdssoCookieDomain": [ - "", - ], - "cdssoRedirectUri": "agent/cdsso-oauth2", - "cookieName": "iPlanetDirectoryPro", - "cookieResetEnabled": false, - "cookieResetList": [ - "", - ], - "cookieResetOnRedirect": false, - "httpOnly": true, - "multivaluePreAuthnCookie": false, - "persistentJwtCookie": false, - "sameSite": null, - "secureCookies": false, - }, - }, - "frodo-test-web-agent2": { - "_id": "frodo-test-web-agent2", - "_type": { - "_id": "WebAgent", - "collection": true, - "name": "Web Agents", - }, - "advancedWebAgentConfig": { - "apacheAuthDirectives": null, - "clientHostnameHeader": null, - "clientIpHeader": null, - "customProperties": [], - "fragmentRedirectEnabled": false, - "hostnameToIpAddress": [], - "logonAndImpersonation": false, - "overrideRequestHost": false, - "overrideRequestPort": false, - "overrideRequestProtocol": false, - "pdpJavascriptRepost": false, - "pdpSkipPostUrl": [ - "", - ], - "pdpStickySessionCookieName": null, - "pdpStickySessionMode": "OFF", - "pdpStickySessionValue": null, - "postDataCachePeriod": 10, - "postDataPreservation": false, - "replayPasswordKey": null, - "retainSessionCache": false, - "showPasswordInHeader": false, - }, - "amServicesWebAgent": { - "amLoginUrl": [], - "amLogoutUrl": [ - "http://testserverurl.com:8080/UI/Logout", - ], - "applicationLogoutUrls": [ - "", - ], - "conditionalLoginUrl": [ - "", - ], - "customLoginMode": 0, - "enableLogoutRegex": false, - "fetchPoliciesFromRootResource": false, - "invalidateLogoutSession": true, - "logoutRedirectDisabled": false, - "logoutRedirectUrl": null, - "logoutResetCookies": [ - "", - ], - "logoutUrlRegex": null, - "policyCachePollingInterval": 3, - "policyClockSkew": 0, - "policyEvaluationApplication": "iPlanetAMWebAgentService", - "policyEvaluationRealm": "/", - "publicAmUrl": null, - "regexConditionalLoginPattern": [ - "", - ], - "regexConditionalLoginUrl": [ - "", - ], - "retrieveClientHostname": false, - "ssoCachePollingInterval": 3, - "userIdParameter": "UserToken", - "userIdParameterType": "session", - }, - "applicationWebAgentConfig": { - "attributeMultiValueSeparator": "|", - "clientIpValidation": false, - "continuousSecurityCookies": {}, - "continuousSecurityHeaders": {}, - "fetchAttributesForNotEnforcedUrls": false, - "ignorePathInfoForNotEnforcedUrls": true, - "invertNotEnforcedUrls": false, - "notEnforcedIps": [ - "", - ], - "notEnforcedIpsList": [ - "", - ], - "notEnforcedIpsRegex": false, - "notEnforcedUrls": [ - "", - ], - "notEnforcedUrlsRegex": false, - "profileAttributeFetchMode": "NONE", - "profileAttributeMap": {}, - "responseAttributeFetchMode": "NONE", - "responseAttributeMap": {}, - "sessionAttributeFetchMode": "NONE", - "sessionAttributeMap": {}, - }, - "globalWebAgentConfig": { - "accessDeniedUrl": null, - "agentConfigChangeNotificationsEnabled": true, - "agentDebugLevel": "Error", - "agentUriPrefix": "http://testagenturl.com:8080/amagent", - "agentgroup": null, - "amLbCookieEnable": false, - "auditAccessType": "LOG_NONE", - "auditLogLocation": "REMOTE", - "cdssoRootUrl": [ - "agentRootURL=http://testagenturl.com:8080/", - ], - "configurationPollingInterval": 60, - "disableJwtAudit": false, - "fqdnCheck": false, - "fqdnDefault": "testagenturl.com", - "fqdnMapping": {}, - "jwtAuditWhitelist": null, - "jwtName": "am-auth-jwt", - "notificationsEnabled": true, - "repositoryLocation": "centralized", - "resetIdleTime": false, - "secretLabelIdentifier": null, - "ssoOnlyMode": false, - "status": "Inactive", - "webSocketConnectionIntervalInMinutes": 30, - }, - "miscWebAgentConfig": { - "addCacheControlHeader": false, - "anonymousUserEnabled": false, - "anonymousUserId": "anonymous", - "caseInsensitiveUrlComparison": true, - "compositeAdviceEncode": false, - "compositeAdviceRedirect": false, - "encodeSpecialCharsInCookies": false, - "encodeUrlSpecialCharacters": false, - "gotoParameterName": "goto", - "headerJsonResponse": {}, - "ignorePathInfo": false, - "invalidUrlRegex": null, - "invertUrlJsonResponse": false, - "mineEncodeHeader": 0, - "profileAttributesCookieMaxAge": 300, - "profileAttributesCookiePrefix": "HTTP_", - "statusCodeJsonResponse": 202, - "urlJsonResponse": [ - "", - ], - }, - "ssoWebAgentConfig": { - "acceptSsoToken": false, - "cdssoCookieDomain": [ - "", - ], - "cdssoRedirectUri": "agent/cdsso-oauth2", - "cookieName": "iPlanetDirectoryPro", - "cookieResetEnabled": false, - "cookieResetList": [ - "", - ], - "cookieResetOnRedirect": false, - "httpOnly": true, - "multivaluePreAuthnCookie": false, - "persistentJwtCookie": false, - "sameSite": null, - "secureCookies": false, - }, - }, - "ig-agent": { - "_id": "ig-agent", - "_type": { - "_id": "IdentityGatewayAgent", - "collection": true, - "name": "Identity Gateway Agents", - }, - "agentgroup": null, - "igCdssoLoginUrlTemplate": null, - "igCdssoRedirectUrls": [], - "igTokenIntrospection": "Realm_Subs", - "secretLabelIdentifier": null, - "status": "Active", - }, - "my-policy-agent": { - "_id": "my-policy-agent", - "_type": { - "_id": "2.2_Agent", - "collection": true, - "name": "Policy Agents", - }, - "cdssoRootUrl": [], - "description": null, - "status": "Active", - }, - "test": { - "_id": "test", - "_type": { - "_id": "RemoteConsentAgent", - "collection": true, - "name": "OAuth2 Remote Consent Service", - }, - "agentgroup": null, - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "publicKeyLocation": "jwks_uri", - "remoteConsentRedirectUrl": null, - "remoteConsentRequestEncryptionAlgorithm": "RSA-OAEP-256", - "remoteConsentRequestEncryptionEnabled": true, - "remoteConsentRequestEncryptionMethod": "A128GCM", - "remoteConsentRequestSigningAlgorithm": "RS256", - "remoteConsentResponseEncryptionAlgorithm": "RSA-OAEP-256", - "remoteConsentResponseEncryptionMethod": "A128GCM", - "remoteConsentResponseSigningAlg": "RS256", - "requestTimeLimit": 180, - }, - "test software publisher": { - "_id": "test software publisher", - "_type": { - "_id": "SoftwarePublisher", - "collection": true, - "name": "OAuth2 Software Publisher", - }, - "agentgroup": null, - "issuer": null, - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "publicKeyLocation": "jwks_uri", - "softwareStatementSigningAlgorithm": "RS256", - }, - }, - "agentGroup": { - "test_ig_group": { - "_id": "test_ig_group", - "_type": { - "_id": "IdentityGatewayAgent", - "collection": true, - "name": "Identity Gateway Agents", - }, - "igCdssoLoginUrlTemplate": null, - "igCdssoRedirectUrls": [], - "igTokenIntrospection": "None", - "status": "Active", - }, - "test_java_group": { - "_id": "test_java_group", - "_type": { - "_id": "J2EEAgent", - "collection": true, - "name": "J2EE Agents", - }, - "advancedJ2EEAgentConfig": { - "alternativeAgentHostname": null, - "alternativeAgentPort": null, - "alternativeAgentProtocol": null, - "clientHostnameHeader": null, - "clientIpHeader": null, - "customProperties": [], - "expiredSessionCacheSize": 500, - "expiredSessionCacheTTL": 20, - "fragmentRelayUri": null, - "idleTimeRefreshWindow": 1, - "jwtCacheSize": 5000, - "jwtCacheTTL": 30, - "missingPostDataPreservationEntryUri": [ - "", - ], - "monitoringToCSV": false, - "policyCachePerUser": 50, - "policyCacheSize": 5000, - "policyClientPollingInterval": 3, - "possibleXssCodeElements": [ - "", - ], - "postDataCacheTtlMin": 5, - "postDataPreservation": false, - "postDataPreserveCacheEntryMaxEntries": 1000, - "postDataPreserveCacheEntryMaxTotalSizeMb": -1, - "postDataPreserveMultipartLimitBytes": 104857600, - "postDataPreserveMultipartParameterLimitBytes": 104857600, - "postDataStickySessionKeyValue": null, - "postDataStickySessionMode": "URL", - "retainPreviousOverrideBehavior": true, - "sessionCacheTTL": 15, - "ssoExchangeCacheSize": 100, - "ssoExchangeCacheTTL": 5, - "xssDetectionRedirectUri": {}, - }, - "amServicesJ2EEAgent": { - "agentAdviceEncode": false, - "amLoginUrl": [], - "authServiceHost": "testurl.com", - "authServicePort": 8080, - "authServiceProtocol": "http", - "authSuccessRedirectUrl": false, - "conditionalLoginUrl": [ - "", - ], - "conditionalLogoutUrl": [ - "", - ], - "customLoginEnabled": false, - "legacyLoginUrlList": [ - "", - ], - "overridePolicyEvaluationRealmEnabled": false, - "policyEvaluationApplication": "iPlanetAMWebAgentService", - "policyEvaluationRealm": "/", - "policyNotifications": true, - "restrictToRealm": {}, - "strategyWhenAMUnavailable": "EVAL_NER_USE_CACHE_UNTIL_EXPIRED_ELSE_503", - "urlPolicyEnvGetParameters": [ - "", - ], - "urlPolicyEnvJsessionParameters": [ - "", - ], - "urlPolicyEnvPostParameters": [ - "", - ], - }, - "applicationJ2EEAgentConfig": { - "applicationLogoutUris": {}, - "clientIpValidationMode": { - "": "OFF", - }, - "clientIpValidationRange": {}, - "continuousSecurityCookies": {}, - "continuousSecurityHeaders": {}, - "cookieAttributeMultiValueSeparator": "|", - "cookieAttributeUrlEncoded": true, - "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", - "invertNotEnforcedIps": false, - "invertNotEnforcedUris": false, - "logoutEntryUri": {}, - "logoutIntrospection": false, - "logoutRequestParameters": {}, - "notEnforcedFavicon": true, - "notEnforcedIps": [ - "", - ], - "notEnforcedIpsCacheEnabled": true, - "notEnforcedIpsCacheSize": 1000, - "notEnforcedRuleCompoundSeparator": "|", - "notEnforcedUris": [ - "", - ], - "notEnforcedUrisCacheEnabled": true, - "notEnforcedUrisCacheSize": 1000, - "profileAttributeFetchMode": "NONE", - "profileAttributeMap": {}, - "resourceAccessDeniedUri": {}, - "responseAttributeFetchMode": "NONE", - "responseAttributeMap": {}, - "sessionAttributeFetchMode": "NONE", - "sessionAttributeMap": {}, - }, - "globalJ2EEAgentConfig": { - "agentConfigChangeNotificationsEnabled": true, - "auditAccessType": "LOG_NONE", - "auditLogLocation": "REMOTE", - "cdssoRootUrl": [], - "configurationReloadInterval": 0, - "customResponseHeader": {}, - "debugLevel": "error", - "debugLogfilePrefix": null, - "debugLogfileRetentionCount": -1, - "debugLogfileRotationMinutes": -1, - "debugLogfileRotationSize": 52428800, - "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", - "filterMode": { - "": "ALL", - }, - "fqdnCheck": false, - "fqdnDefault": null, - "fqdnMapping": {}, - "httpSessionBinding": true, - "jwtName": "am-auth-jwt", - "lbCookieEnabled": false, - "lbCookieName": "amlbcookie", - "localAuditLogRotation": false, - "localAuditLogfileRetentionCount": -1, - "localAuditRotationSize": 52428800, - "loginAttemptLimit": 0, - "loginAttemptLimitCookieName": "amFilterParam", - "preAuthCookieMaxAge": 300, - "preAuthCookieName": "amFilterCDSSORequest", - "recheckAmUnavailabilityInSeconds": 5, - "redirectAttemptLimit": 0, - "redirectAttemptLimitCookieName": "amFilterRDParam", - "status": "Active", - "userAttributeName": "employeenumber", - "userMappingMode": "USER_ID", - "userPrincipalFlag": false, - "userTokenName": "UserToken", - "webSocketConnectionIntervalInMinutes": 30, - }, - "miscJ2EEAgentConfig": { - "agent302RedirectContentType": "application/json", - "agent302RedirectEnabled": true, - "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", - "agent302RedirectInvertEnabled": false, - "agent302RedirectNerList": [ - "", - ], - "agent302RedirectStatusCode": 200, - "authFailReasonParameterName": null, - "authFailReasonParameterRemapper": {}, - "authFailReasonUrl": null, - "gotoParameterName": "goto", - "gotoUrl": null, - "ignorePathInfo": false, - "legacyRedirectUri": null, - "legacyUserAgentList": [ - "Mozilla/4.7*", - ], - "legacyUserAgentSupport": false, - "localeCountry": "US", - "localeLanguage": "en", - "loginReasonMap": {}, - "loginReasonParameterName": null, - "portCheckEnabled": false, - "portCheckFile": "PortCheckContent.txt", - "portCheckSetting": {}, - "unwantedHttpUrlParams": [ - "", - ], - "unwantedHttpUrlRegexParams": [ - "", - ], - "wantedHttpUrlParams": [ - "", - ], - "wantedHttpUrlRegexParams": [ - "", - ], - }, - "ssoJ2EEAgentConfig": { - "acceptIPDPCookie": false, - "acceptSsoTokenDomainList": [ - "", - ], - "acceptSsoTokenEnabled": false, - "authExchangeCookieName": null, - "authExchangeUri": null, - "cdssoDomainList": [ - "", - ], - "cdssoRedirectUri": null, - "cdssoSecureCookies": false, - "cookieResetDomains": {}, - "cookieResetEnabled": false, - "cookieResetNames": [ - "", - ], - "cookieResetPaths": {}, - "encodeCookies": false, - "excludedUserAgentsList": [], - "httpOnly": true, - "setCookieAttributeMap": {}, - "setCookieInternalMap": {}, - }, - }, - "test_web_agent_group": { - "_id": "test_web_agent_group", - "_type": { - "_id": "WebAgent", - "collection": true, - "name": "Web Agents", - }, - "advancedWebAgentConfig": { - "apacheAuthDirectives": null, - "clientHostnameHeader": null, - "clientIpHeader": null, - "customProperties": [], - "fragmentRedirectEnabled": false, - "hostnameToIpAddress": [], - "logonAndImpersonation": false, - "overrideRequestHost": false, - "overrideRequestPort": false, - "overrideRequestProtocol": false, - "pdpJavascriptRepost": false, - "pdpSkipPostUrl": [ - "", - ], - "pdpStickySessionCookieName": null, - "pdpStickySessionMode": "OFF", - "pdpStickySessionValue": null, - "postDataCachePeriod": 10, - "postDataPreservation": false, - "replayPasswordKey": null, - "retainSessionCache": false, - "showPasswordInHeader": false, - }, - "amServicesWebAgent": { - "amLoginUrl": [], - "amLogoutUrl": [ - "http://testurl.com:8080/UI/Logout", - ], - "applicationLogoutUrls": [ - "", - ], - "conditionalLoginUrl": [ - "", - ], - "customLoginMode": 0, - "enableLogoutRegex": false, - "fetchPoliciesFromRootResource": false, - "invalidateLogoutSession": true, - "logoutRedirectDisabled": false, - "logoutRedirectUrl": null, - "logoutResetCookies": [ - "", - ], - "logoutUrlRegex": null, - "policyCachePollingInterval": 3, - "policyClockSkew": 0, - "policyEvaluationApplication": "iPlanetAMWebAgentService", - "policyEvaluationRealm": "/", - "publicAmUrl": null, - "regexConditionalLoginPattern": [ - "", - ], - "regexConditionalLoginUrl": [ - "", - ], - "retrieveClientHostname": false, - "ssoCachePollingInterval": 3, - "userIdParameter": "UserToken", - "userIdParameterType": "session", - }, - "applicationWebAgentConfig": { - "attributeMultiValueSeparator": "|", - "clientIpValidation": false, - "continuousSecurityCookies": {}, - "continuousSecurityHeaders": {}, - "fetchAttributesForNotEnforcedUrls": false, - "ignorePathInfoForNotEnforcedUrls": true, - "invertNotEnforcedUrls": false, - "notEnforcedIps": [ - "", - ], - "notEnforcedIpsList": [ - "", - ], - "notEnforcedIpsRegex": false, - "notEnforcedUrls": [ - "", - ], - "notEnforcedUrlsRegex": false, - "profileAttributeFetchMode": "NONE", - "profileAttributeMap": {}, - "responseAttributeFetchMode": "NONE", - "responseAttributeMap": {}, - "sessionAttributeFetchMode": "NONE", - "sessionAttributeMap": {}, - }, - "globalWebAgentConfig": { - "accessDeniedUrl": null, - "agentConfigChangeNotificationsEnabled": true, - "agentDebugLevel": "Error", - "agentUriPrefix": null, - "amLbCookieEnable": false, - "auditAccessType": "LOG_NONE", - "auditLogLocation": "REMOTE", - "cdssoRootUrl": [], - "configurationPollingInterval": 60, - "disableJwtAudit": false, - "fqdnCheck": false, - "fqdnDefault": null, - "fqdnMapping": {}, - "jwtAuditWhitelist": null, - "jwtName": "am-auth-jwt", - "notificationsEnabled": true, - "resetIdleTime": false, - "ssoOnlyMode": false, - "status": "Active", - "webSocketConnectionIntervalInMinutes": 30, - }, - "miscWebAgentConfig": { - "addCacheControlHeader": false, - "anonymousUserEnabled": false, - "anonymousUserId": "anonymous", - "caseInsensitiveUrlComparison": true, - "compositeAdviceEncode": false, - "compositeAdviceRedirect": false, - "encodeSpecialCharsInCookies": false, - "encodeUrlSpecialCharacters": false, - "gotoParameterName": "goto", - "headerJsonResponse": {}, - "ignorePathInfo": false, - "invalidUrlRegex": null, - "invertUrlJsonResponse": false, - "mineEncodeHeader": 0, - "profileAttributesCookieMaxAge": 300, - "profileAttributesCookiePrefix": "HTTP_", - "statusCodeJsonResponse": 202, - "urlJsonResponse": [ - "", - ], - }, - "ssoWebAgentConfig": { - "acceptSsoToken": false, - "cdssoCookieDomain": [ - "", - ], - "cdssoRedirectUri": "agent/cdsso-oauth2", - "cookieName": "iPlanetDirectoryPro", - "cookieResetEnabled": false, - "cookieResetList": [ - "", - ], - "cookieResetOnRedirect": false, - "httpOnly": true, - "multivaluePreAuthnCookie": false, - "persistentJwtCookie": false, - "sameSite": null, - "secureCookies": false, - }, - }, - }, - "application": { - "0b48992b-a2dd-4ed5-8b07-1fc5d7306da8": { - "_id": "0b48992b-a2dd-4ed5-8b07-1fc5d7306da8", - "_provider": { - "_id": "", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", + }, + "frodo-idm-access": { + "_id": "frodo-idm-access", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider", }, "advancedOAuth2Config": { "allowClientCredentialsInTokenRequestQueryParameters": true, @@ -33632,13 +22499,17 @@ isGoogleEligible; "contacts": [], "customProperties": [], "descriptions": [ - "Created by Frodo on 3/20/2024, 9:30:37 AM", + "Frodo IDM Access", ], "grantTypes": [ - "client_credentials", + "authorization_code", ], "isConsentImplied": true, - "javascriptOrigins": [], + "javascriptOrigins": [ + "http://localhost:8712", + "https://openam-frodo-dev.forgeblocks.com", + "https://openam-frodo-dev.forgeblocks.com:443", + ], "logoUri": [], "mixUpMitigation": false, "name": [], @@ -33647,37 +22518,45 @@ isGoogleEligible; "requestUris": [], "require_pushed_authorization_requests": false, "responseTypes": [ + "code", "token", + "id_token", + "code token", + "token id_token", + "code id_token", + "code token id_token", + "device_code", + "device_code id_token", ], "sectorIdentifierUri": null, "softwareIdentity": null, "softwareVersion": null, - "subjectType": "Public", - "tokenEndpointAuthMethod": "client_secret_basic", + "subjectType": "public", + "tokenEndpointAuthMethod": "client_secret_post", "tokenExchangeAuthLevel": 0, "tosURI": [], "updateAccessToken": null, }, "coreOAuth2ClientConfig": { - "accessTokenLifetime": 315360000, + "accessTokenLifetime": 3600, "authorizationCodeLifetime": 120, "clientName": [ - "0b48992b-a2dd-4ed5-8b07-1fc5d7306da8", - ], - "clientType": "Confidential", - "defaultScopes": [ - "fr:idm:*", + "frodo-idm-access", ], + "clientType": "Public", + "defaultScopes": [], "loopbackInterfaceRedirection": false, - "redirectionUris": [], + "redirectionUris": [ + "http://localhost:8712/frodo", + "https://openam-frodo-dev.forgeblocks.com/platform/appAuthHelperRedirect.html", + ], "refreshTokenLifetime": 604800, "scopes": [ + "openid", "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", ], + "secretLabelIdentifier": null, "status": "Active", - "userpassword": null, }, "coreOpenIDClientConfig": { "backchannel_logout_session_required": false, @@ -33754,8 +22633,8 @@ isGoogleEligible; "userinfoSignedResponseAlg": null, }, }, - "49a2981c-e192-4739-a0e6-c7582168bdf5": { - "_id": "49a2981c-e192-4739-a0e6-c7582168bdf5", + "hrlite-client": { + "_id": "hrlite-client", "_provider": { "_id": "", "_type": { @@ -34180,13 +23059,20 @@ isGoogleEligible; "contacts": [], "customProperties": [], "descriptions": [ - "Created by Frodo on 5/13/2023, 8:07:37 PM", + "hrlite/id_token/callback", ], "grantTypes": [ + "authorization_code", "client_credentials", + "refresh_token", ], "isConsentImplied": true, - "javascriptOrigins": [], + "javascriptOrigins": [ + "https://volker-demo.encore.forgerock.com", + "https://volker-demo.encore.forgerock.com:443", + "https://volker-demo.encore.forgerock.com", + "https://volker-demo.encore.forgerock.com:443", + ], "logoUri": [], "mixUpMitigation": false, "name": [], @@ -34195,7 +23081,9 @@ isGoogleEligible; "requestUris": [], "require_pushed_authorization_requests": false, "responseTypes": [ + "code", "token", + "id_token", ], "sectorIdentifierUri": null, "softwareIdentity": null, @@ -34210,20 +23098,22 @@ isGoogleEligible; "accessTokenLifetime": 3600, "agentgroup": null, "authorizationCodeLifetime": 120, - "clientName": [ - "49a2981c-e192-4739-a0e6-c7582168bdf5", - ], + "clientName": [], "clientType": "Confidential", - "defaultScopes": [ - "fr:idm:*", - ], + "defaultScopes": [], "loopbackInterfaceRedirection": false, - "redirectionUris": [], + "redirectionUris": [ + "https://volker-demo.encore.forgerock.com/apps/hrlite/id_token/callback", + "https://volker-demo.encore.forgerock.com:443/apps/hrlite/id_token/callback", + "https://volker-demo.encore.forgerock.com/apps/hrlite/id_token/callback", + "https://volker-demo.encore.forgerock.com:443/apps/hrlite/id_token/callback", + "https://volker-demo.encore.forgerock.com/apps/contractor/id_token/callback", + "https://volker-demo.encore.forgerock.com:443/apps/contractor/id_token/callback", + ], "refreshTokenLifetime": 604800, "scopes": [ + "openid", "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", ], "status": "Active", }, @@ -34305,8 +23195,8 @@ isGoogleEligible; "userinfoSignedResponseAlg": null, }, }, - "60b7b032-68fc-45ed-98ca-262c1985fb7e": { - "_id": "60b7b032-68fc-45ed-98ca-262c1985fb7e", + "rfc7523-client1": { + "_id": "rfc7523-client1", "_provider": { "_id": "", "_type": { @@ -34730,11 +23620,9 @@ isGoogleEligible; "clientUri": [], "contacts": [], "customProperties": [], - "descriptions": [ - "Created by Frodo on 3/20/2024, 8:09:47 AM", - ], + "descriptions": [], "grantTypes": [ - "client_credentials", + "urn:ietf:params:oauth:grant-type:jwt-bearer", ], "isConsentImplied": true, "javascriptOrigins": [], @@ -34742,9 +23630,7 @@ isGoogleEligible; "mixUpMitigation": false, "name": [], "policyUri": [], - "refreshTokenGracePeriod": 0, "requestUris": [], - "require_pushed_authorization_requests": false, "responseTypes": [ "token", ], @@ -34752,31 +23638,28 @@ isGoogleEligible; "softwareIdentity": null, "softwareVersion": null, "subjectType": "Public", - "tokenEndpointAuthMethod": "client_secret_basic", + "tokenEndpointAuthMethod": "none", "tokenExchangeAuthLevel": 0, "tosURI": [], "updateAccessToken": null, }, "coreOAuth2ClientConfig": { - "accessTokenLifetime": 315360000, + "accessTokenLifetime": 3600, "authorizationCodeLifetime": 120, "clientName": [ - "60b7b032-68fc-45ed-98ca-262c1985fb7e", - ], - "clientType": "Confidential", - "defaultScopes": [ - "fr:idm:*", + "rfc7523-client1", ], + "clientType": "Public", + "defaultScopes": [], "loopbackInterfaceRedirection": false, "redirectionUris": [], "refreshTokenLifetime": 604800, "scopes": [ + "openid", + "fr:am:*", "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", ], "status": "Active", - "userpassword": null, }, "coreOpenIDClientConfig": { "backchannel_logout_session_required": false, @@ -34792,53 +23675,21 @@ isGoogleEligible; "coreUmaClientConfig": { "claimsRedirectionUris": [], }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "useForceAuthnForMaxAge": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", "clientJwtPublicKey": null, "idTokenEncryptionAlgorithm": "RSA-OAEP-256", "idTokenEncryptionEnabled": false, "idTokenEncryptionMethod": "A128CBC-HS256", "idTokenPublicEncryptionKey": null, "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, + "jwkSet": "{"keys":[{"kty":"RSA","kid":"5rpTrxBPGieY8tVMmxMq_m3ZBbrATN0SlikhoM13VJM","alg":"RS256","e":"AQAB","n":"3oLso7E5tS9FL0ui5KaQe2qEsozeZAwqCHqzEP7KzgMAAvPCQHPZ8etsC9xeYxAyjPnfQc-EXMRqCHqlyxeyR912gBKYVZ6VB9h1zWKCIiUQHpY_nz6bDAt1EisRiH_jqENDOJ0m5ELVLPZoXcsEQ9e_yg352YToGvS560YCBi6xYj4JX5SGs0Rah-SmhpsOZNr46XHolGYivLaRNLJRQc2YV2NArMfb5JcDQ9aSv3EyIXOim7MRFh8uORCiyNpF_y3jOjC17rdJ_0IPnYvPl1-Krq283RzzhIDe2s2CoKAK50XEM8J5FT9298xd7ku1_nyCcNsltGPLj3a7p9OYzofaC8FIfBXX_T4MoNfJ0edNp3FWGin_C_l1z4JnKdSyyBMr4-mB0mIx3td2qK8StFj2hfXZXxtG4cJ0vnP4Qizse-BlqG0Wkmbjijun9cfPiL5AFv-W5OcfQ5R8HqU5JHkQGkWXopZpZtGbqCS7LbDyNBZJNa_qacAIZ98C4sbbRwZgv824hxJlVGu0uxyIqwNHyNnPkZ8zhJ9OCp2l4y8KC3aALyVlBzmi55xh4J8J1cgFXX2v_ilPqUYN9uwQAR4mJ6_tHEPzX7BPxFl1BubNyK5S1ZZevtbUUE8oV9an2fP51H64oYy_1ni6badcu0TOPr2ISGuwFvQxtllHRcE"}]}", "jwkStoreCacheMissCacheTime": 60000, "jwksCacheTimeout": 3600000, "jwksUri": null, "mTLSCertificateBoundAccessTokens": false, "mTLSSubjectDN": null, "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", + "publicKeyLocation": "jwks", "requestParameterEncryptedAlg": null, "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", "requestParameterSignedAlg": null, @@ -34853,8 +23704,8 @@ isGoogleEligible; "userinfoSignedResponseAlg": null, }, }, - "EncoreRCSClient": { - "_id": "EncoreRCSClient", + "test2": { + "_id": "test2", "_provider": { "_id": "", "_type": { @@ -35278,8 +24129,12 @@ isGoogleEligible; "clientUri": [], "contacts": [], "customProperties": [], - "descriptions": [], + "descriptions": [ + "Modified by Frodo on 4/16/2022, 8:41:59 PM", + ], "grantTypes": [ + "authorization_code", + "refresh_token", "client_credentials", ], "isConsentImplied": false, @@ -35288,24 +24143,16 @@ isGoogleEligible; "mixUpMitigation": false, "name": [], "policyUri": [], - "refreshTokenGracePeriod": 0, "requestUris": [], - "require_pushed_authorization_requests": false, "responseTypes": [ "code", "token", "id_token", - "code token", - "token id_token", - "code id_token", - "code token id_token", - "device_code", - "device_code id_token", ], "sectorIdentifierUri": null, "softwareIdentity": null, "softwareVersion": null, - "subjectType": "pairwise", + "subjectType": "public", "tokenEndpointAuthMethod": "client_secret_basic", "tokenExchangeAuthLevel": 0, "tosURI": [], @@ -35314,13 +24161,18 @@ isGoogleEligible; "coreOAuth2ClientConfig": { "accessTokenLifetime": 0, "authorizationCodeLifetime": 0, - "clientName": [], + "clientName": [ + "test2", + ], "clientType": "Confidential", - "defaultScopes": [], + "defaultScopes": [ + "openid", + ], "loopbackInterfaceRedirection": false, "redirectionUris": [], "refreshTokenLifetime": 0, "scopes": [ + "openid", "fr:idm:*", ], "status": "Active", @@ -35341,37 +24193,21 @@ isGoogleEligible; }, "overrideOAuth2ClientConfig": { "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", + "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", "clientsCanSkipConsent": false, "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", "issueRefreshToken": true, "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", + "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", "oidcMayActScript": "[Empty]", "overrideableOIDCClaims": [], "providerOverridesEnabled": false, "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", "statelessTokensEnabled": false, "tokenEncryptionEnabled": false, - "useForceAuthnForMaxAge": false, "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", }, "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", "clientJwtPublicKey": null, "idTokenEncryptionAlgorithm": "RSA-OAEP-256", "idTokenEncryptionEnabled": false, @@ -35400,8 +24236,8 @@ isGoogleEligible; "userinfoSignedResponseAlg": null, }, }, - "EncoreWindowsRCSClient": { - "_id": "EncoreWindowsRCSClient", + "testapp": { + "_id": "testapp", "_provider": { "_id": "", "_type": { @@ -35825,9 +24661,11 @@ isGoogleEligible; "clientUri": [], "contacts": [], "customProperties": [], - "descriptions": [], + "descriptions": [ + "Test Application", + ], "grantTypes": [ - "client_credentials", + "authorization_code", ], "isConsentImplied": false, "javascriptOrigins": [], @@ -35852,7 +24690,7 @@ isGoogleEligible; "sectorIdentifierUri": null, "softwareIdentity": null, "softwareVersion": null, - "subjectType": "pairwise", + "subjectType": "public", "tokenEndpointAuthMethod": "client_secret_basic", "tokenExchangeAuthLevel": 0, "tosURI": [], @@ -35860,16 +24698,18 @@ isGoogleEligible; }, "coreOAuth2ClientConfig": { "accessTokenLifetime": 0, + "agentgroup": null, "authorizationCodeLifetime": 0, - "clientName": [], + "clientName": [ + "testapp", + ], "clientType": "Confidential", "defaultScopes": [], "loopbackInterfaceRedirection": false, "redirectionUris": [], "refreshTokenLifetime": 0, - "scopes": [ - "fr:idm:*", - ], + "scopes": [], + "secretLabelIdentifier": null, "status": "Active", }, "coreOpenIDClientConfig": { @@ -35890,16 +24730,19 @@ isGoogleEligible; "accessTokenMayActScript": "[Empty]", "accessTokenModificationPluginType": "PROVIDER", "accessTokenModificationScript": "[Empty]", + "accessTokenModifierClass": null, "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", "authorizeEndpointDataProviderPluginType": "PROVIDER", "authorizeEndpointDataProviderScript": "[Empty]", "clientsCanSkipConsent": false, + "customLoginUrlTemplate": null, "enableRemoteConsent": false, "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", "evaluateScopePluginType": "PROVIDER", "evaluateScopeScript": "[Empty]", "issueRefreshToken": true, "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsClass": null, "oidcClaimsPluginType": "PROVIDER", "oidcClaimsScript": "[Empty]", "oidcMayActScript": "[Empty]", @@ -35947,8 +24790,8 @@ isGoogleEligible; "userinfoSignedResponseAlg": null, }, }, - "RCSClient": { - "_id": "RCSClient", + "testclient": { + "_id": "testclient", "_provider": { "_id": "", "_type": { @@ -36374,7 +25217,7 @@ isGoogleEligible; "customProperties": [], "descriptions": [], "grantTypes": [ - "client_credentials", + "authorization_code", ], "isConsentImplied": false, "javascriptOrigins": [], @@ -36382,9 +25225,7 @@ isGoogleEligible; "mixUpMitigation": false, "name": [], "policyUri": [], - "refreshTokenGracePeriod": 0, "requestUris": [], - "require_pushed_authorization_requests": false, "responseTypes": [ "code", "token", @@ -36399,7 +25240,7 @@ isGoogleEligible; "sectorIdentifierUri": null, "softwareIdentity": null, "softwareVersion": null, - "subjectType": "Public", + "subjectType": "public", "tokenEndpointAuthMethod": "client_secret_basic", "tokenExchangeAuthLevel": 0, "tosURI": [], @@ -36407,7 +25248,6 @@ isGoogleEligible; }, "coreOAuth2ClientConfig": { "accessTokenLifetime": 0, - "agentgroup": null, "authorizationCodeLifetime": 0, "clientName": [], "clientType": "Confidential", @@ -36416,7 +25256,9 @@ isGoogleEligible; "redirectionUris": [], "refreshTokenLifetime": 0, "scopes": [ - "fr:idm:*", + "email", + "openid", + "profile", ], "status": "Active", }, @@ -36434,42 +25276,7 @@ isGoogleEligible; "coreUmaClientConfig": { "claimsRedirectionUris": [], }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "c234ba0b-58a1-4cfd-9567-09edde980745", - "accessTokenModifierClass": null, - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": true, - "customLoginUrlTemplate": null, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsClass": null, - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "1f389a3d-21cf-417c-a6d3-42ea620071f0", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": true, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "tokenEncryptionEnabled": false, - "useForceAuthnForMaxAge": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", "clientJwtPublicKey": null, "idTokenEncryptionAlgorithm": "RSA-OAEP-256", "idTokenEncryptionEnabled": false, @@ -36479,7 +25286,7 @@ isGoogleEligible; "jwkSet": null, "jwkStoreCacheMissCacheTime": 60000, "jwksCacheTimeout": 3600000, - "jwksUri": "http://am.fr-platform:80/am/oauth2/connect/jwk_uri", + "jwksUri": null, "mTLSCertificateBoundAccessTokens": false, "mTLSSubjectDN": null, "mTLSTrustedCert": null, @@ -36498,13164 +25305,9415 @@ isGoogleEligible; "userinfoSignedResponseAlg": null, }, }, - "baseline-ciba": { - "_id": "baseline-ciba", - "_provider": { - "_id": "", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "includeClientIdClaimInStatelessTokens": true, - "includeSubnameInTokenClaims": true, - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "Login", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, + }, + "authentication": { + "_id": "", + "_type": { + "_id": "EMPTY", + "collection": false, + "name": "Core", + }, + "accountlockout": { + "lockoutDuration": 0, + "lockoutDurationMultiplier": 1, + "lockoutWarnUserCount": 0, + "loginFailureCount": 5, + "loginFailureDuration": 300, + "loginFailureLockoutMode": false, + "storeInvalidAttemptsInDataStore": true, + }, + "core": { + "adminAuthModule": "Login", + "orgConfig": "Login", + }, + "general": { + "defaultAuthLevel": 0, + "externalLoginPageUrl": "https://volker-demo.encore.forgerock.com/demo/webapp/en/home/redirect", + "identityType": [ + "agent", + "user", + ], + "locale": "en_US", + "statelessSessionsEnabled": false, + "twoFactorRequired": false, + "userStatusCallbackPlugins": [], + }, + "postauthprocess": { + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [ + "/enduser/?realm=/alpha", + ], + "userAttributeSessionMapping": [], + "usernameGeneratorClass": "com.sun.identity.authentication.spi.DefaultUserIDGenerator", + "usernameGeneratorEnabled": true, + }, + "security": { + "addClearSiteDataHeader": true, + "keyAlias": "test", + "moduleBasedAuthEnabled": false, + "sharedSecret": { + "$string": "&{am.authentication.shared.secret}", }, + "zeroPageLoginAllowedWithoutReferrer": true, + "zeroPageLoginEnabled": false, + "zeroPageLoginReferrerWhiteList": [], + }, + "trees": { + "authenticationSessionsMaxDuration": 5, + "authenticationSessionsStateManagement": "JWT", + "authenticationSessionsWhitelist": false, + "authenticationTreeCookieHttpOnly": true, + "suspendedAuthenticationTimeout": 1440, + }, + "userprofile": { + "aliasAttributeName": [ + "uid", + ], + "defaultRole": [], + "dynamicProfileCreation": "false", + }, + }, + "authenticationChains": {}, + "idp": { + "adfs": { + "_id": "adfs", "_type": { - "_id": "OAuth2Client", + "_id": "oidcConfig", "collection": true, - "name": "OAuth2 Clients", + "name": "Client configuration for providers that implement the OpenID Connect specification.", }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [], - "grantTypes": [ - "urn:openid:params:grant-type:ciba", - "authorization_code", - ], - "isConsentImplied": false, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "refreshTokenGracePeriod": 0, - "requestUris": [], - "require_pushed_authorization_requests": false, - "responseTypes": [ - "token", - "id_token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "public", - "tokenEndpointAuthMethod": "client_secret_basic", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, + "acrValues": [], + "authenticationIdKey": "sub", + "authorizationEndpoint": "https://adfs.mytestrun.com/adfs/oauth2/authorize", + "clientAuthenticationMethod": "CLIENT_SECRET_POST", + "clientId": "aa9a179e-cdba-4db8-8477-3d1069d5ec04", + "enableNativeNonce": true, + "enabled": true, + "encryptJwtRequestParameter": false, + "encryptedIdTokens": false, + "issuer": "https://adfs.mytestrun.com/adfs", + "issuerComparisonCheckType": "EXACT", + "jwksUriEndpoint": "https://adfs.mytestrun.com/adfs/discovery/keys", + "jwtEncryptionAlgorithm": "NONE", + "jwtEncryptionMethod": "NONE", + "jwtRequestParameterOption": "NONE", + "jwtSigningAlgorithm": "RS256", + "pkceMethod": "S256", + "privateKeyJwtExpTime": 600, + "redirectURI": "https://idc.scheuber.io/login", + "responseMode": "DEFAULT", + "revocationCheckOptions": [], + "scopeDelimiter": " ", + "scopes": [ + "openid", + "profile", + "email", + ], + "tokenEndpoint": "https://adfs.mytestrun.com/adfs/oauth2/token", + "transform": "dbe0bf9a-72aa-49d5-8483-9db147985a47", + "uiConfig": { + "buttonClass": "", + "buttonCustomStyle": "background-color: #fff; border-color: #8b8b8b; color: #8b8b8b;", + "buttonCustomStyleHover": "background-color: #fff; border-color: #8b8b8b; color: #8b8b8b;", + "buttonDisplayName": "Microsoft ADFS", + "buttonImage": "/login/images/microsoft-logo.png", + "iconBackground": "#0078d7", + "iconClass": "fa-windows", + "iconFontColor": "white", }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 0, - "agentgroup": null, - "authorizationCodeLifetime": 0, - "clientName": [], - "clientType": "Confidential", - "defaultScopes": [], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 0, - "scopes": [ - "openid", - "profile", - ], - "status": "Active", + "useCustomTrustStore": false, + "userInfoResponseType": "JSON", + "wellKnownEndpoint": "https://adfs.mytestrun.com/adfs/.well-known/openid-configuration", + }, + "apple-stoyan": { + "_id": "apple-stoyan", + "_type": { + "_id": "appleConfig", + "collection": true, + "name": "Client configuration for Apple.", }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 0, - "postLogoutRedirectUri": [], + "acrValues": [], + "authenticationIdKey": "sub", + "authorizationEndpoint": "https://appleid.apple.com/auth/authorize", + "clientAuthenticationMethod": "CLIENT_SECRET_POST", + "clientId": "CHANGE ME", + "enableNativeNonce": true, + "enabled": false, + "encryptJwtRequestParameter": false, + "encryptedIdTokens": false, + "issuer": "https://appleid.apple.com", + "issuerComparisonCheckType": "EXACT", + "jwksUriEndpoint": "https://appleid.apple.com/auth/keys", + "jwtEncryptionAlgorithm": "NONE", + "jwtEncryptionMethod": "NONE", + "jwtRequestParameterOption": "NONE", + "jwtSigningAlgorithm": "NONE", + "pkceMethod": "S256", + "privateKeyJwtExpTime": 600, + "redirectAfterFormPostURI": "https://openam-volker-dev.forgeblocks.com/login", + "redirectURI": "https://openam-volker-dev.forgeblocks.com/am/oauth2/alpha/client/form_post/apple-stoyan", + "requestNativeAppForUserInfo": false, + "responseMode": "FORM_POST", + "revocationCheckOptions": [], + "scopeDelimiter": " ", + "scopes": [ + "name", + "email", + ], + "tokenEndpoint": "https://appleid.apple.com/auth/token", + "transform": "484e6246-dbc6-4288-97e6-54e55431402e", + "uiConfig": { + "buttonClass": "", + "buttonCustomStyle": "background-color: #000000; color: #ffffff; border-color: #000000;", + "buttonCustomStyleHover": "background-color: #000000; color: #ffffff; border-color: #000000;", + "buttonDisplayName": "Apple", + "buttonImage": "/login/images/apple-logo.png", + "iconBackground": "#000000", + "iconClass": "fa-apple", + "iconFontColor": "white", }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], + "useCustomTrustStore": false, + "userInfoResponseType": "JSON", + "wellKnownEndpoint": "https://appleid.apple.com/.well-known/openid-configuration", + }, + "apple_web": { + "_id": "apple_web", + "_type": { + "_id": "appleConfig", + "collection": true, + "name": "Client configuration for Apple.", }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "accessTokenModifierClass": null, - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "customLoginUrlTemplate": null, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsClass": null, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "useForceAuthnForMaxAge": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", + "acrValues": [], + "authenticationIdKey": "sub", + "authorizationEndpoint": "https://appleid.apple.com/auth/authorize", + "clientAuthenticationMethod": "CLIENT_SECRET_POST", + "clientId": "io.scheuber.idc.signinWithApple.service", + "enableNativeNonce": true, + "enabled": true, + "encryptJwtRequestParameter": false, + "encryptedIdTokens": false, + "issuer": "https://appleid.apple.com", + "issuerComparisonCheckType": "EXACT", + "jwksUriEndpoint": "https://appleid.apple.com/auth/keys", + "jwtEncryptionAlgorithm": "NONE", + "jwtEncryptionMethod": "NONE", + "jwtRequestParameterOption": "NONE", + "jwtSigningAlgorithm": "NONE", + "pkceMethod": "S256", + "privateKeyJwtExpTime": 600, + "redirectAfterFormPostURI": "https://idc.scheuber.io/login", + "redirectURI": "https://idc.scheuber.io/am/oauth2/client/form_post/apple_web", + "requestNativeAppForUserInfo": false, + "responseMode": "FORM_POST", + "revocationCheckOptions": [], + "scopeDelimiter": " ", + "scopes": [ + "name", + "email", + ], + "tokenEndpoint": "https://appleid.apple.com/auth/token", + "transform": "484e6246-dbc6-4288-97e6-54e55431402e", + "uiConfig": { + "buttonClass": "", + "buttonCustomStyle": "background-color: #000000; color: #ffffff; border-color: #000000;", + "buttonCustomStyleHover": "background-color: #000000; color: #ffffff; border-color: #000000;", + "buttonDisplayName": "Apple", + "buttonImage": "/login/images/apple-logo.png", + "iconBackground": "#000000", + "iconClass": "fa-apple", + "iconFontColor": "white", }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": "{"keys" :[{ "kty": "EC", "d": "bXhBnmXPav9lgPPs6zavwlqbSmaMpdyeh564d0uNI8k", "use": "sig", "crv": "P-256", "kid": "mykey", "x": "E8IyIrUIBdMVAFhRIcNtDVUI8OTDDSs-LRziuBthM4s", "y": "1jH5o5B5hBeqARhYTMPl5l8CVNOFIVrvYd_TiFH6FkQ" }]}", - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, + "useCustomTrustStore": false, + "userInfoResponseType": "JSON", + "wellKnownEndpoint": "https://appleid.apple.com/.well-known/openid-configuration", + }, + "azure": { + "_id": "azure", + "_type": { + "_id": "microsoftConfig", + "collection": true, + "name": "Client configuration for Microsoft.", + }, + "authenticationIdKey": "id", + "authorizationEndpoint": "https://login.microsoftonline.com/711ffa9c-5972-4713-ace3-688c9732614a/oauth2/v2.0/authorize", + "clientAuthenticationMethod": "CLIENT_SECRET_POST", + "clientId": "c42a3dc8-f276-496b-a722-269f131cc21c", + "enabled": true, + "issuerComparisonCheckType": "EXACT", + "jwtEncryptionAlgorithm": "NONE", + "jwtEncryptionMethod": "NONE", + "jwtSigningAlgorithm": "NONE", + "pkceMethod": "S256", + "privateKeyJwtExpTime": 600, + "redirectURI": "https://idc.scheuber.io/login", + "responseMode": "DEFAULT", + "revocationCheckOptions": [], + "scopeDelimiter": " ", + "scopes": [ + "User.Read", + "openid", + ], + "tokenEndpoint": "https://login.microsoftonline.com/711ffa9c-5972-4713-ace3-688c9732614a/oauth2/v2.0/token", + "transform": "73cecbfc-dad0-4395-be6a-6858ee3a80e5", + "uiConfig": { + "buttonClass": "", + "buttonCustomStyle": "background-color: #fff; border-color: #8b8b8b; color: #8b8b8b;", + "buttonCustomStyleHover": "background-color: #fff; border-color: #8b8b8b; color: #8b8b8b;", + "buttonDisplayName": "Microsoft Azure", + "buttonImage": "/login/images/microsoft-logo.png", + "iconBackground": "#0078d7", + "iconClass": "fa-windows", + "iconFontColor": "white", }, + "useCustomTrustStore": false, + "userInfoEndpoint": "https://graph.microsoft.com/v1.0/me", }, - "baseline-device": { - "_id": "baseline-device", - "_provider": { - "_id": "", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "includeClientIdClaimInStatelessTokens": true, - "includeSubnameInTokenClaims": true, - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "Login", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, + "github": { + "_id": "github", + "_type": { + "_id": "oauth2Config", + "collection": true, + "name": "Client configuration for providers that implement the OAuth2 specification.", + }, + "authenticationIdKey": "id", + "authorizationEndpoint": "https://github.com/login/oauth/authorize", + "clientAuthenticationMethod": "CLIENT_SECRET_POST", + "clientId": "bdae6d141d4dcf95a630", + "enabled": true, + "issuerComparisonCheckType": "EXACT", + "jwtEncryptionAlgorithm": "NONE", + "jwtEncryptionMethod": "NONE", + "jwtSigningAlgorithm": "NONE", + "pkceMethod": "S256", + "privateKeyJwtExpTime": 600, + "redirectURI": "https://idc.scheuber.io/login", + "responseMode": "DEFAULT", + "revocationCheckOptions": [], + "scopeDelimiter": " ", + "scopes": [ + "user", + ], + "tokenEndpoint": "https://ig.mytestrun.com/login/oauth/access_token", + "transform": "23143919-6b78-40c3-b25e-beca19b229e0", + "uiConfig": { + "buttonCustomStyle": "background-color: #fff; color: #757575; border-color: #ddd;", + "buttonCustomStyleHover": "color: #6d6d6d; background-color: #eee; border-color: #ccc;", + "buttonDisplayName": "GitHub", + "buttonImage": "https://cdn-icons-png.flaticon.com/512/25/25231.png", + "iconBackground": "#4184f3", + "iconFontColor": "white", }, + "useCustomTrustStore": false, + "userInfoEndpoint": "https://ig.mytestrun.com/user", + }, + "google": { + "_id": "google", "_type": { - "_id": "OAuth2Client", + "_id": "googleConfig", "collection": true, - "name": "OAuth2 Clients", + "name": "Client configuration for Google.", }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [], - "grantTypes": [ - "urn:ietf:params:oauth:grant-type:device_code", - ], - "isConsentImplied": true, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "refreshTokenGracePeriod": 0, - "requestUris": [], - "require_pushed_authorization_requests": false, - "responseTypes": [ - "code", - "token", - "id_token", - "code token", - "token id_token", - "code id_token", - "code token id_token", - "device_code", - "device_code id_token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "public", - "tokenEndpointAuthMethod": "none", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, + "acrValues": [], + "authenticationIdKey": "sub", + "authorizationEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", + "clientAuthenticationMethod": "CLIENT_SECRET_POST", + "clientId": "297338177925-mho17cgnm540s2gre8h27feb6sbs1msd.apps.googleusercontent.com", + "enableNativeNonce": true, + "enabled": true, + "encryptJwtRequestParameter": false, + "encryptedIdTokens": false, + "issuer": "https://accounts.google.com", + "issuerComparisonCheckType": "EXACT", + "jwtEncryptionAlgorithm": "NONE", + "jwtEncryptionMethod": "NONE", + "jwtRequestParameterOption": "NONE", + "jwtSigningAlgorithm": "NONE", + "pkceMethod": "S256", + "privateKeyJwtExpTime": 600, + "redirectURI": "https://idc.scheuber.io/login", + "responseMode": "DEFAULT", + "revocationCheckOptions": [], + "scopeDelimiter": " ", + "scopes": [ + "openid", + "profile", + "email", + ], + "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", + "transform": "58d29080-4563-480b-89bb-1e7719776a21", + "uiConfig": { + "buttonClass": "", + "buttonCustomStyle": "background-color: #fff; color: #757575; border-color: #ddd;", + "buttonCustomStyleHover": "color: #6d6d6d; background-color: #eee; border-color: #ccc;", + "buttonDisplayName": "Google", + "buttonImage": "images/g-logo.png", + "iconBackground": "#4184f3", + "iconClass": "fa-google", + "iconFontColor": "white", }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 0, - "agentgroup": null, - "authorizationCodeLifetime": 0, - "clientName": [ - "Streaming Services", - ], - "clientType": "Public", - "defaultScopes": [], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 0, - "scopes": [ - "openid", - "profile", - ], - "status": "Active", + "useCustomTrustStore": false, + "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", + "userInfoResponseType": "JSON", + "wellKnownEndpoint": "https://accounts.google.com/.well-known/openid-configuration", + }, + "okta-trial-5735851": { + "_id": "okta-trial-5735851", + "_type": { + "_id": "oidcConfig", + "collection": true, + "name": "Client configuration for providers that implement the OpenID Connect specification.", }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 0, - "postLogoutRedirectUri": [], + "acrValues": [], + "authenticationIdKey": "id", + "authorizationEndpoint": "https://trial-5735851.okta.com/oauth2/v1/authorize", + "clientAuthenticationMethod": "CLIENT_SECRET_POST", + "clientId": "0oa13r2cp29Rynmyw697", + "enableNativeNonce": true, + "enabled": true, + "encryptJwtRequestParameter": false, + "encryptedIdTokens": false, + "issuer": "https://trial-5735851.okta.com", + "issuerComparisonCheckType": "EXACT", + "jwtEncryptionAlgorithm": "NONE", + "jwtEncryptionMethod": "NONE", + "jwtRequestParameterOption": "NONE", + "jwtSigningAlgorithm": "NONE", + "pkceMethod": "S256", + "privateKeyJwtExpTime": 600, + "redirectURI": "https://idc.scheuber.io/login", + "responseMode": "DEFAULT", + "revocationCheckOptions": [], + "scopeDelimiter": " ", + "scopes": [ + "openid", + "profile", + "email", + ], + "tokenEndpoint": "https://trial-5735851.okta.com/oauth2/v1/token", + "transform": "6325cf19-a49b-471e-8d26-7e4df76df0e2", + "uiConfig": { + "buttonDisplayName": "Okta", }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], + "useCustomTrustStore": false, + "userInfoEndpoint": "https://trial-5735851.okta.com/oauth2/v1/userinfo", + "userInfoResponseType": "JSON", + "wellKnownEndpoint": "https://trial-5735851.okta.com/.well-known/openid-configuration", + }, + }, + "managedApplication": { + "0f357b7e-6c54-4351-a094-43916877d7e5": { + "_id": "0f357b7e-6c54-4351-a094-43916877d7e5", + "authoritative": false, + "connectorId": "Azure", + "description": "Azure", + "icon": "", + "mappingNames": [ + "systemAzureUser_managedAlpha_user", + "managedAlpha_user_systemAzureUser", + "systemAzure__group___managedAlpha_assignment", + "systemAzureDirectoryrole_managedAlpha_assignment", + "systemAzureServiceplan_managedAlpha_assignment", + ], + "name": "Azure", + "templateName": "azure.ad", + "templateVersion": "3.3", + "uiConfig": { + "objectTypes": { + "User": { + "properties": { + "__PASSWORD__": { + "displayName": "Password", + "order": 17, + "userSpecific": true, + }, + "__roles__": { + "displayName": "Roles", + "nonAccountObject": "directoryRole", + "order": 3, + "userSpecific": true, + }, + "__servicePlanIds__": { + "displayName": "Service Plan Ids", + "nonAccountObject": "servicePlan", + "order": 27, + "userSpecific": true, + }, + "accountEnabled": { + "displayName": "Account Enabled", + "order": 0, + "userSpecific": true, + }, + "city": { + "displayName": "City", + "order": 5, + "userSpecific": true, + }, + "companyName": { + "displayName": "Company Name", + "order": 4, + "userSpecific": true, + }, + "country": { + "displayName": "Country", + "order": 6, + "userSpecific": true, + }, + "department": { + "displayName": "Department", + "order": 7, + "userSpecific": true, + }, + "displayName": { + "displayName": "Display Name", + "order": 8, + "userSpecific": true, + }, + "givenName": { + "displayName": "Given Name", + "order": 9, + "userSpecific": true, + }, + "jobTitle": { + "displayName": "Job Title", + "order": 11, + "userSpecific": true, + }, + "mail": { + "displayName": "Mail", + "isDisplay": true, + "isMail": true, + "order": 1, + "userSpecific": true, + }, + "mailNickname": { + "displayName": "Mail Nickname", + "order": 12, + "userSpecific": true, + }, + "manager": { + "displayName": "Manager", + "order": 13, + "userSpecific": true, + }, + "memberOf": { + "displayName": "Member Of", + "nonAccountObject": "__GROUP__", + "order": 2, + "userSpecific": true, + }, + "mobilePhone": { + "displayName": "Mobile Phone", + "order": 14, + "userSpecific": true, + }, + "onPremisesImmutableId": { + "displayName": "On Premises Immutable Id", + "order": 10, + "userSpecific": true, + }, + "onPremisesSecurityIdentifier": { + "displayName": "On Premises Security Identifier", + "order": 15, + "userSpecific": true, + }, + "otherMails": { + "displayName": "Other Mails", + "order": 16, + "userSpecific": true, + }, + "postalCode": { + "displayName": "Postal Code", + "order": 18, + "userSpecific": true, + }, + "preferredLanguage": { + "displayName": "Preferred Language", + "order": 19, + "userSpecific": true, + }, + "proxyAddresses": { + "displayName": "Proxy Addresses", + "order": 20, + "userSpecific": true, + }, + "state": { + "displayName": "State", + "order": 21, + "userSpecific": true, + }, + "streetAddress": { + "displayName": "Street Address", + "order": 22, + "userSpecific": true, + }, + "surname": { + "displayName": "Surname", + "order": 23, + "userSpecific": true, + }, + "usageLocation": { + "displayName": "Usage Location", + "order": 24, + "userSpecific": true, + }, + "userPrincipalName": { + "displayName": "User Principal Name", + "isUsername": true, + "order": 25, + "userSpecific": true, + }, + "userType": { + "displayName": "User Type", + "order": 26, + "userSpecific": true, + }, + }, + }, + "__GROUP__": { + "properties": { + "__NAME__": { + "displayName": "Name", + "order": 2, + "userSpecific": true, + }, + "description": { + "displayName": "Description", + "order": 4, + "userSpecific": true, + }, + "displayName": { + "displayName": "Display Name", + "order": 3, + "userSpecific": true, + }, + "groupTypes": { + "displayName": "Group Types", + "order": 10, + "userSpecific": true, + }, + "id": { + "displayName": "Id", + "order": 0, + "userSpecific": true, + }, + "mail": { + "displayName": "Mail", + "order": 5, + "userSpecific": true, + }, + "mailEnabled": { + "displayName": "Mail Enabled", + "order": 6, + "userSpecific": true, + }, + "onPremisesSecurityIdentifier": { + "displayName": "On Premises Security Identifier", + "order": 7, + "userSpecific": true, + }, + "proxyAddresses": { + "displayName": "Proxy Addresses", + "order": 8, + "userSpecific": true, + }, + "securityEnabled": { + "displayName": "Security Enabled", + "order": 9, + "userSpecific": true, + }, + "type": { + "displayName": "Type", + "order": 1, + "userSpecific": true, + }, + }, + }, + "directoryRole": { + "properties": { + "description": { + "displayName": "description", + "order": 0, + "userSpecific": true, + }, + "displayName": { + "displayName": "displayName", + "order": 1, + "userSpecific": true, + }, + }, + }, + "servicePlan": { + "properties": { + "__NAME__": { + "displayName": "__NAME__", + "order": 5, + "userSpecific": true, + }, + "appliesTo": { + "displayName": "appliesTo", + "order": 0, + "userSpecific": true, + }, + "provisioningStatus": { + "displayName": "provisioningStatus", + "order": 2, + "userSpecific": true, + }, + "servicePlanId": { + "displayName": "servicePlanId", + "order": 1, + "userSpecific": true, + }, + "servicePlanName": { + "displayName": "servicePlanName", + "order": 4, + "userSpecific": true, + }, + "subscriberSkuId": { + "displayName": "subscriberSkuId", + "order": 3, + "userSpecific": true, + }, + }, + }, + }, }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "accessTokenModifierClass": null, - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "customLoginUrlTemplate": null, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsClass": null, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "useForceAuthnForMaxAge": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", + }, + "2e4663b7-aed2-4521-8819-d379449d91b0": { + "_id": "2e4663b7-aed2-4521-8819-d379449d91b0", + "description": "Link to Google", + "name": "Google", + "ssoEntities": {}, + "templateName": "bookmark", + "templateVersion": "1.0", + "url": "https://www.google.com/", + }, + "e124e6f6-e25a-4180-a6c3-ff8b782a422c": { + "_id": "e124e6f6-e25a-4180-a6c3-ff8b782a422c", + "authoritative": true, + "description": "desc", + "icon": "", + "name": "testLDAP", + "templateName": "ldap", + "templateVersion": "2.1", + }, + }, + "policy": { + "FeatureStorePolicy": { + "_id": "FeatureStorePolicy", + "actionValues": {}, + "active": true, + "applicationName": "test-policy-set", + "createdBy": "id=76618ff6-e851-433e-9704-9d2852a17b7a,ou=user,ou=am-config", + "creationDate": "2024-07-12T15:25:19.248Z", + "description": "FeatureStorePolicy", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": "2024-10-14T14:18:07.133Z", + "name": "FeatureStorePolicy", + "resourceTypeUuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + "resources": [ + "https://www.example.com:443/*", + ], + "subject": { + "type": "NONE", }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, + }, + "HR-webapp": { + "_id": "HR-webapp", + "actionValues": { + "GET": true, + "POST": true, + }, + "active": true, + "applicationName": "EdgePolicySet", + "createdBy": "id=bc01b841-b6ec-4691-b9d6-561b306e12db,ou=user,ou=am-config", + "creationDate": "2024-10-31T16:26:42.822Z", + "description": "", + "lastModifiedBy": "id=bc01b841-b6ec-4691-b9d6-561b306e12db,ou=user,ou=am-config", + "lastModifiedDate": "2024-10-31T16:26:42.822Z", + "name": "HR-webapp", + "resourceTypeUuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + "resources": [ + "*://*:*/apps/hrlite/*", + "*://*:*/apps/hrlite?*", + "*://*:*/apps/contractor", + "*://*:*/apps/contractor/*", + "*://*:*/apps/contractor?*", + "*://*:*/apps/hrlite", + ], + "subject": { + "subjectValues": [ + "id=hradmins,ou=group,o=alpha,ou=services,ou=am-config", + ], + "type": "Identity", }, }, - "baseline-ios-sdk": { - "_id": "baseline-ios-sdk", - "_provider": { - "_id": "", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "includeClientIdClaimInStatelessTokens": true, - "includeSubnameInTokenClaims": true, - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "Login", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", + "Test Policy": { + "_id": "Test Policy", + "actionValues": { + "GET": true, + "POST": false, + }, + "active": false, + "applicationName": "test-policy-set", + "condition": { + "conditions": [ + { + "endDate": "2023:08:02", + "endDay": "fri", + "endTime": "11:59", + "enforcementTimeZone": "GMT", + "startDate": "2023:08:01", + "startDay": "mon", + "startTime": "12:00", + "type": "SimpleTime", + }, + { + "scriptId": "59f84396-71e4-4c1d-a6ae-c4fc624d9752", + "type": "Script", + }, + ], + "type": "AND", + }, + "createdBy": "id=76618ff6-e851-433e-9704-9d2852a17b7a,ou=user,ou=am-config", + "creationDate": "2024-07-12T15:25:19.356Z", + "description": "Test Policy Description", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": "2024-10-14T14:18:07.679Z", + "name": "Test Policy", + "resourceAttributes": [ + { + "propertyName": "Test_Name", + "propertyValues": [ + "Test_Value", ], + "type": "Static", }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, + ], + "resourceTypeUuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + "resources": [ + "lorem://ipsum:dolor/sit", + ], + "subject": { + "type": "NONE", }, - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", + }, + "actions": { + "_id": "actions", + "actionValues": { + "GET": true, }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [], - "grantTypes": [ - "authorization_code", - "refresh_token", - ], - "isConsentImplied": true, - "javascriptOrigins": [ - "forgerock://oidc_callback", - ], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "refreshTokenGracePeriod": 0, - "requestUris": [], - "require_pushed_authorization_requests": false, - "responseTypes": [ - "code", - "token", - "id_token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "public", - "tokenEndpointAuthMethod": "none", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, + "active": true, + "applicationName": "data", + "createdBy": "id=76618ff6-e851-433e-9704-9d2852a17b7a,ou=user,ou=am-config", + "creationDate": "2024-07-12T15:25:50.202Z", + "description": "", + "lastModifiedBy": "id=bc01b841-b6ec-4691-b9d6-561b306e12db,ou=user,ou=am-config", + "lastModifiedDate": "2024-10-31T16:26:43.111Z", + "name": "actions", + "resourceTypeUuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + "resources": [ + "*://*:*/demo/api/action/actions", + ], + "subject": { + "type": "AuthenticatedUsers", }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 0, - "agentgroup": null, - "authorizationCodeLifetime": 0, - "clientName": [], - "clientType": "Public", - "defaultScopes": [], - "loopbackInterfaceRedirection": false, - "redirectionUris": [ - "forgerock://oidc_callback", - ], - "refreshTokenLifetime": 0, - "scopes": [ - "openid", - "profile", - "address", - "phone", - "email", - "fr:idm:*", - ], - "status": "Active", + }, + "activity": { + "_id": "activity", + "actionValues": { + "GET": true, + "POST": true, }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 0, - "postLogoutRedirectUri": [], + "active": true, + "applicationName": "data", + "createdBy": "id=76618ff6-e851-433e-9704-9d2852a17b7a,ou=user,ou=am-config", + "creationDate": "2024-07-12T15:25:50.288Z", + "description": "", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": "2024-10-28T18:14:46.64Z", + "name": "activity", + "resourceTypeUuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + "resources": [ + "*://*:*/demo/api/action/activity", + ], + "subject": { + "type": "AuthenticatedUsers", }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], + }, + "apply": { + "_id": "apply", + "actionValues": { + "POST": true, }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "accessTokenModifierClass": null, - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "customLoginUrlTemplate": null, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsClass": null, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "useForceAuthnForMaxAge": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", + "active": true, + "applicationName": "data", + "condition": { + "authenticationStrategy": "AuthenticateToTreeConditionAdvice", + "strategySpecifier": "Baseline-Transaction", + "type": "Transaction", }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, + "createdBy": "id=76618ff6-e851-433e-9704-9d2852a17b7a,ou=user,ou=am-config", + "creationDate": "2024-07-12T15:25:50.368Z", + "description": "", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": "2024-10-28T18:14:46.214Z", + "name": "apply", + "resourceTypeUuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + "resources": [ + "*://*:*/demo/api/action/apply", + ], + "subject": { + "type": "AuthenticatedUsers", }, }, - "baseline-web": { - "_id": "baseline-web", - "_provider": { - "_id": "", + }, + "policyset": { + "EdgePolicySet": { + "applicationType": "iPlanetAMWebAgentService", + "attributeNames": [], + "conditions": [ + "Script", + "ClientId", + "AMIdentityMembership", + "IPv6", + "SimpleTime", + "IPv4", + "LEAuthLevel", + "LDAPFilter", + "AuthScheme", + "Session", + "AND", + "Expiration", + "AuthenticateToRealm", + "ResourceEnvIP", + "Policy", + "SessionProperty", + "OAuth2Scope", + "OR", + "Transaction", + "NOT", + "AuthLevel", + "AuthenticateToService", + ], + "createdBy": "id=dsameuser,ou=user,ou=am-config", + "creationDate": 1669672555404, + "description": "Policy Set EdgePolicySet", + "displayName": null, + "editable": true, + "entitlementCombiner": "DenyOverride", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1730139285014, + "name": "EdgePolicySet", + "resourceComparator": null, + "resourceTypeUuids": [ + "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + ], + "saveIndex": null, + "searchIndex": null, + "subjects": [ + "AuthenticatedUsers", + "NOT", + "Identity", + "Uma", + "OR", + "AND", + "NONE", + "Policy", + "JwtClaim", + ], + }, + "FeatureStorePolicySet": { + "applicationType": "iPlanetAMWebAgentService", + "attributeNames": [], + "conditions": [ + "AMIdentityMembership", + "AND", + "AuthLevel", + "AuthScheme", + "AuthenticateToRealm", + "AuthenticateToService", + "IPv4", + "IPv6", + "LDAPFilter", + "LEAuthLevel", + "NOT", + "OAuth2Scope", + "OR", + "Policy", + "ResourceEnvIP", + "Script", + "Session", + "SessionProperty", + "SimpleTime", + "Transaction", + ], + "createdBy": "id=8efaa5b6-8c98-4489-9b21-ee41f5589ab7,ou=user,ou=am-config", + "creationDate": 1695912757709, + "description": null, + "displayName": "FeatureStorePolicySet", + "editable": true, + "entitlementCombiner": "DenyOverride", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1730139285661, + "name": "FeatureStorePolicySet", + "resourceComparator": null, + "resourceTypeUuids": [ + "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + ], + "saveIndex": null, + "searchIndex": null, + "subjects": [ + "AND", + "AuthenticatedUsers", + "Identity", + "JwtClaim", + "NONE", + "NOT", + "OR", + "Policy", + ], + }, + "data": { + "applicationType": "iPlanetAMWebAgentService", + "attributeNames": [], + "conditions": [ + "Script", + "AMIdentityMembership", + "IPv6", + "IPv4", + "SimpleTime", + "LEAuthLevel", + "LDAPFilter", + "AuthScheme", + "Session", + "AND", + "AuthenticateToRealm", + "ResourceEnvIP", + "Policy", + "OAuth2Scope", + "SessionProperty", + "OR", + "Transaction", + "NOT", + "AuthLevel", + "AuthenticateToService", + ], + "createdBy": "id=df492700-ba67-4345-83a9-58305850596c,ou=user,ou=am-config", + "creationDate": 1610648242757, + "description": null, + "displayName": "Baseline Demo", + "editable": true, + "entitlementCombiner": "DenyOverride", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1730139285809, + "name": "data", + "resourceComparator": null, + "resourceTypeUuids": [ + "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + ], + "saveIndex": null, + "searchIndex": null, + "subjects": [ + "AuthenticatedUsers", + "NOT", + "Identity", + "OR", + "AND", + "NONE", + "Policy", + "JwtClaim", + ], + }, + "oauth2Scopes": { + "applicationType": "iPlanetAMWebAgentService", + "attributeNames": [], + "conditions": [ + "Script", + "AMIdentityMembership", + "IPv6", + "SimpleTime", + "IPv4", + "LEAuthLevel", + "LDAPFilter", + "AuthScheme", + "Session", + "AND", + "AuthenticateToRealm", + "ResourceEnvIP", + "SessionProperty", + "OAuth2Scope", + "OR", + "Transaction", + "NOT", + "AuthLevel", + "AuthenticateToService", + ], + "createdBy": "id=dsameuser,ou=user,ou=am-config", + "creationDate": 1578580064992, + "description": "The built-in Application used by the OAuth2 scope authorization process.", + "displayName": "Default OAuth2 Scopes Policy Set", + "editable": true, + "entitlementCombiner": "DenyOverride", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1730139286442, + "name": "oauth2Scopes", + "resourceComparator": null, + "resourceTypeUuids": [ + "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", + ], + "saveIndex": null, + "searchIndex": null, + "subjects": [ + "AuthenticatedUsers", + "NOT", + "Identity", + "OR", + "AND", + "NONE", + "JwtClaim", + ], + }, + "test-policy-set": { + "applicationType": "iPlanetAMWebAgentService", + "attributeNames": [], + "conditions": [ + "AMIdentityMembership", + "AND", + "AuthLevel", + "AuthScheme", + "AuthenticateToRealm", + "AuthenticateToService", + "IPv4", + "IPv6", + "LDAPFilter", + "LEAuthLevel", + "NOT", + "OAuth2Scope", + "OR", + "Policy", + "ResourceEnvIP", + "Script", + "Session", + "SessionProperty", + "SimpleTime", + "Transaction", + ], + "createdBy": "id=fbdeb2a9-beb6-4a14-ae66-e35f16ce421d,ou=user,ou=am-config", + "creationDate": 1693494279401, + "description": "Test Policy Set Description", + "displayName": "Test Policy Set", + "editable": true, + "entitlementCombiner": "DenyOverride", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1728915486893, + "name": "test-policy-set", + "resourceComparator": null, + "resourceTypeUuids": [ + "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + ], + "saveIndex": null, + "searchIndex": null, + "subjects": [ + "AND", + "AuthenticatedUsers", + "Identity", + "JwtClaim", + "NONE", + "NOT", + "OR", + "Policy", + ], + }, + }, + "resourcetype": { + "0aa5ed25-0c62-4ff5-9a42-3bda8c5cbb76": { + "actions": { + "action1": true, + "action2": true, + }, + "createdBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "creationDate": 1725916400601, + "description": "Frodo Test Resource Type Thirteen", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1728915479106, + "name": "FrodoTestResourceType13", + "patterns": [ + "pattern2://*:*/*?*", + "pattern1://*:*/*", + ], + "uuid": "0aa5ed25-0c62-4ff5-9a42-3bda8c5cbb76", + }, + "119b291c-40b3-4b1e-8d84-c2a561a2cb1f": { + "actions": { + "action1": true, + "action2": true, + }, + "createdBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "creationDate": 1725916400702, + "description": "Frodo Test Resource Type Fourteen", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1728915479259, + "name": "FrodoTestResourceType14", + "patterns": [ + "pattern2://*:*/*?*", + "pattern1://*:*/*", + ], + "uuid": "119b291c-40b3-4b1e-8d84-c2a561a2cb1f", + }, + "1f445c60-0828-41ac-9a4e-a16c026e9536": { + "actions": { + "allow": true, + }, + "createdBy": "id=bc01b841-b6ec-4691-b9d6-561b306e12db,ou=user,ou=am-config", + "creationDate": 1730325157570, + "description": "", + "lastModifiedBy": "id=bc01b841-b6ec-4691-b9d6-561b306e12db,ou=user,ou=am-config", + "lastModifiedDate": 1730325157570, + "name": "test_resource", + "patterns": [ + "type1/node1", + "type2/node2", + ], + "uuid": "1f445c60-0828-41ac-9a4e-a16c026e9536", + }, + "3c5f13af-ca17-403e-b47d-d15263cce954": { + "actions": { + "action1": true, + "action2": true, + }, + "createdBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "creationDate": 1725916400790, + "description": "Frodo Test Resource Type Fifteen", + "lastModifiedBy": "id=bc01b841-b6ec-4691-b9d6-561b306e12db,ou=user,ou=am-config", + "lastModifiedDate": 1730325157860, + "name": "FrodoTestResourceType15", + "patterns": [ + "pattern2://*:*/*?*", + "pattern1://*:*/*", + ], + "uuid": "3c5f13af-ca17-403e-b47d-d15263cce954", + }, + "3fc799d7-b73f-49e0-a70b-e37990e54e56": { + "actions": { + "action1": true, + "action2": true, + }, + "createdBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "creationDate": 1725916400511, + "description": "Frodo Test Resource Type Twelve", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1728915478723, + "name": "FrodoTestResourceType12", + "patterns": [ + "pattern2://*:*/*?*", + "pattern1://*:*/*", + ], + "uuid": "3fc799d7-b73f-49e0-a70b-e37990e54e56", + }, + "76656a38-5f8e-401b-83aa-4ccb74ce88d2": { + "actions": { + "DELETE": true, + "GET": true, + "HEAD": true, + "OPTIONS": true, + "PATCH": true, + "POST": true, + "PUT": true, + }, + "createdBy": "id=dsameuser,ou=user,ou=am-config", + "creationDate": 1595479030487, + "description": "The built-in URL Resource Type available to OpenAMPolicies.", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1728915479980, + "name": "URL", + "patterns": [ + "*://*:*/*", + "*://*:*/*?*", + ], + "uuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + }, + "993eba78-1c3f-4f27-b205-b4b29418f831": { + "actions": { + "action1": true, + "action2": true, + }, + "createdBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "creationDate": 1725916400290, + "description": "Frodo Test Resource Type Eleven", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1728915478164, + "name": "FrodoTestResourceType11", + "patterns": [ + "pattern2://*:*/*?*", + "pattern1://*:*/*", + ], + "uuid": "993eba78-1c3f-4f27-b205-b4b29418f831", + }, + "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b": { + "actions": { + "GRANT": true, + }, + "createdBy": "id=dsameuser,ou=user,ou=am-config", + "creationDate": 1595479030586, + "description": "The built-in OAuth2 Scope Resource Type for OAuth2policy-provided scope.", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1728915479805, + "name": "OAuth2 Scope", + "patterns": [ + "*://*:*/*", + "*://*:*/*?*", + "*", + ], + "uuid": "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", + }, + }, + "saml": { + "cot": { + "2f04818d-561e-4f8a-82e8-af2426112138": { + "_id": "2f04818d-561e-4f8a-82e8-af2426112138", "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "includeClientIdClaimInStatelessTokens": true, - "includeSubnameInTokenClaims": true, - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "Login", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], + "_id": "circlesoftrust", + "collection": true, + "name": "Circle of Trust", }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [], - "grantTypes": [ - "authorization_code", - "refresh_token", - ], - "isConsentImplied": true, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "refreshTokenGracePeriod": 0, - "requestUris": [], - "require_pushed_authorization_requests": false, - "responseTypes": [ - "code", - "token", - "id_token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "public", - "tokenEndpointAuthMethod": "none", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 0, - "agentgroup": null, - "authorizationCodeLifetime": 0, - "clientName": [], - "clientType": "Public", - "defaultScopes": [], - "loopbackInterfaceRedirection": false, - "redirectionUris": [ - "https://sdkapp.example.com:8443", - "https://volker-demo.encore.forgerock.com/demo/webapp/en/home", - "https://volker-demo.encore.forgerock.com/demo/sdks", - "forgerock://oidc_callback", - ], - "refreshTokenLifetime": 0, - "scopes": [ - "openid", - "profile", - "address", - "phone", - "email", - "fr:idm:*", - ], - "status": "Active", - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 0, - "postLogoutRedirectUri": [ - "https://sdkapp.example.com:8443", - "https://volker-demo.encore.forgerock.com/demo/webapp/en/home", - "https://volker-demo.encore.forgerock.com/demo/sdks", - "forgerock://oidc_callback", + "status": "active", + "trustedProviders": [ + "benefits-IDP|saml2", + "iSPAzure|saml2", ], }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "accessTokenModifierClass": null, - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "customLoginUrlTemplate": null, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsClass": null, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "useForceAuthnForMaxAge": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, - }, - }, - "da190d6b-0fcc-42aa-b890-0cef7486e6d4": { - "_id": "da190d6b-0fcc-42aa-b890-0cef7486e6d4", - "_provider": { - "_id": "", + "AzureCOT": { + "_id": "AzureCOT", "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "includeClientIdClaimInStatelessTokens": true, - "includeSubnameInTokenClaims": true, - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "Login", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", + "_id": "circlesoftrust", + "collection": true, + "name": "Circle of Trust", }, - }, - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [ - "Created by Frodo on 3/20/2024, 9:46:11 AM", - ], - "grantTypes": [ - "client_credentials", - ], - "isConsentImplied": true, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "refreshTokenGracePeriod": 0, - "requestUris": [], - "require_pushed_authorization_requests": false, - "responseTypes": [ - "token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "Public", - "tokenEndpointAuthMethod": "client_secret_basic", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 3600, - "authorizationCodeLifetime": 120, - "clientName": [ - "da190d6b-0fcc-42aa-b890-0cef7486e6d4", - ], - "clientType": "Confidential", - "defaultScopes": [ - "fr:idm:*", - ], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 604800, - "scopes": [ - "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", + "status": "active", + "trustedProviders": [ + "iSPAzure|saml2", + "urn:federation:MicrosoftOnline|saml2", + "https://sts.windows.net/711ffa9c-5972-4713-ace3-688c9732614a/|saml2", + "SPAzure|saml2", + "https://idc.scheuber.io/am/saml2/IDPAzure|saml2", ], - "status": "Active", - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 3600, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "useForceAuthnForMaxAge": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, + "affiliation-test": { + "_id": "affiliation-test", + "_type": { + "_id": "circlesoftrust", + "collection": true, + "name": "Circle of Trust", + }, + "status": "active", + "trustedProviders": [], }, }, - "frodo-idm-access": { - "_id": "frodo-idm-access", - "_provider": { - "_id": "", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "includeClientIdClaimInStatelessTokens": true, - "includeSubnameInTokenClaims": true, - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "Login", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", + "hosted": { + "aVNQQXp1cmU": { + "_id": "aVNQQXp1cmU", + "entityId": "iSPAzure", + "serviceProvider": { + "advanced": { + "ecpConfiguration": { + "ecpRequestIdpListFinderImpl": "com.sun.identity.saml2.plugins.ECPIDPFinder", + }, + "idpProxy": {}, + "relayStateUrlList": {}, + "saeConfiguration": { + "spUrl": "https://idc.scheuber.io/am/spsaehandler/metaAlias/alpha/iSPAzure", + }, + }, + "assertionContent": { + "assertionTimeSkew": 300, + "authenticationContext": { + "authContextItems": [ + { + "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", + "defaultItem": true, + "level": 0, + }, + ], + "authenticationComparisonType": "Exact", + "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper", + "includeRequestedAuthenticationContext": true, + }, + "basicAuthentication": {}, + "clientAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + ], + }, + "signingAndEncryption": { + "encryption": {}, + "requestResponseSigning": {}, + "secretIdAndAlgorithms": {}, + }, + }, + "assertionProcessing": { + "accountMapping": { + "spAccountMapper": "com.sun.identity.saml2.plugins.DefaultSPAccountMapper", + "useNameIDAsSPUserID": true, + }, + "adapter": {}, + "attributeMapper": { + "attributeMap": [ + { + "key": "http://schemas.microsoft.com/identity/claims/displayname", + "value": "cn", + }, + { + "key": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", + "value": "givenName", + }, + { + "key": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", + "value": "sn", + }, + { + "key": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", + "value": "mail", + }, + { + "key": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", + "value": "uid", + }, + ], + "attributeMapper": "com.sun.identity.saml2.plugins.DefaultSPAttributeMapper", + }, + "autoFederation": { + "autoFedEnabled": false, + }, + "responseArtifactMessageEncoding": { + "encoding": "URI", + }, + "url": {}, + }, + "services": { + "metaAlias": "/alpha/iSPAzure", + "serviceAttributes": { + "assertionConsumerService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact", + "index": 0, + "isDefault": true, + "location": "https://idc.scheuber.io/am/AuthConsumer/metaAlias/alpha/iSPAzure", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "index": 1, + "isDefault": false, + "location": "https://idc.scheuber.io/am/AuthConsumer/metaAlias/alpha/iSPAzure", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:PAOS", + "index": 2, + "isDefault": false, + "location": "https://idc.scheuber.io/am/Consumer/ECP/metaAlias/alpha/iSPAzure", + }, + ], + "nameIdService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", + "location": "https://idc.scheuber.io/am/SPMniRedirect/metaAlias/alpha/iSPAzure", + "responseLocation": "https://idc.scheuber.io/am/SPMniRedirect/metaAlias/alpha/iSPAzure", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://idc.scheuber.io/am/SPMniPOST/metaAlias/alpha/iSPAzure", + "responseLocation": "https://idc.scheuber.io/am/SPMniPOST/metaAlias/alpha/iSPAzure", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://idc.scheuber.io/am/SPMniSoap/metaAlias/alpha/iSPAzure", + "responseLocation": "https://idc.scheuber.io/am/SPMniSoap/metaAlias/alpha/iSPAzure", + }, + ], + "singleLogoutService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", + "location": "https://idc.scheuber.io/am/SPSloRedirect/metaAlias/alpha/iSPAzure", + "responseLocation": "https://idc.scheuber.io/am/SPSloRedirect/metaAlias/alpha/iSPAzure", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://idc.scheuber.io/am/SPSloPOST/metaAlias/alpha/iSPAzure", + "responseLocation": "https://idc.scheuber.io/am/SPSloPOST/metaAlias/alpha/iSPAzure", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://idc.scheuber.io/am/SPSloSoap/metaAlias/alpha/iSPAzure", + }, + ], + }, + }, }, }, - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [ - "Frodo IDM Access", - ], - "grantTypes": [ - "authorization_code", - ], - "isConsentImplied": true, - "javascriptOrigins": [ - "http://localhost:8712", - "https://openam-frodo-dev.forgeblocks.com", - "https://openam-frodo-dev.forgeblocks.com:443", - ], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "refreshTokenGracePeriod": 0, - "requestUris": [], - "require_pushed_authorization_requests": false, - "responseTypes": [ - "code", - "token", - "id_token", - "code token", - "token id_token", - "code id_token", - "code token id_token", - "device_code", - "device_code id_token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "public", - "tokenEndpointAuthMethod": "client_secret_post", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 3600, - "authorizationCodeLifetime": 120, - "clientName": [ - "frodo-idm-access", - ], - "clientType": "Public", - "defaultScopes": [], - "loopbackInterfaceRedirection": false, - "redirectionUris": [ - "http://localhost:8712/frodo", - "https://openam-frodo-dev.forgeblocks.com/platform/appAuthHelperRedirect.html", - ], - "refreshTokenLifetime": 604800, - "scopes": [ - "openid", - "fr:idm:*", - ], - "secretLabelIdentifier": null, - "status": "Active", - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 3600, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "useForceAuthnForMaxAge": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, - }, }, - "hrlite-client": { - "_id": "hrlite-client", - "_provider": { - "_id": "", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "includeClientIdClaimInStatelessTokens": true, - "includeSubnameInTokenClaims": true, - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "Login", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], + "metadata": { + "aVNQQXp1cmU": [ + "", + "", + " ", + " ", + " ", + " ", + " PGNlcnRpZmljYXRlPg==", + " ", + " ", + " ", + " ", + " ", + " ", + " PGNlcnRpZmljYXRlPg==", + " ", + " ", + " ", + " ", + " ", + " ", + " 128", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + " ", + " ", + " ", + " ", + "", + "", + "", + ], + "dXJuOmZlZGVyYXRpb246TWljcm9zb2Z0T25saW5l": [ + "", + "", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " PGNlcnRpZmljYXRlPg==", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " PGNlcnRpZmljYXRlPg==", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " PGNlcnRpZmljYXRlPg==", + " ", + " ", + " ", + " ", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " urn:mace:shibboleth:1.0:nameIdentifier", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + " ", + " ", + " ", + " ", + "", + "", + "", + ], + }, + "remote": { + "dXJuOmZlZGVyYXRpb246TWljcm9zb2Z0T25saW5l": { + "_id": "dXJuOmZlZGVyYXRpb246TWljcm9zb2Z0T25saW5l", + "entityId": "urn:federation:MicrosoftOnline", + "serviceProvider": { + "advanced": { + "idpProxy": {}, + "saeConfiguration": {}, + "treeConfiguration": {}, + }, + "assertionContent": { + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:mace:shibboleth:1.0:nameIdentifier", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + ], + }, + "secrets": {}, + "signingAndEncryption": { + "encryption": {}, + "requestResponseSigning": { + "assertion": true, + }, + "secretIdAndAlgorithms": {}, + }, + }, + "assertionProcessing": { + "accountMapper": {}, + "attributeMapper": { + "attributeMap": [ + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "IDPEmail", + }, + { + "binary": false, + "localAttribute": "UOPClassID", + "samlAttribute": "UOPClassID", + }, + ], + }, + "responseArtifactMessageEncoding": { + "encoding": "URI", + }, + }, + "services": { + "serviceAttributes": { + "assertionConsumerService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "index": 0, + "isDefault": true, + "location": "https://login.microsoftonline.com/login.srf", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign", + "index": 1, + "isDefault": false, + "location": "https://login.microsoftonline.com/login.srf", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:PAOS", + "index": 2, + "isDefault": false, + "location": "https://login.microsoftonline.com/login.srf", + }, + ], + "singleLogoutService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://login.microsoftonline.com/login.srf", + }, + ], + }, + }, }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, + }, + }, + }, + "script": { + "07ee6240-d106-4e25-a781-5fcabc477d22": { + "_id": "07ee6240-d106-4e25-a781-5fcabc477d22", + "context": "SAML2_SP_ADAPTER", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "null", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "FrodoSPAdapter", + "script": [ + "/*", + " * Copyright 2023 ForgeRock AS. All Rights Reserved", + " *", + " * Use of this code requires a commercial software license with ForgeRock AS.", + " * or with one of its affiliates. All use shall be exclusively subject", + " * to such license between the licensee and ForgeRock AS.", + " */", + "", + "/*", + " * The script has these top level functions that could be executed during a SAML2 flow.", + " * - preSingleSignOnRequest", + " * - preSingleSignOnProcess", + " * - postSingleSignOnSuccess", + " * - postSingleSignOnFailure", + " * - postNewNameIDSuccess", + " * - postTerminateNameIDSuccess", + " * - preSingleLogoutProcess", + " * - postSingleLogoutSuccess", + " *", + " * Please see the JavaDoc for the interface for more information about these methods.", + " * https://backstage.forgerock.com/docs/am/7.3/_attachments/apidocs/org/forgerock/openam/saml2/plugins/SPAdapter.html", + " * Note that the initialize method is not supported in the scripts.", + " *", + " * Defined variables. Check the documentation on the respective functions for the variables available to it.", + " *", + " * hostedEntityId - String", + " * Entity ID for the hosted IDP", + " * realm - String", + " * Realm of the hosted IDP", + " * idpEntityId - String", + " * The entity ID for the Identity Provider for which the sign-on request will be sent.", + " * request - HttpServletRequest (1)", + " * Servlet request object", + " * response - HttpServletResponse (2)", + " * Servlet response object", + " * authnRequest - AuthnRequest (3)", + " * The authentication request sent that is sent from the Service Provider.", + " * session - SSOToken (4)", + " * The single sign-on session. The reference type of this is Object and would need to be casted to SSOToken.", + " * res - Response (5)", + " * The SSO Response received from the Identity Provider.", + " * profile - String", + " * The protocol profile that is used, this will be one of the following values from SAML2Constants (6):", + " * - SAML2Constants.HTTP_POST", + " * - SAML2Constants.HTTP_ARTIFACT", + " * - SAML2Constants.PAOS", + " * out - PrintWriter (7)", + " * The PrintWriter that can be used to write to.", + " * isFederation - boolean", + " * Set to true if using federation, otherwise false.", + " * failureCode - int", + " * An integer holding the failure code when an error has occurred. For potential values see SPAdapter.", + " * userId - String", + " * The unique universal ID of the user with whom the new name identifier request was performed.", + " * idRequest - ManageNameIDRequest (8)", + " * The new name identifier request, this will be null if the request object is not available", + " * idResponse - ManageNameIDResponse (9)", + " * The new name identifier response, this will be null if the response object is not available", + " * binding - String", + " * The binding used for the new name identifier request. This will be one of the following values:", + " * - SAML2Constants.SOAP", + " * - SAML2Constants.HTTP_REDIRECT", + " * logoutRequest - LogoutRequest (10)", + " * The single logout request.", + " * logoutResponse - LogoutResponse (11)", + " * The single logout response.", + " * spAdapterScriptHelper - SpAdapterScriptHelper (12)", + " * An instance of SpAdapterScriptHelper containing helper methods. See Javadoc for more details.", + " * logger - Logger instance", + " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger.", + " * Corresponding log files will be prefixed with: scripts.